aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon')
-rw-r--r--src/charon/credentials/credential_manager.c5
-rw-r--r--src/charon/credentials/sets/auth_info_wrapper.c1
-rw-r--r--src/charon/encoding/payloads/cert_payload.c2
-rw-r--r--src/charon/plugins/medcli/medcli_creds.c11
-rw-r--r--src/charon/plugins/medsrv/medsrv_creds.c9
-rw-r--r--src/charon/plugins/sql/sql_cred.c4
-rw-r--r--src/charon/plugins/stroke/stroke_cred.c1
-rw-r--r--src/charon/plugins/unit_tester/Makefile.am4
-rw-r--r--src/charon/plugins/unit_tester/tests.h3
-rw-r--r--src/charon/plugins/unit_tester/tests/test_agent.c67
-rw-r--r--src/charon/plugins/unit_tester/tests/test_auth_info.c2
-rw-r--r--src/charon/plugins/unit_tester/tests/test_rsa_gen.c2
12 files changed, 95 insertions, 16 deletions
diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c
index 48d066e17..74593aa64 100644
--- a/src/charon/credentials/credential_manager.c
+++ b/src/charon/credentials/credential_manager.c
@@ -474,8 +474,8 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
/* TODO: requestor name, signature */
request = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
- BUILD_CA_CERT, issuer->get_ref(issuer),
- BUILD_CERT, subject->get_ref(subject), BUILD_END);
+ BUILD_CA_CERT, issuer,
+ BUILD_CERT, subject, BUILD_END);
if (!request)
{
DBG1(DBG_CFG, "generating ocsp request failed");
@@ -500,6 +500,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
response = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
BUILD_BLOB_ASN1_DER, receive, BUILD_END);
+ chunk_free(&receive);
if (!response)
{
DBG1(DBG_CFG, "parsing ocsp response failed");
diff --git a/src/charon/credentials/sets/auth_info_wrapper.c b/src/charon/credentials/sets/auth_info_wrapper.c
index 9307ff23f..7ec75be15 100644
--- a/src/charon/credentials/sets/auth_info_wrapper.c
+++ b/src/charon/credentials/sets/auth_info_wrapper.c
@@ -83,6 +83,7 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB_ASN1_DER, data, BUILD_END);
+ free(data.ptr);
if (!cert)
{
diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/charon/encoding/payloads/cert_payload.c
index 453411850..ef6e99d77 100644
--- a/src/charon/encoding/payloads/cert_payload.c
+++ b/src/charon/encoding/payloads/cert_payload.c
@@ -229,7 +229,7 @@ static certificate_t *get_cert(private_cert_payload_t *this)
return NULL;
}
return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_BLOB_ASN1_DER, chunk_clone(this->data),
+ BUILD_BLOB_ASN1_DER, this->data,
BUILD_END);
}
diff --git a/src/charon/plugins/medcli/medcli_creds.c b/src/charon/plugins/medcli/medcli_creds.c
index 685f34271..1e99f6990 100644
--- a/src/charon/plugins/medcli/medcli_creds.c
+++ b/src/charon/plugins/medcli/medcli_creds.c
@@ -63,7 +63,7 @@ static bool private_enumerator_enumerate(private_enumerator_t *this,
while (this->inner->enumerate(this->inner, &chunk))
{
this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
- BUILD_BLOB_ASN1_DER, chunk_clone(chunk),
+ BUILD_BLOB_ASN1_DER, chunk,
BUILD_END);
if (this->current)
{
@@ -143,7 +143,7 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
while (this->inner->enumerate(this->inner, &chunk))
{
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_BLOB_ASN1_DER, chunk_clone(chunk),
+ BUILD_BLOB_ASN1_DER, chunk,
BUILD_END);
if (public)
{
@@ -152,14 +152,17 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
this->current = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
BUILD_PUBLIC_KEY, public, BUILD_END);
+ public->destroy(public);
if (this->current)
{
*cert = this->current;
return TRUE;
}
- continue;
}
- public->destroy(public);
+ else
+ {
+ public->destroy(public);
+ }
}
}
this->current = NULL;
diff --git a/src/charon/plugins/medsrv/medsrv_creds.c b/src/charon/plugins/medsrv/medsrv_creds.c
index decd38122..b88ff22c1 100644
--- a/src/charon/plugins/medsrv/medsrv_creds.c
+++ b/src/charon/plugins/medsrv/medsrv_creds.c
@@ -67,7 +67,7 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
while (this->inner->enumerate(this->inner, &chunk))
{
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_BLOB_ASN1_DER, chunk_clone(chunk),
+ BUILD_BLOB_ASN1_DER, chunk,
BUILD_END);
if (public)
{
@@ -76,14 +76,17 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
trusted = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
BUILD_PUBLIC_KEY, public, BUILD_END);
+ public->destroy(public);
if (trusted)
{
*cert = this->current = trusted;
return TRUE;
}
- continue;
}
- public->destroy(public);
+ else
+ {
+ public->destroy(public);
+ }
}
}
this->current = NULL;
diff --git a/src/charon/plugins/sql/sql_cred.c b/src/charon/plugins/sql/sql_cred.c
index 9d91973c2..7313b7eb8 100644
--- a/src/charon/plugins/sql/sql_cred.c
+++ b/src/charon/plugins/sql/sql_cred.c
@@ -64,7 +64,7 @@ static bool private_enumerator_enumerate(private_enumerator_t *this,
while (this->inner->enumerate(this->inner, &type, &blob))
{
this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_BLOB_ASN1_DER, chunk_clone(blob),
+ BUILD_BLOB_ASN1_DER, blob,
BUILD_END);
if (this->current)
{
@@ -150,7 +150,7 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
while (this->inner->enumerate(this->inner, &type, &blob))
{
this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
- BUILD_BLOB_ASN1_DER, chunk_clone(blob),
+ BUILD_BLOB_ASN1_DER, blob,
BUILD_END);
if (this->current)
{
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index ad93576be..c699a083e 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -783,6 +783,7 @@ static void load_secrets(private_stroke_cred_t *this)
{
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
+ free(chunk.ptr);
if (key)
{
DBG1(DBG_CFG, " loaded private key file '%s'", path);
diff --git a/src/charon/plugins/unit_tester/Makefile.am b/src/charon/plugins/unit_tester/Makefile.am
index ff3d77062..238e5a1dc 100644
--- a/src/charon/plugins/unit_tester/Makefile.am
+++ b/src/charon/plugins/unit_tester/Makefile.am
@@ -17,6 +17,8 @@ libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
tests/test_med_db.c \
tests/test_aes.c \
tests/test_chunk.c \
- tests/test_pool.c
+ tests/test_pool.c \
+ tests/test_agent.c
+
libstrongswan_unit_tester_la_LDFLAGS = -module
diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h
index e36000bd2..f15d4af69 100644
--- a/src/charon/plugins/unit_tester/tests.h
+++ b/src/charon/plugins/unit_tester/tests.h
@@ -37,4 +37,5 @@ DEFINE_TEST("Mediation database key fetch", test_med_db, FALSE)
DEFINE_TEST("AES-128 encryption", test_aes128, FALSE)
DEFINE_TEST("AES-XCBC", test_aes_xcbc, FALSE)
DEFINE_TEST("Base64 converter", test_chunk_base64, FALSE)
-DEFINE_TEST("IP pool", test_pool, TRUE)
+DEFINE_TEST("IP pool", test_pool, FALSE)
+DEFINE_TEST("SSH agent", test_agent, TRUE)
diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/charon/plugins/unit_tester/tests/test_agent.c
new file mode 100644
index 000000000..fd76b9cf5
--- /dev/null
+++ b/src/charon/plugins/unit_tester/tests/test_agent.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+#include <daemon.h>
+
+/*******************************************************************************
+ * SSH agent signature creation and verification
+ ******************************************************************************/
+bool test_agent()
+{
+ char *path, buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08};
+ chunk_t sig, data = chunk_from_buf(buf);
+ private_key_t *private;
+ public_key_t *public;
+
+ path = getenv("SSH_AUTH_SOCK");
+ if (!path)
+ {
+ DBG1(DBG_CFG, "ssh-agent not found.");
+ return FALSE;
+ }
+
+ private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ BUILD_AGENT_SOCKET, path, BUILD_END);
+ if (!private)
+ {
+ return FALSE;
+ }
+ if (!private->sign(private, SIGN_RSA_EMSA_PKCS1_SHA1, data, &sig))
+ {
+ return FALSE;
+ }
+ public = private->get_public_key(private);
+ if (!public)
+ {
+ return FALSE;;
+ }
+ if (!public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, data, sig))
+ {
+ return FALSE;
+ }
+ free(sig.ptr);
+ buf[1] = 0x01; /* fake it */
+ if (public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, data, sig))
+ {
+ return FALSE;
+ }
+
+ private->destroy(private);
+ public->destroy(public);
+
+ return TRUE;
+}
+
diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/charon/plugins/unit_tester/tests/test_auth_info.c
index 2640c951c..1719190b1 100644
--- a/src/charon/plugins/unit_tester/tests/test_auth_info.c
+++ b/src/charon/plugins/unit_tester/tests/test_auth_info.c
@@ -85,7 +85,7 @@ bool test_auth_info()
auth_item_t type;
c1 = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_BLOB_ASN1_DER, chunk_clone(certchunk),
+ BUILD_BLOB_ASN1_DER, certchunk,
BUILD_END);
if (!c1)
{
diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c
index 783a4c913..f13bb5bbf 100644
--- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c
+++ b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c
@@ -97,7 +97,7 @@ bool test_rsa_load_any()
public_key_t *public;
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_BLOB_ASN1_DER, chunk_clone(chunk),
+ BUILD_BLOB_ASN1_DER, chunk,
BUILD_END);
if (!public || public->get_keysize(public) != 256)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 16:15:40 +0000