diff --git a/.gitignore b/.gitignore index 24bfb13..ef269e5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ /build debian/*.ex - +.gdb_history \ No newline at end of file diff --git a/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c b/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c index 9a099ea..e1371b4 100644 --- a/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c +++ b/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c @@ -7,6 +7,10 @@ #include #include "common.c" +/* A note on memory management: this code lacks calls to free() for every malloc()ed piece of memory. This is deliberate + * as these processes are short-lived and calling free() right before an exit() seems kind of moot. + */ + #define ENVVAR_SK_NAME "LIBEXIM_SECRETKEY" #define ENVVAR_PK_NAME "LIBEXIM_PUBLICKEY" diff --git a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c index 28d17e5..b128110 100644 --- a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c +++ b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c @@ -7,6 +7,10 @@ #include #include "common.c" +/* A note on memory management: this code lacks calls to free() for every malloc()ed piece of memory. This is deliberate + * as these processes are short-lived and calling free() right before an exit() seems kind of moot. + */ + #define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD" void print_usage(char *progname) { diff --git a/src/test_libexim-encrypt-dlfunc.sh b/src/test_libexim-encrypt-dlfunc.sh index 1177e98..ac6878f 100755 --- a/src/test_libexim-encrypt-dlfunc.sh +++ b/src/test_libexim-encrypt-dlfunc.sh @@ -1,19 +1,17 @@ #!/bin/bash - PATH=/sbin:/usr/sbin:$PATH - # this script implements the TAP protocol (https://testanything.org) echo 1..2 -# copy to /tmp to keep call to exim under 256 chars (prevent problems on Ubuntu) +# copy to /tmp to keep commandline arguments to exim calls under 256 chars (prevent problems on Ubuntu) install -t /tmp src/libexim-encrypt-dlfunc.so LIB=/tmp/libexim-encrypt-dlfunc.so CLEARTEXT="127.88.99.23" # keep short; see above PASSWORD="$(openssl rand -base64 32)" -CIPHERTEXT=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_encrypt_password}{${PASSWORD}}{${CLEARTEXT}}}") -DECRYPTED=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_decrypt_password}{${PASSWORD}}{${CIPHERTEXT}}}") +CIPHERTEXT=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_encrypt_password}{${PASSWORD}}{${CLEARTEXT}}}") +DECRYPTED=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_decrypt_password}{${PASSWORD}}{${CIPHERTEXT}}}") if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then echo "ok 1 - secretbox test successful" @@ -21,13 +19,11 @@ else echo "not ok 1 - secretbox test unsuccessful" fi -# { 0xb6, 0x01, 0x45, 0x20, 0x9f, 0x55, 0x06, 0x74, 0x29, 0x71, 0x7b, 0x5e, 0xa9, 0x68, 0x60, 0x5e, 0x81, 0x1a, 0x54, 0x6b, 0xc9, 0x80, 0x97, 0x78, 0x41, 0xc6, 0x20, 0xae, 0x66, 0x9f, 0xd9, 0x53 }; PK="tgFFIJ9VBnQpcXteqWhgXoEaVGvJgJd4QcYgrmaf2VM=" -# { 0x95, 0x8d, 0x45, 0xef, 0x45, 0x6a, 0xc1, 0xef, 0xae, 0x0a, 0x7e, 0x1c, 0xcc, 0x67, 0x70, 0xc8, 0x67, 0x6b, 0xd1, 0x62, 0xd4, 0x59, 0xd9, 0x23, 0xfc, 0x6a, 0xb7, 0xf6, 0x6d, 0xa4, 0xdc, 0xfd }; SK="lY1F70Vqwe+uCn4czGdwyGdr0WLUWdkj/Gq39m2k3P0=" -CIPHERTEXT=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal}{${PK}}{${CLEARTEXT}}}") -DECRYPTED=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal_open}{${SK}}{${PK}}{${CIPHERTEXT}}}") +CIPHERTEXT=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal}{${PK}}{${CLEARTEXT}}}") +DECRYPTED=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal_open}{${SK}}{${PK}}{${CIPHERTEXT}}}") if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then echo "ok 2 - sealed_box test successful"