Annotation of src/usr.bin/ssh/bufaux.c, Revision 1.38
1.1 deraadt 1: /*
1.6 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.13 deraadt 5: * Auxiliary functions for storing and retrieving various data types to/from
6: * Buffers.
1.11 markus 7: *
1.13 deraadt 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
1.11 markus 13: *
1.6 deraadt 14: *
1.9 markus 15: * SSH2 packet format added by Markus Friedl
1.13 deraadt 16: * Copyright (c) 2000 Markus Friedl. All rights reserved.
1.9 markus 17: *
1.13 deraadt 18: * Redistribution and use in source and binary forms, with or without
19: * modification, are permitted provided that the following conditions
20: * are met:
21: * 1. Redistributions of source code must retain the above copyright
22: * notice, this list of conditions and the following disclaimer.
23: * 2. Redistributions in binary form must reproduce the above copyright
24: * notice, this list of conditions and the following disclaimer in the
25: * documentation and/or other materials provided with the distribution.
26: *
27: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.6 deraadt 37: */
1.1 deraadt 38:
39: #include "includes.h"
40:
1.10 markus 41: #include <openssl/bn.h>
1.1 deraadt 42: #include "bufaux.h"
43: #include "xmalloc.h"
44: #include "getput.h"
1.17 markus 45: #include "log.h"
1.1 deraadt 46:
1.6 deraadt 47: /*
48: * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
49: * by (bits+7)/8 bytes of binary data, msb first.
50: */
1.33 djm 51: int
52: buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
1.1 deraadt 53: {
1.5 markus 54: int bits = BN_num_bits(value);
55: int bin_size = (bits + 7) / 8;
1.14 markus 56: u_char *buf = xmalloc(bin_size);
1.5 markus 57: int oi;
58: char msg[2];
59:
60: /* Get the value of in binary */
61: oi = BN_bn2bin(value, buf);
1.33 djm 62: if (oi != bin_size) {
63: error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
1.19 deraadt 64: oi, bin_size);
1.37 djm 65: xfree(buf);
1.33 djm 66: return (-1);
67: }
1.5 markus 68:
69: /* Store the number of bits in the buffer in two bytes, msb first. */
70: PUT_16BIT(msg, bits);
71: buffer_append(buffer, msg, 2);
72: /* Store the binary data. */
1.8 markus 73: buffer_append(buffer, (char *)buf, oi);
1.7 markus 74:
1.5 markus 75: memset(buf, 0, bin_size);
76: xfree(buf);
1.33 djm 77:
78: return (0);
79: }
80:
81: void
82: buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
83: {
84: if (buffer_put_bignum_ret(buffer, value) == -1)
85: fatal("buffer_put_bignum: buffer error");
1.1 deraadt 86: }
87:
1.6 deraadt 88: /*
89: * Retrieves an BIGNUM from the buffer.
90: */
1.33 djm 91: int
92: buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
1.1 deraadt 93: {
1.30 miod 94: u_int bits, bytes;
1.14 markus 95: u_char buf[2], *bin;
1.1 deraadt 96:
1.5 markus 97: /* Get the number for bits. */
1.33 djm 98: if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
99: error("buffer_get_bignum_ret: invalid length");
100: return (-1);
101: }
1.5 markus 102: bits = GET_16BIT(buf);
103: /* Compute the number of binary bytes that follow. */
104: bytes = (bits + 7) / 8;
1.33 djm 105: if (bytes > 8 * 1024) {
106: error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
107: return (-1);
108: }
109: if (buffer_len(buffer) < bytes) {
110: error("buffer_get_bignum_ret: input buffer too small");
111: return (-1);
112: }
1.22 stevesk 113: bin = buffer_ptr(buffer);
1.5 markus 114: BN_bin2bn(bin, bytes, value);
1.33 djm 115: if (buffer_consume_ret(buffer, bytes) == -1) {
116: error("buffer_get_bignum_ret: buffer_consume failed");
117: return (-1);
118: }
119: return (0);
120: }
121:
122: void
123: buffer_get_bignum(Buffer *buffer, BIGNUM *value)
124: {
125: if (buffer_get_bignum_ret(buffer, value) == -1)
126: fatal("buffer_get_bignum: buffer error");
1.1 deraadt 127: }
128:
1.6 deraadt 129: /*
1.9 markus 130: * Stores an BIGNUM in the buffer in SSH2 format.
131: */
1.33 djm 132: int
133: buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
1.9 markus 134: {
1.32 markus 135: u_int bytes;
136: u_char *buf;
1.9 markus 137: int oi;
1.30 miod 138: u_int hasnohigh = 0;
1.26 deraadt 139:
1.32 markus 140: if (BN_is_zero(value)) {
141: buffer_put_int(buffer, 0);
1.33 djm 142: return 0;
143: }
144: if (value->neg) {
145: error("buffer_put_bignum2_ret: negative numbers not supported");
146: return (-1);
1.32 markus 147: }
148: bytes = BN_num_bytes(value) + 1; /* extra padding byte */
1.33 djm 149: if (bytes < 2) {
150: error("buffer_put_bignum2_ret: BN too small");
151: return (-1);
152: }
1.32 markus 153: buf = xmalloc(bytes);
1.34 markus 154: buf[0] = 0x00;
1.9 markus 155: /* Get the value of in binary */
156: oi = BN_bn2bin(value, buf+1);
1.36 djm 157: if (oi < 0 || (u_int)oi != bytes - 1) {
1.33 djm 158: error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
1.32 markus 159: "oi %d != bin_size %d", oi, bytes);
1.33 djm 160: xfree(buf);
161: return (-1);
162: }
1.9 markus 163: hasnohigh = (buf[1] & 0x80) ? 0 : 1;
164: buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
165: memset(buf, 0, bytes);
166: xfree(buf);
1.33 djm 167: return (0);
1.9 markus 168: }
169:
1.21 markus 170: void
1.33 djm 171: buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
172: {
173: if (buffer_put_bignum2_ret(buffer, value) == -1)
174: fatal("buffer_put_bignum2: buffer error");
175: }
176:
177: int
178: buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
1.9 markus 179: {
1.27 markus 180: u_int len;
1.33 djm 181: u_char *bin;
1.35 deraadt 182:
1.33 djm 183: if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
184: error("buffer_get_bignum2_ret: invalid bignum");
185: return (-1);
186: }
1.26 deraadt 187:
1.33 djm 188: if (len > 0 && (bin[0] & 0x80)) {
189: error("buffer_get_bignum2_ret: negative numbers not supported");
1.37 djm 190: xfree(bin);
1.33 djm 191: return (-1);
192: }
193: if (len > 8 * 1024) {
194: error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
1.37 djm 195: xfree(bin);
1.33 djm 196: return (-1);
197: }
1.9 markus 198: BN_bin2bn(bin, len, value);
199: xfree(bin);
1.33 djm 200: return (0);
201: }
202:
203: void
204: buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
205: {
206: if (buffer_get_bignum2_ret(buffer, value) == -1)
207: fatal("buffer_get_bignum2: buffer error");
1.9 markus 208: }
1.32 markus 209:
1.9 markus 210: /*
1.25 markus 211: * Returns integers from the buffer (msb first).
1.6 deraadt 212: */
1.25 markus 213:
1.33 djm 214: int
215: buffer_get_short_ret(u_short *ret, Buffer *buffer)
216: {
217: u_char buf[2];
218:
219: if (buffer_get_ret(buffer, (char *) buf, 2) == -1)
220: return (-1);
221: *ret = GET_16BIT(buf);
222: return (0);
223: }
224:
1.25 markus 225: u_short
226: buffer_get_short(Buffer *buffer)
227: {
1.33 djm 228: u_short ret;
229:
230: if (buffer_get_short_ret(&ret, buffer) == -1)
231: fatal("buffer_get_short: buffer error");
232:
233: return (ret);
234: }
235:
236: int
237: buffer_get_int_ret(u_int *ret, Buffer *buffer)
238: {
239: u_char buf[4];
1.26 deraadt 240:
1.33 djm 241: if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
242: return (-1);
243: *ret = GET_32BIT(buf);
244: return (0);
1.25 markus 245: }
246:
1.14 markus 247: u_int
1.5 markus 248: buffer_get_int(Buffer *buffer)
1.1 deraadt 249: {
1.33 djm 250: u_int ret;
251:
252: if (buffer_get_int_ret(&ret, buffer) == -1)
253: fatal("buffer_get_int: buffer error");
254:
255: return (ret);
256: }
257:
258: int
259: buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer)
260: {
261: u_char buf[8];
1.26 deraadt 262:
1.33 djm 263: if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
264: return (-1);
265: *ret = GET_64BIT(buf);
266: return (0);
1.1 deraadt 267: }
268:
1.15 markus 269: u_int64_t
270: buffer_get_int64(Buffer *buffer)
271: {
1.33 djm 272: u_int64_t ret;
273:
274: if (buffer_get_int64_ret(&ret, buffer) == -1)
275: fatal("buffer_get_int: buffer error");
1.26 deraadt 276:
1.33 djm 277: return (ret);
1.15 markus 278: }
279:
1.6 deraadt 280: /*
1.25 markus 281: * Stores integers in the buffer, msb first.
1.6 deraadt 282: */
1.25 markus 283: void
284: buffer_put_short(Buffer *buffer, u_short value)
285: {
286: char buf[2];
1.26 deraadt 287:
1.25 markus 288: PUT_16BIT(buf, value);
289: buffer_append(buffer, buf, 2);
290: }
291:
1.11 markus 292: void
1.14 markus 293: buffer_put_int(Buffer *buffer, u_int value)
1.1 deraadt 294: {
1.5 markus 295: char buf[4];
1.26 deraadt 296:
1.5 markus 297: PUT_32BIT(buf, value);
298: buffer_append(buffer, buf, 4);
1.15 markus 299: }
300:
301: void
302: buffer_put_int64(Buffer *buffer, u_int64_t value)
303: {
304: char buf[8];
1.26 deraadt 305:
1.15 markus 306: PUT_64BIT(buf, value);
307: buffer_append(buffer, buf, 8);
1.1 deraadt 308: }
309:
1.6 deraadt 310: /*
311: * Returns an arbitrary binary string from the buffer. The string cannot
312: * be longer than 256k. The returned value points to memory allocated
313: * with xmalloc; it is the responsibility of the calling function to free
314: * the data. If length_ptr is non-NULL, the length of the returned data
315: * will be stored there. A null character will be automatically appended
316: * to the returned string, and is not counted in length.
317: */
1.20 stevesk 318: void *
1.33 djm 319: buffer_get_string_ret(Buffer *buffer, u_int *length_ptr)
1.1 deraadt 320: {
1.26 deraadt 321: u_char *value;
1.14 markus 322: u_int len;
1.26 deraadt 323:
1.5 markus 324: /* Get the length. */
325: len = buffer_get_int(buffer);
1.33 djm 326: if (len > 256 * 1024) {
327: error("buffer_get_string_ret: bad string length %u", len);
328: return (NULL);
329: }
1.5 markus 330: /* Allocate space for the string. Add one byte for a null character. */
331: value = xmalloc(len + 1);
332: /* Get the string. */
1.33 djm 333: if (buffer_get_ret(buffer, value, len) == -1) {
334: error("buffer_get_string_ret: buffer_get failed");
335: xfree(value);
336: return (NULL);
337: }
1.5 markus 338: /* Append a null character to make processing easier. */
339: value[len] = 0;
340: /* Optionally return the length of the string. */
341: if (length_ptr)
342: *length_ptr = len;
1.33 djm 343: return (value);
344: }
345:
346: void *
347: buffer_get_string(Buffer *buffer, u_int *length_ptr)
348: {
349: void *ret;
350:
351: if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL)
352: fatal("buffer_get_string: buffer error");
353: return (ret);
1.1 deraadt 354: }
355:
1.6 deraadt 356: /*
357: * Stores and arbitrary binary string in the buffer.
358: */
1.11 markus 359: void
1.14 markus 360: buffer_put_string(Buffer *buffer, const void *buf, u_int len)
1.1 deraadt 361: {
1.5 markus 362: buffer_put_int(buffer, len);
363: buffer_append(buffer, buf, len);
1.9 markus 364: }
1.11 markus 365: void
1.9 markus 366: buffer_put_cstring(Buffer *buffer, const char *s)
367: {
1.23 provos 368: if (s == NULL)
369: fatal("buffer_put_cstring: s == NULL");
1.9 markus 370: buffer_put_string(buffer, s, strlen(s));
1.1 deraadt 371: }
372:
1.6 deraadt 373: /*
374: * Returns a character from the buffer (0 - 255).
375: */
1.11 markus 376: int
1.33 djm 377: buffer_get_char_ret(char *ret, Buffer *buffer)
378: {
379: if (buffer_get_ret(buffer, ret, 1) == -1) {
380: error("buffer_get_char_ret: buffer_get_ret failed");
381: return (-1);
382: }
383: return (0);
384: }
385:
386: int
1.5 markus 387: buffer_get_char(Buffer *buffer)
1.1 deraadt 388: {
1.5 markus 389: char ch;
1.26 deraadt 390:
1.33 djm 391: if (buffer_get_char_ret(&ch, buffer) == -1)
392: fatal("buffer_get_char: buffer error");
1.14 markus 393: return (u_char) ch;
1.1 deraadt 394: }
395:
1.6 deraadt 396: /*
397: * Stores a character in the buffer.
398: */
1.11 markus 399: void
1.5 markus 400: buffer_put_char(Buffer *buffer, int value)
1.1 deraadt 401: {
1.5 markus 402: char ch = value;
1.26 deraadt 403:
1.5 markus 404: buffer_append(buffer, &ch, 1);
1.1 deraadt 405: }