]>
Commit | Line | Data |
---|---|---|
51e7a012 | 1 | /* $OpenBSD: bufaux.c,v 1.41 2006/03/30 09:58:15 djm Exp $ */ |
8efc0c15 | 2 | /* |
5260325f | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
5260325f | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | |
5260325f | 6 | * Auxiliary functions for storing and retrieving various data types to/from |
7 | * Buffers. | |
8 | * | |
bcbf86ec | 9 | * As far as I am concerned, the code I have written for this software |
10 | * can be used freely for any purpose. Any derived versions of this | |
11 | * software must be clearly marked as such, and if the derived work is | |
12 | * incompatible with the protocol description in the RFC file, it must be | |
13 | * called by a name other than "ssh" or "Secure Shell". | |
14 | * | |
15 | * | |
7368a6c8 | 16 | * SSH2 packet format added by Markus Friedl |
bcbf86ec | 17 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
18 | * | |
19 | * Redistribution and use in source and binary forms, with or without | |
20 | * modification, are permitted provided that the following conditions | |
21 | * are met: | |
22 | * 1. Redistributions of source code must retain the above copyright | |
23 | * notice, this list of conditions and the following disclaimer. | |
24 | * 2. Redistributions in binary form must reproduce the above copyright | |
25 | * notice, this list of conditions and the following disclaimer in the | |
26 | * documentation and/or other materials provided with the distribution. | |
7368a6c8 | 27 | * |
bcbf86ec | 28 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
29 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
30 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
31 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
32 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
33 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
34 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
35 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
36 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
37 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
5260325f | 38 | */ |
8efc0c15 | 39 | |
40 | #include "includes.h" | |
8efc0c15 | 41 | |
8efc0c15 | 42 | #include <openssl/bn.h> |
43 | #include "bufaux.h" | |
44 | #include "xmalloc.h" | |
42f11eb2 | 45 | #include "log.h" |
51e7a012 | 46 | #include "misc.h" |
8efc0c15 | 47 | |
5260325f | 48 | /* |
49 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed | |
50 | * by (bits+7)/8 bytes of binary data, msb first. | |
51 | */ | |
b82a59f2 | 52 | int |
53 | buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |
8efc0c15 | 54 | { |
5260325f | 55 | int bits = BN_num_bits(value); |
56 | int bin_size = (bits + 7) / 8; | |
1e3b8b07 | 57 | u_char *buf = xmalloc(bin_size); |
5260325f | 58 | int oi; |
59 | char msg[2]; | |
60 | ||
61 | /* Get the value of in binary */ | |
62 | oi = BN_bn2bin(value, buf); | |
b82a59f2 | 63 | if (oi != bin_size) { |
64 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", | |
184eed6a | 65 | oi, bin_size); |
27e3ef36 | 66 | xfree(buf); |
b82a59f2 | 67 | return (-1); |
68 | } | |
5260325f | 69 | |
70 | /* Store the number of bits in the buffer in two bytes, msb first. */ | |
51e7a012 | 71 | put_u16(msg, bits); |
5260325f | 72 | buffer_append(buffer, msg, 2); |
73 | /* Store the binary data. */ | |
15dd2c4f | 74 | buffer_append(buffer, buf, oi); |
aa3378df | 75 | |
5260325f | 76 | memset(buf, 0, bin_size); |
77 | xfree(buf); | |
b82a59f2 | 78 | |
79 | return (0); | |
80 | } | |
81 | ||
82 | void | |
83 | buffer_put_bignum(Buffer *buffer, const BIGNUM *value) | |
84 | { | |
85 | if (buffer_put_bignum_ret(buffer, value) == -1) | |
86 | fatal("buffer_put_bignum: buffer error"); | |
8efc0c15 | 87 | } |
88 | ||
5260325f | 89 | /* |
90 | * Retrieves an BIGNUM from the buffer. | |
91 | */ | |
b82a59f2 | 92 | int |
93 | buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) | |
8efc0c15 | 94 | { |
bb92e5cc | 95 | u_int bits, bytes; |
1e3b8b07 | 96 | u_char buf[2], *bin; |
5260325f | 97 | |
98 | /* Get the number for bits. */ | |
b82a59f2 | 99 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { |
100 | error("buffer_get_bignum_ret: invalid length"); | |
101 | return (-1); | |
102 | } | |
51e7a012 | 103 | bits = get_u16(buf); |
5260325f | 104 | /* Compute the number of binary bytes that follow. */ |
105 | bytes = (bits + 7) / 8; | |
b82a59f2 | 106 | if (bytes > 8 * 1024) { |
107 | error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); | |
108 | return (-1); | |
109 | } | |
110 | if (buffer_len(buffer) < bytes) { | |
111 | error("buffer_get_bignum_ret: input buffer too small"); | |
112 | return (-1); | |
113 | } | |
e6207598 | 114 | bin = buffer_ptr(buffer); |
5260325f | 115 | BN_bin2bn(bin, bytes, value); |
b82a59f2 | 116 | if (buffer_consume_ret(buffer, bytes) == -1) { |
117 | error("buffer_get_bignum_ret: buffer_consume failed"); | |
118 | return (-1); | |
119 | } | |
120 | return (0); | |
121 | } | |
122 | ||
123 | void | |
124 | buffer_get_bignum(Buffer *buffer, BIGNUM *value) | |
125 | { | |
126 | if (buffer_get_bignum_ret(buffer, value) == -1) | |
127 | fatal("buffer_get_bignum: buffer error"); | |
8efc0c15 | 128 | } |
129 | ||
7368a6c8 | 130 | /* |
131 | * Stores an BIGNUM in the buffer in SSH2 format. | |
132 | */ | |
b82a59f2 | 133 | int |
134 | buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) | |
7368a6c8 | 135 | { |
155890b3 | 136 | u_int bytes; |
137 | u_char *buf; | |
7368a6c8 | 138 | int oi; |
bb92e5cc | 139 | u_int hasnohigh = 0; |
7528d467 | 140 | |
155890b3 | 141 | if (BN_is_zero(value)) { |
142 | buffer_put_int(buffer, 0); | |
b82a59f2 | 143 | return 0; |
144 | } | |
145 | if (value->neg) { | |
146 | error("buffer_put_bignum2_ret: negative numbers not supported"); | |
147 | return (-1); | |
155890b3 | 148 | } |
155890b3 | 149 | bytes = BN_num_bytes(value) + 1; /* extra padding byte */ |
b82a59f2 | 150 | if (bytes < 2) { |
151 | error("buffer_put_bignum2_ret: BN too small"); | |
152 | return (-1); | |
153 | } | |
155890b3 | 154 | buf = xmalloc(bytes); |
595c699c | 155 | buf[0] = 0x00; |
7368a6c8 | 156 | /* Get the value of in binary */ |
157 | oi = BN_bn2bin(value, buf+1); | |
2ceb8101 | 158 | if (oi < 0 || (u_int)oi != bytes - 1) { |
b82a59f2 | 159 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " |
155890b3 | 160 | "oi %d != bin_size %d", oi, bytes); |
b82a59f2 | 161 | xfree(buf); |
162 | return (-1); | |
163 | } | |
7368a6c8 | 164 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
7368a6c8 | 165 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
166 | memset(buf, 0, bytes); | |
167 | xfree(buf); | |
b82a59f2 | 168 | return (0); |
7368a6c8 | 169 | } |
170 | ||
4ef6f649 | 171 | void |
b82a59f2 | 172 | buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) |
173 | { | |
174 | if (buffer_put_bignum2_ret(buffer, value) == -1) | |
175 | fatal("buffer_put_bignum2: buffer error"); | |
176 | } | |
177 | ||
178 | int | |
179 | buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) | |
7368a6c8 | 180 | { |
b29fe4ea | 181 | u_int len; |
b82a59f2 | 182 | u_char *bin; |
f8cc7664 | 183 | |
b82a59f2 | 184 | if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { |
185 | error("buffer_get_bignum2_ret: invalid bignum"); | |
186 | return (-1); | |
187 | } | |
7528d467 | 188 | |
b82a59f2 | 189 | if (len > 0 && (bin[0] & 0x80)) { |
190 | error("buffer_get_bignum2_ret: negative numbers not supported"); | |
27e3ef36 | 191 | xfree(bin); |
b82a59f2 | 192 | return (-1); |
193 | } | |
194 | if (len > 8 * 1024) { | |
195 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); | |
27e3ef36 | 196 | xfree(bin); |
b82a59f2 | 197 | return (-1); |
198 | } | |
7368a6c8 | 199 | BN_bin2bn(bin, len, value); |
200 | xfree(bin); | |
b82a59f2 | 201 | return (0); |
202 | } | |
203 | ||
204 | void | |
205 | buffer_get_bignum2(Buffer *buffer, BIGNUM *value) | |
206 | { | |
207 | if (buffer_get_bignum2_ret(buffer, value) == -1) | |
208 | fatal("buffer_get_bignum2: buffer error"); | |
7368a6c8 | 209 | } |
155890b3 | 210 | |
5260325f | 211 | /* |
9b26c596 | 212 | * Returns integers from the buffer (msb first). |
5260325f | 213 | */ |
9b26c596 | 214 | |
b82a59f2 | 215 | int |
216 | buffer_get_short_ret(u_short *ret, Buffer *buffer) | |
217 | { | |
218 | u_char buf[2]; | |
219 | ||
220 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) | |
221 | return (-1); | |
51e7a012 | 222 | *ret = get_u16(buf); |
b82a59f2 | 223 | return (0); |
224 | } | |
225 | ||
9b26c596 | 226 | u_short |
227 | buffer_get_short(Buffer *buffer) | |
228 | { | |
b82a59f2 | 229 | u_short ret; |
230 | ||
231 | if (buffer_get_short_ret(&ret, buffer) == -1) | |
232 | fatal("buffer_get_short: buffer error"); | |
7528d467 | 233 | |
b82a59f2 | 234 | return (ret); |
235 | } | |
236 | ||
237 | int | |
238 | buffer_get_int_ret(u_int *ret, Buffer *buffer) | |
239 | { | |
240 | u_char buf[4]; | |
241 | ||
242 | if (buffer_get_ret(buffer, (char *) buf, 4) == -1) | |
243 | return (-1); | |
51e7a012 | 244 | *ret = get_u32(buf); |
b82a59f2 | 245 | return (0); |
9b26c596 | 246 | } |
247 | ||
1e3b8b07 | 248 | u_int |
5260325f | 249 | buffer_get_int(Buffer *buffer) |
8efc0c15 | 250 | { |
b82a59f2 | 251 | u_int ret; |
252 | ||
253 | if (buffer_get_int_ret(&ret, buffer) == -1) | |
254 | fatal("buffer_get_int: buffer error"); | |
255 | ||
256 | return (ret); | |
257 | } | |
7528d467 | 258 | |
b82a59f2 | 259 | int |
260 | buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) | |
261 | { | |
262 | u_char buf[8]; | |
263 | ||
264 | if (buffer_get_ret(buffer, (char *) buf, 8) == -1) | |
265 | return (-1); | |
51e7a012 | 266 | *ret = get_u64(buf); |
b82a59f2 | 267 | return (0); |
8efc0c15 | 268 | } |
269 | ||
f546c780 | 270 | u_int64_t |
271 | buffer_get_int64(Buffer *buffer) | |
272 | { | |
b82a59f2 | 273 | u_int64_t ret; |
7528d467 | 274 | |
b82a59f2 | 275 | if (buffer_get_int64_ret(&ret, buffer) == -1) |
276 | fatal("buffer_get_int: buffer error"); | |
277 | ||
278 | return (ret); | |
f546c780 | 279 | } |
280 | ||
5260325f | 281 | /* |
9b26c596 | 282 | * Stores integers in the buffer, msb first. |
5260325f | 283 | */ |
9b26c596 | 284 | void |
285 | buffer_put_short(Buffer *buffer, u_short value) | |
286 | { | |
287 | char buf[2]; | |
7528d467 | 288 | |
51e7a012 | 289 | put_u16(buf, value); |
9b26c596 | 290 | buffer_append(buffer, buf, 2); |
291 | } | |
292 | ||
35484284 | 293 | void |
1e3b8b07 | 294 | buffer_put_int(Buffer *buffer, u_int value) |
8efc0c15 | 295 | { |
5260325f | 296 | char buf[4]; |
7528d467 | 297 | |
51e7a012 | 298 | put_u32(buf, value); |
5260325f | 299 | buffer_append(buffer, buf, 4); |
8efc0c15 | 300 | } |
301 | ||
f546c780 | 302 | void |
303 | buffer_put_int64(Buffer *buffer, u_int64_t value) | |
304 | { | |
305 | char buf[8]; | |
7528d467 | 306 | |
51e7a012 | 307 | put_u64(buf, value); |
f546c780 | 308 | buffer_append(buffer, buf, 8); |
309 | } | |
310 | ||
5260325f | 311 | /* |
312 | * Returns an arbitrary binary string from the buffer. The string cannot | |
313 | * be longer than 256k. The returned value points to memory allocated | |
314 | * with xmalloc; it is the responsibility of the calling function to free | |
315 | * the data. If length_ptr is non-NULL, the length of the returned data | |
316 | * will be stored there. A null character will be automatically appended | |
317 | * to the returned string, and is not counted in length. | |
318 | */ | |
6c0fa2b1 | 319 | void * |
b82a59f2 | 320 | buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) |
8efc0c15 | 321 | { |
6c0fa2b1 | 322 | u_char *value; |
7528d467 | 323 | u_int len; |
324 | ||
5260325f | 325 | /* Get the length. */ |
326 | len = buffer_get_int(buffer); | |
b82a59f2 | 327 | if (len > 256 * 1024) { |
328 | error("buffer_get_string_ret: bad string length %u", len); | |
329 | return (NULL); | |
330 | } | |
5260325f | 331 | /* Allocate space for the string. Add one byte for a null character. */ |
332 | value = xmalloc(len + 1); | |
333 | /* Get the string. */ | |
b82a59f2 | 334 | if (buffer_get_ret(buffer, value, len) == -1) { |
335 | error("buffer_get_string_ret: buffer_get failed"); | |
336 | xfree(value); | |
337 | return (NULL); | |
338 | } | |
5260325f | 339 | /* Append a null character to make processing easier. */ |
340 | value[len] = 0; | |
341 | /* Optionally return the length of the string. */ | |
342 | if (length_ptr) | |
343 | *length_ptr = len; | |
b82a59f2 | 344 | return (value); |
345 | } | |
346 | ||
347 | void * | |
348 | buffer_get_string(Buffer *buffer, u_int *length_ptr) | |
349 | { | |
350 | void *ret; | |
351 | ||
352 | if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) | |
353 | fatal("buffer_get_string: buffer error"); | |
354 | return (ret); | |
8efc0c15 | 355 | } |
356 | ||
5260325f | 357 | /* |
358 | * Stores and arbitrary binary string in the buffer. | |
359 | */ | |
35484284 | 360 | void |
1e3b8b07 | 361 | buffer_put_string(Buffer *buffer, const void *buf, u_int len) |
8efc0c15 | 362 | { |
5260325f | 363 | buffer_put_int(buffer, len); |
364 | buffer_append(buffer, buf, len); | |
8efc0c15 | 365 | } |
35484284 | 366 | void |
7368a6c8 | 367 | buffer_put_cstring(Buffer *buffer, const char *s) |
368 | { | |
b625ad75 | 369 | if (s == NULL) |
370 | fatal("buffer_put_cstring: s == NULL"); | |
7368a6c8 | 371 | buffer_put_string(buffer, s, strlen(s)); |
372 | } | |
8efc0c15 | 373 | |
5260325f | 374 | /* |
375 | * Returns a character from the buffer (0 - 255). | |
376 | */ | |
b82a59f2 | 377 | int |
378 | buffer_get_char_ret(char *ret, Buffer *buffer) | |
379 | { | |
380 | if (buffer_get_ret(buffer, ret, 1) == -1) { | |
381 | error("buffer_get_char_ret: buffer_get_ret failed"); | |
382 | return (-1); | |
383 | } | |
384 | return (0); | |
385 | } | |
386 | ||
35484284 | 387 | int |
5260325f | 388 | buffer_get_char(Buffer *buffer) |
8efc0c15 | 389 | { |
5260325f | 390 | char ch; |
7528d467 | 391 | |
b82a59f2 | 392 | if (buffer_get_char_ret(&ch, buffer) == -1) |
393 | fatal("buffer_get_char: buffer error"); | |
1e3b8b07 | 394 | return (u_char) ch; |
8efc0c15 | 395 | } |
396 | ||
5260325f | 397 | /* |
398 | * Stores a character in the buffer. | |
399 | */ | |
35484284 | 400 | void |
5260325f | 401 | buffer_put_char(Buffer *buffer, int value) |
8efc0c15 | 402 | { |
5260325f | 403 | char ch = value; |
7528d467 | 404 | |
5260325f | 405 | buffer_append(buffer, &ch, 1); |
8efc0c15 | 406 | } |