X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fsrp.c;h=24fb79887ef4be6ec7a93843303dd314b3b2b217;hp=c62d55de2b556244f76c26b18bfbcdf39a256406;hb=94b3664a528258df5ebcaae213d19bf6568cc47d;hpb=239f2771e13ddc2fa50d01d62c10078befa8c86e diff --git a/apps/srp.c b/apps/srp.c index c62d55de2b..24fb79887e 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -58,17 +58,16 @@ #include #ifndef OPENSSL_NO_SRP -# include -# include -# include -# include -# include -# include -# include -# include -# include - -# include "apps.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "apps.h" # define BASE_SECTION "srp" # define CONFIG_FILE "openssl.cnf" @@ -88,62 +87,57 @@ static int get_index(CA_DB *db, char *id, char type) for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] == DB_SRP_INDEX - && !strcmp(id, pp[DB_srpid])) + && strcmp(id, pp[DB_srpid]) == 0) return i; } else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] != DB_SRP_INDEX - && !strcmp(id, pp[DB_srpid])) + && strcmp(id, pp[DB_srpid]) == 0) return i; } return -1; } -static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s) +static void print_entry(CA_DB *db, int indx, int verbose, char *s) { if (indx >= 0 && verbose) { int j; char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); - BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); + BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]); for (j = 0; j < DB_NUMBER; j++) { BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); } } } -static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose) +static void print_index(CA_DB *db, int indexindex, int verbose) { - print_entry(db, bio, indexindex, verbose, "g N entry"); + print_entry(db, indexindex, verbose, "g N entry"); } -static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose) +static void print_user(CA_DB *db, int userindex, int verbose) { if (verbose > 0) { char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); if (pp[DB_srptype][0] != 'I') { - print_entry(db, bio, userindex, verbose, "User entry"); - print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, + print_entry(db, userindex, verbose, "User entry"); + print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry"); } } } -static int update_index(CA_DB *db, BIO *bio, char **row) +static int update_index(CA_DB *db, char **row) { char **irow; int i; - if ((irow = - (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - return 0; - } - + irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers"); for (i = 0; i < DB_NUMBER; i++) { irow[i] = row[i]; row[i] = NULL; @@ -151,8 +145,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row) irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { - BIO_printf(bio, "failed to update srpvfile\n"); - BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error); + BIO_printf(bio_err, "failed to update srpvfile\n"); + BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); OPENSSL_free(irow); return 0; } @@ -166,7 +160,7 @@ static void lookup_fail(const char *name, const char *tag) static char *srp_verify_user(const char *user, const char *srp_verifier, char *srp_usersalt, const char *g, const char *N, - const char *passin, BIO *bio, int verbose) + const char *passin, int verbose) { char password[1024]; PW_CB_DATA cb_tmp; @@ -178,17 +172,17 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, if (password_callback(password, 1024, 0, &cb_tmp) > 0) { if (verbose) - BIO_printf(bio, + BIO_printf(bio_err, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N); - BIO_printf(bio, "Pass %s\n", password); + BIO_printf(bio_err, "Pass %s\n", password); OPENSSL_assert(srp_usersalt != NULL); if (! (gNid = SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g))) { - BIO_printf(bio, "Internal error validating SRP verifier\n"); + BIO_printf(bio_err, "Internal error validating SRP verifier\n"); } else { if (strcmp(verifier, srp_verifier)) gNid = NULL; @@ -200,7 +194,7 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, static char *srp_create_user(char *user, char **srp_verifier, char **srp_usersalt, char *g, char *N, - char *passout, BIO *bio, int verbose) + char *passout, int verbose) { char password[1024]; PW_CB_DATA cb_tmp; @@ -211,17 +205,17 @@ static char *srp_create_user(char *user, char **srp_verifier, if (password_callback(password, 1024, 1, &cb_tmp) > 0) { if (verbose) - BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", + BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N); if (! (gNid = SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) { - BIO_printf(bio, "Internal error creating SRP verifier\n"); + BIO_printf(bio_err, "Internal error creating SRP verifier\n"); } else *srp_usersalt = salt; if (verbose > 1) - BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, + BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier); } @@ -261,14 +255,13 @@ int srp_main(int argc, char **argv) CA_DB *db = NULL; DB_ATTR db_attr; CONF *conf = NULL; - int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = - 0, i, doupdatedb = 0; - int mode = OPT_ERR; + int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i; + int doupdatedb = 0, mode = OPT_ERR; char *user = NULL, *passinarg = NULL, *passoutarg = NULL; char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL; char *randfile = NULL, *tofree = NULL, *section = NULL; - char **gNrow = NULL, *configfile = NULL, *dbfile = NULL, **pp, *prog; - long errorline = -1; + char **gNrow = NULL, *configfile = NULL; + char *srpvfile = NULL, **pp, *prog; OPTION_CHOICE o; prog = opt_init(argc, argv, srp_options); @@ -293,7 +286,7 @@ int srp_main(int argc, char **argv) section = opt_arg(); break; case OPT_SRPVFILE: - dbfile = opt_arg(); + srpvfile = opt_arg(); break; case OPT_ADD: case OPT_DELETE: @@ -327,9 +320,9 @@ int srp_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (dbfile && configfile) { + if (srpvfile && configfile) { BIO_printf(bio_err, - "-dbfile and -configfile cannot be specified together.\n"); + "-srpvfile and -configfile cannot be specified together.\n"); goto end; } if (mode == OPT_ERR) { @@ -337,7 +330,8 @@ int srp_main(int argc, char **argv) "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); goto opthelp; } - if ((mode == OPT_DELETE || mode == OPT_MODIFY || OPT_ADD) && argc < 1) { + if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) + && argc < 1) { BIO_printf(bio_err, "Need at least one user for options -add, -delete, -modify. \n"); goto opthelp; @@ -353,56 +347,18 @@ int srp_main(int argc, char **argv) goto end; } - if (!dbfile) { - - /*****************************************************************/ - tofree = NULL; - if (configfile == NULL) - configfile = getenv("OPENSSL_CONF"); - if (configfile == NULL) - configfile = getenv("SSLEAY_CONF"); - if (configfile == NULL) { - const char *s = X509_get_default_cert_area(); - size_t len; - -# ifdef OPENSSL_SYS_VMS - len = strlen(s) + sizeof(CONFIG_FILE); - tofree = OPENSSL_malloc(len); - if (!tofree) { - BIO_printf(bio_err, "Out of memory\n"); - goto end; - } - strcpy(tofree, s); -# else - len = strlen(s) + sizeof(CONFIG_FILE) + 1; - tofree = OPENSSL_malloc(len); - if (!tofree) { - BIO_printf(bio_err, "Out of memory\n"); - goto end; - } - BUF_strlcpy(tofree, s, len); - BUF_strlcat(tofree, "/", len); -# endif - BUF_strlcat(tofree, CONFIG_FILE, len); - configfile = tofree; - } + if (!srpvfile) { + if (!configfile) + configfile = default_config_file; if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - conf = NCONF_new(NULL); - if (NCONF_load(conf, configfile, &errorline) <= 0) { - if (errorline <= 0) - BIO_printf(bio_err, "error loading the config file '%s'\n", - configfile); - else - BIO_printf(bio_err, "error on line %ld of config file '%s'\n", - errorline, configfile); + BIO_printf(bio_err, "Using configuration from %s\n", + configfile); + conf = app_load_config(configfile); + if (conf == NULL) + goto end; + if (!app_load_modules(conf)) goto end; - } - if (tofree) { - OPENSSL_free(tofree); - tofree = NULL; - } /* Lets get the config section we are using */ if (section == NULL) { @@ -426,7 +382,8 @@ int srp_main(int argc, char **argv) "trying to read " ENV_DATABASE " in section \"%s\"\n", section); - if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) { + if ((srpvfile = NCONF_get_string(conf, section, ENV_DATABASE)) + == NULL) { lookup_fail(section, ENV_DATABASE); goto end; } @@ -439,9 +396,9 @@ int srp_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", - dbfile); + srpvfile); - db = load_index(dbfile, &db_attr); + db = load_index(srpvfile, &db_attr); if (db == NULL) goto end; @@ -451,10 +408,10 @@ int srp_main(int argc, char **argv) if (pp[DB_srptype][0] == DB_SRP_INDEX) { maxgN = i; - if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) + if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0) gNindex = i; - print_index(db, bio_err, i, verbose > 1); + print_index(db, i, verbose > 1); } } @@ -463,7 +420,7 @@ int srp_main(int argc, char **argv) if (gNindex >= 0) { gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex); - print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); + print_entry(db, gNindex, verbose > 1, "Default g and N"); } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); goto end; @@ -485,7 +442,7 @@ int srp_main(int argc, char **argv) if (verbose > 1) BIO_printf(bio_err, "Processing user \"%s\"\n", user); if ((userindex = get_index(db, user, 'U')) >= 0) { - print_user(db, bio_err, userindex, (verbose > 0) + print_user(db, userindex, (verbose > 0) || mode == OPT_LIST); } @@ -494,7 +451,7 @@ int srp_main(int argc, char **argv) BIO_printf(bio_err, "List all users\n"); for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - print_user(db, bio_err, i, 1); + print_user(db, i, 1); } } else if (userindex < 0) { BIO_printf(bio_err, @@ -522,7 +479,7 @@ int srp_main(int argc, char **argv) &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : gN, gNrow ? gNrow[DB_srpverifier] : NULL, - passout, bio_err, verbose))) { + passout, verbose))) { BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user); @@ -533,27 +490,20 @@ int srp_main(int argc, char **argv) row[DB_srptype] = BUF_strdup("v"); row[DB_srpgN] = BUF_strdup(gNid); - if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] - || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo - && - (!(row - [DB_srpinfo] - = - BUF_strdup - (userinfo)))) - || !update_index(db, bio_err, row)) { - if (row[DB_srpid]) - OPENSSL_free(row[DB_srpid]); - if (row[DB_srpgN]) - OPENSSL_free(row[DB_srpgN]); - if (row[DB_srpinfo]) - OPENSSL_free(row[DB_srpinfo]); - if (row[DB_srptype]) - OPENSSL_free(row[DB_srptype]); - if (row[DB_srpverifier]) - OPENSSL_free(row[DB_srpverifier]); - if (row[DB_srpsalt]) - OPENSSL_free(row[DB_srpsalt]); + if ((row[DB_srpid] == NULL) + || (row[DB_srpgN] == NULL) + || (row[DB_srptype] == NULL) + || (row[DB_srpverifier] == NULL) + || (row[DB_srpsalt] == NULL) + || (userinfo + && ((row[DB_srpinfo] = BUF_strdup(userinfo)) == NULL)) + || !update_index(db, row)) { + OPENSSL_free(row[DB_srpid]); + OPENSSL_free(row[DB_srpgN]); + OPENSSL_free(row[DB_srpinfo]); + OPENSSL_free(row[DB_srptype]); + OPENSSL_free(row[DB_srpverifier]); + OPENSSL_free(row[DB_srpsalt]); goto end; } doupdatedb = 1; @@ -594,7 +544,7 @@ int srp_main(int argc, char **argv) (user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, - bio_err, verbose)) { + verbose)) { BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user); @@ -612,7 +562,7 @@ int srp_main(int argc, char **argv) &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : NULL, gNrow ? gNrow[DB_srpverifier] : NULL, - passout, bio_err, verbose))) { + passout, verbose))) { BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); @@ -623,10 +573,14 @@ int srp_main(int argc, char **argv) row[DB_srptype][0] = 'v'; row[DB_srpgN] = BUF_strdup(gNid); - if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] - || !row[DB_srpverifier] || !row[DB_srpsalt] + if (row[DB_srpid] == NULL + || row[DB_srpgN] == NULL + || row[DB_srptype] == NULL + || row[DB_srpverifier] == NULL + || row[DB_srpsalt] == NULL || (userinfo - && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) + && ((row[DB_srpinfo] = BUF_strdup(userinfo)) + == NULL))) goto end; doupdatedb = 1; @@ -639,12 +593,10 @@ int srp_main(int argc, char **argv) user); errors++; } else { - char **xpp = - sk_OPENSSL_PSTRING_value(db->db->data, userindex); - BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); + char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); + BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); xpp[DB_srptype][0] = 'R'; - doupdatedb = 1; } } @@ -665,18 +617,18 @@ int srp_main(int argc, char **argv) if (pp[DB_srptype][0] == 'v') { pp[DB_srptype][0] = 'V'; - print_user(db, bio_err, i, verbose); + print_user(db, i, verbose); } } if (verbose) BIO_printf(bio_err, "Trying to update srpvfile.\n"); - if (!save_index(dbfile, "new", db)) + if (!save_index(srpvfile, "new", db)) goto end; if (verbose) BIO_printf(bio_err, "Temporary srpvfile created.\n"); - if (!rotate_index(dbfile, "new", "old")) + if (!rotate_index(srpvfile, "new", "old")) goto end; if (verbose) @@ -691,19 +643,21 @@ int srp_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); - if (tofree) - OPENSSL_free(tofree); + OPENSSL_free(tofree); if (ret) ERR_print_errors(bio_err); if (randfile) app_RAND_write_file(randfile); - if (conf) - NCONF_free(conf); - if (db) - free_index(db); - + NCONF_free(conf); + free_index(db); OBJ_cleanup(); return (ret); } +#else + +# if PEDANTIC +static void *dummy = &dummy; +# endif + #endif