Don't skip leading zeroes in PSK keys.
Don't use BN_hex2bn() for PSK key conversion as the conversion to
BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead.
RT#4554
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6ec6d52071)
Conflicts:
apps/s_client.c
apps/s_server.c
This commit is contained in:
Dr. Stephen Henson
parent
63b2499b67
commit
80e07cc7f0
2 changed files with 28 additions and 38 deletions
|
|
@ -242,9 +242,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
|
|||
unsigned char *psk,
|
||||
unsigned int max_psk_len)
|
||||
{
|
||||
unsigned int psk_len = 0;
|
||||
int ret;
|
||||
BIGNUM *bn = NULL;
|
||||
long key_len;
|
||||
unsigned char *key;
|
||||
|
||||
if (c_debug)
|
||||
BIO_printf(bio_c_out, "psk_client_cb\n");
|
||||
|
|
@ -265,32 +265,29 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
|
|||
if (c_debug)
|
||||
BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
|
||||
ret);
|
||||
ret = BN_hex2bn(&bn, psk_key);
|
||||
if (!ret) {
|
||||
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
|
||||
|
||||
/* convert the PSK key to binary */
|
||||
key = OPENSSL_hexstr2buf(psk_key, &key_len);
|
||||
if (key == NULL) {
|
||||
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
|
||||
psk_key);
|
||||
if (bn)
|
||||
BN_free(bn);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((unsigned int)BN_num_bytes(bn) > max_psk_len) {
|
||||
if (key_len > max_psk_len) {
|
||||
BIO_printf(bio_err,
|
||||
"psk buffer of callback is too small (%d) for key (%d)\n",
|
||||
max_psk_len, BN_num_bytes(bn));
|
||||
BN_free(bn);
|
||||
"psk buffer of callback is too small (%d) for key (%ld)\n",
|
||||
max_psk_len, key_len);
|
||||
OPENSSL_free(key);
|
||||
return 0;
|
||||
}
|
||||
|
||||
psk_len = BN_bn2bin(bn, psk);
|
||||
BN_free(bn);
|
||||
if (psk_len == 0)
|
||||
goto out_err;
|
||||
memcpy(psk, key, key_len);
|
||||
OPENSSL_free(key);
|
||||
|
||||
if (c_debug)
|
||||
BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
|
||||
BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
|
||||
|
||||
return psk_len;
|
||||
return key_len;
|
||||
out_err:
|
||||
if (c_debug)
|
||||
BIO_printf(bio_err, "Error in PSK client callback\n");
|
||||
|
|
|
|||
|
|
@ -353,9 +353,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
|
|||
unsigned char *psk,
|
||||
unsigned int max_psk_len)
|
||||
{
|
||||
unsigned int psk_len = 0;
|
||||
int ret;
|
||||
BIGNUM *bn = NULL;
|
||||
long key_len = 0;
|
||||
unsigned char *key;
|
||||
|
||||
if (s_debug)
|
||||
BIO_printf(bio_s_out, "psk_server_cb\n");
|
||||
|
|
@ -377,32 +376,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
|
|||
BIO_printf(bio_s_out, "PSK client identity found\n");
|
||||
|
||||
/* convert the PSK key to binary */
|
||||
ret = BN_hex2bn(&bn, psk_key);
|
||||
if (!ret) {
|
||||
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
|
||||
key = OPENSSL_hexstr2buf(psk_key, &key_len);
|
||||
if (key == NULL) {
|
||||
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
|
||||
psk_key);
|
||||
if (bn)
|
||||
BN_free(bn);
|
||||
return 0;
|
||||
}
|
||||
if (BN_num_bytes(bn) > (int)max_psk_len) {
|
||||
if (key_len > (int)max_psk_len) {
|
||||
BIO_printf(bio_err,
|
||||
"psk buffer of callback is too small (%d) for key (%d)\n",
|
||||
max_psk_len, BN_num_bytes(bn));
|
||||
BN_free(bn);
|
||||
"psk buffer of callback is too small (%d) for key (%ld)\n",
|
||||
max_psk_len, key_len);
|
||||
OPENSSL_free(key);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = BN_bn2bin(bn, psk);
|
||||
BN_free(bn);
|
||||
|
||||
if (ret < 0)
|
||||
goto out_err;
|
||||
psk_len = (unsigned int)ret;
|
||||
memcpy(psk, key, key_len);
|
||||
OPENSSL_free(key);
|
||||
|
||||
if (s_debug)
|
||||
BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
|
||||
return psk_len;
|
||||
BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
|
||||
return key_len;
|
||||
out_err:
|
||||
if (s_debug)
|
||||
BIO_printf(bio_err, "Error in PSK server callback\n");
|
||||
|
|
|
|||
Loading…
Reference in a new issue