summaryrefslogtreecommitdiffstats
path: root/sshbuf-getput-crypto.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:40:04 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:40:04 +0000
commit25505898530a333011f4fd5cbc841ad6b26c089c (patch)
tree333a33fdd60930bcccc3f177ed9467d535e9bac6 /sshbuf-getput-crypto.c
parentInitial commit. (diff)
downloadopenssh-25505898530a333011f4fd5cbc841ad6b26c089c.tar.xz
openssh-25505898530a333011f4fd5cbc841ad6b26c089c.zip
Adding upstream version 1:9.2p1.upstream/1%9.2p1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'sshbuf-getput-crypto.c')
-rw-r--r--sshbuf-getput-crypto.c180
1 files changed, 180 insertions, 0 deletions
diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
new file mode 100644
index 0000000..56ffdd8
--- /dev/null
+++ b/sshbuf-getput-crypto.c
@@ -0,0 +1,180 @@
+/* $OpenBSD: sshbuf-getput-crypto.c,v 1.10 2022/05/25 06:03:44 djm Exp $ */
+/*
+ * Copyright (c) 2011 Damien Miller
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define SSHBUF_INTERNAL
+#include "includes.h"
+
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#ifdef WITH_OPENSSL
+#include <openssl/bn.h>
+#ifdef OPENSSL_HAS_ECC
+# include <openssl/ec.h>
+#endif /* OPENSSL_HAS_ECC */
+
+#include "ssherr.h"
+#include "sshbuf.h"
+
+int
+sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp)
+{
+ BIGNUM *v;
+ const u_char *d;
+ size_t len;
+ int r;
+
+ if (valp != NULL)
+ *valp = NULL;
+ if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
+ return r;
+ if (valp != NULL) {
+ if ((v = BN_new()) == NULL ||
+ BN_bin2bn(d, len, v) == NULL) {
+ BN_clear_free(v);
+ return SSH_ERR_ALLOC_FAIL;
+ }
+ *valp = v;
+ }
+ return 0;
+}
+
+#ifdef OPENSSL_HAS_ECC
+static int
+get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
+{
+ /* Refuse overlong bignums */
+ if (len == 0 || len > SSHBUF_MAX_ECPOINT)
+ return SSH_ERR_ECPOINT_TOO_LARGE;
+ /* Only handle uncompressed points */
+ if (*d != POINT_CONVERSION_UNCOMPRESSED)
+ return SSH_ERR_INVALID_FORMAT;
+ if (v != NULL && EC_POINT_oct2point(g, v, d, len, NULL) != 1)
+ return SSH_ERR_INVALID_FORMAT; /* XXX assumption */
+ return 0;
+}
+
+int
+sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
+{
+ const u_char *d;
+ size_t len;
+ int r;
+
+ if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
+ return r;
+ if ((r = get_ec(d, len, v, g)) != 0)
+ return r;
+ /* Skip string */
+ if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
+ /* Shouldn't happen */
+ SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
+ SSHBUF_ABORT();
+ return SSH_ERR_INTERNAL_ERROR;
+ }
+ return 0;
+}
+
+int
+sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
+{
+ EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
+ int r;
+ const u_char *d;
+ size_t len;
+
+ if (pt == NULL) {
+ SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
+ return SSH_ERR_ALLOC_FAIL;
+ }
+ if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
+ EC_POINT_free(pt);
+ return r;
+ }
+ if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
+ EC_POINT_free(pt);
+ return r;
+ }
+ if (EC_KEY_set_public_key(v, pt) != 1) {
+ EC_POINT_free(pt);
+ return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
+ }
+ EC_POINT_free(pt);
+ /* Skip string */
+ if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
+ /* Shouldn't happen */
+ SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
+ SSHBUF_ABORT();
+ return SSH_ERR_INTERNAL_ERROR;
+ }
+ return 0;
+}
+#endif /* OPENSSL_HAS_ECC */
+
+int
+sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
+{
+ u_char d[SSHBUF_MAX_BIGNUM + 1];
+ int len = BN_num_bytes(v), prepend = 0, r;
+
+ if (len < 0 || len > SSHBUF_MAX_BIGNUM)
+ return SSH_ERR_INVALID_ARGUMENT;
+ *d = '\0';
+ if (BN_bn2bin(v, d + 1) != len)
+ return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
+ /* If MSB is set, prepend a \0 */
+ if (len > 0 && (d[1] & 0x80) != 0)
+ prepend = 1;
+ if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
+ explicit_bzero(d, sizeof(d));
+ return r;
+ }
+ explicit_bzero(d, sizeof(d));
+ return 0;
+}
+
+#ifdef OPENSSL_HAS_ECC
+int
+sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
+{
+ u_char d[SSHBUF_MAX_ECPOINT];
+ size_t len;
+ int ret;
+
+ if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, NULL)) > SSHBUF_MAX_ECPOINT) {
+ return SSH_ERR_INVALID_ARGUMENT;
+ }
+ if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
+ d, len, NULL) != len) {
+ return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
+ }
+ ret = sshbuf_put_string(buf, d, len);
+ explicit_bzero(d, len);
+ return ret;
+}
+
+int
+sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
+{
+ return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
+ EC_KEY_get0_group(v));
+}
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */