bufbn.c revision 264377
1/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Auxiliary functions for storing and retrieving various data types to/from 7 * Buffers. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 * 15 * 16 * SSH2 packet format added by Markus Friedl 17 * Copyright (c) 2000 Markus Friedl. All rights reserved. 18 * 19 * Redistribution and use in source and binary forms, with or without 20 * modification, are permitted provided that the following conditions 21 * are met: 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 2. Redistributions in binary form must reproduce the above copyright 25 * notice, this list of conditions and the following disclaimer in the 26 * documentation and/or other materials provided with the distribution. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40#include "includes.h" 41 42#include <sys/types.h> 43 44#include <openssl/bn.h> 45 46#include <string.h> 47#include <stdarg.h> 48#include <stdlib.h> 49 50#include "xmalloc.h" 51#include "buffer.h" 52#include "log.h" 53#include "misc.h" 54 55/* 56 * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed 57 * by (bits+7)/8 bytes of binary data, msb first. 58 */ 59int 60buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) 61{ 62 int bits = BN_num_bits(value); 63 int bin_size = (bits + 7) / 8; 64 u_char *buf = xmalloc(bin_size); 65 int oi; 66 char msg[2]; 67 68 /* Get the value of in binary */ 69 oi = BN_bn2bin(value, buf); 70 if (oi != bin_size) { 71 error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", 72 oi, bin_size); 73 free(buf); 74 return (-1); 75 } 76 77 /* Store the number of bits in the buffer in two bytes, msb first. */ 78 put_u16(msg, bits); 79 buffer_append(buffer, msg, 2); 80 /* Store the binary data. */ 81 buffer_append(buffer, buf, oi); 82 83 explicit_bzero(buf, bin_size); 84 free(buf); 85 86 return (0); 87} 88 89void 90buffer_put_bignum(Buffer *buffer, const BIGNUM *value) 91{ 92 if (buffer_put_bignum_ret(buffer, value) == -1) 93 fatal("buffer_put_bignum: buffer error"); 94} 95 96/* 97 * Retrieves a BIGNUM from the buffer. 98 */ 99int 100buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) 101{ 102 u_int bits, bytes; 103 u_char buf[2], *bin; 104 105 /* Get the number of bits. */ 106 if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { 107 error("buffer_get_bignum_ret: invalid length"); 108 return (-1); 109 } 110 bits = get_u16(buf); 111 if (bits > 65535-7) { 112 error("buffer_get_bignum_ret: cannot handle BN of size %d", 113 bits); 114 return (-1); 115 } 116 /* Compute the number of binary bytes that follow. */ 117 bytes = (bits + 7) / 8; 118 if (bytes > 8 * 1024) { 119 error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); 120 return (-1); 121 } 122 if (buffer_len(buffer) < bytes) { 123 error("buffer_get_bignum_ret: input buffer too small"); 124 return (-1); 125 } 126 bin = buffer_ptr(buffer); 127 if (BN_bin2bn(bin, bytes, value) == NULL) { 128 error("buffer_get_bignum_ret: BN_bin2bn failed"); 129 return (-1); 130 } 131 if (buffer_consume_ret(buffer, bytes) == -1) { 132 error("buffer_get_bignum_ret: buffer_consume failed"); 133 return (-1); 134 } 135 return (0); 136} 137 138void 139buffer_get_bignum(Buffer *buffer, BIGNUM *value) 140{ 141 if (buffer_get_bignum_ret(buffer, value) == -1) 142 fatal("buffer_get_bignum: buffer error"); 143} 144 145/* 146 * Stores a BIGNUM in the buffer in SSH2 format. 147 */ 148int 149buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) 150{ 151 u_int bytes; 152 u_char *buf; 153 int oi; 154 u_int hasnohigh = 0; 155 156 if (BN_is_zero(value)) { 157 buffer_put_int(buffer, 0); 158 return 0; 159 } 160 if (value->neg) { 161 error("buffer_put_bignum2_ret: negative numbers not supported"); 162 return (-1); 163 } 164 bytes = BN_num_bytes(value) + 1; /* extra padding byte */ 165 if (bytes < 2) { 166 error("buffer_put_bignum2_ret: BN too small"); 167 return (-1); 168 } 169 buf = xmalloc(bytes); 170 buf[0] = 0x00; 171 /* Get the value of in binary */ 172 oi = BN_bn2bin(value, buf+1); 173 if (oi < 0 || (u_int)oi != bytes - 1) { 174 error("buffer_put_bignum2_ret: BN_bn2bin() failed: " 175 "oi %d != bin_size %d", oi, bytes); 176 free(buf); 177 return (-1); 178 } 179 hasnohigh = (buf[1] & 0x80) ? 0 : 1; 180 buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); 181 explicit_bzero(buf, bytes); 182 free(buf); 183 return (0); 184} 185 186void 187buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) 188{ 189 if (buffer_put_bignum2_ret(buffer, value) == -1) 190 fatal("buffer_put_bignum2: buffer error"); 191} 192 193int 194buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) 195{ 196 u_int len; 197 u_char *bin; 198 199 if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { 200 error("buffer_get_bignum2_ret: invalid bignum"); 201 return (-1); 202 } 203 204 if (len > 0 && (bin[0] & 0x80)) { 205 error("buffer_get_bignum2_ret: negative numbers not supported"); 206 free(bin); 207 return (-1); 208 } 209 if (len > 8 * 1024) { 210 error("buffer_get_bignum2_ret: cannot handle BN of size %d", 211 len); 212 free(bin); 213 return (-1); 214 } 215 if (BN_bin2bn(bin, len, value) == NULL) { 216 error("buffer_get_bignum2_ret: BN_bin2bn failed"); 217 free(bin); 218 return (-1); 219 } 220 free(bin); 221 return (0); 222} 223 224void 225buffer_get_bignum2(Buffer *buffer, BIGNUM *value) 226{ 227 if (buffer_get_bignum2_ret(buffer, value) == -1) 228 fatal("buffer_get_bignum2: buffer error"); 229} 230