1 files changed, 17 insertions, 89 deletions
diff --git a/bufec.c b/bufec.c
index 89482b906..749ce9d4c 100644
--- a/bufec.c
+++ b/bufec.c
@@ -1,6 +1,7 @@
-/* $OpenBSD: bufec.c,v 1.3 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */
 /*
- * Copyright (c) 2010 Damien Miller <djm@mindrot.org>
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -15,73 +16,29 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
-#include "includes.h"
+/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
-#ifdef OPENSSL_HAS_ECC
+#include "includes.h"
 #include <sys/types.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <string.h>
-#include <stdarg.h>
-#include "xmalloc.h"
 #include "buffer.h"
 #include "log.h"
-#include "misc.h"
+#include "ssherr.h"
-/*
+#ifdef OPENSSL_HAS_ECC
- * Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed
- * encoding represents this as two bitstring points that should each
- * be no longer than the field length, SEC1 specifies a 1 byte
- * point type header.
- * Being paranoid here may insulate us to parsing problems in
- * EC_POINT_oct2point.
- */
-#define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1)
-/*
- * Append an EC_POINT to the buffer as a string containing a SEC1 encoded
- * uncompressed point. Fortunately OpenSSL handles the gory details for us.
- */
 int
 buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
    const EC_POINT *point)
 {
-        u_char *buf = NULL;
+        int ret;
-        size_t len;
-        BN_CTX *bnctx;
-        int ret = -1;
-        /* Determine length */
+        if ((ret = sshbuf_put_ec(buffer, point, curve)) != 0) {
-        if ((bnctx = BN_CTX_new()) == NULL)
+                error("%s: %s", __func__, ssh_err(ret));
-                fatal("%s: BN_CTX_new failed", __func__);
+                return -1;
-        len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
-            NULL, 0, bnctx);
-        if (len > BUFFER_MAX_ECPOINT_LEN) {
-                error("%s: giant EC point: len = %lu (max %u)",
-                    __func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN);
-                goto out;
-        }
-        /* Convert */
-        buf = xmalloc(len);
-        if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
-            buf, len, bnctx) != len) {
-                error("%s: EC_POINT_point2oct length mismatch", __func__);
-                goto out;
-        }
-        /* Append */
-        buffer_put_string(buffer, buf, len);
-        ret = 0;
- out:
-        if (buf != NULL) {
-                explicit_bzero(buf, len);
-                free(buf);
        }
-        BN_CTX_free(bnctx);
+        return 0;
-        return ret;
 }
 void
@@ -96,43 +53,13 @@ int
 buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
    EC_POINT *point)
 {
-        u_char *buf;
+        int ret;
-        u_int len;
-        BN_CTX *bnctx;
-        int ret = -1;
-        if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) {
+        if ((ret = sshbuf_get_ec(buffer, point, curve)) != 0) {
-                error("%s: invalid point", __func__);
+                error("%s: %s", __func__, ssh_err(ret));
                return -1;
        }
-        if ((bnctx = BN_CTX_new()) == NULL)
+        return 0;
-                fatal("%s: BN_CTX_new failed", __func__);
-        if (len > BUFFER_MAX_ECPOINT_LEN) {
-                error("%s: EC_POINT too long: %u > max %u", __func__,
-                    len, BUFFER_MAX_ECPOINT_LEN);
-                goto out;
-        }
-        if (len == 0) {
-                error("%s: EC_POINT buffer is empty", __func__);
-                goto out;
-        }
-        if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) {
-                error("%s: EC_POINT is in an incorrect form: "
-                    "0x%02x (want 0x%02x)", __func__, buf[0],
-                    POINT_CONVERSION_UNCOMPRESSED);
-                goto out;
-        }
-        if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) {
-                error("buffer_get_bignum2_ret: BN_bin2bn failed");
-                goto out;
-        }
-        /* EC_POINT_oct2point verifies that the point is on the curve for us */
-        ret = 0;
- out:
-        BN_CTX_free(bnctx);
-        explicit_bzero(buf, len);
-        free(buf);
-        return ret;
 }
 void
@@ -144,3 +71,4 @@ buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve,
 }
 #endif /* OPENSSL_HAS_ECC */

diff --git a/bufec.c b/bufec.c index 89482b906..749ce9d4c 100644 --- a/bufec.c +++ b/bufec.c
@@ -1,6 +1,7 @@
1	/* $OpenBSD: bufec.c,v 1.3 2014/01/31 16:39:19 tedu Exp $ */	1	/* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */
		2
2	/*	3	/*
3	* Copyright (c) 2010 Damien Miller <djm@mindrot.org>	4	* Copyright (c) 2012 Damien Miller <djm@mindrot.org>
4	*	5	*
5	* Permission to use, copy, modify, and distribute this software for any	6	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above	7	* purpose with or without fee is hereby granted, provided that the above
@@ -15,73 +16,29 @@
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/	17	*/
17		18
18	#include "includes.h"	19	/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
19		20
20	#ifdef OPENSSL_HAS_ECC	21	#include "includes.h"
21		22
22	#include <sys/types.h>	23	#include <sys/types.h>
23		24
24	#include <openssl/bn.h>
25	#include <openssl/ec.h>
26
27	#include <string.h>
28	#include <stdarg.h>
29
30	#include "xmalloc.h"
31	#include "buffer.h"	25	#include "buffer.h"
32	#include "log.h"	26	#include "log.h"
33	#include "misc.h"	27	#include "ssherr.h"
34		28
35	/*	29	#ifdef OPENSSL_HAS_ECC
36	* Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed
37	* encoding represents this as two bitstring points that should each
38	* be no longer than the field length, SEC1 specifies a 1 byte
39	* point type header.
40	* Being paranoid here may insulate us to parsing problems in
41	* EC_POINT_oct2point.
42	*/
43	#define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1)
44		30
45	/*
46	* Append an EC_POINT to the buffer as a string containing a SEC1 encoded
47	* uncompressed point. Fortunately OpenSSL handles the gory details for us.
48	*/
49	int	31	int
50	buffer_put_ecpoint_ret(Buffer buffer, const EC_GROUP curve,	32	buffer_put_ecpoint_ret(Buffer buffer, const EC_GROUP curve,
51	const EC_POINT *point)	33	const EC_POINT *point)
52	{	34	{
53	u_char *buf = NULL;	35	int ret;
54	size_t len;
55	BN_CTX *bnctx;
56	int ret = -1;
57		36
58	/* Determine length */	37	if ((ret = sshbuf_put_ec(buffer, point, curve)) != 0) {
59	if ((bnctx = BN_CTX_new()) == NULL)	38	error("%s: %s", __func__, ssh_err(ret));
60	fatal("%s: BN_CTX_new failed", __func__);	39	return -1;
61	len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
62	NULL, 0, bnctx);
63	if (len > BUFFER_MAX_ECPOINT_LEN) {
64	error("%s: giant EC point: len = %lu (max %u)",
65	__func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN);
66	goto out;
67	}
68	/* Convert */
69	buf = xmalloc(len);
70	if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
71	buf, len, bnctx) != len) {
72	error("%s: EC_POINT_point2oct length mismatch", __func__);
73	goto out;
74	}
75	/* Append */
76	buffer_put_string(buffer, buf, len);
77	ret = 0;
78	out:
79	if (buf != NULL) {
80	explicit_bzero(buf, len);
81	free(buf);
82	}	40	}
83	BN_CTX_free(bnctx);	41	return 0;
84	return ret;
85	}	42	}
86		43
87	void	44	void
@@ -96,43 +53,13 @@ int
96	buffer_get_ecpoint_ret(Buffer buffer, const EC_GROUP curve,	53	buffer_get_ecpoint_ret(Buffer buffer, const EC_GROUP curve,
97	EC_POINT *point)	54	EC_POINT *point)
98	{	55	{
99	u_char *buf;	56	int ret;
100	u_int len;
101	BN_CTX *bnctx;
102	int ret = -1;
103		57
104	if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) {	58	if ((ret = sshbuf_get_ec(buffer, point, curve)) != 0) {
105	error("%s: invalid point", __func__);	59	error("%s: %s", __func__, ssh_err(ret));
106	return -1;	60	return -1;
107	}	61	}
108	if ((bnctx = BN_CTX_new()) == NULL)	62	return 0;
109	fatal("%s: BN_CTX_new failed", __func__);
110	if (len > BUFFER_MAX_ECPOINT_LEN) {
111	error("%s: EC_POINT too long: %u > max %u", __func__,
112	len, BUFFER_MAX_ECPOINT_LEN);
113	goto out;
114	}
115	if (len == 0) {
116	error("%s: EC_POINT buffer is empty", __func__);
117	goto out;
118	}
119	if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) {
120	error("%s: EC_POINT is in an incorrect form: "
121	"0x%02x (want 0x%02x)", __func__, buf[0],
122	POINT_CONVERSION_UNCOMPRESSED);
123	goto out;
124	}
125	if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) {
126	error("buffer_get_bignum2_ret: BN_bin2bn failed");
127	goto out;
128	}
129	/* EC_POINT_oct2point verifies that the point is on the curve for us */
130	ret = 0;
131	out:
132	BN_CTX_free(bnctx);
133	explicit_bzero(buf, len);
134	free(buf);
135	return ret;
136	}	63	}
137		64
138	void	65	void
@@ -144,3 +71,4 @@ buffer_get_ecpoint(Buffer buffer, const EC_GROUP curve,
144	}	71	}
145		72
146	#endif /* OPENSSL_HAS_ECC */	73	#endif /* OPENSSL_HAS_ECC */
		74