bufbn.c revision 262566
1/* $OpenBSD: bufbn.c,v 1.8 2013/11/08 11:15:19 dtucker Exp $*/ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Auxiliary functions for storing and retrieving various data types to/from 7 * Buffers. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 * 15 * 16 * SSH2 packet format added by Markus Friedl 17 * Copyright (c) 2000 Markus Friedl. All rights reserved. 18 * 19 * Redistribution and use in source and binary forms, with or without 20 * modification, are permitted provided that the following conditions 21 * are met: 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 2. Redistributions in binary form must reproduce the above copyright 25 * notice, this list of conditions and the following disclaimer in the 26 * documentation and/or other materials provided with the distribution. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40#include "includes.h" 41 42#include <sys/types.h> 43 44#include <openssl/bn.h> 45 46#include <string.h> 47#include <stdarg.h> 48#include <stdlib.h> 49 50#include "xmalloc.h" 51#include "buffer.h" 52#include "log.h" 53#include "misc.h" 54 55/* 56 * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed 57 * by (bits+7)/8 bytes of binary data, msb first. 58 */ 59int 60buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) 61{ 62 int bits = BN_num_bits(value); 63 int bin_size = (bits + 7) / 8; 64 u_char *buf = xmalloc(bin_size); 65 int oi; 66 char msg[2]; 67 68 /* Get the value of in binary */ 69 oi = BN_bn2bin(value, buf); 70 if (oi != bin_size) { 71 error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", 72 oi, bin_size); 73 free(buf); 74 return (-1); 75 } 76 77 /* Store the number of bits in the buffer in two bytes, msb first. */ 78 put_u16(msg, bits); 79 buffer_append(buffer, msg, 2); 80 /* Store the binary data. */ 81 buffer_append(buffer, buf, oi); 82 83 memset(buf, 0, bin_size); 84 free(buf); 85 86 return (0); 87} 88 89void 90buffer_put_bignum(Buffer *buffer, const BIGNUM *value) 91{ 92 if (buffer_put_bignum_ret(buffer, value) == -1) 93 fatal("buffer_put_bignum: buffer error"); 94} 95 96/* 97 * Retrieves a BIGNUM from the buffer. 98 */ 99int 100buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) 101{ 102 u_int bits, bytes; 103 u_char buf[2], *bin; 104 105 /* Get the number of bits. */ 106 if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { 107 error("buffer_get_bignum_ret: invalid length"); 108 return (-1); 109 } 110 bits = get_u16(buf); 111 /* Compute the number of binary bytes that follow. */ 112 bytes = (bits + 7) / 8; 113 if (bytes > 8 * 1024) { 114 error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); 115 return (-1); 116 } 117 if (buffer_len(buffer) < bytes) { 118 error("buffer_get_bignum_ret: input buffer too small"); 119 return (-1); 120 } 121 bin = buffer_ptr(buffer); 122 if (BN_bin2bn(bin, bytes, value) == NULL) { 123 error("buffer_get_bignum_ret: BN_bin2bn failed"); 124 return (-1); 125 } 126 if (buffer_consume_ret(buffer, bytes) == -1) { 127 error("buffer_get_bignum_ret: buffer_consume failed"); 128 return (-1); 129 } 130 return (0); 131} 132 133void 134buffer_get_bignum(Buffer *buffer, BIGNUM *value) 135{ 136 if (buffer_get_bignum_ret(buffer, value) == -1) 137 fatal("buffer_get_bignum: buffer error"); 138} 139 140/* 141 * Stores a BIGNUM in the buffer in SSH2 format. 142 */ 143int 144buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) 145{ 146 u_int bytes; 147 u_char *buf; 148 int oi; 149 u_int hasnohigh = 0; 150 151 if (BN_is_zero(value)) { 152 buffer_put_int(buffer, 0); 153 return 0; 154 } 155 if (value->neg) { 156 error("buffer_put_bignum2_ret: negative numbers not supported"); 157 return (-1); 158 } 159 bytes = BN_num_bytes(value) + 1; /* extra padding byte */ 160 if (bytes < 2) { 161 error("buffer_put_bignum2_ret: BN too small"); 162 return (-1); 163 } 164 buf = xmalloc(bytes); 165 buf[0] = 0x00; 166 /* Get the value of in binary */ 167 oi = BN_bn2bin(value, buf+1); 168 if (oi < 0 || (u_int)oi != bytes - 1) { 169 error("buffer_put_bignum2_ret: BN_bn2bin() failed: " 170 "oi %d != bin_size %d", oi, bytes); 171 free(buf); 172 return (-1); 173 } 174 hasnohigh = (buf[1] & 0x80) ? 0 : 1; 175 buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); 176 memset(buf, 0, bytes); 177 free(buf); 178 return (0); 179} 180 181void 182buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) 183{ 184 if (buffer_put_bignum2_ret(buffer, value) == -1) 185 fatal("buffer_put_bignum2: buffer error"); 186} 187 188int 189buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) 190{ 191 u_int len; 192 u_char *bin; 193 194 if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { 195 error("buffer_get_bignum2_ret: invalid bignum"); 196 return (-1); 197 } 198 199 if (len > 0 && (bin[0] & 0x80)) { 200 error("buffer_get_bignum2_ret: negative numbers not supported"); 201 free(bin); 202 return (-1); 203 } 204 if (len > 8 * 1024) { 205 error("buffer_get_bignum2_ret: cannot handle BN of size %d", 206 len); 207 free(bin); 208 return (-1); 209 } 210 if (BN_bin2bn(bin, len, value) == NULL) { 211 error("buffer_get_bignum2_ret: BN_bin2bn failed"); 212 free(bin); 213 return (-1); 214 } 215 free(bin); 216 return (0); 217} 218 219void 220buffer_get_bignum2(Buffer *buffer, BIGNUM *value) 221{ 222 if (buffer_get_bignum2_ret(buffer, value) == -1) 223 fatal("buffer_get_bignum2: buffer error"); 224} 225