diff options
Diffstat (limited to 'crypto/openssh/sshbuf-getput-crypto.c')
-rw-r--r-- | crypto/openssh/sshbuf-getput-crypto.c | 76 |
1 files changed, 16 insertions, 60 deletions
diff --git a/crypto/openssh/sshbuf-getput-crypto.c b/crypto/openssh/sshbuf-getput-crypto.c index d0d791b50a34..2e61d3bcd809 100644 --- a/crypto/openssh/sshbuf-getput-crypto.c +++ b/crypto/openssh/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.8 2019/11/15 06:00:20 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -23,6 +23,7 @@ #include <stdio.h> #include <string.h> +#ifdef WITH_OPENSSL #include <openssl/bn.h> #ifdef OPENSSL_HAS_ECC # include <openssl/ec.h> @@ -32,41 +33,24 @@ #include "sshbuf.h" int -sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) +sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp) { + BIGNUM *v; const u_char *d; size_t len; int r; + if (valp != NULL) + *valp = NULL; if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) return r; - if (v != NULL && BN_bin2bn(d, len, v) == NULL) - return SSH_ERR_ALLOC_FAIL; - return 0; -} - -int -sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) -{ - const u_char *d = sshbuf_ptr(buf); - u_int16_t len_bits; - size_t len_bytes; - - /* Length in bits */ - if (sshbuf_len(buf) < 2) - return SSH_ERR_MESSAGE_INCOMPLETE; - len_bits = PEEK_U16(d); - len_bytes = (len_bits + 7) >> 3; - if (len_bytes > SSHBUF_MAX_BIGNUM) - return SSH_ERR_BIGNUM_TOO_LARGE; - if (sshbuf_len(buf) < 2 + len_bytes) - return SSH_ERR_MESSAGE_INCOMPLETE; - if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_consume(buf, 2 + len_bytes) != 0) { - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; + if (valp != NULL) { + if ((v = BN_new()) == NULL || + BN_bin2bn(d, len, v) == NULL) { + BN_clear_free(v); + return SSH_ERR_ALLOC_FAIL; + } + *valp = v; } return 0; } @@ -165,50 +149,22 @@ sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) return 0; } -int -sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) -{ - int r, len_bits = BN_num_bits(v); - size_t len_bytes = (len_bits + 7) / 8; - u_char d[SSHBUF_MAX_BIGNUM], *dp; - - if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM) - return SSH_ERR_INVALID_ARGUMENT; - if (BN_bn2bin(v, d) != (int)len_bytes) - return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ - if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { - explicit_bzero(d, sizeof(d)); - return r; - } - POKE_U16(dp, len_bits); - if (len_bytes != 0) - memcpy(dp + 2, d, len_bytes); - explicit_bzero(d, sizeof(d)); - return 0; -} - #ifdef OPENSSL_HAS_ECC int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) { u_char d[SSHBUF_MAX_ECPOINT]; - BN_CTX *bn_ctx; size_t len; int ret; - if ((bn_ctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { - BN_CTX_free(bn_ctx); + NULL, 0, NULL)) > SSHBUF_MAX_ECPOINT) { return SSH_ERR_INVALID_ARGUMENT; } if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, - d, len, bn_ctx) != len) { - BN_CTX_free(bn_ctx); + d, len, NULL) != len) { return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ } - BN_CTX_free(bn_ctx); ret = sshbuf_put_string(buf, d, len); explicit_bzero(d, len); return ret; @@ -221,4 +177,4 @@ sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) EC_KEY_get0_group(v)); } #endif /* OPENSSL_HAS_ECC */ - +#endif /* WITH_OPENSSL */ |