int main() { int pass; srandom(ssh_time()); ssh_event_loop_initialize(); random_state = ssh_random_allocate(); create_server_keys(&hostkey, &serverkey, &hostkey_blob, &hostkey_blob_len); pingpong_success = FALSE; for (pass = 0; pass < 10; pass++) { #ifdef DEBUG ssh_debug("========== iteration %d ==========", pass); #endif disconnect_test(); simple_password_test(NULL); } if (!pingpong_success) ssh_fatal("main: no successful pingpong"); pingpong_success = FALSE; for (pass = 0; pass < 100; pass++) { #ifdef DEBUG ssh_debug("========== iteration dual-%d ==========", pass); #endif disconnect_test(); simple_password_test(dual_policy); } if (!pingpong_success) ssh_fatal("main: no successful pingpong"); ssh_private_key_free(hostkey); ssh_private_key_free(serverkey); ssh_xfree(hostkey_blob); ssh_random_free(random_state); ssh_event_loop_uninitialize(); return 0; }
void listener_callback(SshIpError status, SshStream stream, void *context) { SshPrivateKey private_host_key, private_server_key; unsigned char *blob; unsigned int blob_len = 0; Handler c; TestCase *testcase = context; SshTransportParams params; if (status != SSH_IP_NEW_CONNECTION) ssh_fatal("listener_callback: status %d", status); #ifdef DEBUG ssh_debug("listener: new connection"); #endif create_server_keys(&private_host_key, &private_server_key, &blob, &blob_len); params = ssh_transport_create_params(); update_algs(params, testcase->s_to_c_algs); c = ssh_xcalloc(sizeof(*c), 1); c->stream = ssh_transport_server_wrap(stream, random_state, SSH_VERSION, params, private_host_key, private_server_key, blob, blob_len, NULL, NULL); ssh_private_key_free(private_host_key); ssh_private_key_free(private_server_key); ssh_xfree(blob); c->script = testcase->server_script; c->side = "server"; c->name = testcase->name; ssh_stream_set_callback(c->stream, handler_callback, (void *)c); server_handler = c; ssh_tcp_destroy_listener(listener); }
void ssh_eap_uninit_token(SshEapToken t) { switch (t->type) { case SSH_EAP_TOKEN_USERNAME: case SSH_EAP_TOKEN_SHARED_SECRET: case SSH_EAP_TOKEN_SALT: #ifdef SSHDIST_EAP_SIM case SSH_EAP_TOKEN_SIM_CHALLENGE: #endif /* SSHDIST_EAP_SIM */ #ifdef SSHDIST_EAP_AKA case SSH_EAP_TOKEN_AKA_CHALLENGE: case SSH_EAP_TOKEN_AKA_SYNCH_REQ: #endif /* SSHDIST_EAP_AKA */ ssh_free(t->token.buffer.dptr); t->token.buffer.dptr = NULL; t->token.buffer.len = 0; break; #ifdef SSHDIST_EAP_AKA case SSH_EAP_TOKEN_AKA_AUTH_REJECT: #endif /* SSHDIST_EAP_AKA */ break; #ifdef SSHDIST_EAP_AKA_DASH case SSH_EAP_TOKEN_AKA_DASH_KDF_INPUT: break; #endif /* SSHDIST_EAP_AKA_DASH */ case SSH_EAP_TOKEN_PRIVATE_KEY: ssh_private_key_free(t->token.prvkey.private_key); ssh_free(t->token.prvkey.id_data); break; case SSH_EAP_TOKEN_CERTIFICATE_AUTHORITY: ssh_free(t->token.cas); break; case SSH_EAP_TOKEN_NONE: break; default: SSH_NOTREACHED; } t->type = SSH_EAP_TOKEN_NONE; }
/* Frees client configuration data. */ void ssh_config_free(SshConfig config) { int i; /* free all allocated memory */ ssh_xfree(config->random_seed_file); ssh_xfree(config->pgp_public_key_file); ssh_xfree(config->pgp_secret_key_file); ssh_xfree(config->port); ssh_xfree(config->ciphers); ssh_xfree(config->identity_file); ssh_xfree(config->authorization_file); ssh_xfree(config->escape_char); ssh_xfree(config->listen_address); ssh_xfree(config->host_key_file); ssh_xfree(config->password_prompt); ssh_xfree(config->public_host_key_file); ssh_xfree(config->host_to_connect); ssh_xfree(config->login_as_user); ssh_xfree(config->local_forwards); ssh_xfree(config->remote_forwards); ssh_config_free_list(config->allowed_hosts); ssh_config_free_list(config->denied_hosts); ssh_config_free_list(config->allowed_shosts); ssh_config_free_list(config->denied_shosts); ssh_xfree(config->forced_command); /* Free subsystem-strings */ if (config->no_subsystems > 0 && config->subsystems != NULL) for (i = 0; i < config->no_subsystems; i++) ssh_xfree(config->subsystems[i]); ssh_xfree(config->subsystems); /* free the host key */ if (config->client == FALSE) { if (config->private_host_key != NULL) ssh_private_key_free(config->private_host_key); ssh_xfree(config->public_host_key_blob); } ssh_xfree(config->signer_path); memset(config, 0, sizeof(*config)); ssh_xfree(config); }
void ssh_sign_cb(SshCryptoStatus status, const unsigned char *signature_buffer, size_t signature_buffer_len, void *context) { SshPrivateKey key = (SshPrivateKey)context; if (status == SSH_CRYPTO_OK) { /* OK, the signature was computed succesfully and the signature is in the signature_buffer and its length is in signature_buffer_len. */ printf("The test data was signed OK. \n"); } else { /* There was some error in generating the signature. */ printf("There were an error generating the signature.\n"); } /* Test if we can quit the test. */ ssh_private_key_free(key); ssh_end_test(); }
void ikev2_fallback_negotiation_free(SshIkev2Fb fb, SshIkev2FbNegotiation neg) { SSH_ASSERT(neg->ref_count > 0); neg->ref_count--; if (neg->ref_count > 0) { SSH_DEBUG(SSH_D_NICETOKNOW, ("Fallback negotiation %p has still %d references", neg, neg->ref_count)); return; } SSH_DEBUG(SSH_D_NICETOKNOW, ("Freeing fallback negotiation %p", neg)); if (neg->aggr_mode_responder) fb->num_aggr_mode_responder_active--; if (neg->ed) ikev2_free_exchange_data(neg->ike_sa, neg->ed); if (neg->ike_sa) ssh_ikev2_ike_sa_free(neg->ike_sa); #ifdef SSHDIST_IKE_CERT_AUTH if (neg->private_key) ssh_private_key_free(neg->private_key); if (neg->public_key) ssh_public_key_free(neg->public_key); if (neg->cert_encodings) ssh_free(neg->cert_encodings); if (neg->cert_lengths) ssh_free(neg->cert_lengths); if (neg->certs) { int i; for (i = 0; i < neg->number_of_certificates; i++) ssh_free(neg->certs[i]); ssh_free(neg->certs); } #endif /* SSHDIST_IKE_CERT_AUTH */ #ifdef SSHDIST_IKE_XAUTH if (neg->attrs) ikev2_fb_xauth_free_attributes(neg->attrs); if (neg->v1_attrs) ikev2_fb_xauth_free_v1_attributes(neg->v1_attrs); #endif /* SSHDIST_IKE_XAUTH */ if (neg->transform_index) ssh_free(neg->transform_index); if (neg->selected) ikev2_fb_free_sa_indexes(neg->selected, 1); if (neg->psk) ssh_free(neg->psk); if (neg->sav2) ssh_ikev2_sa_free(neg->server->sad_handle, neg->sav2); if (neg->ikev1_id) ssh_ike_id_free(neg->ikev1_id); #ifdef DEBUG_LIGHT memset(neg, 'F', sizeof(*neg)); #endif /* DEBUG_LIGHT */ neg->next = fb->negotiation_freelist; fb->negotiation_freelist = neg; return; }
SshEapToken ssh_eap_dup_token(SshEapToken src) { SshEapToken dst; dst = ssh_calloc(1, sizeof(*dst)); if (dst == NULL) return NULL; dst->type = src->type; switch (src->type) { case SSH_EAP_TOKEN_PRIVATE_KEY: if (src->token.prvkey.private_key != NULL) { if (ssh_private_key_copy(src->token.prvkey.private_key, &dst->token.prvkey.private_key) != SSH_CRYPTO_OK) { ssh_free(dst); return NULL; } if (src->token.prvkey.id_data != NULL) { dst->token.prvkey.id_data = ssh_memdup(src->token.prvkey.id_data, src->token.prvkey.id_data_size); if (dst->token.prvkey.id_data == NULL) { ssh_private_key_free(dst->token.prvkey.private_key); ssh_free(dst); return NULL; } dst->token.prvkey.id_data_size = src->token.prvkey.id_data_size; } } break; case SSH_EAP_TOKEN_CERTIFICATE_AUTHORITY: { int cnt; int i; /* Count the ca count. */ for (cnt = 0; src->token.cas && src->token.cas[cnt]; cnt++) ; if (cnt == 0) { SSH_DEBUG(SSH_D_ERROR, ("Cannot duplicate token, no" " CA's to duplicate.")); ssh_free(dst); return NULL; } dst->token.cas = ssh_calloc(cnt + 1, sizeof(unsigned char *)); if (dst->token.cas == NULL) { ssh_free(dst); return NULL; } for (i = 0; i < cnt; i++) dst->token.cas[i] = src->token.cas[i]; break; } #ifdef SSHDIST_EAP_SIM case SSH_EAP_TOKEN_SIM_CHALLENGE: #endif /* SSHDIST_EAP_SIM */ #ifdef SSHDIST_EAP_AKA case SSH_EAP_TOKEN_AKA_CHALLENGE: case SSH_EAP_TOKEN_AKA_SYNCH_REQ: #endif /* SSHDIST_EAP_AKA */ case SSH_EAP_TOKEN_USERNAME: case SSH_EAP_TOKEN_SHARED_SECRET: case SSH_EAP_TOKEN_SALT: if (src->token.buffer.dptr != NULL) { dst->token.buffer.dptr = ssh_malloc(src->token.buffer.len); if (dst->token.buffer.dptr == NULL) { ssh_free(dst); return NULL; } dst->token.buffer.len = src->token.buffer.len; memcpy(dst->token.buffer.dptr, src->token.buffer.dptr, src->token.buffer.len); } else { dst->token.buffer.dptr = NULL; dst->token.buffer.len = 0; } break; case SSH_EAP_TOKEN_COUNTER32: dst->token.counter32 = src->token.counter32; break; #ifdef SSHDIST_EAP_AKA_DASH case SSH_EAP_TOKEN_AKA_DASH_KDF_INPUT: dst->token.success = src->token.success; break; #endif /* SSHDIST_EAP_AKA_DASH */ #ifdef SSHDIST_EAP_AKA case SSH_EAP_TOKEN_AKA_AUTH_REJECT: #endif /* SSHDIST_EAP_AKA */ case SSH_EAP_TOKEN_NONE: break; default: SSH_NOTREACHED; } SSH_DEBUG(SSH_D_MY, ("duplicated token at %p", dst)); return dst; }
void add_file(SshAgent agent, const char *filename) { SshPrivateKey key = NULL; char *saved_comment, *comment = NULL, *pass; int query_cnt; unsigned char *certs = NULL; size_t certs_len; char privname[500], pubname[500]; unsigned long magic; struct stat st; if (action == ADD_URL) { printf("Adding URL identity: %s\n", filename); snprintf(privname, sizeof(privname), "%s", filename); if (have_attrs) ssh_agent_add_with_attrs(agent, NULL, NULL, 0, privname, path_limit, path_constraint, use_limit, forbid_compat, key_timeout, agent_completion, (void *)agent); else ssh_agent_add(agent, NULL, NULL, 0, privname, agent_completion, (void *)agent); return; } else if (action == DELETE_URL) { printf("Deleting URL identity: %s\n", filename); snprintf(privname, sizeof(privname), "%s", filename); ssh_agent_delete(agent, NULL, 0, privname, agent_completion, (void *)agent); return; } #ifdef WITH_PGP if (pgp_mode == PGP_KEY_NONE) #endif /* WITH_PGP */ { /* Construct the names of the public and private key files. */ if (strlen(filename) > 4 && strcmp(filename + strlen(filename) - 4, ".pub") == 0) { snprintf(pubname, sizeof(pubname), "%s", filename); snprintf(privname, sizeof(privname), "%s", filename); privname[strlen(privname) - 4] = '\0'; } else { snprintf(pubname, sizeof(pubname), "%s.pub", filename); snprintf(privname, sizeof(privname), "%s", filename); } if (action == ADD) printf("Adding identity: %s\n", pubname); else if (action == DELETE) printf("Deleting identity: %s\n", pubname); if (stat(pubname, &st) < 0) { printf("Public key file %s does not exist.\n", pubname); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } if (stat(privname, &st) < 0) { printf("Private key file %s does not exist.\n", privname); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } /* Read the public key blob. */ magic = ssh2_key_blob_read(user, pubname, TRUE, &saved_comment, &certs, &certs_len, NULL); if (magic != SSH_KEY_MAGIC_PUBLIC) { printf("Bad public key file %s\n", pubname); ssh_xfree(certs); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } if (action == ADD) { /* Loop until we manage to load the file, or a maximum number of attempts have been made. First try with an empty passphrase. */ pass = ssh_xstrdup(""); query_cnt = 0; while ((key = ssh_privkey_read(user, privname, pass, &comment, NULL)) == NULL) { char buf[1024]; FILE *f; /* Free the old passphrase. */ memset(pass, 0, strlen(pass)); ssh_xfree(pass); query_cnt++; if (query_cnt > 5) { fprintf(stderr, "You don't seem to know the correct passphrase.\n"); exit(EXIT_STATUS_BADPASS); } /* Ask for a passphrase. */ if (!use_stdin && getenv("DISPLAY") && !isatty(fileno(stdin))) { snprintf(buf, sizeof(buf), "ssh-askpass2 '%sEnter passphrase for %.100s'", ((query_cnt <= 1) ? "" : "You entered wrong passphrase. "), saved_comment); f = popen(buf, "r"); if (!fgets(buf, sizeof(buf), f)) { pclose(f); ssh_xfree(saved_comment); exit(EXIT_STATUS_BADPASS); } pclose(f); if (strchr(buf, '\n')) *strchr(buf, '\n') = 0; pass = ssh_xstrdup(buf); } else { if (query_cnt <= 1) { if ((strcmp(privname, saved_comment) == 0) || (((strlen(privname) + 4) == strlen(saved_comment)) && (strncmp(privname, saved_comment, strlen(privname)) == 0))) { printf("Need passphrase for %s.\n", privname); } else { printf("Need passphrase for %s (%s).\n", privname, saved_comment); } } else { printf("Bad passphrase.\n"); } pass = ssh_read_passphrase("Enter passphrase: ", use_stdin); if (pass == NULL || strcmp(pass, "") == 0) { ssh_xfree(saved_comment); ssh_xfree(pass); exit(EXIT_STATUS_BADPASS); } } } memset(pass, 0, strlen(pass)); ssh_xfree(pass); ssh_xfree(saved_comment); /* Construct a comment for the key by combining file name and comment in the file. */ if ((saved_comment = strrchr(privname, '/')) != NULL) saved_comment++; else saved_comment = privname; saved_comment = ssh_string_concat_3(saved_comment, ": ", comment); } else { /* Construct a comment for the key by combining file name and comment in the file. */ if ((saved_comment = strrchr(privname, '/')) != NULL) saved_comment++; else saved_comment = privname; if (comment) saved_comment = ssh_string_concat_3(saved_comment, ": ", comment); else saved_comment = ssh_xstrdup(saved_comment); } if (action == ADD) { /* Send the key to the authentication agent. */ if (have_attrs) ssh_agent_add_with_attrs(agent, key, certs, certs_len, saved_comment, path_limit, path_constraint, use_limit, forbid_compat, key_timeout, agent_completion, (void *)agent); else ssh_agent_add(agent, key, certs, certs_len, saved_comment, agent_completion, (void *)agent); ssh_private_key_free(key); } else if (action == DELETE) { ssh_agent_delete(agent, certs, certs_len, saved_comment, agent_completion, (void *)agent); } ssh_xfree(saved_comment); } #ifdef WITH_PGP else { unsigned char *blob, *public_blob; size_t blob_len, public_blob_len; Boolean found = FALSE; unsigned long id; char *endptr; SshPgpSecretKey pgp_key; SshPrivateKey key; char buf[1024]; FILE *f; comment = NULL; switch (pgp_mode) { case PGP_KEY_NAME: found = ssh2_find_pgp_secret_key_with_name(user, pgp_keyring, filename, &blob, &blob_len, &comment); break; case PGP_KEY_FINGERPRINT: found = ssh2_find_pgp_secret_key_with_fingerprint(user, pgp_keyring, filename, &blob, &blob_len, &comment); break; case PGP_KEY_ID: id = strtoul(filename, &endptr, 0); if ((*filename != '\0') && (*endptr == '\0')) { found = ssh2_find_pgp_secret_key_with_id(user, pgp_keyring, id, &blob, &blob_len, &comment); } else { fprintf(stderr, "%s: invalid pgp key id \"%s\".\n", av0, filename); found = FALSE; } break; default: ssh_fatal("internal error"); } if (! found) { fprintf(stderr, "%s: pgp key \"%s\" not found.\n", av0, filename); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } if (ssh_pgp_secret_key_decode(blob, blob_len, &pgp_key) == 0) { fprintf(stderr, "%s: unable to decode pgp key \"%s\".\n", av0, filename); memset(blob, 'F', blob_len); ssh_xfree(blob); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } if ((public_blob_len = ssh_encode_pubkeyblob(pgp_key->public_key->key, &public_blob)) == 0) { fprintf(stderr, "%s: unable to encode pgp key \"%s\".\n", av0, filename); ssh_pgp_secret_key_free(pgp_key); memset(blob, 'F', blob_len); ssh_xfree(blob); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } if (action == ADD) { query_cnt = 0; while ((pgp_key->key == NULL) && (pgp_key->decryption_failed == TRUE)) { query_cnt++; if (query_cnt > 5) { fprintf(stderr, "You don't seem to know the correct passphrase.\n"); exit(EXIT_STATUS_BADPASS); } /* Ask for a passphrase. */ if (!use_stdin && getenv("DISPLAY") && !isatty(fileno(stdin))) { snprintf(buf, sizeof(buf), "ssh-askpass2 '%sEnter passphrase for \"%.100s\"'", ((query_cnt <= 1) ? "" : "You entered wrong passphrase. "), comment); f = popen(buf, "r"); if (!fgets(buf, sizeof(buf), f)) { pclose(f); fprintf(stderr, "No passphrase.\n"); exit(EXIT_STATUS_BADPASS); } pclose(f); if (strchr(buf, '\n')) *strchr(buf, '\n') = 0; pass = ssh_xstrdup(buf); } else { if (query_cnt <= 1) printf("Need passphrase for \"%s\".\n", comment); else printf("Bad passphrase.\n"); pass = ssh_read_passphrase("Enter passphrase: ", use_stdin); if (pass == NULL || strcmp(pass, "") == 0) { ssh_xfree(pass); fprintf(stderr, "No passphrase.\n"); exit(EXIT_STATUS_BADPASS); } } ssh_pgp_secret_key_free(pgp_key); if (ssh_pgp_secret_key_decode_with_passphrase(blob, blob_len, pass, &pgp_key) == 0) { memset(pass, 0, strlen(pass)); ssh_xfree(pass); fprintf(stderr, "%s: unable to decode pgp key \"%s\".\n", av0, filename); memset(blob, 'F', blob_len); ssh_xfree(blob); ssh_xfree(public_blob); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } memset(pass, 0, strlen(pass)); ssh_xfree(pass); } if (pgp_key->key == NULL) { fprintf(stderr, "%s: unable to decode pgp key \"%s\".\n", av0, filename); ssh_xfree(public_blob); ssh_pgp_secret_key_free(pgp_key); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } memset(blob, 'F', blob_len); ssh_xfree(blob); if (ssh_private_key_copy(pgp_key->key, &key) != SSH_CRYPTO_OK) { fprintf(stderr, "%s: unable to export pgp key \"%s\".\n", av0, filename); ssh_pgp_secret_key_free(pgp_key); (*agent_completion)(SSH_AGENT_ERROR_OK, (void *)agent); return; } ssh_pgp_secret_key_free(pgp_key); if (have_attrs) ssh_agent_add_with_attrs(agent, key, public_blob, public_blob_len, comment, path_limit, path_constraint, use_limit, forbid_compat, key_timeout, agent_completion, (void *)agent); else ssh_agent_add(agent, key, public_blob, public_blob_len, comment, agent_completion, (void *)agent); ssh_xfree(comment); ssh_xfree(public_blob); ssh_private_key_free(key); return; } else if (action == DELETE) { ssh_agent_delete(agent, public_blob, public_blob_len, filename, agent_completion, (void *)agent); ssh_pgp_secret_key_free(pgp_key); memset(blob, 'F', blob_len); ssh_xfree(blob); ssh_xfree(public_blob); return; } } #endif /* WITH_PGP */ }
int main(int argc, char **argv) { SshExternalKeyTestCtx test_ctx; int i; SshPrivateKey prv_key; SshPublicKey pub_key; SshMPInteger n; parse_arguments(argc, argv); ssh_pk_provider_register(&ssh_pk_if_modn_generator); /* Initialize the event loop and the test context. */ ssh_event_loop_initialize(); ssh_debug_set_level_string(debug_level_string); ssh_global_init(); /* Initialize the crypto library. */ if (ssh_crypto_library_initialize() != SSH_CRYPTO_OK) ssh_fatal("Cannot initialize the crypto library"); test_ctx = ssh_xcalloc(1, sizeof(*test_ctx)); test_ctx->accelerated_encrypts_left = default_accelerated_encrypts; test_ctx->timer = ssh_time_measure_allocate(); SSH_DEBUG(3, ("Reading the test key. Please wait....")); prv_key = get_prv_key("accelerator-test.prv"); if (ssh_private_key_select_scheme(prv_key, SSH_PKF_ENCRYPT, "rsa-none-none", SSH_PKF_END) != SSH_CRYPTO_OK) ssh_fatal("Could not select the scheme for private key"); if (ssh_private_key_derive_public_key(prv_key, &pub_key) != SSH_CRYPTO_OK) { ssh_fatal("Can not derive a public key from a " "stored private key"); } if (ssh_public_key_select_scheme(pub_key, SSH_PKF_ENCRYPT, "rsa-none-none", SSH_PKF_END) != SSH_CRYPTO_OK) ssh_fatal("Could not select the scheme for public key"); n = ssh_mprz_malloc(); /* Get information about the RSA key. E and N are needed for nFast. */ if (ssh_public_key_get_info(pub_key, SSH_PKF_MODULO_N, n, SSH_PKF_END) != SSH_CRYPTO_OK) { return FALSE; } #if 0 n_bytes = (ssh_mprz_get_size(n, 2) + 7) / 8; if (n_bytes == 0 || (n_bytes & 3) != 0) n_bytes += (4 - (n_bytes & 3)); test_ctx->big_buf = ssh_xmalloc(n_bytes); test_ctx->big_buf_len = n_bytes; ssh_mprz_get_buf(test_ctx->big_buf, test_ctx->big_buf_len, n); ssh_mprz_free(n); test_ctx->big_buf_len = 128; test_ctx->big_buf[0] = 1; #else #if 0 n_bytes = ssh_mprz_get_size(n, 8); test_ctx->big_buf = ssh_xmalloc(n_bytes); test_ctx->big_buf_len = n_bytes; ssh_mprz_init(&r); ssh_mprz_rand(&r, n_bytes * 8); ssh_mprz_mod(&r, &r, n); ssh_mprz_get_buf(test_ctx->big_buf, test_ctx->big_buf_len, &r); ssh_mprz_free(n); ssh_mprz_clear(&r); #else test_ctx->big_buf = ssh_xmalloc(129); test_ctx->big_buf_len = 129; memcpy(test_ctx->big_buf, "\x00\x50\xe7\x85\x86\x40\xf8\x9b" "\xb8\xeb\x19\x64\xd8\x51\x33\xd7" "\x4f\xac\x32\x5d\x03\x66\x3d\x0c" "\xbe\xfd\x40\x29\x82\xb7\x61\x09" "\x15\x37\x4f\xe1\xd0\x57\xb0\x6d" "\x16\x49\x73\x25\x20\x3d\xa8\xfa" "\xf6\xb4\x72\xec\x75\xc8\x42\xc7" "\x99\x64\x63\x23\x29\xe0\x65\xa1" "\x2a\xc2\xb7\xf1\x5b\xb4\x9b\x30" "\xdb\xc7\x22\xb9\xf9\xde\xb5\x09" "\xb5\xe0\x0a\xca\xc5\xf9\xaf\x8f" "\x54\xf2\x9a\x06\x2b\xc1\xc2\x65" "\x87\xb3\xd5\xec\xd3\x8a\x2f\xa7" "\x5f\x69\x34\xe7\x7f\xeb\xaf\x56" "\x3c\x3d\x71\x3f\x73\xba\x8b\xa7" "\xd3\xe5\x6d\x98\xc8\x01\x6b\x18" "\x14", 129); #endif #endif test_ctx->pub_key = pub_key; test_ctx->prv_key = prv_key; test_ek_add(test_ctx); #ifndef WIN32 ssh_register_signal(SIGUSR1, test_signal_handler, test_ctx); #endif ssh_event_loop_run(); /* Uninitialize. */ for (i = 0; i < test_ctx->num_prv_keys; i++) ssh_private_key_free(test_ctx->prv_keys[i]); for (i = 0; i < test_ctx->num_pub_keys; i++) ssh_public_key_free(test_ctx->pub_keys[i]); ssh_xfree(test_ctx->prv_keys); ssh_xfree(test_ctx->pub_keys); ssh_xfree(test_ctx); return 0; }
void ikev2_fb_request_certificates_cb(SshIkev2Error error_code, SshPrivateKey private_key_out, int number_of_certificates, SshIkev2CertEncoding *cert_encs, const unsigned char **certs, size_t *cert_lengths, void *context) { SshIkev2FbNegotiation neg = (SshIkev2FbNegotiation) context; SshIkeCertificateEncodingType *ikev1_cert_encodings = NULL; SshPrivateKey private_key_copy = NULL; unsigned char **ikev1_certs = NULL; size_t *ikev1_cert_lengths = NULL; int i; SSH_IKEV2_FB_V2_COMPLETE_CALL(neg); if (error_code != SSH_IKEV2_ERROR_OK) { SSH_DEBUG(SSH_D_FAIL, ("Private key/Certificate lookup failed, " "error '%s'", ssh_ikev2_error_to_string(error_code))); goto error; } if (number_of_certificates == 0) { SSH_DEBUG(SSH_D_FAIL, ("No certificates found")); goto error; } SSH_ASSERT(private_key_out != NULL); if (ssh_private_key_copy(private_key_out, &private_key_copy) != SSH_CRYPTO_OK) { SSH_DEBUG(SSH_D_FAIL, ("Private key copy failed")); goto error; } /* Copy the returned certificates */ ikev1_cert_encodings = ssh_calloc(number_of_certificates, sizeof(SshIkeCertificateEncodingType)); ikev1_certs = ssh_calloc(number_of_certificates, sizeof(unsigned char *)); ikev1_cert_lengths = ssh_calloc(number_of_certificates, sizeof(size_t)); if (ikev1_cert_encodings == NULL || ikev1_certs == NULL || ikev1_cert_lengths == NULL) { SSH_DEBUG(SSH_D_FAIL, ("Memory allocation failure")); goto error; } for (i = 0; i < number_of_certificates; i++) { ikev1_cert_encodings[i] = ikev2_fb_v2_cert_encoding_to_v1(cert_encs[i]); ikev1_cert_lengths[i] = cert_lengths[i]; if (!(ikev1_certs[i] = ssh_memdup(certs[i], cert_lengths[i]))) { SSH_DEBUG(SSH_D_FAIL, ("Certificate copy failed")); goto error; } } /* Save the certificates and private key. */ neg->number_of_certificates = number_of_certificates; neg->cert_encodings = ikev1_cert_encodings; neg->certs = ikev1_certs; neg->cert_lengths = ikev1_cert_lengths; neg->private_key = private_key_copy; SSH_DEBUG(SSH_D_LOWOK, ("Found %d certificates", number_of_certificates)); SSH_FSM_CONTINUE_AFTER_CALLBACK(neg->sub_thread); return; error: if (private_key_copy) ssh_private_key_free(private_key_copy); if (ikev1_certs) for (i = 0; i < number_of_certificates; i++) ssh_free(ikev1_certs[i]); ssh_free(ikev1_certs); ssh_free(ikev1_cert_encodings); ssh_free(ikev1_cert_lengths); SSH_FSM_CONTINUE_AFTER_CALLBACK(neg->sub_thread); }