]>
Commit | Line | Data |
---|---|---|
8efc0c15 | 1 | /* |
5260325f | 2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
5260325f | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | |
5260325f | 5 | * Auxiliary functions for storing and retrieving various data types to/from |
6 | * Buffers. | |
7 | * | |
bcbf86ec | 8 | * As far as I am concerned, the code I have written for this software |
9 | * can be used freely for any purpose. Any derived versions of this | |
10 | * software must be clearly marked as such, and if the derived work is | |
11 | * incompatible with the protocol description in the RFC file, it must be | |
12 | * called by a name other than "ssh" or "Secure Shell". | |
13 | * | |
14 | * | |
7368a6c8 | 15 | * SSH2 packet format added by Markus Friedl |
bcbf86ec | 16 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | |
21 | * 1. Redistributions of source code must retain the above copyright | |
22 | * notice, this list of conditions and the following disclaimer. | |
23 | * 2. Redistributions in binary form must reproduce the above copyright | |
24 | * notice, this list of conditions and the following disclaimer in the | |
25 | * documentation and/or other materials provided with the distribution. | |
7368a6c8 | 26 | * |
bcbf86ec | 27 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
28 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
30 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
31 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
32 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
33 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
34 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
35 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
36 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
5260325f | 37 | */ |
8efc0c15 | 38 | |
39 | #include "includes.h" | |
2ceb8101 | 40 | RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $"); |
8efc0c15 | 41 | |
8efc0c15 | 42 | #include <openssl/bn.h> |
43 | #include "bufaux.h" | |
44 | #include "xmalloc.h" | |
45 | #include "getput.h" | |
42f11eb2 | 46 | #include "log.h" |
8efc0c15 | 47 | |
5260325f | 48 | /* |
49 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed | |
50 | * by (bits+7)/8 bytes of binary data, msb first. | |
51 | */ | |
b82a59f2 | 52 | int |
53 | buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |
8efc0c15 | 54 | { |
5260325f | 55 | int bits = BN_num_bits(value); |
56 | int bin_size = (bits + 7) / 8; | |
1e3b8b07 | 57 | u_char *buf = xmalloc(bin_size); |
5260325f | 58 | int oi; |
59 | char msg[2]; | |
60 | ||
61 | /* Get the value of in binary */ | |
62 | oi = BN_bn2bin(value, buf); | |
b82a59f2 | 63 | if (oi != bin_size) { |
64 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", | |
184eed6a | 65 | oi, bin_size); |
b82a59f2 | 66 | return (-1); |
67 | } | |
5260325f | 68 | |
69 | /* Store the number of bits in the buffer in two bytes, msb first. */ | |
70 | PUT_16BIT(msg, bits); | |
71 | buffer_append(buffer, msg, 2); | |
72 | /* Store the binary data. */ | |
610cd5c6 | 73 | buffer_append(buffer, (char *)buf, oi); |
aa3378df | 74 | |
5260325f | 75 | memset(buf, 0, bin_size); |
76 | xfree(buf); | |
b82a59f2 | 77 | |
78 | return (0); | |
79 | } | |
80 | ||
81 | void | |
82 | buffer_put_bignum(Buffer *buffer, const BIGNUM *value) | |
83 | { | |
84 | if (buffer_put_bignum_ret(buffer, value) == -1) | |
85 | fatal("buffer_put_bignum: buffer error"); | |
8efc0c15 | 86 | } |
87 | ||
5260325f | 88 | /* |
89 | * Retrieves an BIGNUM from the buffer. | |
90 | */ | |
b82a59f2 | 91 | int |
92 | buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) | |
8efc0c15 | 93 | { |
bb92e5cc | 94 | u_int bits, bytes; |
1e3b8b07 | 95 | u_char buf[2], *bin; |
5260325f | 96 | |
97 | /* Get the number for bits. */ | |
b82a59f2 | 98 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { |
99 | error("buffer_get_bignum_ret: invalid length"); | |
100 | return (-1); | |
101 | } | |
5260325f | 102 | bits = GET_16BIT(buf); |
103 | /* Compute the number of binary bytes that follow. */ | |
104 | bytes = (bits + 7) / 8; | |
b82a59f2 | 105 | if (bytes > 8 * 1024) { |
106 | error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); | |
107 | return (-1); | |
108 | } | |
109 | if (buffer_len(buffer) < bytes) { | |
110 | error("buffer_get_bignum_ret: input buffer too small"); | |
111 | return (-1); | |
112 | } | |
e6207598 | 113 | bin = buffer_ptr(buffer); |
5260325f | 114 | BN_bin2bn(bin, bytes, value); |
b82a59f2 | 115 | if (buffer_consume_ret(buffer, bytes) == -1) { |
116 | error("buffer_get_bignum_ret: buffer_consume failed"); | |
117 | return (-1); | |
118 | } | |
119 | return (0); | |
120 | } | |
121 | ||
122 | void | |
123 | buffer_get_bignum(Buffer *buffer, BIGNUM *value) | |
124 | { | |
125 | if (buffer_get_bignum_ret(buffer, value) == -1) | |
126 | fatal("buffer_get_bignum: buffer error"); | |
8efc0c15 | 127 | } |
128 | ||
7368a6c8 | 129 | /* |
130 | * Stores an BIGNUM in the buffer in SSH2 format. | |
131 | */ | |
b82a59f2 | 132 | int |
133 | buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) | |
7368a6c8 | 134 | { |
155890b3 | 135 | u_int bytes; |
136 | u_char *buf; | |
7368a6c8 | 137 | int oi; |
bb92e5cc | 138 | u_int hasnohigh = 0; |
7528d467 | 139 | |
155890b3 | 140 | if (BN_is_zero(value)) { |
141 | buffer_put_int(buffer, 0); | |
b82a59f2 | 142 | return 0; |
143 | } | |
144 | if (value->neg) { | |
145 | error("buffer_put_bignum2_ret: negative numbers not supported"); | |
146 | return (-1); | |
155890b3 | 147 | } |
155890b3 | 148 | bytes = BN_num_bytes(value) + 1; /* extra padding byte */ |
b82a59f2 | 149 | if (bytes < 2) { |
150 | error("buffer_put_bignum2_ret: BN too small"); | |
151 | return (-1); | |
152 | } | |
155890b3 | 153 | buf = xmalloc(bytes); |
595c699c | 154 | buf[0] = 0x00; |
7368a6c8 | 155 | /* Get the value of in binary */ |
156 | oi = BN_bn2bin(value, buf+1); | |
2ceb8101 | 157 | if (oi < 0 || (u_int)oi != bytes - 1) { |
b82a59f2 | 158 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " |
155890b3 | 159 | "oi %d != bin_size %d", oi, bytes); |
b82a59f2 | 160 | xfree(buf); |
161 | return (-1); | |
162 | } | |
7368a6c8 | 163 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
7368a6c8 | 164 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
165 | memset(buf, 0, bytes); | |
166 | xfree(buf); | |
b82a59f2 | 167 | return (0); |
7368a6c8 | 168 | } |
169 | ||
4ef6f649 | 170 | void |
b82a59f2 | 171 | buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) |
172 | { | |
173 | if (buffer_put_bignum2_ret(buffer, value) == -1) | |
174 | fatal("buffer_put_bignum2: buffer error"); | |
175 | } | |
176 | ||
177 | int | |
178 | buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) | |
7368a6c8 | 179 | { |
b29fe4ea | 180 | u_int len; |
b82a59f2 | 181 | u_char *bin; |
f8cc7664 | 182 | |
b82a59f2 | 183 | if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { |
184 | error("buffer_get_bignum2_ret: invalid bignum"); | |
185 | return (-1); | |
186 | } | |
7528d467 | 187 | |
b82a59f2 | 188 | if (len > 0 && (bin[0] & 0x80)) { |
189 | error("buffer_get_bignum2_ret: negative numbers not supported"); | |
190 | return (-1); | |
191 | } | |
192 | if (len > 8 * 1024) { | |
193 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); | |
194 | return (-1); | |
195 | } | |
7368a6c8 | 196 | BN_bin2bn(bin, len, value); |
197 | xfree(bin); | |
b82a59f2 | 198 | return (0); |
199 | } | |
200 | ||
201 | void | |
202 | buffer_get_bignum2(Buffer *buffer, BIGNUM *value) | |
203 | { | |
204 | if (buffer_get_bignum2_ret(buffer, value) == -1) | |
205 | fatal("buffer_get_bignum2: buffer error"); | |
7368a6c8 | 206 | } |
155890b3 | 207 | |
5260325f | 208 | /* |
9b26c596 | 209 | * Returns integers from the buffer (msb first). |
5260325f | 210 | */ |
9b26c596 | 211 | |
b82a59f2 | 212 | int |
213 | buffer_get_short_ret(u_short *ret, Buffer *buffer) | |
214 | { | |
215 | u_char buf[2]; | |
216 | ||
217 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) | |
218 | return (-1); | |
219 | *ret = GET_16BIT(buf); | |
220 | return (0); | |
221 | } | |
222 | ||
9b26c596 | 223 | u_short |
224 | buffer_get_short(Buffer *buffer) | |
225 | { | |
b82a59f2 | 226 | u_short ret; |
227 | ||
228 | if (buffer_get_short_ret(&ret, buffer) == -1) | |
229 | fatal("buffer_get_short: buffer error"); | |
7528d467 | 230 | |
b82a59f2 | 231 | return (ret); |
232 | } | |
233 | ||
234 | int | |
235 | buffer_get_int_ret(u_int *ret, Buffer *buffer) | |
236 | { | |
237 | u_char buf[4]; | |
238 | ||
239 | if (buffer_get_ret(buffer, (char *) buf, 4) == -1) | |
240 | return (-1); | |
241 | *ret = GET_32BIT(buf); | |
242 | return (0); | |
9b26c596 | 243 | } |
244 | ||
1e3b8b07 | 245 | u_int |
5260325f | 246 | buffer_get_int(Buffer *buffer) |
8efc0c15 | 247 | { |
b82a59f2 | 248 | u_int ret; |
249 | ||
250 | if (buffer_get_int_ret(&ret, buffer) == -1) | |
251 | fatal("buffer_get_int: buffer error"); | |
252 | ||
253 | return (ret); | |
254 | } | |
7528d467 | 255 | |
b82a59f2 | 256 | int |
257 | buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) | |
258 | { | |
259 | u_char buf[8]; | |
260 | ||
261 | if (buffer_get_ret(buffer, (char *) buf, 8) == -1) | |
262 | return (-1); | |
263 | *ret = GET_64BIT(buf); | |
264 | return (0); | |
8efc0c15 | 265 | } |
266 | ||
f546c780 | 267 | u_int64_t |
268 | buffer_get_int64(Buffer *buffer) | |
269 | { | |
b82a59f2 | 270 | u_int64_t ret; |
7528d467 | 271 | |
b82a59f2 | 272 | if (buffer_get_int64_ret(&ret, buffer) == -1) |
273 | fatal("buffer_get_int: buffer error"); | |
274 | ||
275 | return (ret); | |
f546c780 | 276 | } |
277 | ||
5260325f | 278 | /* |
9b26c596 | 279 | * Stores integers in the buffer, msb first. |
5260325f | 280 | */ |
9b26c596 | 281 | void |
282 | buffer_put_short(Buffer *buffer, u_short value) | |
283 | { | |
284 | char buf[2]; | |
7528d467 | 285 | |
9b26c596 | 286 | PUT_16BIT(buf, value); |
287 | buffer_append(buffer, buf, 2); | |
288 | } | |
289 | ||
35484284 | 290 | void |
1e3b8b07 | 291 | buffer_put_int(Buffer *buffer, u_int value) |
8efc0c15 | 292 | { |
5260325f | 293 | char buf[4]; |
7528d467 | 294 | |
5260325f | 295 | PUT_32BIT(buf, value); |
296 | buffer_append(buffer, buf, 4); | |
8efc0c15 | 297 | } |
298 | ||
f546c780 | 299 | void |
300 | buffer_put_int64(Buffer *buffer, u_int64_t value) | |
301 | { | |
302 | char buf[8]; | |
7528d467 | 303 | |
f546c780 | 304 | PUT_64BIT(buf, value); |
305 | buffer_append(buffer, buf, 8); | |
306 | } | |
307 | ||
5260325f | 308 | /* |
309 | * Returns an arbitrary binary string from the buffer. The string cannot | |
310 | * be longer than 256k. The returned value points to memory allocated | |
311 | * with xmalloc; it is the responsibility of the calling function to free | |
312 | * the data. If length_ptr is non-NULL, the length of the returned data | |
313 | * will be stored there. A null character will be automatically appended | |
314 | * to the returned string, and is not counted in length. | |
315 | */ | |
6c0fa2b1 | 316 | void * |
b82a59f2 | 317 | buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) |
8efc0c15 | 318 | { |
6c0fa2b1 | 319 | u_char *value; |
7528d467 | 320 | u_int len; |
321 | ||
5260325f | 322 | /* Get the length. */ |
323 | len = buffer_get_int(buffer); | |
b82a59f2 | 324 | if (len > 256 * 1024) { |
325 | error("buffer_get_string_ret: bad string length %u", len); | |
326 | return (NULL); | |
327 | } | |
5260325f | 328 | /* Allocate space for the string. Add one byte for a null character. */ |
329 | value = xmalloc(len + 1); | |
330 | /* Get the string. */ | |
b82a59f2 | 331 | if (buffer_get_ret(buffer, value, len) == -1) { |
332 | error("buffer_get_string_ret: buffer_get failed"); | |
333 | xfree(value); | |
334 | return (NULL); | |
335 | } | |
5260325f | 336 | /* Append a null character to make processing easier. */ |
337 | value[len] = 0; | |
338 | /* Optionally return the length of the string. */ | |
339 | if (length_ptr) | |
340 | *length_ptr = len; | |
b82a59f2 | 341 | return (value); |
342 | } | |
343 | ||
344 | void * | |
345 | buffer_get_string(Buffer *buffer, u_int *length_ptr) | |
346 | { | |
347 | void *ret; | |
348 | ||
349 | if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) | |
350 | fatal("buffer_get_string: buffer error"); | |
351 | return (ret); | |
8efc0c15 | 352 | } |
353 | ||
5260325f | 354 | /* |
355 | * Stores and arbitrary binary string in the buffer. | |
356 | */ | |
35484284 | 357 | void |
1e3b8b07 | 358 | buffer_put_string(Buffer *buffer, const void *buf, u_int len) |
8efc0c15 | 359 | { |
5260325f | 360 | buffer_put_int(buffer, len); |
361 | buffer_append(buffer, buf, len); | |
8efc0c15 | 362 | } |
35484284 | 363 | void |
7368a6c8 | 364 | buffer_put_cstring(Buffer *buffer, const char *s) |
365 | { | |
b625ad75 | 366 | if (s == NULL) |
367 | fatal("buffer_put_cstring: s == NULL"); | |
7368a6c8 | 368 | buffer_put_string(buffer, s, strlen(s)); |
369 | } | |
8efc0c15 | 370 | |
5260325f | 371 | /* |
372 | * Returns a character from the buffer (0 - 255). | |
373 | */ | |
b82a59f2 | 374 | int |
375 | buffer_get_char_ret(char *ret, Buffer *buffer) | |
376 | { | |
377 | if (buffer_get_ret(buffer, ret, 1) == -1) { | |
378 | error("buffer_get_char_ret: buffer_get_ret failed"); | |
379 | return (-1); | |
380 | } | |
381 | return (0); | |
382 | } | |
383 | ||
35484284 | 384 | int |
5260325f | 385 | buffer_get_char(Buffer *buffer) |
8efc0c15 | 386 | { |
5260325f | 387 | char ch; |
7528d467 | 388 | |
b82a59f2 | 389 | if (buffer_get_char_ret(&ch, buffer) == -1) |
390 | fatal("buffer_get_char: buffer error"); | |
1e3b8b07 | 391 | return (u_char) ch; |
8efc0c15 | 392 | } |
393 | ||
5260325f | 394 | /* |
395 | * Stores a character in the buffer. | |
396 | */ | |
35484284 | 397 | void |
5260325f | 398 | buffer_put_char(Buffer *buffer, int value) |
8efc0c15 | 399 | { |
5260325f | 400 | char ch = value; |
7528d467 | 401 | |
5260325f | 402 | buffer_append(buffer, &ch, 1); |
8efc0c15 | 403 | } |