| | 1 | /* |
| | 2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| | 4 | * All rights reserved |
| | 5 | * Auxiliary functions for storing and retrieving various data types to/from |
| | 6 | * Buffers. |
| | 7 | * |
| | 8 | * As far as I am concerned, the code I have written for this software |
| | 9 | * can be used freely for any purpose. Any derived versions of this |
| | 10 | * software must be clearly marked as such, and if the derived work is |
| | 11 | * incompatible with the protocol description in the RFC file, it must be |
| | 12 | * called by a name other than "ssh" or "Secure Shell". |
| | 13 | * |
| | 14 | * |
| | 15 | * SSH2 packet format added by Markus Friedl |
| | 16 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| | 17 | * |
| | 18 | * Redistribution and use in source and binary forms, with or without |
| | 19 | * modification, are permitted provided that the following conditions |
| | 20 | * are met: |
| | 21 | * 1. Redistributions of source code must retain the above copyright |
| | 22 | * notice, this list of conditions and the following disclaimer. |
| | 23 | * 2. Redistributions in binary form must reproduce the above copyright |
| | 24 | * notice, this list of conditions and the following disclaimer in the |
| | 25 | * documentation and/or other materials provided with the distribution. |
| | 26 | * |
| | 27 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| | 28 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| | 29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| | 30 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| | 31 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| | 32 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| | 33 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| | 34 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| | 35 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| | 36 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| | 37 | */ |
| | 38 | |
| | 39 | #include "includes.h" |
| | 40 | |
| | 41 | #include <openssl/bn.h> |
| | 42 | #include "bufaux.h" |
| | 43 | #include "xmalloc.h" |
| | 44 | #include "getput.h" |
| | 45 | #include "log.h" |
| | 46 | |
| | 47 | /* |
| | 48 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed |
| | 49 | * by (bits+7)/8 bytes of binary data, msb first. |
| | 50 | */ |
| | 51 | int |
| | 52 | buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) |
| | 53 | { |
| | 54 | int bits = BN_num_bits(value); |
| | 55 | int bin_size = (bits + 7) / 8; |
| | 56 | u_char *buf = xmalloc(bin_size); |
| | 57 | int oi; |
| | 58 | char msg[2]; |
| | 59 | |
| | 60 | /* Get the value of in binary */ |
| | 61 | oi = BN_bn2bin(value, buf); |
| | 62 | if (oi != bin_size) { |
| | 63 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", |
| | 64 | oi, bin_size); |
| | 65 | xfree(buf); |
| | 66 | return (-1); |
| | 67 | } |
| | 68 | |
| | 69 | /* Store the number of bits in the buffer in two bytes, msb first. */ |
| | 70 | PUT_16BIT(msg, bits); |
| | 71 | buffer_append(buffer, msg, 2); |
| | 72 | /* Store the binary data. */ |
| | 73 | buffer_append(buffer, (char *)buf, oi); |
| | 74 | |
| | 75 | memset(buf, 0, bin_size); |
| | 76 | xfree(buf); |
| | 77 | |
| | 78 | return (0); |
| | 79 | } |
| | 80 | |
| | 81 | void |
| | 82 | buffer_put_bignum(Buffer *buffer, const BIGNUM *value) |
| | 83 | { |
| | 84 | if (buffer_put_bignum_ret(buffer, value) == -1) |
| | 85 | fatal("buffer_put_bignum: buffer error"); |
| | 86 | } |
| | 87 | |
| | 88 | /* |
| | 89 | * Retrieves an BIGNUM from the buffer. |
| | 90 | */ |
| | 91 | int |
| | 92 | buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) |
| | 93 | { |
| | 94 | u_int bits, bytes; |
| | 95 | u_char buf[2], *bin; |
| | 96 | |
| | 97 | /* Get the number for bits. */ |
| | 98 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { |
| | 99 | error("buffer_get_bignum_ret: invalid length"); |
| | 100 | return (-1); |
| | 101 | } |
| | 102 | bits = GET_16BIT(buf); |
| | 103 | /* Compute the number of binary bytes that follow. */ |
| | 104 | bytes = (bits + 7) / 8; |
| | 105 | if (bytes > 8 * 1024) { |
| | 106 | error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); |
| | 107 | return (-1); |
| | 108 | } |
| | 109 | if (buffer_len(buffer) < bytes) { |
| | 110 | error("buffer_get_bignum_ret: input buffer too small"); |
| | 111 | return (-1); |
| | 112 | } |
| | 113 | bin = buffer_ptr(buffer); |
| | 114 | BN_bin2bn(bin, bytes, value); |
| | 115 | if (buffer_consume_ret(buffer, bytes) == -1) { |
| | 116 | error("buffer_get_bignum_ret: buffer_consume failed"); |
| | 117 | return (-1); |
| | 118 | } |
| | 119 | return (0); |
| | 120 | } |
| | 121 | |
| | 122 | void |
| | 123 | buffer_get_bignum(Buffer *buffer, BIGNUM *value) |
| | 124 | { |
| | 125 | if (buffer_get_bignum_ret(buffer, value) == -1) |
| | 126 | fatal("buffer_get_bignum: buffer error"); |
| | 127 | } |
| | 128 | |
| | 129 | /* |
| | 130 | * Stores an BIGNUM in the buffer in SSH2 format. |
| | 131 | */ |
| | 132 | int |
| | 133 | buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) |
| | 134 | { |
| | 135 | u_int bytes; |
| | 136 | u_char *buf; |
| | 137 | int oi; |
| | 138 | u_int hasnohigh = 0; |
| | 139 | |
| | 140 | if (BN_is_zero(value)) { |
| | 141 | buffer_put_int(buffer, 0); |
| | 142 | return 0; |
| | 143 | } |
| | 144 | if (value->neg) { |
| | 145 | error("buffer_put_bignum2_ret: negative numbers not supported"); |
| | 146 | return (-1); |
| | 147 | } |
| | 148 | bytes = BN_num_bytes(value) + 1; /* extra padding byte */ |
| | 149 | if (bytes < 2) { |
| | 150 | error("buffer_put_bignum2_ret: BN too small"); |
| | 151 | return (-1); |
| | 152 | } |
| | 153 | buf = xmalloc(bytes); |
| | 154 | buf[0] = 0x00; |
| | 155 | /* Get the value of in binary */ |
| | 156 | oi = BN_bn2bin(value, buf+1); |
| | 157 | if (oi < 0 || (u_int)oi != bytes - 1) { |
| | 158 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " |
| | 159 | "oi %d != bin_size %d", oi, bytes); |
| | 160 | xfree(buf); |
| | 161 | return (-1); |
| | 162 | } |
| | 163 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
| | 164 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
| | 165 | memset(buf, 0, bytes); |
| | 166 | xfree(buf); |
| | 167 | return (0); |
| | 168 | } |
| | 169 | |
| | 170 | void |
| | 171 | buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) |
| | 172 | { |
| | 173 | if (buffer_put_bignum2_ret(buffer, value) == -1) |
| | 174 | fatal("buffer_put_bignum2: buffer error"); |
| | 175 | } |
| | 176 | |
| | 177 | int |
| | 178 | buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) |
| | 179 | { |
| | 180 | u_int len; |
| | 181 | u_char *bin; |
| | 182 | |
| | 183 | if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { |
| | 184 | error("buffer_get_bignum2_ret: invalid bignum"); |
| | 185 | return (-1); |
| | 186 | } |
| | 187 | |
| | 188 | if (len > 0 && (bin[0] & 0x80)) { |
| | 189 | error("buffer_get_bignum2_ret: negative numbers not supported"); |
| | 190 | xfree(bin); |
| | 191 | return (-1); |
| | 192 | } |
| | 193 | if (len > 8 * 1024) { |
| | 194 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); |
| | 195 | xfree(bin); |
| | 196 | return (-1); |
| | 197 | } |
| | 198 | BN_bin2bn(bin, len, value); |
| | 199 | xfree(bin); |
| | 200 | return (0); |
| | 201 | } |
| | 202 | |
| | 203 | void |
| | 204 | buffer_get_bignum2(Buffer *buffer, BIGNUM *value) |
| | 205 | { |
| | 206 | if (buffer_get_bignum2_ret(buffer, value) == -1) |
| | 207 | fatal("buffer_get_bignum2: buffer error"); |
| | 208 | } |
| | 209 | |
| | 210 | /* |
| | 211 | * Returns integers from the buffer (msb first). |
| | 212 | */ |
| | 213 | |
| | 214 | int |
| | 215 | buffer_get_short_ret(u_short *ret, Buffer *buffer) |
| | 216 | { |
| | 217 | u_char buf[2]; |
| | 218 | |
| | 219 | if (buffer_get_ret(buffer, (char *) buf, 2) == -1) |
| | 220 | return (-1); |
| | 221 | *ret = GET_16BIT(buf); |
| | 222 | return (0); |
| | 223 | } |
| | 224 | |
| | 225 | u_short |
| | 226 | buffer_get_short(Buffer *buffer) |
| | 227 | { |
| | 228 | u_short ret; |
| | 229 | |
| | 230 | if (buffer_get_short_ret(&ret, buffer) == -1) |
| | 231 | fatal("buffer_get_short: buffer error"); |
| | 232 | |
| | 233 | return (ret); |
| | 234 | } |
| | 235 | |
| | 236 | int |
| | 237 | buffer_get_int_ret(u_int *ret, Buffer *buffer) |
| | 238 | { |
| | 239 | u_char buf[4]; |
| | 240 | |
| | 241 | if (buffer_get_ret(buffer, (char *) buf, 4) == -1) |
| | 242 | return (-1); |
| | 243 | *ret = GET_32BIT(buf); |
| | 244 | return (0); |
| | 245 | } |
| | 246 | |
| | 247 | u_int |
| | 248 | buffer_get_int(Buffer *buffer) |
| | 249 | { |
| | 250 | u_int ret; |
| | 251 | |
| | 252 | if (buffer_get_int_ret(&ret, buffer) == -1) |
| | 253 | fatal("buffer_get_int: buffer error"); |
| | 254 | |
| | 255 | return (ret); |
| | 256 | } |
| | 257 | |
| | 258 | int |
| | 259 | buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) |
| | 260 | { |
| | 261 | u_char buf[8]; |
| | 262 | |
| | 263 | if (buffer_get_ret(buffer, (char *) buf, 8) == -1) |
| | 264 | return (-1); |
| | 265 | *ret = GET_64BIT(buf); |
| | 266 | return (0); |
| | 267 | } |
| | 268 | |
| | 269 | u_int64_t |
| | 270 | buffer_get_int64(Buffer *buffer) |
| | 271 | { |
| | 272 | u_int64_t ret; |
| | 273 | |
| | 274 | if (buffer_get_int64_ret(&ret, buffer) == -1) |
| | 275 | fatal("buffer_get_int: buffer error"); |
| | 276 | |
| | 277 | return (ret); |
| | 278 | } |
| | 279 | |
| | 280 | /* |
| | 281 | * Stores integers in the buffer, msb first. |
| | 282 | */ |
| | 283 | void |
| | 284 | buffer_put_short(Buffer *buffer, u_short value) |
| | 285 | { |
| | 286 | char buf[2]; |
| | 287 | |
| | 288 | PUT_16BIT(buf, value); |
| | 289 | buffer_append(buffer, buf, 2); |
| | 290 | } |
| | 291 | |
| | 292 | void |
| | 293 | buffer_put_int(Buffer *buffer, u_int value) |
| | 294 | { |
| | 295 | char buf[4]; |
| | 296 | |
| | 297 | PUT_32BIT(buf, value); |
| | 298 | buffer_append(buffer, buf, 4); |
| | 299 | } |
| | 300 | |
| | 301 | void |
| | 302 | buffer_put_int64(Buffer *buffer, u_int64_t value) |
| | 303 | { |
| | 304 | char buf[8]; |
| | 305 | |
| | 306 | PUT_64BIT(buf, value); |
| | 307 | buffer_append(buffer, buf, 8); |
| | 308 | } |
| | 309 | |
| | 310 | /* |
| | 311 | * Returns an arbitrary binary string from the buffer. The string cannot |
| | 312 | * be longer than 256k. The returned value points to memory allocated |
| | 313 | * with xmalloc; it is the responsibility of the calling function to free |
| | 314 | * the data. If length_ptr is non-NULL, the length of the returned data |
| | 315 | * will be stored there. A null character will be automatically appended |
| | 316 | * to the returned string, and is not counted in length. |
| | 317 | */ |
| | 318 | void * |
| | 319 | buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) |
| | 320 | { |
| | 321 | u_char *value; |
| | 322 | u_int len; |
| | 323 | |
| | 324 | /* Get the length. */ |
| | 325 | len = buffer_get_int(buffer); |
| | 326 | if (len > 256 * 1024) { |
| | 327 | error("buffer_get_string_ret: bad string length %u", len); |
| | 328 | return (NULL); |
| | 329 | } |
| | 330 | /* Allocate space for the string. Add one byte for a null character. */ |
| | 331 | value = xmalloc(len + 1); |
| | 332 | /* Get the string. */ |
| | 333 | if (buffer_get_ret(buffer, value, len) == -1) { |
| | 334 | error("buffer_get_string_ret: buffer_get failed"); |
| | 335 | xfree(value); |
| | 336 | return (NULL); |
| | 337 | } |
| | 338 | /* Append a null character to make processing easier. */ |
| | 339 | value[len] = 0; |
| | 340 | /* Optionally return the length of the string. */ |
| | 341 | if (length_ptr) |
| | 342 | *length_ptr = len; |
| | 343 | return (value); |
| | 344 | } |
| | 345 | |
| | 346 | void * |
| | 347 | buffer_get_string(Buffer *buffer, u_int *length_ptr) |
| | 348 | { |
| | 349 | void *ret; |
| | 350 | |
| | 351 | if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) |
| | 352 | fatal("buffer_get_string: buffer error"); |
| | 353 | return (ret); |
| | 354 | } |
| | 355 | |
| | 356 | /* |
| | 357 | * Stores and arbitrary binary string in the buffer. |
| | 358 | */ |
| | 359 | void |
| | 360 | buffer_put_string(Buffer *buffer, const void *buf, u_int len) |
| | 361 | { |
| | 362 | buffer_put_int(buffer, len); |
| | 363 | buffer_append(buffer, buf, len); |
| | 364 | } |
| | 365 | void |
| | 366 | buffer_put_cstring(Buffer *buffer, const char *s) |
| | 367 | { |
| | 368 | if (s == NULL) |
| | 369 | fatal("buffer_put_cstring: s == NULL"); |
| | 370 | buffer_put_string(buffer, s, strlen(s)); |
| | 371 | } |
| | 372 | |
| | 373 | /* |
| | 374 | * Returns a character from the buffer (0 - 255). |
| | 375 | */ |
| | 376 | int |
| | 377 | buffer_get_char_ret(char *ret, Buffer *buffer) |
| | 378 | { |
| | 379 | if (buffer_get_ret(buffer, ret, 1) == -1) { |
| | 380 | error("buffer_get_char_ret: buffer_get_ret failed"); |
| | 381 | return (-1); |
| | 382 | } |
| | 383 | return (0); |
| | 384 | } |
| | 385 | |
| | 386 | int |
| | 387 | buffer_get_char(Buffer *buffer) |
| | 388 | { |
| | 389 | char ch; |
| | 390 | |
| | 391 | if (buffer_get_char_ret(&ch, buffer) == -1) |
| | 392 | fatal("buffer_get_char: buffer error"); |
| | 393 | return (u_char) ch; |
| | 394 | } |
| | 395 | |
| | 396 | /* |
| | 397 | * Stores a character in the buffer. |
| | 398 | */ |
| | 399 | void |
| | 400 | buffer_put_char(Buffer *buffer, int value) |
| | 401 | { |
| | 402 | char ch = value; |
| | 403 | |
| | 404 | buffer_append(buffer, &ch, 1); |
| | 405 | } |
andersk / openssh.git / blame_incremental