Merge 6.7p1.

* New upstream release (http://www.openssh.com/txt/release-6.7): - sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. - ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket (closes: #236718). - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. - sftp(1): Allow resumption of interrupted uploads. - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange. - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family. - sshd(8): Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option. - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths. - sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages. - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is available. It considers time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly (closes: #734553). - Use prctl() to prevent sftp-server from accessing /proc/self/{mem,maps}. * Restore TCP wrappers support, removed upstream in 6.7. It is true that dropping this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. * Replace patch to disable OpenSSL version check with an updated version of Kurt Roeckx's patch from #732940 to just avoid checking the status field.
author: Colin Watson <cjwatson@debian.org> 2014-10-07 13:33:15 +0100
committer: Colin Watson <cjwatson@debian.org> 2014-10-07 14:27:30 +0100
commit: f0b009aea83e9ff3a50be30f51012099a5143c16 (patch)
tree: 3825e6f7e3b7ea4481d06ed89aba9a7a95150df5 /bufbn.c
parent: 47f0bad4330b16ec3bad870fcf9839c196e42c12 (diff)
parent: 762c062828f5a8f6ed189ed6e44ad38fd92f8b36 (diff)
1 files changed, 42 insertions, 168 deletions
diff --git a/bufbn.c b/bufbn.c
index 1d2e01266..b7f7cb122 100644
--- a/bufbn.c
+++ b/bufbn.c
@@ -1,229 +1,103 @@
-/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/
+/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * Auxiliary functions for storing and retrieving various data types to/from
- * Buffers.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- *
- * SSH2 packet format added by Markus Friedl
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * Permission to use, copy, modify, and distribute this software for any
- * modification, are permitted provided that the following conditions
+ * purpose with or without fee is hereby granted, provided that the above
- * are met:
+ * copyright notice and this permission notice appear in all copies.
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
 *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
+/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
 #include "includes.h"
 #include <sys/types.h>
-#include <openssl/bn.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include "xmalloc.h"
 #include "buffer.h"
 #include "log.h"
-#include "misc.h"
+#include "ssherr.h"
-/*
- * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
- * by (bits+7)/8 bytes of binary data, msb first.
- */
 int
 buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
 {
-        int bits = BN_num_bits(value);
+        int ret;
-        int bin_size = (bits + 7) / 8;
-        u_char *buf = xmalloc(bin_size);
-        int oi;
-        char msg[2];
-        /* Get the value of in binary */
-        oi = BN_bn2bin(value, buf);
-        if (oi != bin_size) {
-                error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
-                    oi, bin_size);
-                free(buf);
-                return (-1);
-        }
-        /* Store the number of bits in the buffer in two bytes, msb first. */
-        put_u16(msg, bits);
-        buffer_append(buffer, msg, 2);
-        /* Store the binary data. */
-        buffer_append(buffer, buf, oi);
-        explicit_bzero(buf, bin_size);
-        free(buf);
-        return (0);
+        if ((ret = sshbuf_put_bignum1(buffer, value)) != 0) {
+                error("%s: %s", __func__, ssh_err(ret));
+                return -1;
+        }
+        return 0;
 }
 void
 buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 {
        if (buffer_put_bignum_ret(buffer, value) == -1)
-                fatal("buffer_put_bignum: buffer error");
+                fatal("%s: buffer error", __func__);
 }
-/*
- * Retrieves a BIGNUM from the buffer.
- */
 int
 buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
 {
-        u_int bits, bytes;
+        int ret;
-        u_char buf[2], *bin;
-        /* Get the number of bits. */
+        if ((ret = sshbuf_get_bignum1(buffer, value)) != 0) {
-        if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
+                error("%s: %s", __func__, ssh_err(ret));
-                error("buffer_get_bignum_ret: invalid length");
+                return -1;
-                return (-1);
        }
-        bits = get_u16(buf);
+        return 0;
-        if (bits > 65535-7) {
-                error("buffer_get_bignum_ret: cannot handle BN of size %d",
-                    bits);
-                return (-1);
-        }
-        /* Compute the number of binary bytes that follow. */
-        bytes = (bits + 7) / 8;
-        if (bytes > 8 * 1024) {
-                error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
-                return (-1);
-        }
-        if (buffer_len(buffer) < bytes) {
-                error("buffer_get_bignum_ret: input buffer too small");
-                return (-1);
-        }
-        bin = buffer_ptr(buffer);
-        if (BN_bin2bn(bin, bytes, value) == NULL) {
-                error("buffer_get_bignum_ret: BN_bin2bn failed");
-                return (-1);
-        }
-        if (buffer_consume_ret(buffer, bytes) == -1) {
-                error("buffer_get_bignum_ret: buffer_consume failed");
-                return (-1);
-        }
-        return (0);
 }
 void
 buffer_get_bignum(Buffer *buffer, BIGNUM *value)
 {
        if (buffer_get_bignum_ret(buffer, value) == -1)
-                fatal("buffer_get_bignum: buffer error");
+                fatal("%s: buffer error", __func__);
 }
-/*
- * Stores a BIGNUM in the buffer in SSH2 format.
- */
 int
 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
 {
-        u_int bytes;
+        int ret;
-        u_char *buf;
-        int oi;
+        if ((ret = sshbuf_put_bignum2(buffer, value)) != 0) {
-        u_int hasnohigh = 0;
+                error("%s: %s", __func__, ssh_err(ret));
+                return -1;
-        if (BN_is_zero(value)) {
-                buffer_put_int(buffer, 0);
-                return 0;
-        }
-        if (value->neg) {
-                error("buffer_put_bignum2_ret: negative numbers not supported");
-                return (-1);
-        }
-        bytes = BN_num_bytes(value) + 1; /* extra padding byte */
-        if (bytes < 2) {
-                error("buffer_put_bignum2_ret: BN too small");
-                return (-1);
-        }
-        buf = xmalloc(bytes);
-        buf[0] = 0x00;
-        /* Get the value of in binary */
-        oi = BN_bn2bin(value, buf+1);
-        if (oi < 0 || (u_int)oi != bytes - 1) {
-                error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
-                    "oi %d != bin_size %d", oi, bytes);
-                free(buf);
-                return (-1);
        }
-        hasnohigh = (buf[1] & 0x80) ? 0 : 1;
+        return 0;
-        buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
-        explicit_bzero(buf, bytes);
-        free(buf);
-        return (0);
 }
 void
 buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
 {
        if (buffer_put_bignum2_ret(buffer, value) == -1)
-                fatal("buffer_put_bignum2: buffer error");
+                fatal("%s: buffer error", __func__);
 }
 int
 buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
 {
-        u_int len;
+        int ret;
-        u_char *bin;
-        if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
+        if ((ret = sshbuf_get_bignum2(buffer, value)) != 0) {
-                error("buffer_get_bignum2_ret: invalid bignum");
+                error("%s: %s", __func__, ssh_err(ret));
-                return (-1);
+                return -1;
-        }
-        if (len > 0 && (bin[0] & 0x80)) {
-                error("buffer_get_bignum2_ret: negative numbers not supported");
-                free(bin);
-                return (-1);
-        }
-        if (len > 8 * 1024) {
-                error("buffer_get_bignum2_ret: cannot handle BN of size %d",
-                    len);
-                free(bin);
-                return (-1);
-        }
-        if (BN_bin2bn(bin, len, value) == NULL) {
-                error("buffer_get_bignum2_ret: BN_bin2bn failed");
-                free(bin);
-                return (-1);
        }
-        free(bin);
+        return 0;
-        return (0);
 }
 void
 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
 {
        if (buffer_get_bignum2_ret(buffer, value) == -1)
-                fatal("buffer_get_bignum2: buffer error");
+                fatal("%s: buffer error", __func__);
 }
author	Colin Watson <cjwatson@debian.org>	2014-10-07 13:33:15 +0100
committer	Colin Watson <cjwatson@debian.org>	2014-10-07 14:27:30 +0100
commit	f0b009aea83e9ff3a50be30f51012099a5143c16 (patch)
tree	3825e6f7e3b7ea4481d06ed89aba9a7a95150df5 /bufbn.c
parent	47f0bad4330b16ec3bad870fcf9839c196e42c12 (diff)
parent	762c062828f5a8f6ed189ed6e44ad38fd92f8b36 (diff)

diff --git a/bufbn.c b/bufbn.c index 1d2e01266..b7f7cb122 100644 --- a/bufbn.c +++ b/bufbn.c
@@ -1,229 +1,103 @@
1	/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/	1	/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */
		2
2	/*	3	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Copyright (c) 2012 Damien Miller <djm@mindrot.org>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved
6	* Auxiliary functions for storing and retrieving various data types to/from
7	* Buffers.
8	*
9	* As far as I am concerned, the code I have written for this software
10	* can be used freely for any purpose. Any derived versions of this
11	* software must be clearly marked as such, and if the derived work is
12	* incompatible with the protocol description in the RFC file, it must be
13	* called by a name other than "ssh" or "Secure Shell".
14	*
15	*
16	* SSH2 packet format added by Markus Friedl
17	* Copyright (c) 2000 Markus Friedl. All rights reserved.
18	*	5	*
19	* Redistribution and use in source and binary forms, with or without	6	* Permission to use, copy, modify, and distribute this software for any
20	* modification, are permitted provided that the following conditions	7	* purpose with or without fee is hereby granted, provided that the above
21	* are met:	8	* copyright notice and this permission notice appear in all copies.
22	* 1. Redistributions of source code must retain the above copyright
23	* notice, this list of conditions and the following disclaimer.
24	* 2. Redistributions in binary form must reproduce the above copyright
25	* notice, this list of conditions and the following disclaimer in the
26	* documentation and/or other materials provided with the distribution.
27	*	9	*
28	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR	10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
29	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES	11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
30	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.	12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
31	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,	13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
32	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT	14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
33	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
34	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
35	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
37	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38	*/	17	*/
39		18
		19	/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
		20
40	#include "includes.h"	21	#include "includes.h"
41		22
42	#include <sys/types.h>	23	#include <sys/types.h>
43		24
44	#include <openssl/bn.h>
45
46	#include <string.h>
47	#include <stdarg.h>
48	#include <stdlib.h>
49
50	#include "xmalloc.h"
51	#include "buffer.h"	25	#include "buffer.h"
52	#include "log.h"	26	#include "log.h"
53	#include "misc.h"	27	#include "ssherr.h"
54		28
55	/*
56	* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
57	* by (bits+7)/8 bytes of binary data, msb first.
58	*/
59	int	29	int
60	buffer_put_bignum_ret(Buffer buffer, const BIGNUM value)	30	buffer_put_bignum_ret(Buffer buffer, const BIGNUM value)
61	{	31	{
62	int bits = BN_num_bits(value);	32	int ret;
63	int bin_size = (bits + 7) / 8;
64	u_char *buf = xmalloc(bin_size);
65	int oi;
66	char msg[2];
67
68	/* Get the value of in binary */
69	oi = BN_bn2bin(value, buf);
70	if (oi != bin_size) {
71	error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
72	oi, bin_size);
73	free(buf);
74	return (-1);
75	}
76
77	/* Store the number of bits in the buffer in two bytes, msb first. */
78	put_u16(msg, bits);
79	buffer_append(buffer, msg, 2);
80	/* Store the binary data. */
81	buffer_append(buffer, buf, oi);
82
83	explicit_bzero(buf, bin_size);
84	free(buf);
85		33
86	return (0);	34	if ((ret = sshbuf_put_bignum1(buffer, value)) != 0) {
		35	error("%s: %s", __func__, ssh_err(ret));
		36	return -1;
		37	}
		38	return 0;
87	}	39	}
88		40
89	void	41	void
90	buffer_put_bignum(Buffer buffer, const BIGNUM value)	42	buffer_put_bignum(Buffer buffer, const BIGNUM value)
91	{	43	{
92	if (buffer_put_bignum_ret(buffer, value) == -1)	44	if (buffer_put_bignum_ret(buffer, value) == -1)
93	fatal("buffer_put_bignum: buffer error");	45	fatal("%s: buffer error", __func__);
94	}	46	}
95		47
96	/*
97	* Retrieves a BIGNUM from the buffer.
98	*/
99	int	48	int
100	buffer_get_bignum_ret(Buffer buffer, BIGNUM value)	49	buffer_get_bignum_ret(Buffer buffer, BIGNUM value)
101	{	50	{
102	u_int bits, bytes;	51	int ret;
103	u_char buf[2], *bin;
104		52
105	/* Get the number of bits. */	53	if ((ret = sshbuf_get_bignum1(buffer, value)) != 0) {
106	if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {	54	error("%s: %s", __func__, ssh_err(ret));
107	error("buffer_get_bignum_ret: invalid length");	55	return -1;
108	return (-1);
109	}	56	}
110	bits = get_u16(buf);	57	return 0;
111	if (bits > 65535-7) {
112	error("buffer_get_bignum_ret: cannot handle BN of size %d",
113	bits);
114	return (-1);
115	}
116	/* Compute the number of binary bytes that follow. */
117	bytes = (bits + 7) / 8;
118	if (bytes > 8 * 1024) {
119	error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
120	return (-1);
121	}
122	if (buffer_len(buffer) < bytes) {
123	error("buffer_get_bignum_ret: input buffer too small");
124	return (-1);
125	}
126	bin = buffer_ptr(buffer);
127	if (BN_bin2bn(bin, bytes, value) == NULL) {
128	error("buffer_get_bignum_ret: BN_bin2bn failed");
129	return (-1);
130	}
131	if (buffer_consume_ret(buffer, bytes) == -1) {
132	error("buffer_get_bignum_ret: buffer_consume failed");
133	return (-1);
134	}
135	return (0);
136	}	58	}
137		59
138	void	60	void
139	buffer_get_bignum(Buffer buffer, BIGNUM value)	61	buffer_get_bignum(Buffer buffer, BIGNUM value)
140	{	62	{
141	if (buffer_get_bignum_ret(buffer, value) == -1)	63	if (buffer_get_bignum_ret(buffer, value) == -1)
142	fatal("buffer_get_bignum: buffer error");	64	fatal("%s: buffer error", __func__);
143	}	65	}
144		66
145	/*
146	* Stores a BIGNUM in the buffer in SSH2 format.
147	*/
148	int	67	int
149	buffer_put_bignum2_ret(Buffer buffer, const BIGNUM value)	68	buffer_put_bignum2_ret(Buffer buffer, const BIGNUM value)
150	{	69	{
151	u_int bytes;	70	int ret;
152	u_char *buf;	71
153	int oi;	72	if ((ret = sshbuf_put_bignum2(buffer, value)) != 0) {
154	u_int hasnohigh = 0;	73	error("%s: %s", __func__, ssh_err(ret));
155		74	return -1;
156	if (BN_is_zero(value)) {
157	buffer_put_int(buffer, 0);
158	return 0;
159	}
160	if (value->neg) {
161	error("buffer_put_bignum2_ret: negative numbers not supported");
162	return (-1);
163	}
164	bytes = BN_num_bytes(value) + 1; /* extra padding byte */
165	if (bytes < 2) {
166	error("buffer_put_bignum2_ret: BN too small");
167	return (-1);
168	}
169	buf = xmalloc(bytes);
170	buf[0] = 0x00;
171	/* Get the value of in binary */
172	oi = BN_bn2bin(value, buf+1);
173	if (oi < 0 \|\| (u_int)oi != bytes - 1) {
174	error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
175	"oi %d != bin_size %d", oi, bytes);
176	free(buf);
177	return (-1);
178	}	75	}
179	hasnohigh = (buf[1] & 0x80) ? 0 : 1;	76	return 0;
180	buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
181	explicit_bzero(buf, bytes);
182	free(buf);
183	return (0);
184	}	77	}
185		78
186	void	79	void
187	buffer_put_bignum2(Buffer buffer, const BIGNUM value)	80	buffer_put_bignum2(Buffer buffer, const BIGNUM value)
188	{	81	{
189	if (buffer_put_bignum2_ret(buffer, value) == -1)	82	if (buffer_put_bignum2_ret(buffer, value) == -1)
190	fatal("buffer_put_bignum2: buffer error");	83	fatal("%s: buffer error", __func__);
191	}	84	}
192		85
193	int	86	int
194	buffer_get_bignum2_ret(Buffer buffer, BIGNUM value)	87	buffer_get_bignum2_ret(Buffer buffer, BIGNUM value)
195	{	88	{
196	u_int len;	89	int ret;
197	u_char *bin;
198		90
199	if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {	91	if ((ret = sshbuf_get_bignum2(buffer, value)) != 0) {
200	error("buffer_get_bignum2_ret: invalid bignum");	92	error("%s: %s", __func__, ssh_err(ret));
201	return (-1);	93	return -1;
202	}
203
204	if (len > 0 && (bin[0] & 0x80)) {
205	error("buffer_get_bignum2_ret: negative numbers not supported");
206	free(bin);
207	return (-1);
208	}
209	if (len > 8 * 1024) {
210	error("buffer_get_bignum2_ret: cannot handle BN of size %d",
211	len);
212	free(bin);
213	return (-1);
214	}
215	if (BN_bin2bn(bin, len, value) == NULL) {
216	error("buffer_get_bignum2_ret: BN_bin2bn failed");
217	free(bin);
218	return (-1);
219	}	94	}
220	free(bin);	95	return 0;
221	return (0);
222	}	96	}
223		97
224	void	98	void
225	buffer_get_bignum2(Buffer buffer, BIGNUM value)	99	buffer_get_bignum2(Buffer buffer, BIGNUM value)
226	{	100	{
227	if (buffer_get_bignum2_ret(buffer, value) == -1)	101	if (buffer_get_bignum2_ret(buffer, value) == -1)
228	fatal("buffer_get_bignum2: buffer error");	102	fatal("%s: buffer error", __func__);
229	}	103	}