summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-01-14 15:02:39 +0000
committerDamien Miller <djm@mindrot.org>2015-01-15 02:22:18 +1100
commita165bab605f7be55940bb8fae977398e8c96a46d (patch)
tree8a805f18a1f3cc5412b5f94ef64baa275f559a0b
parent7d845f4a0b7ec97887be204c3760e44de8bf1f32 (diff)
upstream commit
avoid BIGNUM in KRL code by using a simple bitmap; feedback and ok markus
Diffstat
-rw-r--r--Makefile.in6
-rw-r--r--krl.c62
-rw-r--r--sshbuf-getput-basic.c38
-rw-r--r--sshbuf-getput-crypto.c18
-rw-r--r--sshbuf.h4
5 files changed, 87 insertions, 41 deletions
diff --git a/Makefile.in b/Makefile.in
index 9b485fba8..ebd48c303 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -70,7 +70,9 @@ LIBOPENSSH_OBJS=\
70 sshkey.o \ 70 sshkey.o \
71 sshbuf-getput-basic.o \ 71 sshbuf-getput-basic.o \
72 sshbuf-misc.o \ 72 sshbuf-misc.o \
73 sshbuf-getput-crypto.o 73 sshbuf-getput-crypto.o \
74 krl.o \
75 bitmap.o
74 76
75LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ 77LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
76 authfd.o authfile.o bufaux.o bufbn.o buffer.o \ 78 authfd.o authfile.o bufaux.o bufbn.o buffer.o \
@@ -83,7 +85,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
83 monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ 85 monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
84 kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ 86 kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
85 msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ 87 msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
86 ssh-pkcs11.o krl.o smult_curve25519_ref.o \ 88 ssh-pkcs11.o smult_curve25519_ref.o \
87 kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \ 89 kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
88 ssh-ed25519.o digest-openssl.o hmac.o \ 90 ssh-ed25519.o digest-openssl.o hmac.o \
89 sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o 91 sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o
diff --git a/krl.c b/krl.c
index d6bd10935..3917338f9 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.25 2015/01/13 19:04:35 djm Exp $ */ 17/* $OpenBSD: krl.c,v 1.26 2015/01/14 15:02:39 djm Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -37,6 +37,7 @@
37#include "misc.h" 37#include "misc.h"
38#include "log.h" 38#include "log.h"
39#include "digest.h" 39#include "digest.h"
40#include "bitmap.h"
40 41
41#include "krl.h" 42#include "krl.h"
42 43
@@ -519,6 +520,25 @@ choose_next_state(int current_state, u_int64_t contig, int final,
519 return new_state; 520 return new_state;
520} 521}
521 522
523static int
524put_bitmap(struct sshbuf *buf, struct bitmap *bitmap)
525{
526 size_t len;
527 u_char *blob;
528 int r;
529
530 len = bitmap_nbytes(bitmap);
531 if ((blob = malloc(len)) == NULL)
532 return SSH_ERR_ALLOC_FAIL;
533 if (bitmap_to_string(bitmap, blob, len) != 0) {
534 free(blob);
535 return SSH_ERR_INTERNAL_ERROR;
536 }
537 r = sshbuf_put_bignum2_bytes(buf, blob, len);
538 free(blob);
539 return r;
540}
541
522/* Generate a KRL_SECTION_CERTIFICATES KRL section */ 542/* Generate a KRL_SECTION_CERTIFICATES KRL section */
523static int 543static int
524revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) 544revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
@@ -529,7 +549,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
529 struct revoked_key_id *rki; 549 struct revoked_key_id *rki;
530 int next_state, state = 0; 550 int next_state, state = 0;
531 struct sshbuf *sect; 551 struct sshbuf *sect;
532 BIGNUM *bitmap = NULL; 552 struct bitmap *bitmap = NULL;
533 553
534 if ((sect = sshbuf_new()) == NULL) 554 if ((sect = sshbuf_new()) == NULL)
535 return SSH_ERR_ALLOC_FAIL; 555 return SSH_ERR_ALLOC_FAIL;
@@ -572,9 +592,9 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
572 case KRL_SECTION_CERT_SERIAL_RANGE: 592 case KRL_SECTION_CERT_SERIAL_RANGE:
573 break; 593 break;
574 case KRL_SECTION_CERT_SERIAL_BITMAP: 594 case KRL_SECTION_CERT_SERIAL_BITMAP:
575 if ((r = sshbuf_put_bignum2(sect, bitmap)) != 0) 595 if ((r = put_bitmap(sect, bitmap)) != 0)
576 goto out; 596 goto out;
577 BN_free(bitmap); 597 bitmap_free(bitmap);
578 bitmap = NULL; 598 bitmap = NULL;
579 break; 599 break;
580 } 600 }
@@ -595,7 +615,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
595 case KRL_SECTION_CERT_SERIAL_RANGE: 615 case KRL_SECTION_CERT_SERIAL_RANGE:
596 break; 616 break;
597 case KRL_SECTION_CERT_SERIAL_BITMAP: 617 case KRL_SECTION_CERT_SERIAL_BITMAP:
598 if ((bitmap = BN_new()) == NULL) { 618 if ((bitmap = bitmap_new()) == NULL) {
599 r = SSH_ERR_ALLOC_FAIL; 619 r = SSH_ERR_ALLOC_FAIL;
600 goto out; 620 goto out;
601 } 621 }
@@ -626,8 +646,8 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
626 goto out; 646 goto out;
627 } 647 }
628 for (i = 0; i < contig; i++) { 648 for (i = 0; i < contig; i++) {
629 if (BN_set_bit(bitmap, 649 if (bitmap_set_bit(bitmap,
630 rs->lo + i - bitmap_start) != 1) { 650 rs->lo + i - bitmap_start) != 0) {
631 r = SSH_ERR_ALLOC_FAIL; 651 r = SSH_ERR_ALLOC_FAIL;
632 goto out; 652 goto out;
633 } 653 }
@@ -645,9 +665,9 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
645 case KRL_SECTION_CERT_SERIAL_RANGE: 665 case KRL_SECTION_CERT_SERIAL_RANGE:
646 break; 666 break;
647 case KRL_SECTION_CERT_SERIAL_BITMAP: 667 case KRL_SECTION_CERT_SERIAL_BITMAP:
648 if ((r = sshbuf_put_bignum2(sect, bitmap)) != 0) 668 if ((r = put_bitmap(sect, bitmap)) != 0)
649 goto out; 669 goto out;
650 BN_free(bitmap); 670 bitmap_free(bitmap);
651 bitmap = NULL; 671 bitmap = NULL;
652 break; 672 break;
653 } 673 }
@@ -671,8 +691,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
671 } 691 }
672 r = 0; 692 r = 0;
673 out: 693 out:
674 if (bitmap != NULL) 694 bitmap_free(bitmap);
675 BN_free(bitmap);
676 sshbuf_free(sect); 695 sshbuf_free(sect);
677 return r; 696 return r;
678} 697}
@@ -784,13 +803,13 @@ format_timestamp(u_int64_t timestamp, char *ts, size_t nts)
784static int 803static int
785parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) 804parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
786{ 805{
787 int r = SSH_ERR_INTERNAL_ERROR, nbits; 806 int r = SSH_ERR_INTERNAL_ERROR;
788 u_char type; 807 u_char type;
789 const u_char *blob; 808 const u_char *blob;
790 size_t blen; 809 size_t blen, nbits;
791 struct sshbuf *subsect = NULL; 810 struct sshbuf *subsect = NULL;
792 u_int64_t serial, serial_lo, serial_hi; 811 u_int64_t serial, serial_lo, serial_hi;
793 BIGNUM *bitmap = NULL; 812 struct bitmap *bitmap = NULL;
794 char *key_id = NULL; 813 char *key_id = NULL;
795 struct sshkey *ca_key = NULL; 814 struct sshkey *ca_key = NULL;
796 815
@@ -834,31 +853,32 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
834 goto out; 853 goto out;
835 break; 854 break;
836 case KRL_SECTION_CERT_SERIAL_BITMAP: 855 case KRL_SECTION_CERT_SERIAL_BITMAP:
837 if ((bitmap = BN_new()) == NULL) { 856 if ((bitmap = bitmap_new()) == NULL) {
838 r = SSH_ERR_ALLOC_FAIL; 857 r = SSH_ERR_ALLOC_FAIL;
839 goto out; 858 goto out;
840 } 859 }
841 if ((r = sshbuf_get_u64(subsect, &serial_lo)) != 0 || 860 if ((r = sshbuf_get_u64(subsect, &serial_lo)) != 0 ||
842 (r = sshbuf_get_bignum2(subsect, bitmap)) != 0) 861 (r = sshbuf_get_bignum2_bytes_direct(subsect,
862 &blob, &blen)) != 0)
843 goto out; 863 goto out;
844 if ((nbits = BN_num_bits(bitmap)) < 0) { 864 if (bitmap_from_string(bitmap, blob, blen) != 0) {
845 error("%s: bitmap bits < 0", __func__);
846 r = SSH_ERR_INVALID_FORMAT; 865 r = SSH_ERR_INVALID_FORMAT;
847 goto out; 866 goto out;
848 } 867 }
868 nbits = bitmap_nbits(bitmap);
849 for (serial = 0; serial < (u_int64_t)nbits; serial++) { 869 for (serial = 0; serial < (u_int64_t)nbits; serial++) {
850 if (serial > 0 && serial_lo + serial == 0) { 870 if (serial > 0 && serial_lo + serial == 0) {
851 error("%s: bitmap wraps u64", __func__); 871 error("%s: bitmap wraps u64", __func__);
852 r = SSH_ERR_INVALID_FORMAT; 872 r = SSH_ERR_INVALID_FORMAT;
853 goto out; 873 goto out;
854 } 874 }
855 if (!BN_is_bit_set(bitmap, serial)) 875 if (!bitmap_test_bit(bitmap, serial))
856 continue; 876 continue;
857 if ((r = ssh_krl_revoke_cert_by_serial(krl, 877 if ((r = ssh_krl_revoke_cert_by_serial(krl,
858 ca_key, serial_lo + serial)) != 0) 878 ca_key, serial_lo + serial)) != 0)
859 goto out; 879 goto out;
860 } 880 }
861 BN_free(bitmap); 881 bitmap_free(bitmap);
862 bitmap = NULL; 882 bitmap = NULL;
863 break; 883 break;
864 case KRL_SECTION_CERT_KEY_ID: 884 case KRL_SECTION_CERT_KEY_ID:
@@ -888,7 +908,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
888 r = 0; 908 r = 0;
889 out: 909 out:
890 if (bitmap != NULL) 910 if (bitmap != NULL)
891 BN_free(bitmap); 911 bitmap_free(bitmap);
892 free(key_id); 912 free(key_id);
893 sshkey_free(ca_key); 913 sshkey_free(ca_key);
894 sshbuf_free(subsect); 914 sshbuf_free(subsect);
diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c
index 06d6cc492..8ff8a0a28 100644
--- a/sshbuf-getput-basic.c
+++ b/sshbuf-getput-basic.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-getput-basic.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ 1/* $OpenBSD: sshbuf-getput-basic.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -424,3 +424,39 @@ sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len)
424 memcpy(d + 4 + prepend, s, len); 424 memcpy(d + 4 + prepend, s, len);
425 return 0; 425 return 0;
426} 426}
427
428int
429sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
430 const u_char **valp, size_t *lenp)
431{
432 const u_char *d;
433 size_t len, olen;
434 int r;
435
436 if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0)
437 return r;
438 len = olen;
439 /* Refuse negative (MSB set) bignums */
440 if ((len != 0 && (*d & 0x80) != 0))
441 return SSH_ERR_BIGNUM_IS_NEGATIVE;
442 /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */
443 if (len > SSHBUF_MAX_BIGNUM + 1 ||
444 (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0))
445 return SSH_ERR_BIGNUM_TOO_LARGE;
446 /* Trim leading zeros */
447 while (len > 0 && *d == 0x00) {
448 d++;
449 len--;
450 }
451 if (valp != 0)
452 *valp = d;
453 if (lenp != NULL)
454 *lenp = len;
455 if (sshbuf_consume(buf, olen + 4) != 0) {
456 /* Shouldn't happen */
457 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
458 SSHBUF_ABORT();
459 return SSH_ERR_INTERNAL_ERROR;
460 }
461 return 0;
462}
diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index 7fad28bb7..e2e093c00 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ 1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -38,24 +38,10 @@ sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
38 size_t len; 38 size_t len;
39 int r; 39 int r;
40 40
41 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) 41 if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
42 return r; 42 return r;
43 /* Refuse negative (MSB set) bignums */
44 if ((len != 0 && (*d & 0x80) != 0))
45 return SSH_ERR_BIGNUM_IS_NEGATIVE;
46 /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */
47 if (len > SSHBUF_MAX_BIGNUM + 1 ||
48 (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0))
49 return SSH_ERR_BIGNUM_TOO_LARGE;
50 if (v != NULL && BN_bin2bn(d, len, v) == NULL) 43 if (v != NULL && BN_bin2bn(d, len, v) == NULL)
51 return SSH_ERR_ALLOC_FAIL; 44 return SSH_ERR_ALLOC_FAIL;
52 /* Consume the string */
53 if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
54 /* Shouldn't happen */
55 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
56 SSHBUF_ABORT();
57 return SSH_ERR_INTERNAL_ERROR;
58 }
59 return 0; 45 return 0;
60} 46}
61 47
diff --git a/sshbuf.h b/sshbuf.h
index 3602bc53f..ac0191936 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf.h,v 1.3 2014/06/24 01:13:21 djm Exp $ */ 1/* $OpenBSD: sshbuf.h,v 1.4 2015/01/14 15:02:39 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -212,6 +212,8 @@ int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
212#ifdef WITH_OPENSSL 212#ifdef WITH_OPENSSL
213int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); 213int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v);
214int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); 214int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v);
215int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
216 const u_char **valp, size_t *lenp);
215int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); 217int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
216int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); 218int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v);
217# ifdef OPENSSL_HAS_ECC 219# ifdef OPENSSL_HAS_ECC
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:23:48 +0000