1/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Auxiliary functions for storing and retrieving various data types to/from 7 * Buffers. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 * 15 * 16 * SSH2 packet format added by Markus Friedl 17 * Copyright (c) 2000 Markus Friedl. All rights reserved. 18 * 19 * Redistribution and use in source and binary forms, with or without 20 * modification, are permitted provided that the following conditions 21 * are met: 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 2. Redistributions in binary form must reproduce the above copyright 25 * notice, this list of conditions and the following disclaimer in the 26 * documentation and/or other materials provided with the distribution. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40#include "includes.h" 41 42#include <sys/types.h> 43 44#ifdef __APPLE_CRYPTO__ 45#include "ossl-bn.h" 46#else 47#include <openssl/bn.h> 48#endif 49 50#include <string.h> 51#include <stdarg.h> 52 53#include "xmalloc.h" 54#include "buffer.h" 55#include "log.h" 56#include "misc.h" 57 58/* 59 * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed 60 * by (bits+7)/8 bytes of binary data, msb first. 61 */ 62int 63buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) 64{ 65 int bits = BN_num_bits(value); 66 int bin_size = (bits + 7) / 8; 67 u_char *buf = xmalloc(bin_size); 68 int oi; 69 char msg[2]; 70 71 /* Get the value of in binary */ 72 oi = BN_bn2bin(value, buf); 73 if (oi != bin_size) { 74 error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", 75 oi, bin_size); 76 xfree(buf); 77 return (-1); 78 } 79 80 /* Store the number of bits in the buffer in two bytes, msb first. */ 81 put_u16(msg, bits); 82 buffer_append(buffer, msg, 2); 83 /* Store the binary data. */ 84 buffer_append(buffer, buf, oi); 85 86 memset(buf, 0, bin_size); 87 xfree(buf); 88 89 return (0); 90} 91 92void 93buffer_put_bignum(Buffer *buffer, const BIGNUM *value) 94{ 95 if (buffer_put_bignum_ret(buffer, value) == -1) 96 fatal("buffer_put_bignum: buffer error"); 97} 98 99/* 100 * Retrieves a BIGNUM from the buffer. 101 */ 102int 103buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) 104{ 105 u_int bits, bytes; 106 u_char buf[2], *bin; 107 108 /* Get the number of bits. */ 109 if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { 110 error("buffer_get_bignum_ret: invalid length"); 111 return (-1); 112 } 113 bits = get_u16(buf); 114 /* Compute the number of binary bytes that follow. */ 115 bytes = (bits + 7) / 8; 116 if (bytes > 8 * 1024) { 117 error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); 118 return (-1); 119 } 120 if (buffer_len(buffer) < bytes) { 121 error("buffer_get_bignum_ret: input buffer too small"); 122 return (-1); 123 } 124 bin = buffer_ptr(buffer); 125 if (BN_bin2bn(bin, bytes, value) == NULL) { 126 error("buffer_get_bignum_ret: BN_bin2bn failed"); 127 return (-1); 128 } 129 if (buffer_consume_ret(buffer, bytes) == -1) { 130 error("buffer_get_bignum_ret: buffer_consume failed"); 131 return (-1); 132 } 133 return (0); 134} 135 136void 137buffer_get_bignum(Buffer *buffer, BIGNUM *value) 138{ 139 if (buffer_get_bignum_ret(buffer, value) == -1) 140 fatal("buffer_get_bignum: buffer error"); 141} 142 143/* 144 * Stores a BIGNUM in the buffer in SSH2 format. 145 */ 146int 147buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) 148{ 149 u_int bytes; 150 u_char *buf; 151 int oi; 152 u_int hasnohigh = 0; 153 154 if (BN_is_zero(value)) { 155 buffer_put_int(buffer, 0); 156 return 0; 157 } 158 if (value->neg) { 159 error("buffer_put_bignum2_ret: negative numbers not supported"); 160 return (-1); 161 } 162 bytes = BN_num_bytes(value) + 1; /* extra padding byte */ 163 if (bytes < 2) { 164 error("buffer_put_bignum2_ret: BN too small"); 165 return (-1); 166 } 167 buf = xmalloc(bytes); 168 buf[0] = 0x00; 169 /* Get the value of in binary */ 170 oi = BN_bn2bin(value, buf+1); 171 if (oi < 0 || (u_int)oi != bytes - 1) { 172 error("buffer_put_bignum2_ret: BN_bn2bin() failed: " 173 "oi %d != bin_size %d", oi, bytes); 174 xfree(buf); 175 return (-1); 176 } 177 hasnohigh = (buf[1] & 0x80) ? 0 : 1; 178 buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); 179 memset(buf, 0, bytes); 180 xfree(buf); 181 return (0); 182} 183 184void 185buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) 186{ 187 if (buffer_put_bignum2_ret(buffer, value) == -1) 188 fatal("buffer_put_bignum2: buffer error"); 189} 190 191int 192buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) 193{ 194 u_int len; 195 u_char *bin; 196 197 if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { 198 error("buffer_get_bignum2_ret: invalid bignum"); 199 return (-1); 200 } 201 202 if (len > 0 && (bin[0] & 0x80)) { 203 error("buffer_get_bignum2_ret: negative numbers not supported"); 204 xfree(bin); 205 return (-1); 206 } 207 if (len > 8 * 1024) { 208 error("buffer_get_bignum2_ret: cannot handle BN of size %d", 209 len); 210 xfree(bin); 211 return (-1); 212 } 213 if (BN_bin2bn(bin, len, value) == NULL) { 214 error("buffer_get_bignum2_ret: BN_bin2bn failed"); 215 xfree(bin); 216 return (-1); 217 } 218 xfree(bin); 219 return (0); 220} 221 222void 223buffer_get_bignum2(Buffer *buffer, BIGNUM *value) 224{ 225 if (buffer_get_bignum2_ret(buffer, value) == -1) 226 fatal("buffer_get_bignum2: buffer error"); 227} 228