Annotation of src/usr.bin/ssh/bufaux.c, Revision 1.39
1.39 ! djm 1: /* $OpenBSD$ */
1.1 deraadt 2: /*
1.6 deraadt 3: * Author: Tatu Ylonen <ylo@cs.hut.fi>
4: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: * All rights reserved
1.13 deraadt 6: * Auxiliary functions for storing and retrieving various data types to/from
7: * Buffers.
1.11 markus 8: *
1.13 deraadt 9: * As far as I am concerned, the code I have written for this software
10: * can be used freely for any purpose. Any derived versions of this
11: * software must be clearly marked as such, and if the derived work is
12: * incompatible with the protocol description in the RFC file, it must be
13: * called by a name other than "ssh" or "Secure Shell".
1.11 markus 14: *
1.6 deraadt 15: *
1.9 markus 16: * SSH2 packet format added by Markus Friedl
1.13 deraadt 17: * Copyright (c) 2000 Markus Friedl. All rights reserved.
1.9 markus 18: *
1.13 deraadt 19: * Redistribution and use in source and binary forms, with or without
20: * modification, are permitted provided that the following conditions
21: * are met:
22: * 1. Redistributions of source code must retain the above copyright
23: * notice, this list of conditions and the following disclaimer.
24: * 2. Redistributions in binary form must reproduce the above copyright
25: * notice, this list of conditions and the following disclaimer in the
26: * documentation and/or other materials provided with the distribution.
27: *
28: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
29: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
30: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
31: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
32: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
33: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
37: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.6 deraadt 38: */
1.1 deraadt 39:
40: #include "includes.h"
41:
1.10 markus 42: #include <openssl/bn.h>
1.1 deraadt 43: #include "bufaux.h"
44: #include "xmalloc.h"
45: #include "getput.h"
1.17 markus 46: #include "log.h"
1.1 deraadt 47:
1.6 deraadt 48: /*
49: * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
50: * by (bits+7)/8 bytes of binary data, msb first.
51: */
1.33 djm 52: int
53: buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
1.1 deraadt 54: {
1.5 markus 55: int bits = BN_num_bits(value);
56: int bin_size = (bits + 7) / 8;
1.14 markus 57: u_char *buf = xmalloc(bin_size);
1.5 markus 58: int oi;
59: char msg[2];
60:
61: /* Get the value of in binary */
62: oi = BN_bn2bin(value, buf);
1.33 djm 63: if (oi != bin_size) {
64: error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
1.19 deraadt 65: oi, bin_size);
1.37 djm 66: xfree(buf);
1.33 djm 67: return (-1);
68: }
1.5 markus 69:
70: /* Store the number of bits in the buffer in two bytes, msb first. */
71: PUT_16BIT(msg, bits);
72: buffer_append(buffer, msg, 2);
73: /* Store the binary data. */
1.8 markus 74: buffer_append(buffer, (char *)buf, oi);
1.7 markus 75:
1.5 markus 76: memset(buf, 0, bin_size);
77: xfree(buf);
1.33 djm 78:
79: return (0);
80: }
81:
82: void
83: buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
84: {
85: if (buffer_put_bignum_ret(buffer, value) == -1)
86: fatal("buffer_put_bignum: buffer error");
1.1 deraadt 87: }
88:
1.6 deraadt 89: /*
90: * Retrieves an BIGNUM from the buffer.
91: */
1.33 djm 92: int
93: buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
1.1 deraadt 94: {
1.30 miod 95: u_int bits, bytes;
1.14 markus 96: u_char buf[2], *bin;
1.1 deraadt 97:
1.5 markus 98: /* Get the number for bits. */
1.33 djm 99: if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
100: error("buffer_get_bignum_ret: invalid length");
101: return (-1);
102: }
1.5 markus 103: bits = GET_16BIT(buf);
104: /* Compute the number of binary bytes that follow. */
105: bytes = (bits + 7) / 8;
1.33 djm 106: if (bytes > 8 * 1024) {
107: error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
108: return (-1);
109: }
110: if (buffer_len(buffer) < bytes) {
111: error("buffer_get_bignum_ret: input buffer too small");
112: return (-1);
113: }
1.22 stevesk 114: bin = buffer_ptr(buffer);
1.5 markus 115: BN_bin2bn(bin, bytes, value);
1.33 djm 116: if (buffer_consume_ret(buffer, bytes) == -1) {
117: error("buffer_get_bignum_ret: buffer_consume failed");
118: return (-1);
119: }
120: return (0);
121: }
122:
123: void
124: buffer_get_bignum(Buffer *buffer, BIGNUM *value)
125: {
126: if (buffer_get_bignum_ret(buffer, value) == -1)
127: fatal("buffer_get_bignum: buffer error");
1.1 deraadt 128: }
129:
1.6 deraadt 130: /*
1.9 markus 131: * Stores an BIGNUM in the buffer in SSH2 format.
132: */
1.33 djm 133: int
134: buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
1.9 markus 135: {
1.32 markus 136: u_int bytes;
137: u_char *buf;
1.9 markus 138: int oi;
1.30 miod 139: u_int hasnohigh = 0;
1.26 deraadt 140:
1.32 markus 141: if (BN_is_zero(value)) {
142: buffer_put_int(buffer, 0);
1.33 djm 143: return 0;
144: }
145: if (value->neg) {
146: error("buffer_put_bignum2_ret: negative numbers not supported");
147: return (-1);
1.32 markus 148: }
149: bytes = BN_num_bytes(value) + 1; /* extra padding byte */
1.33 djm 150: if (bytes < 2) {
151: error("buffer_put_bignum2_ret: BN too small");
152: return (-1);
153: }
1.32 markus 154: buf = xmalloc(bytes);
1.34 markus 155: buf[0] = 0x00;
1.9 markus 156: /* Get the value of in binary */
157: oi = BN_bn2bin(value, buf+1);
1.36 djm 158: if (oi < 0 || (u_int)oi != bytes - 1) {
1.33 djm 159: error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
1.32 markus 160: "oi %d != bin_size %d", oi, bytes);
1.33 djm 161: xfree(buf);
162: return (-1);
163: }
1.9 markus 164: hasnohigh = (buf[1] & 0x80) ? 0 : 1;
165: buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
166: memset(buf, 0, bytes);
167: xfree(buf);
1.33 djm 168: return (0);
1.9 markus 169: }
170:
1.21 markus 171: void
1.33 djm 172: buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
173: {
174: if (buffer_put_bignum2_ret(buffer, value) == -1)
175: fatal("buffer_put_bignum2: buffer error");
176: }
177:
178: int
179: buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
1.9 markus 180: {
1.27 markus 181: u_int len;
1.33 djm 182: u_char *bin;
1.35 deraadt 183:
1.33 djm 184: if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
185: error("buffer_get_bignum2_ret: invalid bignum");
186: return (-1);
187: }
1.26 deraadt 188:
1.33 djm 189: if (len > 0 && (bin[0] & 0x80)) {
190: error("buffer_get_bignum2_ret: negative numbers not supported");
1.37 djm 191: xfree(bin);
1.33 djm 192: return (-1);
193: }
194: if (len > 8 * 1024) {
195: error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
1.37 djm 196: xfree(bin);
1.33 djm 197: return (-1);
198: }
1.9 markus 199: BN_bin2bn(bin, len, value);
200: xfree(bin);
1.33 djm 201: return (0);
202: }
203:
204: void
205: buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
206: {
207: if (buffer_get_bignum2_ret(buffer, value) == -1)
208: fatal("buffer_get_bignum2: buffer error");
1.9 markus 209: }
1.32 markus 210:
1.9 markus 211: /*
1.25 markus 212: * Returns integers from the buffer (msb first).
1.6 deraadt 213: */
1.25 markus 214:
1.33 djm 215: int
216: buffer_get_short_ret(u_short *ret, Buffer *buffer)
217: {
218: u_char buf[2];
219:
220: if (buffer_get_ret(buffer, (char *) buf, 2) == -1)
221: return (-1);
222: *ret = GET_16BIT(buf);
223: return (0);
224: }
225:
1.25 markus 226: u_short
227: buffer_get_short(Buffer *buffer)
228: {
1.33 djm 229: u_short ret;
230:
231: if (buffer_get_short_ret(&ret, buffer) == -1)
232: fatal("buffer_get_short: buffer error");
233:
234: return (ret);
235: }
236:
237: int
238: buffer_get_int_ret(u_int *ret, Buffer *buffer)
239: {
240: u_char buf[4];
1.26 deraadt 241:
1.33 djm 242: if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
243: return (-1);
244: *ret = GET_32BIT(buf);
245: return (0);
1.25 markus 246: }
247:
1.14 markus 248: u_int
1.5 markus 249: buffer_get_int(Buffer *buffer)
1.1 deraadt 250: {
1.33 djm 251: u_int ret;
252:
253: if (buffer_get_int_ret(&ret, buffer) == -1)
254: fatal("buffer_get_int: buffer error");
255:
256: return (ret);
257: }
258:
259: int
260: buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer)
261: {
262: u_char buf[8];
1.26 deraadt 263:
1.33 djm 264: if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
265: return (-1);
266: *ret = GET_64BIT(buf);
267: return (0);
1.1 deraadt 268: }
269:
1.15 markus 270: u_int64_t
271: buffer_get_int64(Buffer *buffer)
272: {
1.33 djm 273: u_int64_t ret;
274:
275: if (buffer_get_int64_ret(&ret, buffer) == -1)
276: fatal("buffer_get_int: buffer error");
1.26 deraadt 277:
1.33 djm 278: return (ret);
1.15 markus 279: }
280:
1.6 deraadt 281: /*
1.25 markus 282: * Stores integers in the buffer, msb first.
1.6 deraadt 283: */
1.25 markus 284: void
285: buffer_put_short(Buffer *buffer, u_short value)
286: {
287: char buf[2];
1.26 deraadt 288:
1.25 markus 289: PUT_16BIT(buf, value);
290: buffer_append(buffer, buf, 2);
291: }
292:
1.11 markus 293: void
1.14 markus 294: buffer_put_int(Buffer *buffer, u_int value)
1.1 deraadt 295: {
1.5 markus 296: char buf[4];
1.26 deraadt 297:
1.5 markus 298: PUT_32BIT(buf, value);
299: buffer_append(buffer, buf, 4);
1.15 markus 300: }
301:
302: void
303: buffer_put_int64(Buffer *buffer, u_int64_t value)
304: {
305: char buf[8];
1.26 deraadt 306:
1.15 markus 307: PUT_64BIT(buf, value);
308: buffer_append(buffer, buf, 8);
1.1 deraadt 309: }
310:
1.6 deraadt 311: /*
312: * Returns an arbitrary binary string from the buffer. The string cannot
313: * be longer than 256k. The returned value points to memory allocated
314: * with xmalloc; it is the responsibility of the calling function to free
315: * the data. If length_ptr is non-NULL, the length of the returned data
316: * will be stored there. A null character will be automatically appended
317: * to the returned string, and is not counted in length.
318: */
1.20 stevesk 319: void *
1.33 djm 320: buffer_get_string_ret(Buffer *buffer, u_int *length_ptr)
1.1 deraadt 321: {
1.26 deraadt 322: u_char *value;
1.14 markus 323: u_int len;
1.26 deraadt 324:
1.5 markus 325: /* Get the length. */
326: len = buffer_get_int(buffer);
1.33 djm 327: if (len > 256 * 1024) {
328: error("buffer_get_string_ret: bad string length %u", len);
329: return (NULL);
330: }
1.5 markus 331: /* Allocate space for the string. Add one byte for a null character. */
332: value = xmalloc(len + 1);
333: /* Get the string. */
1.33 djm 334: if (buffer_get_ret(buffer, value, len) == -1) {
335: error("buffer_get_string_ret: buffer_get failed");
336: xfree(value);
337: return (NULL);
338: }
1.5 markus 339: /* Append a null character to make processing easier. */
340: value[len] = 0;
341: /* Optionally return the length of the string. */
342: if (length_ptr)
343: *length_ptr = len;
1.33 djm 344: return (value);
345: }
346:
347: void *
348: buffer_get_string(Buffer *buffer, u_int *length_ptr)
349: {
350: void *ret;
351:
352: if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL)
353: fatal("buffer_get_string: buffer error");
354: return (ret);
1.1 deraadt 355: }
356:
1.6 deraadt 357: /*
358: * Stores and arbitrary binary string in the buffer.
359: */
1.11 markus 360: void
1.14 markus 361: buffer_put_string(Buffer *buffer, const void *buf, u_int len)
1.1 deraadt 362: {
1.5 markus 363: buffer_put_int(buffer, len);
364: buffer_append(buffer, buf, len);
1.9 markus 365: }
1.11 markus 366: void
1.9 markus 367: buffer_put_cstring(Buffer *buffer, const char *s)
368: {
1.23 provos 369: if (s == NULL)
370: fatal("buffer_put_cstring: s == NULL");
1.9 markus 371: buffer_put_string(buffer, s, strlen(s));
1.1 deraadt 372: }
373:
1.6 deraadt 374: /*
375: * Returns a character from the buffer (0 - 255).
376: */
1.11 markus 377: int
1.33 djm 378: buffer_get_char_ret(char *ret, Buffer *buffer)
379: {
380: if (buffer_get_ret(buffer, ret, 1) == -1) {
381: error("buffer_get_char_ret: buffer_get_ret failed");
382: return (-1);
383: }
384: return (0);
385: }
386:
387: int
1.5 markus 388: buffer_get_char(Buffer *buffer)
1.1 deraadt 389: {
1.5 markus 390: char ch;
1.26 deraadt 391:
1.33 djm 392: if (buffer_get_char_ret(&ch, buffer) == -1)
393: fatal("buffer_get_char: buffer error");
1.14 markus 394: return (u_char) ch;
1.1 deraadt 395: }
396:
1.6 deraadt 397: /*
398: * Stores a character in the buffer.
399: */
1.11 markus 400: void
1.5 markus 401: buffer_put_char(Buffer *buffer, int value)
1.1 deraadt 402: {
1.5 markus 403: char ch = value;
1.26 deraadt 404:
1.5 markus 405: buffer_append(buffer, &ch, 1);
1.1 deraadt 406: }