diff options
Diffstat (limited to 'bufec.c')
-rw-r--r-- | bufec.c | 106 |
1 files changed, 17 insertions, 89 deletions
@@ -1,6 +1,7 @@ | |||
1 | /* $OpenBSD: bufec.c,v 1.3 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */ |
2 | |||
2 | /* | 3 | /* |
3 | * Copyright (c) 2010 Damien Miller <djm@mindrot.org> | 4 | * Copyright (c) 2012 Damien Miller <djm@mindrot.org> |
4 | * | 5 | * |
5 | * Permission to use, copy, modify, and distribute this software for any | 6 | * Permission to use, copy, modify, and distribute this software for any |
6 | * purpose with or without fee is hereby granted, provided that the above | 7 | * purpose with or without fee is hereby granted, provided that the above |
@@ -15,73 +16,29 @@ | |||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | */ | 17 | */ |
17 | 18 | ||
18 | #include "includes.h" | 19 | /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ |
19 | 20 | ||
20 | #ifdef OPENSSL_HAS_ECC | 21 | #include "includes.h" |
21 | 22 | ||
22 | #include <sys/types.h> | 23 | #include <sys/types.h> |
23 | 24 | ||
24 | #include <openssl/bn.h> | ||
25 | #include <openssl/ec.h> | ||
26 | |||
27 | #include <string.h> | ||
28 | #include <stdarg.h> | ||
29 | |||
30 | #include "xmalloc.h" | ||
31 | #include "buffer.h" | 25 | #include "buffer.h" |
32 | #include "log.h" | 26 | #include "log.h" |
33 | #include "misc.h" | 27 | #include "ssherr.h" |
34 | 28 | ||
35 | /* | 29 | #ifdef OPENSSL_HAS_ECC |
36 | * Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed | ||
37 | * encoding represents this as two bitstring points that should each | ||
38 | * be no longer than the field length, SEC1 specifies a 1 byte | ||
39 | * point type header. | ||
40 | * Being paranoid here may insulate us to parsing problems in | ||
41 | * EC_POINT_oct2point. | ||
42 | */ | ||
43 | #define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1) | ||
44 | 30 | ||
45 | /* | ||
46 | * Append an EC_POINT to the buffer as a string containing a SEC1 encoded | ||
47 | * uncompressed point. Fortunately OpenSSL handles the gory details for us. | ||
48 | */ | ||
49 | int | 31 | int |
50 | buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, | 32 | buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, |
51 | const EC_POINT *point) | 33 | const EC_POINT *point) |
52 | { | 34 | { |
53 | u_char *buf = NULL; | 35 | int ret; |
54 | size_t len; | ||
55 | BN_CTX *bnctx; | ||
56 | int ret = -1; | ||
57 | 36 | ||
58 | /* Determine length */ | 37 | if ((ret = sshbuf_put_ec(buffer, point, curve)) != 0) { |
59 | if ((bnctx = BN_CTX_new()) == NULL) | 38 | error("%s: %s", __func__, ssh_err(ret)); |
60 | fatal("%s: BN_CTX_new failed", __func__); | 39 | return -1; |
61 | len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, | ||
62 | NULL, 0, bnctx); | ||
63 | if (len > BUFFER_MAX_ECPOINT_LEN) { | ||
64 | error("%s: giant EC point: len = %lu (max %u)", | ||
65 | __func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN); | ||
66 | goto out; | ||
67 | } | ||
68 | /* Convert */ | ||
69 | buf = xmalloc(len); | ||
70 | if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, | ||
71 | buf, len, bnctx) != len) { | ||
72 | error("%s: EC_POINT_point2oct length mismatch", __func__); | ||
73 | goto out; | ||
74 | } | ||
75 | /* Append */ | ||
76 | buffer_put_string(buffer, buf, len); | ||
77 | ret = 0; | ||
78 | out: | ||
79 | if (buf != NULL) { | ||
80 | explicit_bzero(buf, len); | ||
81 | free(buf); | ||
82 | } | 40 | } |
83 | BN_CTX_free(bnctx); | 41 | return 0; |
84 | return ret; | ||
85 | } | 42 | } |
86 | 43 | ||
87 | void | 44 | void |
@@ -96,43 +53,13 @@ int | |||
96 | buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, | 53 | buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, |
97 | EC_POINT *point) | 54 | EC_POINT *point) |
98 | { | 55 | { |
99 | u_char *buf; | 56 | int ret; |
100 | u_int len; | ||
101 | BN_CTX *bnctx; | ||
102 | int ret = -1; | ||
103 | 57 | ||
104 | if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) { | 58 | if ((ret = sshbuf_get_ec(buffer, point, curve)) != 0) { |
105 | error("%s: invalid point", __func__); | 59 | error("%s: %s", __func__, ssh_err(ret)); |
106 | return -1; | 60 | return -1; |
107 | } | 61 | } |
108 | if ((bnctx = BN_CTX_new()) == NULL) | 62 | return 0; |
109 | fatal("%s: BN_CTX_new failed", __func__); | ||
110 | if (len > BUFFER_MAX_ECPOINT_LEN) { | ||
111 | error("%s: EC_POINT too long: %u > max %u", __func__, | ||
112 | len, BUFFER_MAX_ECPOINT_LEN); | ||
113 | goto out; | ||
114 | } | ||
115 | if (len == 0) { | ||
116 | error("%s: EC_POINT buffer is empty", __func__); | ||
117 | goto out; | ||
118 | } | ||
119 | if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) { | ||
120 | error("%s: EC_POINT is in an incorrect form: " | ||
121 | "0x%02x (want 0x%02x)", __func__, buf[0], | ||
122 | POINT_CONVERSION_UNCOMPRESSED); | ||
123 | goto out; | ||
124 | } | ||
125 | if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) { | ||
126 | error("buffer_get_bignum2_ret: BN_bin2bn failed"); | ||
127 | goto out; | ||
128 | } | ||
129 | /* EC_POINT_oct2point verifies that the point is on the curve for us */ | ||
130 | ret = 0; | ||
131 | out: | ||
132 | BN_CTX_free(bnctx); | ||
133 | explicit_bzero(buf, len); | ||
134 | free(buf); | ||
135 | return ret; | ||
136 | } | 63 | } |
137 | 64 | ||
138 | void | 65 | void |
@@ -144,3 +71,4 @@ buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, | |||
144 | } | 71 | } |
145 | 72 | ||
146 | #endif /* OPENSSL_HAS_ECC */ | 73 | #endif /* OPENSSL_HAS_ECC */ |
74 | |||