diff options
-rw-r--r-- | ChangeLog | 14 | ||||
-rw-r--r-- | bufaux.c | 332 | ||||
-rw-r--r-- | bufbn.c | 210 | ||||
-rw-r--r-- | bufec.c | 107 | ||||
-rw-r--r-- | buffer.c | 245 | ||||
-rw-r--r-- | buffer.h | 64 | ||||
-rw-r--r-- | sshbuf-getput-basic.c | 421 | ||||
-rw-r--r-- | sshbuf-getput-crypto.c | 233 | ||||
-rw-r--r-- | sshbuf-misc.c | 129 | ||||
-rw-r--r-- | sshbuf.c | 405 | ||||
-rw-r--r-- | sshbuf.h | 325 | ||||
-rw-r--r-- | ssherr.c | 131 | ||||
-rw-r--r-- | ssherr.h | 80 |
13 files changed, 1977 insertions, 719 deletions
@@ -52,6 +52,20 @@ Don't attempt to append a nul quote char to the filename. Should prevent fatal'ing with "el_insertstr failed" when there's a single quote char somewhere in the string. bz#2238, ok markus@ + - djm@cvs.openbsd.org 2014/04/30 05:29:56 + [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c] + [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c] + [ssherr.h] + New buffer API; the first installment of the conversion/replacement + of OpenSSH's internals to make them usable as a standalone library. + + This includes a set of wrappers to make it compatible with the + existing buffer API so replacement can occur incrementally. + + With and ok markus@ + + Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew + Dempsky and Ron Bowes for a detailed review. 20140430 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already @@ -1,68 +1,38 @@ -/* $OpenBSD: bufaux.c,v 1.59 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */ /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * Auxiliary functions for storing and retrieving various data types to/from - * Buffers. + * Copyright (c) 2012 Damien Miller <djm@mindrot.org> * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * - * SSH2 packet format added by Markus Friedl - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ #include <sys/types.h> -#include <string.h> -#include <stdarg.h> -#include <stdlib.h> - -#include "xmalloc.h" #include "buffer.h" #include "log.h" -#include "misc.h" - -/* - * Returns integers from the buffer (msb first). - */ +#include "ssherr.h" int -buffer_get_short_ret(u_short *ret, Buffer *buffer) +buffer_get_short_ret(u_short *v, Buffer *buffer) { - u_char buf[2]; + int ret; - if (buffer_get_ret(buffer, (char *) buf, 2) == -1) - return (-1); - *ret = get_u16(buf); - return (0); + if ((ret = sshbuf_get_u16(buffer, v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; } u_short @@ -71,21 +41,21 @@ buffer_get_short(Buffer *buffer) u_short ret; if (buffer_get_short_ret(&ret, buffer) == -1) - fatal("buffer_get_short: buffer error"); + fatal("%s: buffer error", __func__); return (ret); } int -buffer_get_int_ret(u_int *ret, Buffer *buffer) +buffer_get_int_ret(u_int *v, Buffer *buffer) { - u_char buf[4]; + int ret; - if (buffer_get_ret(buffer, (char *) buf, 4) == -1) - return (-1); - if (ret != NULL) - *ret = get_u32(buf); - return (0); + if ((ret = sshbuf_get_u32(buffer, v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; } u_int @@ -94,21 +64,21 @@ buffer_get_int(Buffer *buffer) u_int ret; if (buffer_get_int_ret(&ret, buffer) == -1) - fatal("buffer_get_int: buffer error"); + fatal("%s: buffer error", __func__); return (ret); } int -buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) +buffer_get_int64_ret(u_int64_t *v, Buffer *buffer) { - u_char buf[8]; + int ret; - if (buffer_get_ret(buffer, (char *) buf, 8) == -1) - return (-1); - if (ret != NULL) - *ret = get_u64(buf); - return (0); + if ((ret = sshbuf_get_u64(buffer, v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; } u_int64_t @@ -117,78 +87,52 @@ buffer_get_int64(Buffer *buffer) u_int64_t ret; if (buffer_get_int64_ret(&ret, buffer) == -1) - fatal("buffer_get_int: buffer error"); + fatal("%s: buffer error", __func__); return (ret); } -/* - * Stores integers in the buffer, msb first. - */ void buffer_put_short(Buffer *buffer, u_short value) { - char buf[2]; + int ret; - put_u16(buf, value); - buffer_append(buffer, buf, 2); + if ((ret = sshbuf_put_u16(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); } void buffer_put_int(Buffer *buffer, u_int value) { - char buf[4]; + int ret; - put_u32(buf, value); - buffer_append(buffer, buf, 4); + if ((ret = sshbuf_put_u32(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); } void buffer_put_int64(Buffer *buffer, u_int64_t value) { - char buf[8]; + int ret; - put_u64(buf, value); - buffer_append(buffer, buf, 8); + if ((ret = sshbuf_put_u64(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); } -/* - * Returns an arbitrary binary string from the buffer. The string cannot - * be longer than 256k. The returned value points to memory allocated - * with xmalloc; it is the responsibility of the calling function to free - * the data. If length_ptr is non-NULL, the length of the returned data - * will be stored there. A null character will be automatically appended - * to the returned string, and is not counted in length. - */ void * buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) { + size_t len; + int ret; u_char *value; - u_int len; - /* Get the length. */ - if (buffer_get_int_ret(&len, buffer) != 0) { - error("buffer_get_string_ret: cannot extract length"); - return (NULL); - } - if (len > 256 * 1024) { - error("buffer_get_string_ret: bad string length %u", len); - return (NULL); - } - /* Allocate space for the string. Add one byte for a null character. */ - value = xmalloc(len + 1); - /* Get the string. */ - if (buffer_get_ret(buffer, value, len) == -1) { - error("buffer_get_string_ret: buffer_get failed"); - free(value); - return (NULL); + if ((ret = sshbuf_get_string(buffer, &value, &len)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return NULL; } - /* Append a null character to make processing easier. */ - value[len] = '\0'; - /* Optionally return the length of the string. */ - if (length_ptr) - *length_ptr = len; - return (value); + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; } void * @@ -197,31 +141,24 @@ buffer_get_string(Buffer *buffer, u_int *length_ptr) void *ret; if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) - fatal("buffer_get_string: buffer error"); + fatal("%s: buffer error", __func__); return (ret); } char * buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) { - u_int length; - char *cp, *ret = buffer_get_string_ret(buffer, &length); + size_t len; + int ret; + char *value; - if (ret == NULL) + if ((ret = sshbuf_get_cstring(buffer, &value, &len)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); return NULL; - if ((cp = memchr(ret, '\0', length)) != NULL) { - /* XXX allow \0 at end-of-string for a while, remove later */ - if (cp == ret + length - 1) - error("buffer_get_cstring_ret: string contains \\0"); - else { - explicit_bzero(ret, length); - free(ret); - return NULL; - } } if (length_ptr != NULL) - *length_ptr = length; - return ret; + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; } char * @@ -230,27 +167,24 @@ buffer_get_cstring(Buffer *buffer, u_int *length_ptr) char *ret; if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL) - fatal("buffer_get_cstring: buffer error"); + fatal("%s: buffer error", __func__); return ret; } const void * buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr) { - void *ptr; - u_int len; + size_t len; + int ret; + const u_char *value; - if (buffer_get_int_ret(&len, buffer) != 0) - return NULL; - if (len > 256 * 1024) { - error("buffer_get_string_ptr: bad string length %u", len); + if ((ret = sshbuf_get_string_direct(buffer, &value, &len)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); return NULL; } - ptr = buffer_ptr(buffer); - buffer_consume(buffer, len); - if (length_ptr) - *length_ptr = len; - return (ptr); + if (length_ptr != NULL) + *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ + return value; } const void * @@ -259,133 +193,65 @@ buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr) const void *ret; if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL) - fatal("buffer_get_string_ptr: buffer error"); + fatal("%s: buffer error", __func__); return (ret); } -/* - * Stores and arbitrary binary string in the buffer. - */ void buffer_put_string(Buffer *buffer, const void *buf, u_int len) { - buffer_put_int(buffer, len); - buffer_append(buffer, buf, len); + int ret; + + if ((ret = sshbuf_put_string(buffer, buf, len)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); } + void buffer_put_cstring(Buffer *buffer, const char *s) { - if (s == NULL) - fatal("buffer_put_cstring: s == NULL"); - buffer_put_string(buffer, s, strlen(s)); + int ret; + + if ((ret = sshbuf_put_cstring(buffer, s)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); } -/* - * Returns a character from the buffer (0 - 255). - */ int -buffer_get_char_ret(u_char *ret, Buffer *buffer) +buffer_get_char_ret(char *v, Buffer *buffer) { - if (buffer_get_ret(buffer, ret, 1) == -1) { - error("buffer_get_char_ret: buffer_get_ret failed"); - return (-1); + int ret; + + if ((ret = sshbuf_get_u8(buffer, (u_char *)v)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; } - return (0); + return 0; } int buffer_get_char(Buffer *buffer) { - u_char ch; + char ch; if (buffer_get_char_ret(&ch, buffer) == -1) - fatal("buffer_get_char: buffer error"); - return ch; + fatal("%s: buffer error", __func__); + return (u_char) ch; } -/* - * Stores a character in the buffer. - */ void buffer_put_char(Buffer *buffer, int value) { - char ch = value; - - buffer_append(buffer, &ch, 1); -} - -/* Pseudo bignum functions */ - -void * -buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr) -{ - u_int len; - u_char *bin, *p, *ret; - - if ((p = bin = buffer_get_string_ret(buffer, &len)) == NULL) { - error("%s: invalid bignum", __func__); - return NULL; - } - - if (len > 0 && (bin[0] & 0x80)) { - error("%s: negative numbers not supported", __func__); - free(bin); - return NULL; - } - if (len > 8 * 1024) { - error("%s: cannot handle BN of size %d", __func__, len); - free(bin); - return NULL; - } - /* Skip zero prefix on numbers with the MSB set */ - if (len > 1 && bin[0] == 0x00 && (bin[1] & 0x80) != 0) { - p++; - len--; - } - ret = xmalloc(len); - memcpy(ret, p, len); - explicit_bzero(p, len); - free(bin); - return ret; -} - -void * -buffer_get_bignum2_as_string(Buffer *buffer, u_int *l) -{ - void *ret = buffer_get_bignum2_as_string_ret(buffer, l); + int ret; - if (ret == NULL) - fatal("%s: buffer error", __func__); - return ret; + if ((ret = sshbuf_put_u8(buffer, value)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); } -/* - * Stores a string using the bignum encoding rules (\0 pad if MSB set). - */ void buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l) { - u_char *buf, *p; - int pad = 0; - - if (l > 8 * 1024) - fatal("%s: length %u too long", __func__, l); - /* Skip leading zero bytes */ - for (; l > 0 && *s == 0; l--, s++) - ; - p = buf = xmalloc(l + 1); - /* - * If most significant bit is set then prepend a zero byte to - * avoid interpretation as a negative number. - */ - if (l > 0 && (s[0] & 0x80) != 0) { - *p++ = '\0'; - pad = 1; - } - memcpy(p, s, l); - buffer_put_string(buffer, buf, l + pad); - explicit_bzero(buf, l + pad); - free(buf); -} + int ret; + if ((ret = sshbuf_put_bignum2_bytes(buffer, s, l)) != 0) + fatal("%s: %s", __func__, ssh_err(ret)); +} @@ -1,229 +1,101 @@ -/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/ +/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */ + /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * Auxiliary functions for storing and retrieving various data types to/from - * Buffers. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * SSH2 packet format added by Markus Friedl - * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2012 Damien Miller <djm@mindrot.org> * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ #include <sys/types.h> -#include <openssl/bn.h> - -#include <string.h> -#include <stdarg.h> -#include <stdlib.h> - -#include "xmalloc.h" #include "buffer.h" #include "log.h" -#include "misc.h" +#include "ssherr.h" -/* - * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed - * by (bits+7)/8 bytes of binary data, msb first. - */ int buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) { - int bits = BN_num_bits(value); - int bin_size = (bits + 7) / 8; - u_char *buf = xmalloc(bin_size); - int oi; - char msg[2]; - - /* Get the value of in binary */ - oi = BN_bn2bin(value, buf); - if (oi != bin_size) { - error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", - oi, bin_size); - free(buf); - return (-1); - } - - /* Store the number of bits in the buffer in two bytes, msb first. */ - put_u16(msg, bits); - buffer_append(buffer, msg, 2); - /* Store the binary data. */ - buffer_append(buffer, buf, oi); + int ret; - explicit_bzero(buf, bin_size); - free(buf); - - return (0); + if ((ret = sshbuf_put_bignum1(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; + } + return 0; } void buffer_put_bignum(Buffer *buffer, const BIGNUM *value) { if (buffer_put_bignum_ret(buffer, value) == -1) - fatal("buffer_put_bignum: buffer error"); + fatal("%s: buffer error", __func__); } -/* - * Retrieves a BIGNUM from the buffer. - */ int buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) { - u_int bits, bytes; - u_char buf[2], *bin; + int ret; - /* Get the number of bits. */ - if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { - error("buffer_get_bignum_ret: invalid length"); - return (-1); - } - bits = get_u16(buf); - if (bits > 65535-7) { - error("buffer_get_bignum_ret: cannot handle BN of size %d", - bits); - return (-1); + if ((ret = sshbuf_get_bignum1(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; } - /* Compute the number of binary bytes that follow. */ - bytes = (bits + 7) / 8; - if (bytes > 8 * 1024) { - error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); - return (-1); - } - if (buffer_len(buffer) < bytes) { - error("buffer_get_bignum_ret: input buffer too small"); - return (-1); - } - bin = buffer_ptr(buffer); - if (BN_bin2bn(bin, bytes, value) == NULL) { - error("buffer_get_bignum_ret: BN_bin2bn failed"); - return (-1); - } - if (buffer_consume_ret(buffer, bytes) == -1) { - error("buffer_get_bignum_ret: buffer_consume failed"); - return (-1); - } - return (0); + return 0; } void buffer_get_bignum(Buffer *buffer, BIGNUM *value) { if (buffer_get_bignum_ret(buffer, value) == -1) - fatal("buffer_get_bignum: buffer error"); + fatal("%s: buffer error", __func__); } -/* - * Stores a BIGNUM in the buffer in SSH2 format. - */ int buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) { - u_int bytes; - u_char *buf; - int oi; - u_int hasnohigh = 0; - - if (BN_is_zero(value)) { - buffer_put_int(buffer, 0); - return 0; - } - if (value->neg) { - error("buffer_put_bignum2_ret: negative numbers not supported"); - return (-1); - } - bytes = BN_num_bytes(value) + 1; /* extra padding byte */ - if (bytes < 2) { - error("buffer_put_bignum2_ret: BN too small"); - return (-1); - } - buf = xmalloc(bytes); - buf[0] = 0x00; - /* Get the value of in binary */ - oi = BN_bn2bin(value, buf+1); - if (oi < 0 || (u_int)oi != bytes - 1) { - error("buffer_put_bignum2_ret: BN_bn2bin() failed: " - "oi %d != bin_size %d", oi, bytes); - free(buf); - return (-1); + int ret; + + if ((ret = sshbuf_put_bignum2(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; } - hasnohigh = (buf[1] & 0x80) ? 0 : 1; - buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); - explicit_bzero(buf, bytes); - free(buf); - return (0); + return 0; } void buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) { if (buffer_put_bignum2_ret(buffer, value) == -1) - fatal("buffer_put_bignum2: buffer error"); + fatal("%s: buffer error", __func__); } int buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) { - u_int len; - u_char *bin; + int ret; - if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { - error("buffer_get_bignum2_ret: invalid bignum"); - return (-1); - } - - if (len > 0 && (bin[0] & 0x80)) { - error("buffer_get_bignum2_ret: negative numbers not supported"); - free(bin); - return (-1); - } - if (len > 8 * 1024) { - error("buffer_get_bignum2_ret: cannot handle BN of size %d", - len); - free(bin); - return (-1); - } - if (BN_bin2bn(bin, len, value) == NULL) { - error("buffer_get_bignum2_ret: BN_bin2bn failed"); - free(bin); - return (-1); + if ((ret = sshbuf_get_bignum2(buffer, value)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; } - free(bin); - return (0); + return 0; } void buffer_get_bignum2(Buffer *buffer, BIGNUM *value) { if (buffer_get_bignum2_ret(buffer, value) == -1) - fatal("buffer_get_bignum2: buffer error"); + fatal("%s: buffer error", __func__); } @@ -1,6 +1,7 @@ -/* $OpenBSD: bufec.c,v 1.3 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */ + /* - * Copyright (c) 2010 Damien Miller <djm@mindrot.org> + * Copyright (c) 2012 Damien Miller <djm@mindrot.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,73 +16,25 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" - -#ifdef OPENSSL_HAS_ECC +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ #include <sys/types.h> -#include <openssl/bn.h> -#include <openssl/ec.h> - -#include <string.h> -#include <stdarg.h> - -#include "xmalloc.h" #include "buffer.h" #include "log.h" -#include "misc.h" +#include "ssherr.h" -/* - * Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed - * encoding represents this as two bitstring points that should each - * be no longer than the field length, SEC1 specifies a 1 byte - * point type header. - * Being paranoid here may insulate us to parsing problems in - * EC_POINT_oct2point. - */ -#define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1) - -/* - * Append an EC_POINT to the buffer as a string containing a SEC1 encoded - * uncompressed point. Fortunately OpenSSL handles the gory details for us. - */ int buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, const EC_POINT *point) { - u_char *buf = NULL; - size_t len; - BN_CTX *bnctx; - int ret = -1; + int ret; - /* Determine length */ - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, bnctx); - if (len > BUFFER_MAX_ECPOINT_LEN) { - error("%s: giant EC point: len = %lu (max %u)", - __func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN); - goto out; - } - /* Convert */ - buf = xmalloc(len); - if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, - buf, len, bnctx) != len) { - error("%s: EC_POINT_point2oct length mismatch", __func__); - goto out; - } - /* Append */ - buffer_put_string(buffer, buf, len); - ret = 0; - out: - if (buf != NULL) { - explicit_bzero(buf, len); - free(buf); + if ((ret = sshbuf_put_ec(buffer, point, curve)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); + return -1; } - BN_CTX_free(bnctx); - return ret; + return 0; } void @@ -96,43 +49,13 @@ int buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, EC_POINT *point) { - u_char *buf; - u_int len; - BN_CTX *bnctx; - int ret = -1; + int ret; - if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) { - error("%s: invalid point", __func__); + if ((ret = sshbuf_get_ec(buffer, point, curve)) != 0) { + error("%s: %s", __func__, ssh_err(ret)); return -1; } - if ((bnctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new failed", __func__); - if (len > BUFFER_MAX_ECPOINT_LEN) { - error("%s: EC_POINT too long: %u > max %u", __func__, - len, BUFFER_MAX_ECPOINT_LEN); - goto out; - } - if (len == 0) { - error("%s: EC_POINT buffer is empty", __func__); - goto out; - } - if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) { - error("%s: EC_POINT is in an incorrect form: " - "0x%02x (want 0x%02x)", __func__, buf[0], - POINT_CONVERSION_UNCOMPRESSED); - goto out; - } - if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) { - error("buffer_get_bignum2_ret: BN_bin2bn failed"); - goto out; - } - /* EC_POINT_oct2point verifies that the point is on the curve for us */ - ret = 0; - out: - BN_CTX_free(bnctx); - explicit_bzero(buf, len); - free(buf); - return ret; + return 0; } void @@ -143,4 +66,4 @@ buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, fatal("%s: buffer error", __func__); } -#endif /* OPENSSL_HAS_ECC */ + @@ -1,253 +1,116 @@ -/* $OpenBSD: buffer.c,v 1.35 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */ + /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * Functions for manipulating fifo buffers (that can grow if needed). + * Copyright (c) 2012 Damien Miller <djm@mindrot.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ -#include <sys/param.h> +#include <sys/types.h> -#include <stdio.h> -#include <string.h> -#include <stdarg.h> -#include <stdlib.h> - -#include "xmalloc.h" #include "buffer.h" #include "log.h" - -#define BUFFER_MAX_CHUNK 0x100000 -#define BUFFER_MAX_LEN 0xa00000 -#define BUFFER_ALLOCSZ 0x008000 - -/* Initializes the buffer structure. */ - -void -buffer_init(Buffer *buffer) -{ - const u_int len = 4096; - - buffer->alloc = 0; - buffer->buf = xmalloc(len); - buffer->alloc = len; - buffer->offset = 0; - buffer->end = 0; -} - -/* Frees any memory used for the buffer. */ - -void -buffer_free(Buffer *buffer) -{ - if (buffer->alloc > 0) { - explicit_bzero(buffer->buf, buffer->alloc); - buffer->alloc = 0; - free(buffer->buf); - } -} - -/* - * Clears any data from the buffer, making it empty. This does not actually - * zero the memory. - */ - -void -buffer_clear(Buffer *buffer) -{ - buffer->offset = 0; - buffer->end = 0; -} - -/* Appends data to the buffer, expanding it if necessary. */ +#include "ssherr.h" void buffer_append(Buffer *buffer, const void *data, u_int len) { - void *p; - p = buffer_append_space(buffer, len); - memcpy(p, data, len); -} + int ret; -static int -buffer_compact(Buffer *buffer) -{ - /* - * If the buffer is quite empty, but all data is at the end, move the - * |