]>
Commit | Line | Data |
---|---|---|
3c0ef626 | 1 | /* |
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
4 | * All rights reserved | |
5 | * Auxiliary functions for storing and retrieving various data types to/from | |
6 | * Buffers. | |
7 | * | |
8 | * As far as I am concerned, the code I have written for this software | |
9 | * can be used freely for any purpose. Any derived versions of this | |
10 | * software must be clearly marked as such, and if the derived work is | |
11 | * incompatible with the protocol description in the RFC file, it must be | |
12 | * called by a name other than "ssh" or "Secure Shell". | |
13 | * | |
14 | * | |
15 | * SSH2 packet format added by Markus Friedl | |
16 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | |
17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | |
21 | * 1. Redistributions of source code must retain the above copyright | |
22 | * notice, this list of conditions and the following disclaimer. | |
23 | * 2. Redistributions in binary form must reproduce the above copyright | |
24 | * notice, this list of conditions and the following disclaimer in the | |
25 | * documentation and/or other materials provided with the distribution. | |
26 | * | |
27 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
28 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
30 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
31 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
32 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
33 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
34 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
35 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
36 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
37 | */ | |
38 | ||
39 | #include "includes.h" | |
2c06c99b | 40 | RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $"); |
3c0ef626 | 41 | |
42 | #include <openssl/bn.h> | |
43 | #include "bufaux.h" | |
44 | #include "xmalloc.h" | |
45 | #include "getput.h" | |
46 | #include "log.h" | |
47 | ||
48 | /* | |
49 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed | |
50 | * by (bits+7)/8 bytes of binary data, msb first. | |
51 | */ | |
996d5e62 | 52 | int |
53 | buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |
3c0ef626 | 54 | { |
55 | int bits = BN_num_bits(value); | |
56 | int bin_size = (bits + 7) / 8; | |
57 | u_char *buf = xmalloc(bin_size); | |
58 | int oi; | |
59 | char msg[2]; | |
60 | ||
61 | /* Get the value of in binary */ | |
62 | oi = BN_bn2bin(value, buf); | |
996d5e62 | 63 | if (oi != bin_size) { |
64 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", | |
e9a17296 | 65 | oi, bin_size); |
2c06c99b | 66 | xfree(buf); |
996d5e62 | 67 | return (-1); |
68 | } | |
3c0ef626 | 69 | |
70 | /* Store the number of bits in the buffer in two bytes, msb first. */ | |
71 | PUT_16BIT(msg, bits); | |
72 | buffer_append(buffer, msg, 2); | |
73 | /* Store the binary data. */ | |
74 | buffer_append(buffer, (char *)buf, oi); | |
75 | ||
76 | memset(buf, 0, bin_size); | |
77 | xfree(buf); | |
996d5e62 | 78 | |
79 | return (0); | |
80 | } | |
81 | ||
82 | void | |
83 | buffer_put_bignum(Buffer *buffer, const BIGNUM *value) | |
84 | { | |
85 | if (buffer_put_bignum_ret(buffer, value) == -1) | |
86 | fatal("buffer_put_bignum: buffer error"); | |
3c0ef626 | 87 | } |
88 | ||
89 | /* | |
90 | * Retrieves an BIGNUM from the buffer. | |
91 | */ | |
996d5e62 | 92 | int |
93 | buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) | |
3c0ef626 | 94 | { |
cdd66111 | 95 | u_int bits, bytes; |
3c0ef626 | 96 | u_char buf[2], *bin; |
97 | ||
98 | /* Get the number for bits. */ | |
996d5e62 | 99 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { |
100 | error("buffer_get_bignum_ret: invalid length"); | |
101 | return (-1); | |
102 | } | |
3c0ef626 | 103 | bits = GET_16BIT(buf); |
104 | /* Compute the number of binary bytes that follow. */ | |
105 | bytes = (bits + 7) / 8; | |
996d5e62 | 106 | if (bytes > 8 * 1024) { |
107 | error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); | |
108 | return (-1); | |
109 | } | |
110 | if (buffer_len(buffer) < bytes) { | |
111 | error("buffer_get_bignum_ret: input buffer too small"); | |
112 | return (-1); | |
113 | } | |
e9a17296 | 114 | bin = buffer_ptr(buffer); |
3c0ef626 | 115 | BN_bin2bn(bin, bytes, value); |
996d5e62 | 116 | if (buffer_consume_ret(buffer, bytes) == -1) { |
117 | error("buffer_get_bignum_ret: buffer_consume failed"); | |
118 | return (-1); | |
119 | } | |
120 | return (0); | |
121 | } | |
122 | ||
123 | void | |
124 | buffer_get_bignum(Buffer *buffer, BIGNUM *value) | |
125 | { | |
126 | if (buffer_get_bignum_ret(buffer, value) == -1) | |
127 | fatal("buffer_get_bignum: buffer error"); | |
3c0ef626 | 128 | } |
129 | ||
130 | /* | |
131 | * Stores an BIGNUM in the buffer in SSH2 format. | |
132 | */ | |
996d5e62 | 133 | int |
134 | buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) | |
3c0ef626 | 135 | { |
cdd66111 | 136 | u_int bytes; |
137 | u_char *buf; | |
3c0ef626 | 138 | int oi; |
cdd66111 | 139 | u_int hasnohigh = 0; |
680cee3b | 140 | |
cdd66111 | 141 | if (BN_is_zero(value)) { |
142 | buffer_put_int(buffer, 0); | |
996d5e62 | 143 | return 0; |
144 | } | |
145 | if (value->neg) { | |
146 | error("buffer_put_bignum2_ret: negative numbers not supported"); | |
147 | return (-1); | |
cdd66111 | 148 | } |
cdd66111 | 149 | bytes = BN_num_bytes(value) + 1; /* extra padding byte */ |
996d5e62 | 150 | if (bytes < 2) { |
151 | error("buffer_put_bignum2_ret: BN too small"); | |
152 | return (-1); | |
153 | } | |
cdd66111 | 154 | buf = xmalloc(bytes); |
996d5e62 | 155 | buf[0] = 0x00; |
3c0ef626 | 156 | /* Get the value of in binary */ |
157 | oi = BN_bn2bin(value, buf+1); | |
665a873d | 158 | if (oi < 0 || (u_int)oi != bytes - 1) { |
996d5e62 | 159 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " |
cdd66111 | 160 | "oi %d != bin_size %d", oi, bytes); |
996d5e62 | 161 | xfree(buf); |
162 | return (-1); | |
163 | } | |
3c0ef626 | 164 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
3c0ef626 | 165 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
166 | memset(buf, 0, bytes); | |
167 | xfree(buf); | |
996d5e62 | 168 | return (0); |
3c0ef626 | 169 | } |
170 | ||
e9a17296 | 171 | void |
996d5e62 | 172 | buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) |
173 | { | |
174 | if (buffer_put_bignum2_ret(buffer, value) == -1) | |
175 | fatal("buffer_put_bignum2: buffer error"); | |
176 | } | |
177 | ||
178 | int | |
179 | buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) | |
3c0ef626 | 180 | { |
680cee3b | 181 | u_int len; |
996d5e62 | 182 | u_char *bin; |
dec6d9fe | 183 | |
996d5e62 | 184 | if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { |
185 | error("buffer_get_bignum2_ret: invalid bignum"); | |
186 | return (-1); | |
187 | } | |
680cee3b | 188 | |
996d5e62 | 189 | if (len > 0 && (bin[0] & 0x80)) { |
190 | error("buffer_get_bignum2_ret: negative numbers not supported"); | |
2c06c99b | 191 | xfree(bin); |
996d5e62 | 192 | return (-1); |
193 | } | |
194 | if (len > 8 * 1024) { | |
195 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); | |
2c06c99b | 196 | xfree(bin); |
996d5e62 | 197 | return (-1); |
198 | } | |
3c0ef626 | 199 | BN_bin2bn(bin, len, value); |
200 | xfree(bin); | |
996d5e62 | 201 | return (0); |
202 | } | |
203 | ||
204 | void | |
205 | buffer_get_bignum2(Buffer *buffer, BIGNUM *value) | |
206 | { | |
207 | if (buffer_get_bignum2_ret(buffer, value) == -1) | |
208 | fatal("buffer_get_bignum2: buffer error"); | |
3c0ef626 | 209 | } |
cdd66111 | 210 | |
3c0ef626 | 211 | /* |
700318f3 | 212 | * Returns integers from the buffer (msb first). |
3c0ef626 | 213 | */ |
700318f3 | 214 | |
996d5e62 | 215 | int |
216 | buffer_get_short_ret(u_short *ret, Buffer *buffer) | |
217 | { | |
218 | u_char buf[2]; | |
219 | ||
220 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) | |
221 | return (-1); | |
222 | *ret = GET_16BIT(buf); | |
223 | return (0); | |
224 | } | |
225 | ||
700318f3 | 226 | u_short |
227 | buffer_get_short(Buffer *buffer) | |
228 | { | |
996d5e62 | 229 | u_short ret; |
230 | ||
231 | if (buffer_get_short_ret(&ret, buffer) == -1) | |
232 | fatal("buffer_get_short: buffer error"); | |
680cee3b | 233 | |
996d5e62 | 234 | return (ret); |
235 | } | |
236 | ||
237 | int | |
238 | buffer_get_int_ret(u_int *ret, Buffer *buffer) | |
239 | { | |
240 | u_char buf[4]; | |
241 | ||
242 | if (buffer_get_ret(buffer, (char *) buf, 4) == -1) | |
243 | return (-1); | |
244 | *ret = GET_32BIT(buf); | |
245 | return (0); | |
700318f3 | 246 | } |
247 | ||
3c0ef626 | 248 | u_int |
249 | buffer_get_int(Buffer *buffer) | |
250 | { | |
996d5e62 | 251 | u_int ret; |
252 | ||
253 | if (buffer_get_int_ret(&ret, buffer) == -1) | |
254 | fatal("buffer_get_int: buffer error"); | |
255 | ||
256 | return (ret); | |
257 | } | |
680cee3b | 258 | |
996d5e62 | 259 | int |
260 | buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) | |
261 | { | |
262 | u_char buf[8]; | |
263 | ||
264 | if (buffer_get_ret(buffer, (char *) buf, 8) == -1) | |
265 | return (-1); | |
266 | *ret = GET_64BIT(buf); | |
267 | return (0); | |
3c0ef626 | 268 | } |
269 | ||
3c0ef626 | 270 | u_int64_t |
271 | buffer_get_int64(Buffer *buffer) | |
272 | { | |
996d5e62 | 273 | u_int64_t ret; |
680cee3b | 274 | |
996d5e62 | 275 | if (buffer_get_int64_ret(&ret, buffer) == -1) |
276 | fatal("buffer_get_int: buffer error"); | |
277 | ||
278 | return (ret); | |
3c0ef626 | 279 | } |
3c0ef626 | 280 | |
281 | /* | |
700318f3 | 282 | * Stores integers in the buffer, msb first. |
3c0ef626 | 283 | */ |
700318f3 | 284 | void |
285 | buffer_put_short(Buffer *buffer, u_short value) | |
286 | { | |
287 | char buf[2]; | |
680cee3b | 288 | |
700318f3 | 289 | PUT_16BIT(buf, value); |
290 | buffer_append(buffer, buf, 2); | |
291 | } | |
292 | ||
3c0ef626 | 293 | void |
294 | buffer_put_int(Buffer *buffer, u_int value) | |
295 | { | |
296 | char buf[4]; | |
680cee3b | 297 | |
3c0ef626 | 298 | PUT_32BIT(buf, value); |
299 | buffer_append(buffer, buf, 4); | |
300 | } | |
301 | ||
3c0ef626 | 302 | void |
303 | buffer_put_int64(Buffer *buffer, u_int64_t value) | |
304 | { | |
305 | char buf[8]; | |
680cee3b | 306 | |
3c0ef626 | 307 | PUT_64BIT(buf, value); |
308 | buffer_append(buffer, buf, 8); | |
309 | } | |
3c0ef626 | 310 | |
311 | /* | |
312 | * Returns an arbitrary binary string from the buffer. The string cannot | |
313 | * be longer than 256k. The returned value points to memory allocated | |
314 | * with xmalloc; it is the responsibility of the calling function to free | |
315 | * the data. If length_ptr is non-NULL, the length of the returned data | |
316 | * will be stored there. A null character will be automatically appended | |
317 | * to the returned string, and is not counted in length. | |
318 | */ | |
e9a17296 | 319 | void * |
996d5e62 | 320 | buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) |
3c0ef626 | 321 | { |
e9a17296 | 322 | u_char *value; |
680cee3b | 323 | u_int len; |
324 | ||
3c0ef626 | 325 | /* Get the length. */ |
326 | len = buffer_get_int(buffer); | |
996d5e62 | 327 | if (len > 256 * 1024) { |
328 | error("buffer_get_string_ret: bad string length %u", len); | |
329 | return (NULL); | |
330 | } | |
3c0ef626 | 331 | /* Allocate space for the string. Add one byte for a null character. */ |
332 | value = xmalloc(len + 1); | |
333 | /* Get the string. */ | |
996d5e62 | 334 | if (buffer_get_ret(buffer, value, len) == -1) { |
335 | error("buffer_get_string_ret: buffer_get failed"); | |
336 | xfree(value); | |
337 | return (NULL); | |
338 | } | |
3c0ef626 | 339 | /* Append a null character to make processing easier. */ |
340 | value[len] = 0; | |
341 | /* Optionally return the length of the string. */ | |
342 | if (length_ptr) | |
343 | *length_ptr = len; | |
996d5e62 | 344 | return (value); |
345 | } | |
346 | ||
347 | void * | |
348 | buffer_get_string(Buffer *buffer, u_int *length_ptr) | |
349 | { | |
350 | void *ret; | |
351 | ||
352 | if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) | |
353 | fatal("buffer_get_string: buffer error"); | |
354 | return (ret); | |
3c0ef626 | 355 | } |
356 | ||
357 | /* | |
358 | * Stores and arbitrary binary string in the buffer. | |
359 | */ | |
360 | void | |
361 | buffer_put_string(Buffer *buffer, const void *buf, u_int len) | |
362 | { | |
363 | buffer_put_int(buffer, len); | |
364 | buffer_append(buffer, buf, len); | |
365 | } | |
366 | void | |
367 | buffer_put_cstring(Buffer *buffer, const char *s) | |
368 | { | |
700318f3 | 369 | if (s == NULL) |
370 | fatal("buffer_put_cstring: s == NULL"); | |
3c0ef626 | 371 | buffer_put_string(buffer, s, strlen(s)); |
372 | } | |
373 | ||
374 | /* | |
375 | * Returns a character from the buffer (0 - 255). | |
376 | */ | |
996d5e62 | 377 | int |
378 | buffer_get_char_ret(char *ret, Buffer *buffer) | |
379 | { | |
380 | if (buffer_get_ret(buffer, ret, 1) == -1) { | |
381 | error("buffer_get_char_ret: buffer_get_ret failed"); | |
382 | return (-1); | |
383 | } | |
384 | return (0); | |
385 | } | |
386 | ||
3c0ef626 | 387 | int |
388 | buffer_get_char(Buffer *buffer) | |
389 | { | |
390 | char ch; | |
680cee3b | 391 | |
996d5e62 | 392 | if (buffer_get_char_ret(&ch, buffer) == -1) |
393 | fatal("buffer_get_char: buffer error"); | |
3c0ef626 | 394 | return (u_char) ch; |
395 | } | |
396 | ||
397 | /* | |
398 | * Stores a character in the buffer. | |
399 | */ | |
400 | void | |
401 | buffer_put_char(Buffer *buffer, int value) | |
402 | { | |
403 | char ch = value; | |
680cee3b | 404 | |
3c0ef626 | 405 | buffer_append(buffer, &ch, 1); |
406 | } |