From 74de254bb92c684cf53461da97f52d5ba34ded80 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 4 Dec 2014 01:49:59 +0000 Subject: upstream commit convert KRL code to new buffer API ok markus@ --- sshbuf-getput-basic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sshbuf-getput-basic.c') diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index b7d0758c2..682b68d58 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.1 2014/04/30 05:29:56 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.2 2014/12/04 01:49:59 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -359,7 +359,7 @@ sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) int sshbuf_put_cstring(struct sshbuf *buf, const char *v) { - return sshbuf_put_string(buf, (u_char *)v, strlen(v)); + return sshbuf_put_string(buf, (u_char *)v, v == NULL ? 0 : strlen(v)); } int -- cgit v1.2.3 From a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 12 Jan 2015 15:18:07 +0000 Subject: upstream commit apparently memcpy(x, NULL, 0) is undefined behaviour according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls when length==0; ok markus@ --- sshbuf-getput-basic.c | 19 ++++++++++++------- sshbuf-getput-crypto.c | 5 +++-- 2 files changed, 15 insertions(+), 9 deletions(-) (limited to 'sshbuf-getput-basic.c') diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index 682b68d58..06d6cc492 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.2 2014/12/04 01:49:59 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -34,7 +34,7 @@ sshbuf_get(struct sshbuf *buf, void *v, size_t len) if ((r = sshbuf_consume(buf, len)) < 0) return r; - if (v != NULL) + if (v != NULL && len != 0) memcpy(v, p, len); return 0; } @@ -109,7 +109,8 @@ sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp) SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); return SSH_ERR_ALLOC_FAIL; } - memcpy(*valp, val, len); + if (len != 0) + memcpy(*valp, val, len); (*valp)[len] = '\0'; } if (lenp != NULL) @@ -200,7 +201,8 @@ sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp) SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); return SSH_ERR_ALLOC_FAIL; } - memcpy(*valp, p, len); + if (len != 0) + memcpy(*valp, p, len); (*valp)[len] = '\0'; } if (lenp != NULL) @@ -236,7 +238,8 @@ sshbuf_put(struct sshbuf *buf, const void *v, size_t len) if ((r = sshbuf_reserve(buf, len, &p)) < 0) return r; - memcpy(p, v, len); + if (len != 0) + memcpy(p, v, len); return 0; } @@ -352,7 +355,8 @@ sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0) return r; POKE_U32(d, len); - memcpy(d + 4, v, len); + if (len != 0) + memcpy(d + 4, v, len); return 0; } @@ -416,6 +420,7 @@ sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len) POKE_U32(d, len + prepend); if (prepend) d[4] = 0; - memcpy(d + 4 + prepend, s, len); + if (len != 0) + memcpy(d + 4 + prepend, s, len); return 0; } diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index 74351d3e5..7fad28bb7 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -195,7 +195,8 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) return r; } POKE_U16(dp, len_bits); - memcpy(dp + 2, d, len_bytes); + if (len_bytes != 0) + memcpy(dp + 2, d, len_bytes); bzero(d, sizeof(d)); return 0; } -- cgit v1.2.3 From a165bab605f7be55940bb8fae977398e8c96a46d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 14 Jan 2015 15:02:39 +0000 Subject: upstream commit avoid BIGNUM in KRL code by using a simple bitmap; feedback and ok markus --- Makefile.in | 6 +++-- krl.c | 62 +++++++++++++++++++++++++++++++++----------------- sshbuf-getput-basic.c | 38 ++++++++++++++++++++++++++++++- sshbuf-getput-crypto.c | 18 ++------------- sshbuf.h | 4 +++- 5 files changed, 87 insertions(+), 41 deletions(-) (limited to 'sshbuf-getput-basic.c') diff --git a/Makefile.in b/Makefile.in index 9b485fba8..ebd48c303 100644 --- a/Makefile.in +++ b/Makefile.in @@ -70,7 +70,9 @@ LIBOPENSSH_OBJS=\ sshkey.o \ sshbuf-getput-basic.o \ sshbuf-misc.o \ - sshbuf-getput-crypto.o + sshbuf-getput-crypto.o \ + krl.o \ + bitmap.o LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ authfd.o authfile.o bufaux.o bufbn.o buffer.o \ @@ -83,7 +85,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ - ssh-pkcs11.o krl.o smult_curve25519_ref.o \ + ssh-pkcs11.o smult_curve25519_ref.o \ kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \ ssh-ed25519.o digest-openssl.o hmac.o \ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o diff --git a/krl.c b/krl.c index d6bd10935..3917338f9 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.25 2015/01/13 19:04:35 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.26 2015/01/14 15:02:39 djm Exp $ */ #include "includes.h" @@ -37,6 +37,7 @@ #include "misc.h" #include "log.h" #include "digest.h" +#include "bitmap.h" #include "krl.h" @@ -519,6 +520,25 @@ choose_next_state(int current_state, u_int64_t contig, int final, return new_state; } +static int +put_bitmap(struct sshbuf *buf, struct bitmap *bitmap) +{ + size_t len; + u_char *blob; + int r; + + len = bitmap_nbytes(bitmap); + if ((blob = malloc(len)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (bitmap_to_string(bitmap, blob, len) != 0) { + free(blob); + return SSH_ERR_INTERNAL_ERROR; + } + r = sshbuf_put_bignum2_bytes(buf, blob, len); + free(blob); + return r; +} + /* Generate a KRL_SECTION_CERTIFICATES KRL section */ static int revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) @@ -529,7 +549,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) struct revoked_key_id *rki; int next_state, state = 0; struct sshbuf *sect; - BIGNUM *bitmap = NULL; + struct bitmap *bitmap = NULL; if ((sect = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -572,9 +592,9 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) case KRL_SECTION_CERT_SERIAL_RANGE: break; case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((r = sshbuf_put_bignum2(sect, bitmap)) != 0) + if ((r = put_bitmap(sect, bitmap)) != 0) goto out; - BN_free(bitmap); + bitmap_free(bitmap); bitmap = NULL; break; } @@ -595,7 +615,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) case KRL_SECTION_CERT_SERIAL_RANGE: break; case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((bitmap = BN_new()) == NULL) { + if ((bitmap = bitmap_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -626,8 +646,8 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) goto out; } for (i = 0; i < contig; i++) { - if (BN_set_bit(bitmap, - rs->lo + i - bitmap_start) != 1) { + if (bitmap_set_bit(bitmap, + rs->lo + i - bitmap_start) != 0) { r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -645,9 +665,9 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) case KRL_SECTION_CERT_SERIAL_RANGE: break; case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((r = sshbuf_put_bignum2(sect, bitmap)) != 0) + if ((r = put_bitmap(sect, bitmap)) != 0) goto out; - BN_free(bitmap); + bitmap_free(bitmap); bitmap = NULL; break; } @@ -671,8 +691,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) } r = 0; out: - if (bitmap != NULL) - BN_free(bitmap); + bitmap_free(bitmap); sshbuf_free(sect); return r; } @@ -784,13 +803,13 @@ format_timestamp(u_int64_t timestamp, char *ts, size_t nts) static int parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) { - int r = SSH_ERR_INTERNAL_ERROR, nbits; + int r = SSH_ERR_INTERNAL_ERROR; u_char type; const u_char *blob; - size_t blen; + size_t blen, nbits; struct sshbuf *subsect = NULL; u_int64_t serial, serial_lo, serial_hi; - BIGNUM *bitmap = NULL; + struct bitmap *bitmap = NULL; char *key_id = NULL; struct sshkey *ca_key = NULL; @@ -834,31 +853,32 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) goto out; break; case KRL_SECTION_CERT_SERIAL_BITMAP: - if ((bitmap = BN_new()) == NULL) { + if ((bitmap = bitmap_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_get_u64(subsect, &serial_lo)) != 0 || - (r = sshbuf_get_bignum2(subsect, bitmap)) != 0) + (r = sshbuf_get_bignum2_bytes_direct(subsect, + &blob, &blen)) != 0) goto out; - if ((nbits = BN_num_bits(bitmap)) < 0) { - error("%s: bitmap bits < 0", __func__); + if (bitmap_from_string(bitmap, blob, blen) != 0) { r = SSH_ERR_INVALID_FORMAT; goto out; } + nbits = bitmap_nbits(bitmap); for (serial = 0; serial < (u_int64_t)nbits; serial++) { if (serial > 0 && serial_lo + serial == 0) { error("%s: bitmap wraps u64", __func__); r = SSH_ERR_INVALID_FORMAT; goto out; } - if (!BN_is_bit_set(bitmap, serial)) + if (!bitmap_test_bit(bitmap, serial)) continue; if ((r = ssh_krl_revoke_cert_by_serial(krl, ca_key, serial_lo + serial)) != 0) goto out; } - BN_free(bitmap); + bitmap_free(bitmap); bitmap = NULL; break; case KRL_SECTION_CERT_KEY_ID: @@ -888,7 +908,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) r = 0; out: if (bitmap != NULL) - BN_free(bitmap); + bitmap_free(bitmap); free(key_id); sshkey_free(ca_key); sshbuf_free(subsect); diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index 06d6cc492..8ff8a0a28 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -424,3 +424,39 @@ sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len) memcpy(d + 4 + prepend, s, len); return 0; } + +int +sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, + const u_char **valp, size_t *lenp) +{ + const u_char *d; + size_t len, olen; + int r; + + if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0) + return r; + len = olen; + /* Refuse negative (MSB set) bignums */ + if ((len != 0 && (*d & 0x80) != 0)) + return SSH_ERR_BIGNUM_IS_NEGATIVE; + /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ + if (len > SSHBUF_MAX_BIGNUM + 1 || + (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) + return SSH_ERR_BIGNUM_TOO_LARGE; + /* Trim leading zeros */ + while (len > 0 && *d == 0x00) { + d++; + len--; + } + if (valp != 0) + *valp = d; + if (lenp != NULL) + *lenp = len; + if (sshbuf_consume(buf, olen + 4) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } + return 0; +} diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index 7fad28bb7..e2e093c00 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -38,24 +38,10 @@ sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) size_t len; int r; - if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) + if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) return r; - /* Refuse negative (MSB set) bignums */ - if ((len != 0 && (*d & 0x80) != 0)) - return SSH_ERR_BIGNUM_IS_NEGATIVE; - /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ - if (len > SSHBUF_MAX_BIGNUM + 1 || - (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) - return SSH_ERR_BIGNUM_TOO_LARGE; if (v != NULL && BN_bin2bn(d, len, v) == NULL) return SSH_ERR_ALLOC_FAIL; - /* Consume the string */ - if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { - /* Shouldn't happen */ - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; - } return 0; } diff --git a/sshbuf.h b/sshbuf.h index 3602bc53f..ac0191936 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.3 2014/06/24 01:13:21 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.4 2015/01/14 15:02:39 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -212,6 +212,8 @@ int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); #ifdef WITH_OPENSSL int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); +int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, + const u_char **valp, size_t *lenp); int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); # ifdef OPENSSL_HAS_ECC -- cgit v1.2.3