int
sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v)
{
const u_char *d = sshbuf_ptr(buf);
u_int16_t len_bits;
size_t len_bytes;
/* Length in bits */
if (sshbuf_len(buf) < 2)
return SSH_ERR_MESSAGE_INCOMPLETE;
len_bits = PEEK_U16(d);
len_bytes = (len_bits + 7) >> 3;
if (len_bytes > SSHBUF_MAX_BIGNUM)
return SSH_ERR_BIGNUM_TOO_LARGE;
if (sshbuf_len(buf) < 2 + len_bytes)
return SSH_ERR_MESSAGE_INCOMPLETE;
if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL)
return SSH_ERR_ALLOC_FAIL;
if (sshbuf_consume(buf, 2 + len_bytes) != 0) {
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
int
sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
{
EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
int r;
const u_char *d;
size_t len;
if (pt == NULL) {
SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
return SSH_ERR_ALLOC_FAIL;
}
if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
EC_POINT_free(pt);
return r;
}
if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
EC_POINT_free(pt);
return r;
}
if (EC_KEY_set_public_key(v, pt) != 1) {
EC_POINT_free(pt);
return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
}
EC_POINT_free(pt);
/* Skip string */
if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
/* Shouldn't happen */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
int
sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
const u_char **valp, size_t *lenp)
{
const u_char *d;
size_t len, olen;
int r;
if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0)
return r;
len = olen;
/* Refuse negative (MSB set) bignums */
if ((len != 0 && (*d & 0x80) != 0))
return SSH_ERR_BIGNUM_IS_NEGATIVE;
/* Refuse overlong bignums, allow prepended \0 to avoid MSB set */
if (len > SSHBUF_MAX_BIGNUM + 1 ||
(len == SSHBUF_MAX_BIGNUM + 1 && *d != 0))
return SSH_ERR_BIGNUM_TOO_LARGE;
/* Trim leading zeros */
while (len > 0 && *d == 0x00) {
d++;
len--;
}
if (valp != 0)
*valp = d;
if (lenp != NULL)
*lenp = len;
if (sshbuf_consume(buf, olen + 4) != 0) {
/* Shouldn't happen */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
int
sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp)
{
size_t len;
const u_char *p;
int r;
if (valp != NULL)
*valp = NULL;
if (lenp != NULL)
*lenp = 0;
if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0)
return r;
if (valp != 0)
*valp = p;
if (lenp != NULL)
*lenp = len;
if (sshbuf_consume(buf, len + 4) != 0) {
/* Shouldn't happen */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
int
sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
{
const u_char *d;
size_t len;
int r;
if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
return r;
/* Refuse negative (MSB set) bignums */
if ((len != 0 && (*d & 0x80) != 0))
return SSH_ERR_BIGNUM_IS_NEGATIVE;
/* Refuse overlong bignums, allow prepended \0 to avoid MSB set */
if (len > SSHBUF_MAX_BIGNUM + 1 ||
(len == SSHBUF_MAX_BIGNUM + 1 && *d != 0))
return SSH_ERR_BIGNUM_TOO_LARGE;
if (v != NULL && BN_bin2bn(d, len, v) == NULL)
return SSH_ERR_ALLOC_FAIL;
/* Consume the string */
if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
/* Shouldn't happen */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
int
sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g)
{
const u_char *d;
size_t len;
int r;
if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
return r;
if ((r = get_ec(d, len, v, g)) != 0)
return r;
/* Skip string */
if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
/* Shouldn't happen */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
