Cross Reference: /netbsd-current/crypto/external/bsd/openssl/dist/apps/srp.c

srp.c (1.1.1.7)	srp.c (1.1.1.8)
1/* apps/srp.c */
2/*	1/*
3 * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey 4 * project and contributed to the OpenSSL project 2004. 5 / 6/ ==================================================================== 7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.	2 * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
8 *	3 *
9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 *	4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html
58 */	8 */
	9
59#include <openssl/opensslconf.h>	10#include <openssl/opensslconf.h>
	11#ifdef OPENSSL_NO_SRP 12NON_EMPTY_TRANSLATION_UNIT 13#else
60	14
61#ifndef OPENSSL_NO_SRP
62# include <stdio.h> 63# include <stdlib.h> 64# include <string.h> 65# include <openssl/conf.h> 66# include <openssl/bio.h> 67# include <openssl/err.h> 68# include <openssl/txt_db.h> 69# include <openssl/buffer.h> 70# include <openssl/srp.h>	15# include <stdio.h> 16# include <stdlib.h> 17# include <string.h> 18# include <openssl/conf.h> 19# include <openssl/bio.h> 20# include <openssl/err.h> 21# include <openssl/txt_db.h> 22# include <openssl/buffer.h> 23# include <openssl/srp.h>
71
72# include "apps.h" 73	24# include "apps.h" 25
74# undef PROG 75# define PROG srp_main 76
77# define BASE_SECTION "srp" 78# define CONFIG_FILE "openssl.cnf" 79 80# define ENV_RANDFILE "RANDFILE" 81 82# define ENV_DATABASE "srpvfile" 83# define ENV_DEFAULT_SRP "default_srp" 84	26# define BASE_SECTION "srp" 27# define CONFIG_FILE "openssl.cnf" 28 29# define ENV_RANDFILE "RANDFILE" 30 31# define ENV_DATABASE "srpvfile" 32# define ENV_DEFAULT_SRP "default_srp" 33
85static char srp_usage[] = { 86 "usage: srp [args] [user] \n", 87 "\n", 88 " -verbose Talk alot while doing things\n", 89 " -config file A config file\n", 90 " -name arg The particular srp definition to use\n", 91 " -srpvfile arg The srp verifier file name\n", 92 " -add add an user and srp verifier\n", 93 " -modify modify the srp verifier of an existing user\n", 94 " -delete delete user from verifier file\n", 95 " -list list user\n", 96 " -gn arg g and N values to be used for new verifier\n", 97 " -userinfo arg additional info to be set for user\n", 98 " -passin arg input file pass phrase source\n", 99 " -passout arg output file pass phrase source\n", 100# ifndef OPENSSL_NO_ENGINE 101* " -engine e - use engine e, possibly a hardware device.\n", 102# endif 103 NULL 104}; 105 106# ifdef EFENCE 107extern int EF_PROTECT_FREE; 108extern int EF_PROTECT_BELOW; 109extern int EF_ALIGNMENT; 110# endif 111 112static CONF conf = NULL; 113static char section = NULL; 114 115# define VERBOSE if (verbose) 116# define VVERBOSE if (verbose>1) 117 118int MAIN(int, char *); 119*
120static int get_index(CA_DB db, char id, char type) 121{ 122 char *pp; 123* int i; 124 if (id == NULL) 125 return -1;	34static int get_index(CA_DB db, char id, char type) 35{ 36 char **pp; 37 int i; 38 if (id == NULL) 39 return -1;
126 if (type == DB_SRP_INDEX)	40 if (type == DB_SRP_INDEX) {
127 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 128 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 129 if (pp[DB_srptype][0] == DB_SRP_INDEX	41 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 42 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 43 if (pp[DB_srptype][0] == DB_SRP_INDEX
130 && !strcmp(id, pp[DB_srpid]))	44 && strcmp(id, pp[DB_srpid]) == 0)
131 return i;	45 return i;
132 } else	46 } 47 } else {
133 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 134 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 135 136 if (pp[DB_srptype][0] != DB_SRP_INDEX	48 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 49 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 50 51 if (pp[DB_srptype][0] != DB_SRP_INDEX
137 && !strcmp(id, pp[DB_srpid]))	52 && strcmp(id, pp[DB_srpid]) == 0)
138 return i; 139 }	53 return i; 54 }
	55 }
140 141 return -1; 142} 143	56 57 return -1; 58} 59
144static void print_entry(CA_DB db, BIO bio, int indx, int verbose, char *s)	60static void print_entry(CA_DB db, int indx, int verbose, char s)
145{ 146 if (indx >= 0 && verbose) { 147 int j; 148 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);	61{ 62 if (indx >= 0 && verbose) { 63 int j; 64 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
149 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);	65 BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
150 for (j = 0; j < DB_NUMBER; j++) { 151 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); 152 } 153 } 154} 155	66 for (j = 0; j < DB_NUMBER; j++) { 67 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); 68 } 69 } 70} 71
156static void print_index(CA_DB db, BIO bio, int indexindex, int verbose)	72static void print_index(CA_DB *db, int indexindex, int verbose)
157{	73{
158 print_entry(db, bio, indexindex, verbose, "g N entry");	74 print_entry(db, indexindex, verbose, "g N entry");
159} 160	75} 76
161static void print_user(CA_DB db, BIO bio, int userindex, int verbose)	77static void print_user(CA_DB *db, int userindex, int verbose)
162{ 163 if (verbose > 0) { 164 char *pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); 165* 166 if (pp[DB_srptype][0] != 'I') {	78{ 79 if (verbose > 0) { 80 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); 81 82 if (pp[DB_srptype][0] != 'I') {
167 print_entry(db, bio, userindex, verbose, "User entry"); 168 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,	83 print_entry(db, userindex, verbose, "User entry"); 84 print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
169 "g N entry"); 170 } 171 172 } 173} 174	85 "g N entry"); 86 } 87 88 } 89} 90
175static int update_index(CA_DB db, BIO bio, char **row)	91static int update_index(CA_DB db, char *row)
176{ 177 char *irow; 178* int i; 179	92{ 93 char **irow; 94 int i; 95
180 if ((irow = 181 (char *)OPENSSL_malloc(sizeof(char ) * (DB_NUMBER + 1))) == NULL) { 182 BIO_printf(bio_err, "Memory allocation failure\n"); 183 return 0; 184 } 185 186 for (i = 0; i < DB_NUMBER; i++) {	96 irow = app_malloc(sizeof(irow) (DB_NUMBER + 1), "row pointers"); 97 for (i = 0; i < DB_NUMBER; i++)
187 irow[i] = row[i];	98 irow[i] = row[i];
188 row[i] = NULL; 189 }
190 irow[DB_NUMBER] = NULL; 191 192 if (!TXT_DB_insert(db->db, irow)) {	99 irow[DB_NUMBER] = NULL; 100 101 if (!TXT_DB_insert(db->db, irow)) {
193 BIO_printf(bio, "failed to update srpvfile\n"); 194 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);	102 BIO_printf(bio_err, "failed to update srpvfile\n"); 103 BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
195 OPENSSL_free(irow); 196 return 0; 197 } 198 return 1; 199} 200	104 OPENSSL_free(irow); 105 return 0; 106 } 107 return 1; 108} 109
201static void lookup_fail(const char name, char tag)	110static char lookup_conf(const CONF conf, const char section, const char tag)
202{	111{
203 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);	112 char entry = NCONF_get_string(conf, section, tag); 113* if (entry == NULL) 114 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag); 115 return entry;
204} 205 206static char srp_verify_user(const char user, const char srp_verifier, 207* char srp_usersalt, const char g, const char *N,	116} 117 118static char srp_verify_user(const char user, const char srp_verifier, 119* char srp_usersalt, const char g, const char *N,
208 const char passin, BIO bio, int verbose)	120 const char *passin, int verbose)
209{	121{
210 char password[1024];	122 char password[1025];
211 PW_CB_DATA cb_tmp; 212 char verifier = NULL; 213* char *gNid = NULL;	123 PW_CB_DATA cb_tmp; 124 char verifier = NULL; 125* char *gNid = NULL;
	126 int len;
214 215 cb_tmp.prompt_info = user; 216 cb_tmp.password = passin; 217	127 128 cb_tmp.prompt_info = user; 129 cb_tmp.password = passin; 130
218 if (password_callback(password, 1024, 0, &cb_tmp) > 0) { 219 VERBOSE BIO_printf(bio, 220 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 221 user, srp_verifier, srp_usersalt, g, N); 222 BIO_printf(bio, "Pass %s\n", password);	131 len = password_callback(password, sizeof(password)-1, 0, &cb_tmp); 132 if (len > 0) { 133 password[len] = 0; 134 if (verbose) 135 BIO_printf(bio_err, 136 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 137 user, srp_verifier, srp_usersalt, g, N); 138 if (verbose > 1) 139 BIO_printf(bio_err, "Pass %s\n", password);
223	140
224 if (! 225 (gNid = 226 SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, 227 g))) { 228 BIO_printf(bio, "Internal error validating SRP verifier\n");	141 OPENSSL_assert(srp_usersalt != NULL); 142 if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, 143 &verifier, N, g)) ) { 144 BIO_printf(bio_err, "Internal error validating SRP verifier\n");
229 } else { 230 if (strcmp(verifier, srp_verifier)) 231 gNid = NULL; 232 OPENSSL_free(verifier); 233 }	145 } else { 146 if (strcmp(verifier, srp_verifier)) 147 gNid = NULL; 148 OPENSSL_free(verifier); 149 }
	150 OPENSSL_cleanse(password, len);
234 } 235 return gNid; 236} 237 238static char srp_create_user(char user, char *srp_verifier, 239* char *srp_usersalt, char g, char *N,	151 } 152 return gNid; 153} 154 155static char srp_create_user(char user, char *srp_verifier, 156* char *srp_usersalt, char g, char *N,
240 char passout, BIO bio, int verbose)	157 char *passout, int verbose)
241{	158{
242 char password[1024];	159 char password[1025];
243 PW_CB_DATA cb_tmp; 244 char gNid = NULL; 245* char *salt = NULL;	160 PW_CB_DATA cb_tmp; 161 char gNid = NULL; 162* char *salt = NULL;
	163 int len;
246 cb_tmp.prompt_info = user; 247 cb_tmp.password = passout; 248	164 cb_tmp.prompt_info = user; 165 cb_tmp.password = passout; 166
249 if (password_callback(password, 1024, 1, &cb_tmp) > 0) { 250 VERBOSE BIO_printf(bio, 251 "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 252 user, g, N); 253 if (! 254 (gNid = 255 SRP_create_verifier(user, password, &salt, srp_verifier, N, 256 g))) { 257 BIO_printf(bio, "Internal error creating SRP verifier\n"); 258 } else	167 len = password_callback(password, sizeof(password)-1, 1, &cb_tmp); 168 if (len > 0) { 169 password[len] = 0; 170 if (verbose) 171 BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 172 user, g, N); 173 if (!(gNid = SRP_create_verifier(user, password, &salt, 174 srp_verifier, N, g)) ) { 175 BIO_printf(bio_err, "Internal error creating SRP verifier\n"); 176 } else {
259 *srp_usersalt = salt;	177 *srp_usersalt = salt;
260 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", 261 gNid, salt, *srp_verifier);	178 } 179 OPENSSL_cleanse(password, len); 180 if (verbose > 1) 181 BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", 182 gNid, salt, *srp_verifier);
262 263 } 264 return gNid; 265} 266	183 184 } 185 return gNid; 186} 187
267int MAIN(int argc, char *argv) 268{ 269* int add_user = 0; 270 int list_user = 0; 271 int delete_user = 0; 272 int modify_user = 0; 273 char *user = NULL;	188typedef enum OPTION_choice { 189 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, 190 OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD, 191 OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO, 192 OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE 193} OPTION_CHOICE;
274	194
275 char passargin = NULL, passargout = NULL; 276 char passin = NULL, passout = NULL; 277 char gN = NULL; 278* int gNindex = -1; 279 char *gNrow = NULL; 280* int maxgN = -1;	195OPTIONS srp_options[] = { 196 {"help", OPT_HELP, '-', "Display this summary"}, 197 {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"}, 198 {"config", OPT_CONFIG, '<', "A config file"}, 199 {"name", OPT_NAME, 's', "The particular srp definition to use"}, 200 {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"}, 201 {"add", OPT_ADD, '-', "Add a user and srp verifier"}, 202 {"modify", OPT_MODIFY, '-', 203 "Modify the srp verifier of an existing user"}, 204 {"delete", OPT_DELETE, '-', "Delete user from verifier file"}, 205 {"list", OPT_LIST, '-', "List users"}, 206 {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"}, 207 {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"}, 208 {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, 209 {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, 210# ifndef OPENSSL_NO_ENGINE 211 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, 212# endif 213 {NULL} 214};
281	215
282 char userinfo = NULL; 283* 284 int badops = 0; 285 int ret = 1; 286 int errors = 0; 287 int verbose = 0; 288 int doupdatedb = 0; 289 char configfile = NULL; 290* char dbfile = NULL; 291* CA_DB db = NULL; 292* char *pp; 293* int i; 294 long errorline = -1; 295 char *randfile = NULL;	216int srp_main(int argc, char *argv) 217*{
296 ENGINE *e = NULL;	218 ENGINE *e = NULL;
297 char engine = NULL; 298* char tofree = NULL; 299* DB_ATTR db_attr;	219 CA_DB db = NULL; 220* CONF conf = NULL; 221* int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i; 222 int doupdatedb = 0, mode = OPT_ERR; 223 char user = NULL, passinarg = NULL, passoutarg = NULL; 224* char passin = NULL, passout = NULL, gN = NULL, userinfo = NULL; 225 char randfile = NULL, section = NULL; 226 char *gNrow = NULL, configfile = NULL; 227 char srpvfile = NULL, pp, prog; 228 OPTION_CHOICE o;
300	229
301# ifdef EFENCE 302 EF_PROTECT_FREE = 1; 303 EF_PROTECT_BELOW = 1; 304 EF_ALIGNMENT = 0; 305# endif 306 307 apps_startup(); 308 309 conf = NULL; 310 section = NULL; 311 312 if (bio_err == NULL) 313 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 314 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE \| BIO_FP_TEXT); 315 316 argc--; 317 argv++; 318 while (argc >= 1 && badops == 0) { 319 if (strcmp(*argv, "-verbose") == 0)	230 prog = opt_init(argc, argv, srp_options); 231 while ((o = opt_next()) != OPT_EOF) { 232 switch (o) { 233 case OPT_EOF: 234 case OPT_ERR: 235 opthelp: 236 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 237 goto end; 238 case OPT_HELP: 239 opt_help(srp_options); 240 ret = 0; 241 goto end; 242 case OPT_VERBOSE:
320 verbose++;	243 verbose++;
321 else if (strcmp(argv, "-config") == 0) { 322* if (--argc < 1) 323 goto bad; 324 configfile = (++argv); 325* } else if (strcmp(argv, "-name") == 0) { 326* if (--argc < 1) 327 goto bad; 328 section = (++argv); 329* } else if (strcmp(argv, "-srpvfile") == 0) { 330* if (--argc < 1) 331 goto bad; 332 dbfile = (++argv); 333* } else if (strcmp(argv, "-add") == 0) 334* add_user = 1; 335 else if (strcmp(argv, "-delete") == 0) 336* delete_user = 1; 337 else if (strcmp(argv, "-modify") == 0) 338* modify_user = 1; 339 else if (strcmp(argv, "-list") == 0) 340* list_user = 1; 341 else if (strcmp(argv, "-gn") == 0) { 342* if (--argc < 1) 343 goto bad; 344 gN = (++argv); 345* } else if (strcmp(argv, "-userinfo") == 0) { 346* if (--argc < 1) 347 goto bad; 348 userinfo = (++argv); 349* } else if (strcmp(argv, "-passin") == 0) { 350* if (--argc < 1) 351 goto bad; 352 passargin = (++argv); 353* } else if (strcmp(argv, "-passout") == 0) { 354* if (--argc < 1) 355 goto bad; 356 passargout = (++argv); 357* } 358# ifndef OPENSSL_NO_ENGINE 359 else if (strcmp(argv, "-engine") == 0) { 360* if (--argc < 1) 361 goto bad; 362 engine = (++argv); 363* } 364# endif 365 366 else if (*argv == '-') { 367* bad: 368 BIO_printf(bio_err, "unknown option %s\n", argv); 369* badops = 1;
370 break;	244 break;
371 } else	245 case OPT_CONFIG: 246 configfile = opt_arg();
372 break;	247 break;
373 374 argc--; 375 argv++;	248 case OPT_NAME: 249 section = opt_arg(); 250 break; 251 case OPT_SRPVFILE: 252 srpvfile = opt_arg(); 253 break; 254 case OPT_ADD: 255 case OPT_DELETE: 256 case OPT_MODIFY: 257 case OPT_LIST: 258 if (mode != OPT_ERR) { 259 BIO_printf(bio_err, 260 "%s: Only one of -add/-delete/-modify/-list\n", 261 prog); 262 goto opthelp; 263 } 264 mode = o; 265 break; 266 case OPT_GN: 267 gN = opt_arg(); 268 break; 269 case OPT_USERINFO: 270 userinfo = opt_arg(); 271 break; 272 case OPT_PASSIN: 273 passinarg = opt_arg(); 274 break; 275 case OPT_PASSOUT: 276 passoutarg = opt_arg(); 277 break; 278 case OPT_ENGINE: 279 e = setup_engine(opt_arg(), 0); 280 break; 281 }
376 }	282 }
	283 argc = opt_num_rest(); 284 argv = opt_rest();
377	285
378 if (dbfile && configfile) {	286 if (srpvfile && configfile) {
379 BIO_printf(bio_err,	287 BIO_printf(bio_err,
380 "-dbfile and -configfile cannot be specified together.\n"); 381 badops = 1;	288 "-srpvfile and -configfile cannot be specified together.\n"); 289 goto end;
382 }	290 }
383 if (add_user + delete_user + modify_user + list_user != 1) {	291 if (mode == OPT_ERR) {
384 BIO_printf(bio_err, 385 "Exactly one of the options -add, -delete, -modify -list must be specified.\n");	292 BIO_printf(bio_err, 293 "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
386 badops = 1;	294 goto opthelp;
387 }	295 }
388 if (delete_user + modify_user + delete_user == 1 && argc <= 0) {	296 if ((mode == OPT_DELETE \|\| mode == OPT_MODIFY \|\| mode == OPT_ADD) 297 && argc < 1) {
389 BIO_printf(bio_err, 390 "Need at least one user for options -add, -delete, -modify. \n");	298 BIO_printf(bio_err, 299 "Need at least one user for options -add, -delete, -modify. \n");
391 badops = 1;	300 goto opthelp;
392 }	301 }
393 if ((passin \|\| passout) && argc != 1) {	302 if ((passinarg \|\| passoutarg) && argc != 1) {
394 BIO_printf(bio_err, 395 "-passin, -passout arguments only valid with one user.\n");	303 BIO_printf(bio_err, 304 "-passin, -passout arguments only valid with one user.\n");
396 badops = 1;	305 goto opthelp;
397 } 398	306 } 307
399 if (badops) { 400 for (pp = srp_usage; (pp != NULL); pp++) 401* BIO_printf(bio_err, "%s", pp); 402* 403 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 404 LIST_SEPARATOR_CHAR); 405 BIO_printf(bio_err, 406 " load the file (or the files in the directory) into\n"); 407 BIO_printf(bio_err, " the random number generator\n"); 408 goto err; 409 } 410 411 ERR_load_crypto_strings(); 412 413 e = setup_engine(bio_err, engine, 0); 414 415 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {	308 if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
416 BIO_printf(bio_err, "Error getting passwords\n");	309 BIO_printf(bio_err, "Error getting passwords\n");
417 goto err;	310 goto end;
418 } 419	311 } 312
420 if (!dbfile) {	313 if (!srpvfile) { 314 if (!configfile) 315 configfile = default_config_file;
421	316
422 /****************************************************************/ 423* tofree = NULL; 424 if (configfile == NULL) 425 configfile = getenv("OPENSSL_CONF"); 426 if (configfile == NULL) 427 configfile = getenv("SSLEAY_CONF"); 428 if (configfile == NULL) { 429 const char s = X509_get_default_cert_area(); 430* size_t len;	317 if (verbose) 318 BIO_printf(bio_err, "Using configuration from %s\n", 319 configfile); 320 conf = app_load_config(configfile); 321 if (conf == NULL) 322 goto end; 323 if (configfile != default_config_file && !app_load_modules(conf)) 324 goto end;
431	325
432# ifdef OPENSSL_SYS_VMS 433 len = strlen(s) + sizeof(CONFIG_FILE); 434 tofree = OPENSSL_malloc(len); 435 if (!tofree) { 436 BIO_printf(bio_err, "Out of memory\n"); 437 goto err; 438 } 439 strcpy(tofree, s); 440# else 441 len = strlen(s) + sizeof(CONFIG_FILE) + 1; 442 tofree = OPENSSL_malloc(len); 443 if (!tofree) { 444 BIO_printf(bio_err, "Out of memory\n"); 445 goto err; 446 } 447 BUF_strlcpy(tofree, s, len); 448 BUF_strlcat(tofree, "/", len); 449# endif 450 BUF_strlcat(tofree, CONFIG_FILE, len); 451 configfile = tofree; 452 } 453 454 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", 455 configfile); 456 conf = NCONF_new(NULL); 457 if (NCONF_load(conf, configfile, &errorline) <= 0) { 458 if (errorline <= 0) 459 BIO_printf(bio_err, "error loading the config file '%s'\n", 460 configfile); 461 else 462 BIO_printf(bio_err, "error on line %ld of config file '%s'\n", 463 errorline, configfile); 464 goto err; 465 } 466 if (tofree) { 467 OPENSSL_free(tofree); 468 tofree = NULL; 469 } 470 471 if (!load_config(bio_err, conf)) 472 goto err; 473
474 /* Lets get the config section we are using / 475* if (section == NULL) {	326 /* Lets get the config section we are using / 327* if (section == NULL) {
476 VERBOSE BIO_printf(bio_err, 477 "trying to read " ENV_DEFAULT_SRP 478 " in \" BASE_SECTION \"\n");	328 if (verbose) 329 BIO_printf(bio_err, 330 "trying to read " ENV_DEFAULT_SRP 331 " in " BASE_SECTION "\n");
479	332
480 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP); 481 if (section == NULL) { 482 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP); 483 goto err; 484 }	333 section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP); 334 if (section == NULL) 335 goto end;
485 } 486	336 } 337
487 if (randfile == NULL && conf)	338 if (randfile == NULL)
488 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 489	339 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 340
490 VERBOSE BIO_printf(bio_err, 491 "trying to read " ENV_DATABASE 492 " in section \"%s\"\n", section);	341 if (verbose) 342 BIO_printf(bio_err, 343 "trying to read " ENV_DATABASE " in section \"%s\"\n", 344 section);
493	345
494 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) { 495 lookup_fail(section, ENV_DATABASE); 496 goto err; 497 } 498	346 srpvfile = lookup_conf(conf, section, ENV_DATABASE); 347 if (srpvfile == NULL) 348 goto end;
499 } 500 if (randfile == NULL) 501 ERR_clear_error(); 502 else	349 } 350 if (randfile == NULL) 351 ERR_clear_error(); 352 else
503 app_RAND_load_file(randfile, bio_err, 0);	353 app_RAND_load_file(randfile, 0);
504	354
505 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", 506 dbfile);	355 if (verbose) 356 BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", 357 srpvfile);
507	358
508 db = load_index(dbfile, &db_attr);	359 db = load_index(srpvfile, NULL);
509 if (db == NULL)	360 if (db == NULL)
510 goto err;	361 goto end;
511 512 /* Lets check some fields / 513* for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 514 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 515 516 if (pp[DB_srptype][0] == DB_SRP_INDEX) { 517 maxgN = i;	362 363 /* Lets check some fields / 364* for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 365 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 366 367 if (pp[DB_srptype][0] == DB_SRP_INDEX) { 368 maxgN = i;
518 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))	369 if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
519 gNindex = i; 520	370 gNindex = i; 371
521 print_index(db, bio_err, i, verbose > 1);	372 print_index(db, i, verbose > 1);
522 } 523 } 524	373 } 374 } 375
525 VERBOSE BIO_printf(bio_err, "Database initialised\n");	376 if (verbose) 377 BIO_printf(bio_err, "Database initialised\n");
526 527 if (gNindex >= 0) { 528 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);	378 379 if (gNindex >= 0) { 380 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
529 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");	381 print_entry(db, gNindex, verbose > 1, "Default g and N");
530 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { 531 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);	382 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { 383 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
532 goto err;	384 goto end;
533 } else {	385 } else {
534 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");	386 if (verbose) 387 BIO_printf(bio_err, "Database has no g N information.\n");
535 gNrow = NULL; 536 } 537	388 gNrow = NULL; 389 } 390
538 VVERBOSE BIO_printf(bio_err, "Starting user processing\n");	391 if (verbose > 1) 392 BIO_printf(bio_err, "Starting user processing\n");
539 540 if (argc > 0) 541 user = (argv++); 542*	393 394 if (argc > 0) 395 user = (argv++); 396*
543 while (list_user \|\| user) {	397 while (mode == OPT_LIST \|\| user) {
544 int userindex = -1;	398 int userindex = -1;
545 if (user) 546 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);	399 400 if (user != NULL && verbose > 1) 401 BIO_printf(bio_err, "Processing user \"%s\"\n", user);
547 if ((userindex = get_index(db, user, 'U')) >= 0) {	402 if ((userindex = get_index(db, user, 'U')) >= 0) {
548 print_user(db, bio_err, userindex, (verbose > 0) \|\| list_user);	403 print_user(db, userindex, (verbose > 0) \|\| mode == OPT_LIST);
549 } 550	404 } 405
551 if (list_user) {	406 if (mode == OPT_LIST) {
552 if (user == NULL) { 553 BIO_printf(bio_err, "List all users\n"); 554 555 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {	407 if (user == NULL) { 408 BIO_printf(bio_err, "List all users\n"); 409 410 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
556 print_user(db, bio_err, i, 1);	411 print_user(db, i, 1);
557 }	412 }
558 list_user = 0;
559 } else if (userindex < 0) { 560 BIO_printf(bio_err, 561 "user \"%s\" does not exist, ignored. t\n", user); 562 errors++; 563 }	413 } else if (userindex < 0) { 414 BIO_printf(bio_err, 415 "user \"%s\" does not exist, ignored. t\n", user); 416 errors++; 417 }
564 } else if (add_user) {	418 } else if (mode == OPT_ADD) {
565 if (userindex >= 0) { 566 /* reactivation of a new user / 567* char *row = 568* sk_OPENSSL_PSTRING_value(db->db->data, userindex); 569 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); 570 row[DB_srptype][0] = 'V'; 571 572 doupdatedb = 1; --- 4 unchanged lines hidden (view full) --- 577 row[DB_srpsalt] = NULL; 578 row[DB_srpinfo] = NULL; 579 if (! 580 (gNid = 581 srp_create_user(user, &(row[DB_srpverifier]), 582 &(row[DB_srpsalt]), 583 gNrow ? gNrow[DB_srpsalt] : gN, 584 gNrow ? gNrow[DB_srpverifier] : NULL,	419 if (userindex >= 0) { 420 /* reactivation of a new user / 421* char *row = 422* sk_OPENSSL_PSTRING_value(db->db->data, userindex); 423 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); 424 row[DB_srptype][0] = 'V'; 425 426 doupdatedb = 1; --- 4 unchanged lines hidden (view full) --- 431 row[DB_srpsalt] = NULL; 432 row[DB_srpinfo] = NULL; 433 if (! 434 (gNid = 435 srp_create_user(user, &(row[DB_srpverifier]), 436 &(row[DB_srpsalt]), 437 gNrow ? gNrow[DB_srpsalt] : gN, 438 gNrow ? gNrow[DB_srpverifier] : NULL,
585 passout, bio_err, verbose))) {	439 passout, verbose))) {
586 BIO_printf(bio_err, 587 "Cannot create srp verifier for user \"%s\", operation abandoned .\n", 588 user); 589 errors++;	440 BIO_printf(bio_err, 441 "Cannot create srp verifier for user \"%s\", operation abandoned .\n", 442 user); 443 errors++;
590 goto err;	444 goto end;
591 }	445 }
592 row[DB_srpid] = BUF_strdup(user); 593 row[DB_srptype] = BUF_strdup("v"); 594 row[DB_srpgN] = BUF_strdup(gNid);	446 row[DB_srpid] = OPENSSL_strdup(user); 447 row[DB_srptype] = OPENSSL_strdup("v"); 448 row[DB_srpgN] = OPENSSL_strdup(gNid);
595	449
596 if (!row[DB_srpid] \|\| !row[DB_srpgN] \|\| !row[DB_srptype] 597 \|\| !row[DB_srpverifier] \|\| !row[DB_srpsalt] \|\| (userinfo 598 && 599 (!(row 600 [DB_srpinfo] 601 = 602 BUF_strdup 603 (userinfo)))) 604 \|\| !update_index(db, bio_err, row)) { 605 if (row[DB_srpid]) 606 OPENSSL_free(row[DB_srpid]); 607 if (row[DB_srpgN]) 608 OPENSSL_free(row[DB_srpgN]); 609 if (row[DB_srpinfo]) 610 OPENSSL_free(row[DB_srpinfo]); 611 if (row[DB_srptype]) 612 OPENSSL_free(row[DB_srptype]); 613 if (row[DB_srpverifier]) 614 OPENSSL_free(row[DB_srpverifier]); 615 if (row[DB_srpsalt]) 616 OPENSSL_free(row[DB_srpsalt]); 617 goto err;	450 if ((row[DB_srpid] == NULL) 451 \|\| (row[DB_srpgN] == NULL) 452 \|\| (row[DB_srptype] == NULL) 453 \|\| (row[DB_srpverifier] == NULL) 454 \|\| (row[DB_srpsalt] == NULL) 455 \|\| (userinfo 456 && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL)) 457 \|\| !update_index(db, row)) { 458 OPENSSL_free(row[DB_srpid]); 459 OPENSSL_free(row[DB_srpgN]); 460 OPENSSL_free(row[DB_srpinfo]); 461 OPENSSL_free(row[DB_srptype]); 462 OPENSSL_free(row[DB_srpverifier]); 463 OPENSSL_free(row[DB_srpsalt]); 464 goto end;
618 } 619 doupdatedb = 1; 620 }	465 } 466 doupdatedb = 1; 467 }
621 } else if (modify_user) {	468 } else if (mode == OPT_MODIFY) {
622 if (userindex < 0) { 623 BIO_printf(bio_err, 624 "user \"%s\" does not exist, operation ignored.\n", 625 user); 626 errors++; 627 } else { 628 629 char row = --- 5 unchanged lines hidden** (view full) --- 635 user); 636 errors++; 637 } else { 638 char gNid; 639* 640 if (row[DB_srptype][0] == 'V') { 641 int user_gN; 642 char **irow = NULL;	469 if (userindex < 0) { 470 BIO_printf(bio_err, 471 "user \"%s\" does not exist, operation ignored.\n", 472 user); 473 errors++; 474 } else { 475 476 char row = --- 5 unchanged lines hidden** (view full) --- 482 user); 483 errors++; 484 } else { 485 char gNid; 486* 487 if (row[DB_srptype][0] == 'V') { 488 int user_gN; 489 char **irow = NULL;
643 VERBOSE BIO_printf(bio_err, 644 "Verifying password for user \"%s\"\n", 645 user);	490 if (verbose) 491 BIO_printf(bio_err, 492 "Verifying password for user \"%s\"\n", 493 user);
646 if ((user_gN = 647 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) 648 irow =	494 if ((user_gN = 495 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) 496 irow =
649 (char *)sk_OPENSSL_PSTRING_value(db-> 650* db->data, 651 userindex);	497 sk_OPENSSL_PSTRING_value(db->db->data, 498 userindex);
652 653 if (!srp_verify_user 654 (user, row[DB_srpverifier], row[DB_srpsalt], 655 irow ? irow[DB_srpsalt] : row[DB_srpgN], 656 irow ? irow[DB_srpverifier] : NULL, passin,	499 500 if (!srp_verify_user 501 (user, row[DB_srpverifier], row[DB_srpsalt], 502 irow ? irow[DB_srpsalt] : row[DB_srpgN], 503 irow ? irow[DB_srpverifier] : NULL, passin,
657 bio_err, verbose)) {	504 verbose)) {
658 BIO_printf(bio_err, 659 "Invalid password for user \"%s\", operation abandoned.\n", 660 user); 661 errors++;	505 BIO_printf(bio_err, 506 "Invalid password for user \"%s\", operation abandoned.\n", 507 user); 508 errors++;
662 goto err;	509 goto end;
663 } 664 }	510 } 511 }
665 VERBOSE BIO_printf(bio_err, 666 "Password for user \"%s\" ok.\n", 667 user);	512 if (verbose) 513 BIO_printf(bio_err, "Password for user \"%s\" ok.\n", 514 user);
668 669 if (! 670 (gNid = 671 srp_create_user(user, &(row[DB_srpverifier]), 672 &(row[DB_srpsalt]), 673 gNrow ? gNrow[DB_srpsalt] : NULL, 674 gNrow ? gNrow[DB_srpverifier] : NULL,	515 516 if (! 517 (gNid = 518 srp_create_user(user, &(row[DB_srpverifier]), 519 &(row[DB_srpsalt]), 520 gNrow ? gNrow[DB_srpsalt] : NULL, 521 gNrow ? gNrow[DB_srpverifier] : NULL,
675 passout, bio_err, verbose))) {	522 passout, verbose))) {
676 BIO_printf(bio_err, 677 "Cannot create srp verifier for user \"%s\", operation abandoned.\n", 678 user); 679 errors++;	523 BIO_printf(bio_err, 524 "Cannot create srp verifier for user \"%s\", operation abandoned.\n", 525 user); 526 errors++;
680 goto err;	527 goto end;
681 } 682 683 row[DB_srptype][0] = 'v';	528 } 529 530 row[DB_srptype][0] = 'v';
684 row[DB_srpgN] = BUF_strdup(gNid);	531 row[DB_srpgN] = OPENSSL_strdup(gNid);
685	532
686 if (!row[DB_srpid] \|\| !row[DB_srpgN] \|\| !row[DB_srptype] 687 \|\| !row[DB_srpverifier] \|\| !row[DB_srpsalt]	533 if (row[DB_srpid] == NULL 534 \|\| row[DB_srpgN] == NULL 535 \|\| row[DB_srptype] == NULL 536 \|\| row[DB_srpverifier] == NULL 537 \|\| row[DB_srpsalt] == NULL
688 \|\| (userinfo	538 \|\| (userinfo
689 && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) 690 goto err;	539 && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) 540 == NULL))) 541 goto end;
691 692 doupdatedb = 1; 693 } 694 }	542 543 doupdatedb = 1; 544 } 545 }
695 } else if (delete_user) {	546 } else if (mode == OPT_DELETE) {
696 if (userindex < 0) { 697 BIO_printf(bio_err, 698 "user \"%s\" does not exist, operation ignored. t\n", 699 user); 700 errors++; 701 } else {	547 if (userindex < 0) { 548 BIO_printf(bio_err, 549 "user \"%s\" does not exist, operation ignored. t\n", 550 user); 551 errors++; 552 } else {
702 char *xpp = 703* sk_OPENSSL_PSTRING_value(db->db->data, userindex); 704 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);	553 char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
705	554
	555 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
706 xpp[DB_srptype][0] = 'R';	556 xpp[DB_srptype][0] = 'R';
707
708 doupdatedb = 1; 709 } 710 }	557 doupdatedb = 1; 558 } 559 }
711 if (--argc > 0)	560 if (--argc > 0) {
712 user = *(argv++);	561 user = *(argv++);
713 else { 714 user = NULL; 715 list_user = 0;	562 } else { 563 /* no more processing in any mode if no users left / 564* break;
716 } 717 } 718	565 } 566 } 567
719 VERBOSE BIO_printf(bio_err, "User procession done.\n");	568 if (verbose) 569 BIO_printf(bio_err, "User procession done.\n");
720 721 if (doupdatedb) { 722 /* Lets check some fields / 723* for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 724 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 725 726 if (pp[DB_srptype][0] == 'v') { 727 pp[DB_srptype][0] = 'V';	570 571 if (doupdatedb) { 572 /* Lets check some fields / 573* for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 574 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 575 576 if (pp[DB_srptype][0] == 'v') { 577 pp[DB_srptype][0] = 'V';
728 print_user(db, bio_err, i, verbose);	578 print_user(db, i, verbose);
729 } 730 } 731	579 } 580 } 581
732 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n"); 733 if (!save_index(dbfile, "new", db)) 734 goto err;	582 if (verbose) 583 BIO_printf(bio_err, "Trying to update srpvfile.\n"); 584 if (!save_index(srpvfile, "new", db)) 585 goto end;
735	586
736 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n"); 737 if (!rotate_index(dbfile, "new", "old")) 738 goto err;	587 if (verbose) 588 BIO_printf(bio_err, "Temporary srpvfile created.\n"); 589 if (!rotate_index(srpvfile, "new", "old")) 590 goto end;
739	591
740 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");	592 if (verbose) 593 BIO_printf(bio_err, "srpvfile updated.\n");
741 } 742 743 ret = (errors != 0);	594 } 595 596 ret = (errors != 0);
744 err:	597 end:
745 if (errors != 0)	598 if (errors != 0)
746 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);	599 if (verbose) 600 BIO_printf(bio_err, "User errors %d.\n", errors);
747	601
748 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); 749 if (tofree) 750 OPENSSL_free(tofree);	602 if (verbose) 603 BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); 604 605 OPENSSL_free(passin); 606 OPENSSL_free(passout);
751 if (ret) 752 ERR_print_errors(bio_err); 753 if (randfile)	607 if (ret) 608 ERR_print_errors(bio_err); 609 if (randfile)
754 app_RAND_write_file(randfile, bio_err); 755 if (conf) 756 NCONF_free(conf); 757 if (db) 758 free_index(db); 759	610 app_RAND_write_file(randfile); 611 NCONF_free(conf); 612 free_index(db);
760 release_engine(e);	613 release_engine(e);
761 OBJ_cleanup(); 762 apps_shutdown(); 763 OPENSSL_EXIT(ret);	614 return (ret);
764}	615}
765 766#else 767static void *dummy = &dummy;
768#endif	616#endif

1/* apps/srp.c */

2/*

1/*

3 * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
4 * project and contributed to the OpenSSL project 2004.
5 */
6/* ====================================================================
7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.

8 *

3 *

9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *

4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html

58 */

8 */

9

59#include <openssl/opensslconf.h>

10#include <openssl/opensslconf.h>

11#ifdef OPENSSL_NO_SRP
12NON_EMPTY_TRANSLATION_UNIT
13#else

60

14

61#ifndef OPENSSL_NO_SRP

62# include <stdio.h>
63# include <stdlib.h>
64# include <string.h>
65# include <openssl/conf.h>
66# include <openssl/bio.h>
67# include <openssl/err.h>
68# include <openssl/txt_db.h>
69# include <openssl/buffer.h>
70# include <openssl/srp.h>

15# include <stdio.h>
16# include <stdlib.h>
17# include <string.h>
18# include <openssl/conf.h>
19# include <openssl/bio.h>
20# include <openssl/err.h>
21# include <openssl/txt_db.h>
22# include <openssl/buffer.h>
23# include <openssl/srp.h>

71

72# include "apps.h"
73

24# include "apps.h"
25

74# undef PROG
75# define PROG srp_main
76

77# define BASE_SECTION "srp"
78# define CONFIG_FILE "openssl.cnf"
79
80# define ENV_RANDFILE "RANDFILE"
81
82# define ENV_DATABASE "srpvfile"
83# define ENV_DEFAULT_SRP "default_srp"
84

26# define BASE_SECTION "srp"
27# define CONFIG_FILE "openssl.cnf"
28
29# define ENV_RANDFILE "RANDFILE"
30
31# define ENV_DATABASE "srpvfile"
32# define ENV_DEFAULT_SRP "default_srp"
33

85static char *srp_usage[] = {
86 "usage: srp [args] [user] \n",
87 "\n",
88 " -verbose Talk alot while doing things\n",
89 " -config file A config file\n",
90 " -name arg The particular srp definition to use\n",
91 " -srpvfile arg The srp verifier file name\n",
92 " -add add an user and srp verifier\n",
93 " -modify modify the srp verifier of an existing user\n",
94 " -delete delete user from verifier file\n",
95 " -list list user\n",
96 " -gn arg g and N values to be used for new verifier\n",
97 " -userinfo arg additional info to be set for user\n",
98 " -passin arg input file pass phrase source\n",
99 " -passout arg output file pass phrase source\n",
100# ifndef OPENSSL_NO_ENGINE
101 " -engine e - use engine e, possibly a hardware device.\n",
102# endif
103 NULL
104};
105
106# ifdef EFENCE
107extern int EF_PROTECT_FREE;
108extern int EF_PROTECT_BELOW;
109extern int EF_ALIGNMENT;
110# endif
111
112static CONF *conf = NULL;
113static char *section = NULL;
114
115# define VERBOSE if (verbose)
116# define VVERBOSE if (verbose>1)
117
118int MAIN(int, char **);
119

120static int get_index(CA_DB *db, char *id, char type)
121{
122 char **pp;
123 int i;
124 if (id == NULL)
125 return -1;

34static int get_index(CA_DB *db, char *id, char type)
35{
36 char **pp;
37 int i;
38 if (id == NULL)
39 return -1;

126 if (type == DB_SRP_INDEX)

40 if (type == DB_SRP_INDEX) {

127 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
128 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
129 if (pp[DB_srptype][0] == DB_SRP_INDEX

41 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
42 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
43 if (pp[DB_srptype][0] == DB_SRP_INDEX

130 && !strcmp(id, pp[DB_srpid]))

44 && strcmp(id, pp[DB_srpid]) == 0)

131 return i;

45 return i;

132 } else

46 }
47 } else {

133 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
134 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
135
136 if (pp[DB_srptype][0] != DB_SRP_INDEX

48 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
49 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
50
51 if (pp[DB_srptype][0] != DB_SRP_INDEX

137 && !strcmp(id, pp[DB_srpid]))

52 && strcmp(id, pp[DB_srpid]) == 0)

138 return i;
139 }

53 return i;
54 }

55 }

140
141 return -1;
142}
143

56
57 return -1;
58}
59

144static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)

60static void print_entry(CA_DB *db, int indx, int verbose, char *s)

145{
146 if (indx >= 0 && verbose) {
147 int j;
148 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);

61{
62 if (indx >= 0 && verbose) {
63 int j;
64 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);

149 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);

65 BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);

150 for (j = 0; j < DB_NUMBER; j++) {
151 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
152 }
153 }
154}
155

66 for (j = 0; j < DB_NUMBER; j++) {
67 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
68 }
69 }
70}
71

156static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)

72static void print_index(CA_DB *db, int indexindex, int verbose)

157{

73{

158 print_entry(db, bio, indexindex, verbose, "g N entry");

74 print_entry(db, indexindex, verbose, "g N entry");

159}
160

75}
76

161static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)

77static void print_user(CA_DB *db, int userindex, int verbose)

162{
163 if (verbose > 0) {
164 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
165
166 if (pp[DB_srptype][0] != 'I') {

78{
79 if (verbose > 0) {
80 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
81
82 if (pp[DB_srptype][0] != 'I') {

167 print_entry(db, bio, userindex, verbose, "User entry");
168 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,

83 print_entry(db, userindex, verbose, "User entry");
84 print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,

169 "g N entry");
170 }
171
172 }
173}
174

85 "g N entry");
86 }
87
88 }
89}
90

175static int update_index(CA_DB *db, BIO *bio, char **row)

91static int update_index(CA_DB *db, char **row)

176{
177 char **irow;
178 int i;
179

92{
93 char **irow;
94 int i;
95

180 if ((irow =
181 (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
182 BIO_printf(bio_err, "Memory allocation failure\n");
183 return 0;
184 }
185
186 for (i = 0; i < DB_NUMBER; i++) {

96 irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
97 for (i = 0; i < DB_NUMBER; i++)

187 irow[i] = row[i];

98 irow[i] = row[i];

188 row[i] = NULL;
189 }

190 irow[DB_NUMBER] = NULL;
191
192 if (!TXT_DB_insert(db->db, irow)) {

99 irow[DB_NUMBER] = NULL;
100
101 if (!TXT_DB_insert(db->db, irow)) {

193 BIO_printf(bio, "failed to update srpvfile\n");
194 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);

102 BIO_printf(bio_err, "failed to update srpvfile\n");
103 BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);

195 OPENSSL_free(irow);
196 return 0;
197 }
198 return 1;
199}
200

104 OPENSSL_free(irow);
105 return 0;
106 }
107 return 1;
108}
109

201static void lookup_fail(const char *name, char *tag)

110static char *lookup_conf(const CONF *conf, const char *section, const char *tag)

202{

111{

203 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);

112 char *entry = NCONF_get_string(conf, section, tag);
113 if (entry == NULL)
114 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
115 return entry;

204}
205
206static char *srp_verify_user(const char *user, const char *srp_verifier,
207 char *srp_usersalt, const char *g, const char *N,

116}
117
118static char *srp_verify_user(const char *user, const char *srp_verifier,
119 char *srp_usersalt, const char *g, const char *N,

208 const char *passin, BIO *bio, int verbose)

120 const char *passin, int verbose)

209{

121{

210 char password[1024];

122 char password[1025];

211 PW_CB_DATA cb_tmp;
212 char *verifier = NULL;
213 char *gNid = NULL;

123 PW_CB_DATA cb_tmp;
124 char *verifier = NULL;
125 char *gNid = NULL;

126 int len;

214
215 cb_tmp.prompt_info = user;
216 cb_tmp.password = passin;
217

127
128 cb_tmp.prompt_info = user;
129 cb_tmp.password = passin;
130

218 if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
219 VERBOSE BIO_printf(bio,
220 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
221 user, srp_verifier, srp_usersalt, g, N);
222 BIO_printf(bio, "Pass %s\n", password);

131 len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
132 if (len > 0) {
133 password[len] = 0;
134 if (verbose)
135 BIO_printf(bio_err,
136 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
137 user, srp_verifier, srp_usersalt, g, N);
138 if (verbose > 1)
139 BIO_printf(bio_err, "Pass %s\n", password);

223

140

224 if (!
225 (gNid =
226 SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
227 g))) {
228 BIO_printf(bio, "Internal error validating SRP verifier\n");

141 OPENSSL_assert(srp_usersalt != NULL);
142 if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
143 &verifier, N, g)) ) {
144 BIO_printf(bio_err, "Internal error validating SRP verifier\n");

229 } else {
230 if (strcmp(verifier, srp_verifier))
231 gNid = NULL;
232 OPENSSL_free(verifier);
233 }

145 } else {
146 if (strcmp(verifier, srp_verifier))
147 gNid = NULL;
148 OPENSSL_free(verifier);
149 }

150 OPENSSL_cleanse(password, len);

234 }
235 return gNid;
236}
237
238static char *srp_create_user(char *user, char **srp_verifier,
239 char **srp_usersalt, char *g, char *N,

151 }
152 return gNid;
153}
154
155static char *srp_create_user(char *user, char **srp_verifier,
156 char **srp_usersalt, char *g, char *N,

240 char *passout, BIO *bio, int verbose)

157 char *passout, int verbose)

241{

158{

242 char password[1024];

159 char password[1025];

243 PW_CB_DATA cb_tmp;
244 char *gNid = NULL;
245 char *salt = NULL;

160 PW_CB_DATA cb_tmp;
161 char *gNid = NULL;
162 char *salt = NULL;

163 int len;

246 cb_tmp.prompt_info = user;
247 cb_tmp.password = passout;
248

164 cb_tmp.prompt_info = user;
165 cb_tmp.password = passout;
166

249 if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
250 VERBOSE BIO_printf(bio,
251 "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
252 user, g, N);
253 if (!
254 (gNid =
255 SRP_create_verifier(user, password, &salt, srp_verifier, N,
256 g))) {
257 BIO_printf(bio, "Internal error creating SRP verifier\n");
258 } else

167 len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
168 if (len > 0) {
169 password[len] = 0;
170 if (verbose)
171 BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
172 user, g, N);
173 if (!(gNid = SRP_create_verifier(user, password, &salt,
174 srp_verifier, N, g)) ) {
175 BIO_printf(bio_err, "Internal error creating SRP verifier\n");
176 } else {

259 *srp_usersalt = salt;

177 *srp_usersalt = salt;

260 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
261 gNid, salt, *srp_verifier);

178 }
179 OPENSSL_cleanse(password, len);
180 if (verbose > 1)
181 BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
182 gNid, salt, *srp_verifier);

262
263 }
264 return gNid;
265}
266

183
184 }
185 return gNid;
186}
187

267int MAIN(int argc, char **argv)
268{
269 int add_user = 0;
270 int list_user = 0;
271 int delete_user = 0;
272 int modify_user = 0;
273 char *user = NULL;

188typedef enum OPTION_choice {
189 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
190 OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
191 OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
192 OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE
193} OPTION_CHOICE;

274

194

275 char *passargin = NULL, *passargout = NULL;
276 char *passin = NULL, *passout = NULL;
277 char *gN = NULL;
278 int gNindex = -1;
279 char **gNrow = NULL;
280 int maxgN = -1;

195OPTIONS srp_options[] = {
196 {"help", OPT_HELP, '-', "Display this summary"},
197 {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
198 {"config", OPT_CONFIG, '<', "A config file"},
199 {"name", OPT_NAME, 's', "The particular srp definition to use"},
200 {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
201 {"add", OPT_ADD, '-', "Add a user and srp verifier"},
202 {"modify", OPT_MODIFY, '-',
203 "Modify the srp verifier of an existing user"},
204 {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
205 {"list", OPT_LIST, '-', "List users"},
206 {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
207 {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
208 {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
209 {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
210# ifndef OPENSSL_NO_ENGINE
211 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
212# endif
213 {NULL}
214};

281

215

282 char *userinfo = NULL;
283
284 int badops = 0;
285 int ret = 1;
286 int errors = 0;
287 int verbose = 0;
288 int doupdatedb = 0;
289 char *configfile = NULL;
290 char *dbfile = NULL;
291 CA_DB *db = NULL;
292 char **pp;
293 int i;
294 long errorline = -1;
295 char *randfile = NULL;

216int srp_main(int argc, char **argv)
217{

296 ENGINE *e = NULL;

218 ENGINE *e = NULL;

297 char *engine = NULL;
298 char *tofree = NULL;
299 DB_ATTR db_attr;

219 CA_DB *db = NULL;
220 CONF *conf = NULL;
221 int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
222 int doupdatedb = 0, mode = OPT_ERR;
223 char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
224 char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
225 char *randfile = NULL, *section = NULL;
226 char **gNrow = NULL, *configfile = NULL;
227 char *srpvfile = NULL, **pp, *prog;
228 OPTION_CHOICE o;

300

229

301# ifdef EFENCE
302 EF_PROTECT_FREE = 1;
303 EF_PROTECT_BELOW = 1;
304 EF_ALIGNMENT = 0;
305# endif
306
307 apps_startup();
308
309 conf = NULL;
310 section = NULL;
311
312 if (bio_err == NULL)
313 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
314 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
315
316 argc--;
317 argv++;
318 while (argc >= 1 && badops == 0) {
319 if (strcmp(*argv, "-verbose") == 0)

230 prog = opt_init(argc, argv, srp_options);
231 while ((o = opt_next()) != OPT_EOF) {
232 switch (o) {
233 case OPT_EOF:
234 case OPT_ERR:
235 opthelp:
236 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
237 goto end;
238 case OPT_HELP:
239 opt_help(srp_options);
240 ret = 0;
241 goto end;
242 case OPT_VERBOSE:

320 verbose++;

243 verbose++;

321 else if (strcmp(*argv, "-config") == 0) {
322 if (--argc < 1)
323 goto bad;
324 configfile = *(++argv);
325 } else if (strcmp(*argv, "-name") == 0) {
326 if (--argc < 1)
327 goto bad;
328 section = *(++argv);
329 } else if (strcmp(*argv, "-srpvfile") == 0) {
330 if (--argc < 1)
331 goto bad;
332 dbfile = *(++argv);
333 } else if (strcmp(*argv, "-add") == 0)
334 add_user = 1;
335 else if (strcmp(*argv, "-delete") == 0)
336 delete_user = 1;
337 else if (strcmp(*argv, "-modify") == 0)
338 modify_user = 1;
339 else if (strcmp(*argv, "-list") == 0)
340 list_user = 1;
341 else if (strcmp(*argv, "-gn") == 0) {
342 if (--argc < 1)
343 goto bad;
344 gN = *(++argv);
345 } else if (strcmp(*argv, "-userinfo") == 0) {
346 if (--argc < 1)
347 goto bad;
348 userinfo = *(++argv);
349 } else if (strcmp(*argv, "-passin") == 0) {
350 if (--argc < 1)
351 goto bad;
352 passargin = *(++argv);
353 } else if (strcmp(*argv, "-passout") == 0) {
354 if (--argc < 1)
355 goto bad;
356 passargout = *(++argv);
357 }
358# ifndef OPENSSL_NO_ENGINE
359 else if (strcmp(*argv, "-engine") == 0) {
360 if (--argc < 1)
361 goto bad;
362 engine = *(++argv);
363 }
364# endif
365
366 else if (**argv == '-') {
367 bad:
368 BIO_printf(bio_err, "unknown option %s\n", *argv);
369 badops = 1;

370 break;

244 break;

371 } else

245 case OPT_CONFIG:
246 configfile = opt_arg();

372 break;

247 break;

373
374 argc--;
375 argv++;

248 case OPT_NAME:
249 section = opt_arg();
250 break;
251 case OPT_SRPVFILE:
252 srpvfile = opt_arg();
253 break;
254 case OPT_ADD:
255 case OPT_DELETE:
256 case OPT_MODIFY:
257 case OPT_LIST:
258 if (mode != OPT_ERR) {
259 BIO_printf(bio_err,
260 "%s: Only one of -add/-delete/-modify/-list\n",
261 prog);
262 goto opthelp;
263 }
264 mode = o;
265 break;
266 case OPT_GN:
267 gN = opt_arg();
268 break;
269 case OPT_USERINFO:
270 userinfo = opt_arg();
271 break;
272 case OPT_PASSIN:
273 passinarg = opt_arg();
274 break;
275 case OPT_PASSOUT:
276 passoutarg = opt_arg();
277 break;
278 case OPT_ENGINE:
279 e = setup_engine(opt_arg(), 0);
280 break;
281 }

376 }

282 }

283 argc = opt_num_rest();
284 argv = opt_rest();

377

285

378 if (dbfile && configfile) {

286 if (srpvfile && configfile) {

379 BIO_printf(bio_err,

287 BIO_printf(bio_err,

380 "-dbfile and -configfile cannot be specified together.\n");
381 badops = 1;

288 "-srpvfile and -configfile cannot be specified together.\n");
289 goto end;

382 }

290 }

383 if (add_user + delete_user + modify_user + list_user != 1) {

291 if (mode == OPT_ERR) {

384 BIO_printf(bio_err,
385 "Exactly one of the options -add, -delete, -modify -list must be specified.\n");

292 BIO_printf(bio_err,
293 "Exactly one of the options -add, -delete, -modify -list must be specified.\n");

386 badops = 1;

294 goto opthelp;

387 }

295 }

388 if (delete_user + modify_user + delete_user == 1 && argc <= 0) {

296 if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD)
297 && argc < 1) {

389 BIO_printf(bio_err,
390 "Need at least one user for options -add, -delete, -modify. \n");

298 BIO_printf(bio_err,
299 "Need at least one user for options -add, -delete, -modify. \n");

391 badops = 1;

300 goto opthelp;

392 }

301 }

393 if ((passin || passout) && argc != 1) {

302 if ((passinarg || passoutarg) && argc != 1) {

394 BIO_printf(bio_err,
395 "-passin, -passout arguments only valid with one user.\n");

303 BIO_printf(bio_err,
304 "-passin, -passout arguments only valid with one user.\n");

396 badops = 1;

305 goto opthelp;

397 }
398

306 }
307

399 if (badops) {
400 for (pp = srp_usage; (*pp != NULL); pp++)
401 BIO_printf(bio_err, "%s", *pp);
402
403 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
404 LIST_SEPARATOR_CHAR);
405 BIO_printf(bio_err,
406 " load the file (or the files in the directory) into\n");
407 BIO_printf(bio_err, " the random number generator\n");
408 goto err;
409 }
410
411 ERR_load_crypto_strings();
412
413 e = setup_engine(bio_err, engine, 0);
414
415 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {

308 if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {

416 BIO_printf(bio_err, "Error getting passwords\n");

309 BIO_printf(bio_err, "Error getting passwords\n");

417 goto err;

310 goto end;

418 }
419

311 }
312

420 if (!dbfile) {

313 if (!srpvfile) {
314 if (!configfile)
315 configfile = default_config_file;

421

316

422 /*****************************************************************/
423 tofree = NULL;
424 if (configfile == NULL)
425 configfile = getenv("OPENSSL_CONF");
426 if (configfile == NULL)
427 configfile = getenv("SSLEAY_CONF");
428 if (configfile == NULL) {
429 const char *s = X509_get_default_cert_area();
430 size_t len;

317 if (verbose)
318 BIO_printf(bio_err, "Using configuration from %s\n",
319 configfile);
320 conf = app_load_config(configfile);
321 if (conf == NULL)
322 goto end;
323 if (configfile != default_config_file && !app_load_modules(conf))
324 goto end;

431

325

432# ifdef OPENSSL_SYS_VMS
433 len = strlen(s) + sizeof(CONFIG_FILE);
434 tofree = OPENSSL_malloc(len);
435 if (!tofree) {
436 BIO_printf(bio_err, "Out of memory\n");
437 goto err;
438 }
439 strcpy(tofree, s);
440# else
441 len = strlen(s) + sizeof(CONFIG_FILE) + 1;
442 tofree = OPENSSL_malloc(len);
443 if (!tofree) {
444 BIO_printf(bio_err, "Out of memory\n");
445 goto err;
446 }
447 BUF_strlcpy(tofree, s, len);
448 BUF_strlcat(tofree, "/", len);
449# endif
450 BUF_strlcat(tofree, CONFIG_FILE, len);
451 configfile = tofree;
452 }
453
454 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n",
455 configfile);
456 conf = NCONF_new(NULL);
457 if (NCONF_load(conf, configfile, &errorline) <= 0) {
458 if (errorline <= 0)
459 BIO_printf(bio_err, "error loading the config file '%s'\n",
460 configfile);
461 else
462 BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
463 errorline, configfile);
464 goto err;
465 }
466 if (tofree) {
467 OPENSSL_free(tofree);
468 tofree = NULL;
469 }
470
471 if (!load_config(bio_err, conf))
472 goto err;
473

474 /* Lets get the config section we are using */
475 if (section == NULL) {

326 /* Lets get the config section we are using */
327 if (section == NULL) {

476 VERBOSE BIO_printf(bio_err,
477 "trying to read " ENV_DEFAULT_SRP
478 " in \" BASE_SECTION \"\n");

328 if (verbose)
329 BIO_printf(bio_err,
330 "trying to read " ENV_DEFAULT_SRP
331 " in " BASE_SECTION "\n");

479

332

480 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
481 if (section == NULL) {
482 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
483 goto err;
484 }

333 section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
334 if (section == NULL)
335 goto end;

485 }
486

336 }
337

487 if (randfile == NULL && conf)

338 if (randfile == NULL)

488 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
489

339 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
340

490 VERBOSE BIO_printf(bio_err,
491 "trying to read " ENV_DATABASE
492 " in section \"%s\"\n", section);

341 if (verbose)
342 BIO_printf(bio_err,
343 "trying to read " ENV_DATABASE " in section \"%s\"\n",
344 section);

493

345

494 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
495 lookup_fail(section, ENV_DATABASE);
496 goto err;
497 }
498

346 srpvfile = lookup_conf(conf, section, ENV_DATABASE);
347 if (srpvfile == NULL)
348 goto end;

499 }
500 if (randfile == NULL)
501 ERR_clear_error();
502 else

349 }
350 if (randfile == NULL)
351 ERR_clear_error();
352 else

503 app_RAND_load_file(randfile, bio_err, 0);

353 app_RAND_load_file(randfile, 0);

504

354

505 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
506 dbfile);

355 if (verbose)
356 BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
357 srpvfile);

507

358

508 db = load_index(dbfile, &db_attr);

359 db = load_index(srpvfile, NULL);

509 if (db == NULL)

360 if (db == NULL)

510 goto err;

361 goto end;

511
512 /* Lets check some fields */
513 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
514 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
515
516 if (pp[DB_srptype][0] == DB_SRP_INDEX) {
517 maxgN = i;

362
363 /* Lets check some fields */
364 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
365 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
366
367 if (pp[DB_srptype][0] == DB_SRP_INDEX) {
368 maxgN = i;

518 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))

369 if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)

519 gNindex = i;
520

370 gNindex = i;
371

521 print_index(db, bio_err, i, verbose > 1);

372 print_index(db, i, verbose > 1);

522 }
523 }
524

373 }
374 }
375

525 VERBOSE BIO_printf(bio_err, "Database initialised\n");

376 if (verbose)
377 BIO_printf(bio_err, "Database initialised\n");

526
527 if (gNindex >= 0) {
528 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);

378
379 if (gNindex >= 0) {
380 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);

529 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");

381 print_entry(db, gNindex, verbose > 1, "Default g and N");

530 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
531 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);

382 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
383 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);

532 goto err;

384 goto end;

533 } else {

385 } else {

534 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");

386 if (verbose)
387 BIO_printf(bio_err, "Database has no g N information.\n");

535 gNrow = NULL;
536 }
537

388 gNrow = NULL;
389 }
390

538 VVERBOSE BIO_printf(bio_err, "Starting user processing\n");

391 if (verbose > 1)
392 BIO_printf(bio_err, "Starting user processing\n");

539
540 if (argc > 0)
541 user = *(argv++);
542

393
394 if (argc > 0)
395 user = *(argv++);
396

543 while (list_user || user) {

397 while (mode == OPT_LIST || user) {

544 int userindex = -1;

398 int userindex = -1;

545 if (user)
546 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);

399
400 if (user != NULL && verbose > 1)
401 BIO_printf(bio_err, "Processing user \"%s\"\n", user);

547 if ((userindex = get_index(db, user, 'U')) >= 0) {

402 if ((userindex = get_index(db, user, 'U')) >= 0) {

548 print_user(db, bio_err, userindex, (verbose > 0) || list_user);

403 print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);

549 }
550

404 }
405

551 if (list_user) {

406 if (mode == OPT_LIST) {

552 if (user == NULL) {
553 BIO_printf(bio_err, "List all users\n");
554
555 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {

407 if (user == NULL) {
408 BIO_printf(bio_err, "List all users\n");
409
410 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {

556 print_user(db, bio_err, i, 1);

411 print_user(db, i, 1);

557 }

412 }

558 list_user = 0;

559 } else if (userindex < 0) {
560 BIO_printf(bio_err,
561 "user \"%s\" does not exist, ignored. t\n", user);
562 errors++;
563 }

413 } else if (userindex < 0) {
414 BIO_printf(bio_err,
415 "user \"%s\" does not exist, ignored. t\n", user);
416 errors++;
417 }

564 } else if (add_user) {

418 } else if (mode == OPT_ADD) {

565 if (userindex >= 0) {
566 /* reactivation of a new user */
567 char **row =
568 sk_OPENSSL_PSTRING_value(db->db->data, userindex);
569 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
570 row[DB_srptype][0] = 'V';
571
572 doupdatedb = 1;

--- 4 unchanged lines hidden (view full) ---

577 row[DB_srpsalt] = NULL;
578 row[DB_srpinfo] = NULL;
579 if (!
580 (gNid =
581 srp_create_user(user, &(row[DB_srpverifier]),
582 &(row[DB_srpsalt]),
583 gNrow ? gNrow[DB_srpsalt] : gN,
584 gNrow ? gNrow[DB_srpverifier] : NULL,

419 if (userindex >= 0) {
420 /* reactivation of a new user */
421 char **row =
422 sk_OPENSSL_PSTRING_value(db->db->data, userindex);
423 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
424 row[DB_srptype][0] = 'V';
425
426 doupdatedb = 1;

--- 4 unchanged lines hidden (view full) ---

431 row[DB_srpsalt] = NULL;
432 row[DB_srpinfo] = NULL;
433 if (!
434 (gNid =
435 srp_create_user(user, &(row[DB_srpverifier]),
436 &(row[DB_srpsalt]),
437 gNrow ? gNrow[DB_srpsalt] : gN,
438 gNrow ? gNrow[DB_srpverifier] : NULL,

585 passout, bio_err, verbose))) {

439 passout, verbose))) {

586 BIO_printf(bio_err,
587 "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
588 user);
589 errors++;

440 BIO_printf(bio_err,
441 "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
442 user);
443 errors++;

590 goto err;

444 goto end;

591 }

445 }

592 row[DB_srpid] = BUF_strdup(user);
593 row[DB_srptype] = BUF_strdup("v");
594 row[DB_srpgN] = BUF_strdup(gNid);

446 row[DB_srpid] = OPENSSL_strdup(user);
447 row[DB_srptype] = OPENSSL_strdup("v");
448 row[DB_srpgN] = OPENSSL_strdup(gNid);

595

449

596 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
597 || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
598 &&
599 (!(row
600 [DB_srpinfo]
601 =
602 BUF_strdup
603 (userinfo))))
604 || !update_index(db, bio_err, row)) {
605 if (row[DB_srpid])
606 OPENSSL_free(row[DB_srpid]);
607 if (row[DB_srpgN])
608 OPENSSL_free(row[DB_srpgN]);
609 if (row[DB_srpinfo])
610 OPENSSL_free(row[DB_srpinfo]);
611 if (row[DB_srptype])
612 OPENSSL_free(row[DB_srptype]);
613 if (row[DB_srpverifier])
614 OPENSSL_free(row[DB_srpverifier]);
615 if (row[DB_srpsalt])
616 OPENSSL_free(row[DB_srpsalt]);
617 goto err;

450 if ((row[DB_srpid] == NULL)
451 || (row[DB_srpgN] == NULL)
452 || (row[DB_srptype] == NULL)
453 || (row[DB_srpverifier] == NULL)
454 || (row[DB_srpsalt] == NULL)
455 || (userinfo
456 && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL))
457 || !update_index(db, row)) {
458 OPENSSL_free(row[DB_srpid]);
459 OPENSSL_free(row[DB_srpgN]);
460 OPENSSL_free(row[DB_srpinfo]);
461 OPENSSL_free(row[DB_srptype]);
462 OPENSSL_free(row[DB_srpverifier]);
463 OPENSSL_free(row[DB_srpsalt]);
464 goto end;

618 }
619 doupdatedb = 1;
620 }

465 }
466 doupdatedb = 1;
467 }

621 } else if (modify_user) {

468 } else if (mode == OPT_MODIFY) {

622 if (userindex < 0) {
623 BIO_printf(bio_err,
624 "user \"%s\" does not exist, operation ignored.\n",
625 user);
626 errors++;
627 } else {
628
629 char **row =

--- 5 unchanged lines hidden (view full) ---

635 user);
636 errors++;
637 } else {
638 char *gNid;
639
640 if (row[DB_srptype][0] == 'V') {
641 int user_gN;
642 char **irow = NULL;

469 if (userindex < 0) {
470 BIO_printf(bio_err,
471 "user \"%s\" does not exist, operation ignored.\n",
472 user);
473 errors++;
474 } else {
475
476 char **row =

--- 5 unchanged lines hidden (view full) ---

482 user);
483 errors++;
484 } else {
485 char *gNid;
486
487 if (row[DB_srptype][0] == 'V') {
488 int user_gN;
489 char **irow = NULL;

643 VERBOSE BIO_printf(bio_err,
644 "Verifying password for user \"%s\"\n",
645 user);

490 if (verbose)
491 BIO_printf(bio_err,
492 "Verifying password for user \"%s\"\n",
493 user);

646 if ((user_gN =
647 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
648 irow =

494 if ((user_gN =
495 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
496 irow =

649 (char **)sk_OPENSSL_PSTRING_value(db->
650 db->data,
651 userindex);

497 sk_OPENSSL_PSTRING_value(db->db->data,
498 userindex);

652
653 if (!srp_verify_user
654 (user, row[DB_srpverifier], row[DB_srpsalt],
655 irow ? irow[DB_srpsalt] : row[DB_srpgN],
656 irow ? irow[DB_srpverifier] : NULL, passin,

499
500 if (!srp_verify_user
501 (user, row[DB_srpverifier], row[DB_srpsalt],
502 irow ? irow[DB_srpsalt] : row[DB_srpgN],
503 irow ? irow[DB_srpverifier] : NULL, passin,

657 bio_err, verbose)) {

504 verbose)) {

658 BIO_printf(bio_err,
659 "Invalid password for user \"%s\", operation abandoned.\n",
660 user);
661 errors++;

505 BIO_printf(bio_err,
506 "Invalid password for user \"%s\", operation abandoned.\n",
507 user);
508 errors++;

662 goto err;

509 goto end;

663 }
664 }

510 }
511 }

665 VERBOSE BIO_printf(bio_err,
666 "Password for user \"%s\" ok.\n",
667 user);

512 if (verbose)
513 BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
514 user);

668
669 if (!
670 (gNid =
671 srp_create_user(user, &(row[DB_srpverifier]),
672 &(row[DB_srpsalt]),
673 gNrow ? gNrow[DB_srpsalt] : NULL,
674 gNrow ? gNrow[DB_srpverifier] : NULL,

515
516 if (!
517 (gNid =
518 srp_create_user(user, &(row[DB_srpverifier]),
519 &(row[DB_srpsalt]),
520 gNrow ? gNrow[DB_srpsalt] : NULL,
521 gNrow ? gNrow[DB_srpverifier] : NULL,

675 passout, bio_err, verbose))) {

522 passout, verbose))) {

676 BIO_printf(bio_err,
677 "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
678 user);
679 errors++;

523 BIO_printf(bio_err,
524 "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
525 user);
526 errors++;

680 goto err;

527 goto end;

681 }
682
683 row[DB_srptype][0] = 'v';

528 }
529
530 row[DB_srptype][0] = 'v';

684 row[DB_srpgN] = BUF_strdup(gNid);

531 row[DB_srpgN] = OPENSSL_strdup(gNid);

685

532

686 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
687 || !row[DB_srpverifier] || !row[DB_srpsalt]

533 if (row[DB_srpid] == NULL
534 || row[DB_srpgN] == NULL
535 || row[DB_srptype] == NULL
536 || row[DB_srpverifier] == NULL
537 || row[DB_srpsalt] == NULL

688 || (userinfo

538 || (userinfo

689 && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
690 goto err;

539 && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo))
540 == NULL)))
541 goto end;

691
692 doupdatedb = 1;
693 }
694 }

542
543 doupdatedb = 1;
544 }
545 }

695 } else if (delete_user) {

546 } else if (mode == OPT_DELETE) {

696 if (userindex < 0) {
697 BIO_printf(bio_err,
698 "user \"%s\" does not exist, operation ignored. t\n",
699 user);
700 errors++;
701 } else {

547 if (userindex < 0) {
548 BIO_printf(bio_err,
549 "user \"%s\" does not exist, operation ignored. t\n",
550 user);
551 errors++;
552 } else {

702 char **xpp =
703 sk_OPENSSL_PSTRING_value(db->db->data, userindex);
704 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);

553 char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);

705

554

555 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);

706 xpp[DB_srptype][0] = 'R';

556 xpp[DB_srptype][0] = 'R';

707

708 doupdatedb = 1;
709 }
710 }

557 doupdatedb = 1;
558 }
559 }

711 if (--argc > 0)

560 if (--argc > 0) {

712 user = *(argv++);

561 user = *(argv++);

713 else {
714 user = NULL;
715 list_user = 0;

562 } else {
563 /* no more processing in any mode if no users left */
564 break;

716 }
717 }
718

565 }
566 }
567

719 VERBOSE BIO_printf(bio_err, "User procession done.\n");

568 if (verbose)
569 BIO_printf(bio_err, "User procession done.\n");

720
721 if (doupdatedb) {
722 /* Lets check some fields */
723 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
724 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
725
726 if (pp[DB_srptype][0] == 'v') {
727 pp[DB_srptype][0] = 'V';

570
571 if (doupdatedb) {
572 /* Lets check some fields */
573 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
574 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
575
576 if (pp[DB_srptype][0] == 'v') {
577 pp[DB_srptype][0] = 'V';

728 print_user(db, bio_err, i, verbose);

578 print_user(db, i, verbose);

729 }
730 }
731

579 }
580 }
581

732 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
733 if (!save_index(dbfile, "new", db))
734 goto err;

582 if (verbose)
583 BIO_printf(bio_err, "Trying to update srpvfile.\n");
584 if (!save_index(srpvfile, "new", db))
585 goto end;

735

586

736 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
737 if (!rotate_index(dbfile, "new", "old"))
738 goto err;

587 if (verbose)
588 BIO_printf(bio_err, "Temporary srpvfile created.\n");
589 if (!rotate_index(srpvfile, "new", "old"))
590 goto end;

739

591

740 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");

592 if (verbose)
593 BIO_printf(bio_err, "srpvfile updated.\n");

741 }
742
743 ret = (errors != 0);

594 }
595
596 ret = (errors != 0);

744 err:

597 end:

745 if (errors != 0)

598 if (errors != 0)

746 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);

599 if (verbose)
600 BIO_printf(bio_err, "User errors %d.\n", errors);

747

601

748 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
749 if (tofree)
750 OPENSSL_free(tofree);

602 if (verbose)
603 BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
604
605 OPENSSL_free(passin);
606 OPENSSL_free(passout);

751 if (ret)
752 ERR_print_errors(bio_err);
753 if (randfile)

607 if (ret)
608 ERR_print_errors(bio_err);
609 if (randfile)

754 app_RAND_write_file(randfile, bio_err);
755 if (conf)
756 NCONF_free(conf);
757 if (db)
758 free_index(db);
759

610 app_RAND_write_file(randfile);
611 NCONF_free(conf);
612 free_index(db);

760 release_engine(e);

613 release_engine(e);

761 OBJ_cleanup();
762 apps_shutdown();
763 OPENSSL_EXIT(ret);

614 return (ret);

764}

615}

765
766#else
767static void *dummy = &dummy;