static int append_buf(char **buf, const char *s, int *size, int step)
{
int l = strlen(s);
if (*buf == NULL)
{
*size = step;
*buf = OPENSSL_malloc(*size);
if (*buf == NULL)
return 0;
**buf = '\0';
}
if (**buf != '\0')
l += 2; /* ", " */
if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
{
*size += step;
*buf = OPENSSL_realloc(*buf, *size);
}
if (*buf == NULL)
return 0;
if (**buf != '\0')
BUF_strlcat(*buf, ", ", *size);
BUF_strlcat(*buf, s, *size);
return 1;
}
char *UI_construct_prompt(UI *ui, const char *object_desc,
const char *object_name)
{
char *prompt = NULL;
if (ui->meth->ui_construct_prompt)
prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
else {
char prompt1[] = "Enter ";
char prompt2[] = " for ";
char prompt3[] = ":";
int len = 0;
if (object_desc == NULL)
return NULL;
len = sizeof(prompt1) - 1 + strlen(object_desc);
if (object_name)
len += sizeof(prompt2) - 1 + strlen(object_name);
len += sizeof(prompt3) - 1;
prompt = OPENSSL_malloc(len + 1);
if (prompt == NULL)
return NULL;
BUF_strlcpy(prompt, prompt1, len + 1);
BUF_strlcat(prompt, object_desc, len + 1);
if (object_name) {
BUF_strlcat(prompt, prompt2, len + 1);
BUF_strlcat(prompt, object_name, len + 1);
}
BUF_strlcat(prompt, prompt3, len + 1);
}
return prompt;
}
const char *RAND_file_name(char *buf, size_t size)
{
char *s=NULL;
int ok = 0;
#ifdef __OpenBSD__
struct stat sb;
#endif
if (OPENSSL_issetugid() == 0)
s=getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size)
{
if (BUF_strlcpy(buf,s,size) >= size)
return NULL;
}
else
{
if (OPENSSL_issetugid() == 0)
s=getenv("HOME");
#ifdef DEFAULT_HOME
if (s == NULL)
{
s = DEFAULT_HOME;
}
#endif
if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
{
BUF_strlcpy(buf,s,size);
#ifndef OPENSSL_SYS_VMS
BUF_strlcat(buf,"/",size);
#endif
BUF_strlcat(buf,RFILE,size);
ok = 1;
}
else
buf[0] = '\0'; /* no file name */
}
#ifdef __OpenBSD__
/* given that all random loads just fail if the file can't be
* seen on a stat, we stat the file we're returning, if it
* fails, use /dev/arandom instead. this allows the user to
* use their own source for good random data, but defaults
* to something hopefully decent if that isn't available.
*/
if (!ok)
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
if (stat(buf,&sb) == -1)
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
#endif
return(buf);
}
void PEM_proc_type(char *buf, int type)
{
const char *str;
if (type == PEM_TYPE_ENCRYPTED)
str="ENCRYPTED";
else if (type == PEM_TYPE_MIC_CLEAR)
str="MIC-CLEAR";
else if (type == PEM_TYPE_MIC_ONLY)
str="MIC-ONLY";
else
str="BAD-TYPE";
BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
BUF_strlcat(buf,str,PEM_BUFSIZE);
BUF_strlcat(buf,"\n",PEM_BUFSIZE);
}
void PEM_dek_info(char *buf, const char *type, int len, char *str)
{
static const unsigned char map[17] = "0123456789ABCDEF";
long i;
int j;
BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
BUF_strlcat(buf, type, PEM_BUFSIZE);
BUF_strlcat(buf, ",", PEM_BUFSIZE);
j = strlen(buf);
if (j + (len * 2) + 1 > PEM_BUFSIZE)
return;
for (i = 0; i < len; i++) {
buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
}
buf[j + i * 2] = '\n';
buf[j + i * 2 + 1] = '\0';
}
static ASN1_INTEGER *x509_load_serial (char *CAfile, char *serialfile, int create)
{
char *buf = NULL, *p;
ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
size_t len;
len = ((serialfile == NULL) ? (strlen (CAfile) + strlen (POSTFIX) + 1) : (strlen (serialfile))) + 1;
buf = OPENSSL_malloc (len);
if (buf == NULL)
{
BIO_printf (bio_err, "out of mem\n");
goto end;
}
if (serialfile == NULL)
{
BUF_strlcpy (buf, CAfile, len);
for (p = buf; *p; p++)
if (*p == '.')
{
*p = '\0';
break;
}
BUF_strlcat (buf, POSTFIX, len);
}
else
BUF_strlcpy (buf, serialfile, len);
serial = load_serial (buf, create, NULL);
if (serial == NULL)
goto end;
if (!BN_add_word (serial, 1))
{
BIO_printf (bio_err, "add_word failure\n");
goto end;
}
if (!save_serial (buf, NULL, serial, &bs))
goto end;
end:
if (buf)
OPENSSL_free (buf);
BN_free (serial);
return bs;
}
/**
* @brief Push an openssl-generated error onto the error stack.
*/
errinfo_t *_push_error_stack_openssl(const char *filename, const char *funcname, int lineno, unsigned int errcode, int xerrno) {
const char *ssl_filename, *ssl_data;
char auxmsg[512], tmpbuf[512], tmpbuf2[512];
int ssl_line, ssl_flags, first_pass = 1;
static int loaded = 0;
if (!loaded) {
ERR_load_crypto_strings();
SSL_load_error_strings();
loaded = 1;
}
memset(auxmsg, 0, sizeof(auxmsg));
// Keep doing this as long as there's more errors there.
while (ERR_peek_error_line_data(&ssl_filename, &ssl_line, &ssl_data, &ssl_flags)) {
if (!first_pass) {
BUF_strlcat(auxmsg, " | ", sizeof(auxmsg));
} else {
first_pass = 0;
}
memset(tmpbuf, 0, sizeof(tmpbuf));
snprintf(tmpbuf, sizeof(tmpbuf), ":%s:%d", ssl_filename, ssl_line);
memset(tmpbuf2, 0, sizeof(tmpbuf2));
ERR_error_string_n(ERR_get_error(), tmpbuf2, sizeof(tmpbuf2));
// Combine the two error strings and add them to the buffer.
BUF_strlcat(auxmsg, tmpbuf2, sizeof(auxmsg));
BUF_strlcat(auxmsg, tmpbuf, sizeof(auxmsg));
}
return (_push_error_stack(filename, funcname, lineno, errcode, xerrno, auxmsg));
}
/* Add EFIAPI for UEFI version. */
void
#if defined(OPENSSL_SYS_UEFI)
EFIAPI
#endif
ERR_add_error_data(int num, ...)
{
va_list args;
int i,n,s;
char *str,*p,*a;
s=80;
str=OPENSSL_malloc(s+1);
if (str == NULL) return;
str[0]='\0';
va_start(args, num);
n=0;
for (i=0; i<num; i++)
{
a=va_arg(args, char*);
/* ignore NULLs, thanks to Bob Beck <*****@*****.**> */
if (a != NULL)
{
n+=strlen(a);
if (n > s)
{
s=n+20;
p=OPENSSL_realloc(str,s+1);
if (p == NULL)
{
OPENSSL_free(str);
goto err;
}
else
str=p;
}
BUF_strlcat(str,a,(size_t)s+1);
}
}
ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
err:
va_end(args);
}
/* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
ASN1_GENERALIZEDTIME **out)
{
ASN1_GENERALIZEDTIME *ret;
char *str;
int newlen;
if (!ASN1_TIME_check(t))
return NULL;
if (!out || !*out) {
if (!(ret = ASN1_GENERALIZEDTIME_new()))
return NULL;
if (out)
*out = ret;
} else
ret = *out;
/* If already GeneralizedTime just copy across */
if (t->type == V_ASN1_GENERALIZEDTIME) {
if (!ASN1_STRING_set(ret, t->data, t->length))
return NULL;
return ret;
}
/* grow the string */
if (!ASN1_STRING_set(ret, NULL, t->length + 2))
return NULL;
/* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t->length + 2 + 1;
str = (char *)ret->data;
/* Work out the century and prepend */
if (t->data[0] >= '5')
BUF_strlcpy(str, "19", newlen);
else
BUF_strlcpy(str, "20", newlen);
BUF_strlcat(str, (char *)t->data, newlen);
return ret;
}
int MAIN(int argc, char **argv)
{
int add_user = 0;
int list_user= 0;
int delete_user= 0;
int modify_user= 0;
char * user = NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char * gN = NULL;
int gNindex = -1;
char ** gNrow = NULL;
int maxgN = -1;
char * userinfo = NULL;
int badops=0;
int ret=1;
int errors=0;
int verbose=0;
int doupdatedb=0;
char *configfile=NULL;
char *dbfile=NULL;
CA_DB *db=NULL;
char **pp ;
int i;
long errorline = -1;
char *randfile=NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
char *tofree=NULL;
DB_ATTR db_attr;
#ifdef EFENCE
EF_PROTECT_FREE=1;
EF_PROTECT_BELOW=1;
EF_ALIGNMENT=0;
#endif
apps_startup();
conf = NULL;
section = NULL;
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
argc--;
argv++;
while (argc >= 1 && badops == 0)
{
if (strcmp(*argv,"-verbose") == 0)
verbose++;
else if (strcmp(*argv,"-config") == 0)
{
if (--argc < 1) goto bad;
configfile= *(++argv);
}
else if (strcmp(*argv,"-name") == 0)
{
if (--argc < 1) goto bad;
section= *(++argv);
}
else if (strcmp(*argv,"-srpvfile") == 0)
{
if (--argc < 1) goto bad;
dbfile= *(++argv);
}
else if (strcmp(*argv,"-add") == 0)
add_user=1;
else if (strcmp(*argv,"-delete") == 0)
delete_user=1;
else if (strcmp(*argv,"-modify") == 0)
modify_user=1;
else if (strcmp(*argv,"-list") == 0)
list_user=1;
else if (strcmp(*argv,"-gn") == 0)
{
if (--argc < 1) goto bad;
gN= *(++argv);
}
else if (strcmp(*argv,"-userinfo") == 0)
{
if (--argc < 1) goto bad;
userinfo= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (**argv == '-')
{
bad:
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
else
break;
argc--;
argv++;
}
if (dbfile && configfile)
{
BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
badops = 1;
}
if (add_user+delete_user+modify_user+list_user != 1)
{
BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
badops = 1;
}
if (delete_user+modify_user+delete_user== 1 && argc <= 0)
{
BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
badops = 1;
}
if ((passin || passout) && argc != 1 )
{
BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
badops = 1;
}
if (badops)
{
for (pp=srp_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto err;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
goto err;
}
if (!dbfile)
{
/*****************************************************************/
tofree=NULL;
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
if (configfile == NULL)
{
const char *s=X509_get_default_cert_area();
size_t len;
#ifdef OPENSSL_SYS_VMS
len = strlen(s)+sizeof(CONFIG_FILE);
tofree=OPENSSL_malloc(len);
strcpy(tofree,s);
#else
len = strlen(s)+sizeof(CONFIG_FILE)+1;
tofree=OPENSSL_malloc(len);
BUF_strlcpy(tofree,s,len);
BUF_strlcat(tofree,"/",len);
#endif
BUF_strlcat(tofree,CONFIG_FILE,len);
configfile=tofree;
}
VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
conf = NCONF_new(NULL);
if (NCONF_load(conf,configfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err,"error loading the config file '%s'\n",
configfile);
else
BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
,errorline,configfile);
goto err;
}
if(tofree)
{
OPENSSL_free(tofree);
tofree = NULL;
}
if (!load_config(bio_err, conf))
goto err;
/* Lets get the config section we are using */
if (section == NULL)
{
VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
if (section == NULL)
{
lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
goto err;
}
}
if (randfile == NULL && conf)
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
}
}
if (randfile == NULL)
ERR_clear_error();
else
app_RAND_load_file(randfile, bio_err, 0);
VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);
db = load_index(dbfile, &db_attr);
if (db == NULL) goto err;
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX)
{
maxgN = i;
if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
gNindex = i;
print_index(db, bio_err, i, verbose > 1);
}
}
VERBOSE BIO_printf(bio_err, "Database initialised\n");
if (gNindex >= 0)
{
gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
}
else if (maxgN > 0 && !SRP_get_default_gN(gN))
{
BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
goto err;
}
else
{
VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
gNrow = NULL;
}
VVERBOSE BIO_printf(bio_err,"Starting user processing\n");
if (argc > 0)
user = *(argv++) ;
while (list_user || user)
{
int userindex = -1;
if (user)
VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
if ((userindex = get_index(db, user, 'U')) >= 0)
{
print_user(db, bio_err, userindex, (verbose > 0) || list_user);
}
if (list_user)
{
if (user == NULL)
{
BIO_printf(bio_err,"List all users\n");
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
print_user(db,bio_err, i, 1);
}
list_user = 0;
}
else if (userindex < 0)
{
BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
user);
errors++;
}
}
else if (add_user)
{
if (userindex >= 0)
{
/* reactivation of a new user */
char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
row[DB_srptype][0] = 'V';
doupdatedb = 1;
}
else
{
char *row[DB_NUMBER] ; char *gNid;
row[DB_srpverifier] = NULL;
row[DB_srpsalt] = NULL;
row[DB_srpinfo] = NULL;
if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
{
BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
errors++;
goto err;
}
row[DB_srpid] = BUF_strdup(user);
row[DB_srptype] = BUF_strdup("v");
row[DB_srpgN] = BUF_strdup(gNid);
if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) ||
!update_index(db, bio_err, row))
{
if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
goto err;
}
doupdatedb = 1;
}
}
else if (modify_user)
{
if (userindex < 0)
{
BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
errors++;
}
else
{
char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
char type = row[DB_srptype][0];
if (type == 'v')
{
BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
errors++;
}
else
{
char *gNid;
if (row[DB_srptype][0] == 'V')
{
int user_gN;
char **irow = NULL;
VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
{
BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
errors++;
goto err;
}
}
VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);
if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
{
BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
errors++;
goto err;
}
row[DB_srptype][0] = 'v';
row[DB_srpgN] = BUF_strdup(gNid);
if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
goto err;
doupdatedb = 1;
}
}
}
else if (delete_user)
{
if (userindex < 0)
{
BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
errors++;
}
else
{
char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
xpp[DB_srptype][0] = 'R';
doupdatedb = 1;
}
}
if (--argc > 0)
user = *(argv++) ;
else
{
user = NULL;
list_user = 0;
}
}
VERBOSE BIO_printf(bio_err,"User procession done.\n");
if (doupdatedb)
{
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
if (pp[DB_srptype][0] == 'v')
{
pp[DB_srptype][0] = 'V';
print_user(db, bio_err, i, verbose);
}
}
VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
if (!save_index(dbfile, "new", db)) goto err;
VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
if (!rotate_index(dbfile, "new", "old")) goto err;
VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
}
ret = (errors != 0);
err:
if (errors != 0)
VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);
VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
if(tofree)
OPENSSL_free(tofree);
if (ret) ERR_print_errors(bio_err);
if (randfile) app_RAND_write_file(randfile, bio_err);
if (conf) NCONF_free(conf);
if (db) free_index(db);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
}
int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
void *u, const char *s, int len, int indent)
{
int ret=0;
char buf[288+1],tmp[20],str[128+1];
int i,j,rows,trc;
unsigned char ch;
int dump_width;
trc=0;
#ifdef TRUNCATE
for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
trc++;
#endif
if (indent < 0)
indent = 0;
if (indent)
{
if (indent > 128) indent=128;
memset(str,' ',indent);
}
str[indent]='\0';
dump_width=DUMP_WIDTH_LESS_INDENT(indent);
rows=(len/dump_width);
if ((rows*dump_width)<len)
rows++;
for(i=0;i<rows;i++)
{
buf[0]='\0'; /* start with empty string */
BUF_strlcpy(buf,str,sizeof buf);
BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
BUF_strlcat(buf,tmp,sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
{
BUF_strlcat(buf," ",sizeof buf);
}
else
{
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
j==7?'-':' ');
BUF_strlcat(buf,tmp,sizeof buf);
}
}
BUF_strlcat(buf," ",sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
break;
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
#ifndef CHARSET_EBCDIC
BIO_snprintf(tmp,sizeof tmp,"%c",
((ch>=' ')&&(ch<='~'))?ch:'.');
#else
BIO_snprintf(tmp,sizeof tmp,"%c",
((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
? os_toebcdic[ch]
: '.');
#endif
BUF_strlcat(buf,tmp,sizeof buf);
}
BUF_strlcat(buf,"\n",sizeof buf);
/* if this is the last call then update the ddt_dump thing so
* that we will move the selection point in the debug window
*/
ret+=cb((void *)buf,strlen(buf),u);
}
#ifdef TRUNCATE
if (trc > 0)
{
BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
len+trc);
ret+=cb((void *)buf,strlen(buf),u);
}
#endif
return(ret);
}
int srp_main(int argc, char **argv)
{
CA_DB *db = NULL;
DB_ATTR db_attr;
CONF *conf = NULL;
int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose =
0, i, doupdatedb = 0;
int mode = OPT_ERR;
char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
char *randfile = NULL, *tofree = NULL, *section = NULL;
char **gNrow = NULL, *configfile = NULL, *dbfile = NULL, **pp, *prog;
long errorline = -1;
OPTION_CHOICE o;
prog = opt_init(argc, argv, srp_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(srp_options);
ret = 0;
goto end;
case OPT_VERBOSE:
verbose++;
break;
case OPT_CONFIG:
configfile = opt_arg();
break;
case OPT_NAME:
section = opt_arg();
break;
case OPT_SRPVFILE:
dbfile = opt_arg();
break;
case OPT_ADD:
case OPT_DELETE:
case OPT_MODIFY:
case OPT_LIST:
if (mode != OPT_ERR) {
BIO_printf(bio_err,
"%s: Only one of -add/delete-modify/-list\n",
prog);
goto opthelp;
}
mode = o;
break;
case OPT_GN:
gN = opt_arg();
break;
case OPT_USERINFO:
userinfo = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
(void)setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (dbfile && configfile) {
BIO_printf(bio_err,
"-dbfile and -configfile cannot be specified together.\n");
goto end;
}
if (mode == OPT_ERR) {
BIO_printf(bio_err,
"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
goto opthelp;
}
if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD)
&& argc < 1) {
BIO_printf(bio_err,
"Need at least one user for options -add, -delete, -modify. \n");
goto opthelp;
}
if ((passin || passout) && argc != 1) {
BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n");
goto opthelp;
}
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (!dbfile) {
/*****************************************************************/
tofree = NULL;
if (configfile == NULL)
configfile = getenv("OPENSSL_CONF");
if (configfile == NULL)
configfile = getenv("SSLEAY_CONF");
if (configfile == NULL) {
const char *s = X509_get_default_cert_area();
size_t len = strlen(s) + 1 + sizeof(CONFIG_FILE);
tofree = app_malloc(len, "config filename space");
# ifdef OPENSSL_SYS_VMS
strcpy(tofree, s);
# else
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
# endif
BUF_strlcat(tofree, CONFIG_FILE, len);
configfile = tofree;
}
if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
conf = NCONF_new(NULL);
if (NCONF_load(conf, configfile, &errorline) <= 0) {
if (errorline <= 0)
BIO_printf(bio_err, "error loading the config file '%s'\n",
configfile);
else
BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
errorline, configfile);
goto end;
}
OPENSSL_free(tofree);
tofree = NULL;
/* Lets get the config section we are using */
if (section == NULL) {
if (verbose)
BIO_printf(bio_err,
"trying to read " ENV_DEFAULT_SRP
" in \" BASE_SECTION \"\n");
section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
if (section == NULL) {
lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
goto end;
}
}
if (randfile == NULL && conf)
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (verbose)
BIO_printf(bio_err,
"trying to read " ENV_DATABASE " in section \"%s\"\n",
section);
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
lookup_fail(section, ENV_DATABASE);
goto end;
}
}
if (randfile == NULL)
ERR_clear_error();
else
app_RAND_load_file(randfile, 0);
if (verbose)
BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
dbfile);
db = load_index(dbfile, &db_attr);
if (db == NULL)
goto end;
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX) {
maxgN = i;
if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
gNindex = i;
print_index(db, i, verbose > 1);
}
}
if (verbose)
BIO_printf(bio_err, "Database initialised\n");
if (gNindex >= 0) {
gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
print_entry(db, gNindex, verbose > 1, "Default g and N");
} else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
goto end;
} else {
if (verbose)
BIO_printf(bio_err, "Database has no g N information.\n");
gNrow = NULL;
}
if (verbose > 1)
BIO_printf(bio_err, "Starting user processing\n");
if (argc > 0)
user = *(argv++);
while (mode == OPT_LIST || user) {
int userindex = -1;
if (user)
if (verbose > 1)
BIO_printf(bio_err, "Processing user \"%s\"\n", user);
if ((userindex = get_index(db, user, 'U')) >= 0) {
print_user(db, userindex, (verbose > 0)
|| mode == OPT_LIST);
}
if (mode == OPT_LIST) {
if (user == NULL) {
BIO_printf(bio_err, "List all users\n");
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
print_user(db, i, 1);
}
} else if (userindex < 0) {
BIO_printf(bio_err,
"user \"%s\" does not exist, ignored. t\n", user);
errors++;
}
} else if (mode == OPT_ADD) {
if (userindex >= 0) {
/* reactivation of a new user */
char **row =
sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
row[DB_srptype][0] = 'V';
doupdatedb = 1;
} else {
char *row[DB_NUMBER];
char *gNid;
row[DB_srpverifier] = NULL;
row[DB_srpsalt] = NULL;
row[DB_srpinfo] = NULL;
if (!
(gNid =
srp_create_user(user, &(row[DB_srpverifier]),
&(row[DB_srpsalt]),
gNrow ? gNrow[DB_srpsalt] : gN,
gNrow ? gNrow[DB_srpverifier] : NULL,
passout, verbose))) {
BIO_printf(bio_err,
"Cannot create srp verifier for user \"%s\", operation abandoned .\n",
user);
errors++;
goto end;
}
row[DB_srpid] = BUF_strdup(user);
row[DB_srptype] = BUF_strdup("v");
row[DB_srpgN] = BUF_strdup(gNid);
if ((row[DB_srpid] == NULL)
|| (row[DB_srpgN] == NULL)
|| (row[DB_srptype] == NULL)
|| (row[DB_srpverifier] == NULL)
|| (row[DB_srpsalt] == NULL)
|| (userinfo
&& ((row[DB_srpinfo] = BUF_strdup(userinfo)) == NULL))
|| !update_index(db, row)) {
OPENSSL_free(row[DB_srpid]);
OPENSSL_free(row[DB_srpgN]);
OPENSSL_free(row[DB_srpinfo]);
OPENSSL_free(row[DB_srptype]);
OPENSSL_free(row[DB_srpverifier]);
OPENSSL_free(row[DB_srpsalt]);
goto end;
}
doupdatedb = 1;
}
} else if (mode == OPT_MODIFY) {
if (userindex < 0) {
BIO_printf(bio_err,
"user \"%s\" does not exist, operation ignored.\n",
user);
errors++;
} else {
char **row =
sk_OPENSSL_PSTRING_value(db->db->data, userindex);
char type = row[DB_srptype][0];
if (type == 'v') {
BIO_printf(bio_err,
"user \"%s\" already updated, operation ignored.\n",
user);
errors++;
} else {
char *gNid;
if (row[DB_srptype][0] == 'V') {
int user_gN;
char **irow = NULL;
if (verbose)
BIO_printf(bio_err,
"Verifying password for user \"%s\"\n",
user);
if ((user_gN =
get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
irow =
sk_OPENSSL_PSTRING_value(db->db->data,
userindex);
if (!srp_verify_user
(user, row[DB_srpverifier], row[DB_srpsalt],
irow ? irow[DB_srpsalt] : row[DB_srpgN],
irow ? irow[DB_srpverifier] : NULL, passin,
verbose)) {
BIO_printf(bio_err,
"Invalid password for user \"%s\", operation abandoned.\n",
user);
errors++;
goto end;
}
}
if (verbose)
BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
user);
if (!
(gNid =
srp_create_user(user, &(row[DB_srpverifier]),
&(row[DB_srpsalt]),
gNrow ? gNrow[DB_srpsalt] : NULL,
gNrow ? gNrow[DB_srpverifier] : NULL,
passout, verbose))) {
BIO_printf(bio_err,
"Cannot create srp verifier for user \"%s\", operation abandoned.\n",
user);
errors++;
goto end;
}
row[DB_srptype][0] = 'v';
row[DB_srpgN] = BUF_strdup(gNid);
if (row[DB_srpid] == NULL
|| row[DB_srpgN] == NULL
|| row[DB_srptype] == NULL
|| row[DB_srpverifier] == NULL
|| row[DB_srpsalt] == NULL
|| (userinfo
&& ((row[DB_srpinfo] = BUF_strdup(userinfo))
== NULL)))
goto end;
doupdatedb = 1;
}
}
} else if (mode == OPT_DELETE) {
if (userindex < 0) {
BIO_printf(bio_err,
"user \"%s\" does not exist, operation ignored. t\n",
user);
errors++;
} else {
char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
xpp[DB_srptype][0] = 'R';
doupdatedb = 1;
}
}
if (--argc > 0)
user = *(argv++);
else {
user = NULL;
}
}
if (verbose)
BIO_printf(bio_err, "User procession done.\n");
if (doupdatedb) {
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == 'v') {
pp[DB_srptype][0] = 'V';
print_user(db, i, verbose);
}
}
if (verbose)
BIO_printf(bio_err, "Trying to update srpvfile.\n");
if (!save_index(dbfile, "new", db))
goto end;
if (verbose)
BIO_printf(bio_err, "Temporary srpvfile created.\n");
if (!rotate_index(dbfile, "new", "old"))
goto end;
if (verbose)
BIO_printf(bio_err, "srpvfile updated.\n");
}
ret = (errors != 0);
end:
if (errors != 0)
if (verbose)
BIO_printf(bio_err, "User errors %d.\n", errors);
if (verbose)
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
OPENSSL_free(tofree);
if (ret)
ERR_print_errors(bio_err);
if (randfile)
app_RAND_write_file(randfile);
NCONF_free(conf);
free_index(db);
OBJ_cleanup();
return (ret);
}
