summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/src/apps/progs.h3
-rw-r--r--src/lib/libssl/src/apps/s_client.c175
-rw-r--r--src/lib/libssl/src/apps/s_server.c128
-rw-r--r--src/lib/libssl/src/apps/srp.c669
4 files changed, 0 insertions, 975 deletions
diff --git a/src/lib/libssl/src/apps/progs.h b/src/lib/libssl/src/apps/progs.h
index 7fb346e7e5..df00b71939 100644
--- a/src/lib/libssl/src/apps/progs.h
+++ b/src/lib/libssl/src/apps/progs.h
@@ -104,9 +104,6 @@ FUNCTION functions[] = {
104 { FUNC_TYPE_GENERAL, "speed", speed_main }, 104 { FUNC_TYPE_GENERAL, "speed", speed_main },
105#endif 105#endif
106 { FUNC_TYPE_GENERAL, "spkac", spkac_main }, 106 { FUNC_TYPE_GENERAL, "spkac", spkac_main },
107#ifndef OPENSSL_NO_SRP
108 { FUNC_TYPE_GENERAL, "srp", srp_main },
109#endif
110 { FUNC_TYPE_GENERAL, "ts", ts_main }, 107 { FUNC_TYPE_GENERAL, "ts", ts_main },
111 { FUNC_TYPE_GENERAL, "verify", verify_main }, 108 { FUNC_TYPE_GENERAL, "verify", verify_main },
112 { FUNC_TYPE_GENERAL, "version", version_main }, 109 { FUNC_TYPE_GENERAL, "version", version_main },
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 2ec72876a0..e409589eb4 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -159,9 +159,6 @@
159#include <openssl/rand.h> 159#include <openssl/rand.h>
160#include <openssl/ocsp.h> 160#include <openssl/ocsp.h>
161#include <openssl/bn.h> 161#include <openssl/bn.h>
162#ifndef OPENSSL_NO_SRP
163#include <openssl/srp.h>
164#endif
165#include "s_apps.h" 162#include "s_apps.h"
166#include "timeouts.h" 163#include "timeouts.h"
167 164
@@ -308,13 +305,6 @@ sc_usage(void)
308 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); 305 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
309#endif 306#endif
310#endif 307#endif
311#ifndef OPENSSL_NO_SRP
312 BIO_printf(bio_err, " -srpuser user - SRP authentification for 'user'\n");
313 BIO_printf(bio_err, " -srppass arg - password for 'user'\n");
314 BIO_printf(bio_err, " -srp_lateuser - SRP username into second ClientHello message\n");
315 BIO_printf(bio_err, " -srp_moregroups - Tolerate other than the known g N values.\n");
316 BIO_printf(bio_err, " -srp_strength int - minimal mength in bits for N (default %d).\n", SRP_MINIMAL_N);
317#endif
318 BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); 308 BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
319 BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); 309 BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n");
320 BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); 310 BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n");
@@ -374,120 +364,6 @@ ssl_servername_cb(SSL * s, int *ad, void *arg)
374 return SSL_TLSEXT_ERR_OK; 364 return SSL_TLSEXT_ERR_OK;
375} 365}
376 366
377#ifndef OPENSSL_NO_SRP
378
379/* This is a context that we pass to all callbacks */
380typedef struct srp_arg_st {
381 char *srppassin;
382 char *srplogin;
383 int msg; /* copy from c_msg */
384 int debug; /* copy from c_debug */
385 int amp; /* allow more groups */
386 int strength /* minimal size for N */ ;
387} SRP_ARG;
388
389#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
390
391static int
392srp_Verify_N_and_g(BIGNUM * N, BIGNUM * g)
393{
394 BN_CTX *bn_ctx = BN_CTX_new();
395 BIGNUM *p = BN_new();
396 BIGNUM *r = BN_new();
397 int ret =
398 g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
399 BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
400 p != NULL && BN_rshift1(p, N) &&
401
402 /* p = (N-1)/2 */
403 BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
404 r != NULL &&
405
406 /* verify g^((N-1)/2) == -1 (mod N) */
407 BN_mod_exp(r, g, p, N, bn_ctx) &&
408 BN_add_word(r, 1) &&
409 BN_cmp(r, N) == 0;
410
411 if (r)
412 BN_free(r);
413 if (p)
414 BN_free(p);
415 if (bn_ctx)
416 BN_CTX_free(bn_ctx);
417 return ret;
418}
419
420/* This callback is used here for two purposes:
421 - extended debugging
422 - making some primality tests for unknown groups
423 The callback is only called for a non default group.
424
425 An application does not need the call back at all if
426 only the stanard groups are used. In real life situations,
427 client and server already share well known groups,
428 thus there is no need to verify them.
429 Furthermore, in case that a server actually proposes a group that
430 is not one of those defined in RFC 5054, it is more appropriate
431 to add the group to a static list and then compare since
432 primality tests are rather cpu consuming.
433*/
434
435static int
436ssl_srp_verify_param_cb(SSL * s, void *arg)
437{
438 SRP_ARG *srp_arg = (SRP_ARG *) arg;
439 BIGNUM *N = NULL, *g = NULL;
440 if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
441 return 0;
442 if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
443 BIO_printf(bio_err, "SRP parameters:\n");
444 BIO_printf(bio_err, "\tN=");
445 BN_print(bio_err, N);
446 BIO_printf(bio_err, "\n\tg=");
447 BN_print(bio_err, g);
448 BIO_printf(bio_err, "\n");
449 }
450 if (SRP_check_known_gN_param(g, N))
451 return 1;
452
453 if (srp_arg->amp == 1) {
454 if (srp_arg->debug)
455 BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
456
457/* The srp_moregroups is a real debugging feature.
458 Implementors should rather add the value to the known ones.
459 The minimal size has already been tested.
460*/
461 if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
462 return 1;
463 }
464 BIO_printf(bio_err, "SRP param N and g rejected.\n");
465 return 0;
466}
467
468#define PWD_STRLEN 1024
469
470static char *
471ssl_give_srp_client_pwd_cb(SSL * s, void *arg)
472{
473 SRP_ARG *srp_arg = (SRP_ARG *) arg;
474 char *pass = (char *) malloc(PWD_STRLEN + 1);
475 PW_CB_DATA cb_tmp;
476 int l;
477
478 cb_tmp.password = (char *) srp_arg->srppassin;
479 cb_tmp.prompt_info = "SRP user";
480 if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
481 BIO_printf(bio_err, "Can't read Password\n");
482 free(pass);
483 return NULL;
484 }
485 *(pass + l) = '\0';
486
487 return pass;
488}
489
490#endif
491#ifndef OPENSSL_NO_SRTP 367#ifndef OPENSSL_NO_SRTP
492char *srtp_profiles = NULL; 368char *srtp_profiles = NULL;
493#endif 369#endif
@@ -597,11 +473,6 @@ s_client_main(int argc, char **argv)
597#ifndef OPENSSL_NO_JPAKE 473#ifndef OPENSSL_NO_JPAKE
598 char *jpake_secret = NULL; 474 char *jpake_secret = NULL;
599#endif 475#endif
600#ifndef OPENSSL_NO_SRP
601 char *srppass = NULL;
602 int srp_lateuser = 0;
603 SRP_ARG srp_arg = {NULL, NULL, 0, 0, 0, 1024};
604#endif
605 476
606 meth = SSLv23_client_method(); 477 meth = SSLv23_client_method();
607 478
@@ -727,31 +598,6 @@ s_client_main(int argc, char **argv)
727 } 598 }
728 } 599 }
729#endif 600#endif
730#ifndef OPENSSL_NO_SRP
731 else if (strcmp(*argv, "-srpuser") == 0) {
732 if (--argc < 1)
733 goto bad;
734 srp_arg.srplogin = *(++argv);
735 meth = TLSv1_client_method();
736 } else if (strcmp(*argv, "-srppass") == 0) {
737 if (--argc < 1)
738 goto bad;
739 srppass = *(++argv);
740 meth = TLSv1_client_method();
741 } else if (strcmp(*argv, "-srp_strength") == 0) {
742 if (--argc < 1)
743 goto bad;
744 srp_arg.strength = atoi(*(++argv));
745 BIO_printf(bio_err, "SRP minimal length for N is %d\n", srp_arg.strength);
746 meth = TLSv1_client_method();
747 } else if (strcmp(*argv, "-srp_lateuser") == 0) {
748 srp_lateuser = 1;
749 meth = TLSv1_client_method();
750 } else if (strcmp(*argv, "-srp_moregroups") == 0) {
751 srp_arg.amp = 1;
752 meth = TLSv1_client_method();
753 }
754#endif
755 else if (strcmp(*argv, "-ssl3") == 0) 601 else if (strcmp(*argv, "-ssl3") == 0)
756 meth = SSLv3_client_method(); 602 meth = SSLv3_client_method();
757 else if (strcmp(*argv, "-tls1_2") == 0) 603 else if (strcmp(*argv, "-tls1_2") == 0)
@@ -997,12 +843,6 @@ bad:
997 bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE); 843 bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE);
998 } 844 }
999 } 845 }
1000#ifndef OPENSSL_NO_SRP
1001 if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) {
1002 BIO_printf(bio_err, "Error getting password\n");
1003 goto end;
1004 }
1005#endif
1006 846
1007 ctx = SSL_CTX_new(meth); 847 ctx = SSL_CTX_new(meth);
1008 if (ctx == NULL) { 848 if (ctx == NULL) {
@@ -1091,21 +931,6 @@ bad:
1091 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 931 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1092 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 932 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1093 } 933 }
1094#ifndef OPENSSL_NO_SRP
1095 if (srp_arg.srplogin) {
1096 if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
1097 BIO_printf(bio_err, "Unable to set SRP username\n");
1098 goto end;
1099 }
1100 srp_arg.msg = c_msg;
1101 srp_arg.debug = c_debug;
1102 SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
1103 SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
1104 SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
1105 if (c_msg || c_debug || srp_arg.amp == 0)
1106 SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb);
1107 }
1108#endif
1109#endif 934#endif
1110 935
1111 con = SSL_new(ctx); 936 con = SSL_new(ctx);
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 18717d8f23..22e3c18ada 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -175,9 +175,6 @@
175#ifndef OPENSSL_NO_RSA 175#ifndef OPENSSL_NO_RSA
176#include <openssl/rsa.h> 176#include <openssl/rsa.h>
177#endif 177#endif
178#ifndef OPENSSL_NO_SRP
179#include <openssl/srp.h>
180#endif
181#include "s_apps.h" 178#include "s_apps.h"
182#include "timeouts.h" 179#include "timeouts.h"
183 180
@@ -349,47 +346,6 @@ out_err:
349} 346}
350#endif 347#endif
351 348
352#ifndef OPENSSL_NO_SRP
353/* This is a context that we pass to callbacks */
354typedef struct srpsrvparm_st {
355 char *login;
356 SRP_VBASE *vb;
357 SRP_user_pwd *user;
358} srpsrvparm;
359
360/* This callback pretends to require some asynchronous logic in order to obtain
361 a verifier. When the callback is called for a new connection we return
362 with a negative value. This will provoke the accept etc to return with
363 an LOOKUP_X509. The main logic of the reinvokes the suspended call
364 (which would normally occur after a worker has finished) and we
365 set the user parameters.
366*/
367static int
368ssl_srp_server_param_cb(SSL * s, int *ad, void *arg)
369{
370 srpsrvparm *p = (srpsrvparm *) arg;
371 if (p->login == NULL && p->user == NULL) {
372 p->login = SSL_get_srp_username(s);
373 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
374 return (-1);
375 }
376 if (p->user == NULL) {
377 BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
378 return SSL3_AL_FATAL;
379 }
380 if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
381 p->user->info) < 0) {
382 *ad = SSL_AD_INTERNAL_ERROR;
383 return SSL3_AL_FATAL;
384 }
385 BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info);
386 /* need to check whether there are memory leaks */
387 p->user = NULL;
388 p->login = NULL;
389 return SSL_ERROR_NONE;
390}
391
392#endif
393 349
394static void 350static void
395s_server_init(void) 351s_server_init(void)
@@ -474,10 +430,6 @@ sv_usage(void)
474 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); 430 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
475#endif 431#endif
476#endif 432#endif
477#ifndef OPENSSL_NO_SRP
478 BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n");
479 BIO_printf(bio_err, " -srpuserseed string - A seed string for a default user salt.\n");
480#endif
481 BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n"); 433 BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
482 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); 434 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
483 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); 435 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
@@ -727,9 +679,6 @@ int s_server_main(int, char **);
727#ifndef OPENSSL_NO_JPAKE 679#ifndef OPENSSL_NO_JPAKE
728static char *jpake_secret = NULL; 680static char *jpake_secret = NULL;
729#endif 681#endif
730#ifndef OPENSSL_NO_SRP
731static srpsrvparm srp_callback_parm;
732#endif
733#ifndef OPENSSL_NO_SRTP 682#ifndef OPENSSL_NO_SRTP
734static char *srtp_profiles = NULL; 683static char *srtp_profiles = NULL;
735#endif 684#endif
@@ -775,10 +724,6 @@ s_server_main(int argc, char *argv[])
775 /* by default do not send a PSK identity hint */ 724 /* by default do not send a PSK identity hint */
776 static char *psk_identity_hint = NULL; 725 static char *psk_identity_hint = NULL;
777#endif 726#endif
778#ifndef OPENSSL_NO_SRP
779 char *srpuserseed = NULL;
780 char *srp_verifier_file = NULL;
781#endif
782 meth = SSLv23_server_method(); 727 meth = SSLv23_server_method();
783 728
784 local_argc = argc; 729 local_argc = argc;
@@ -977,19 +922,6 @@ s_server_main(int argc, char *argv[])
977 } 922 }
978 } 923 }
979#endif 924#endif
980#ifndef OPENSSL_NO_SRP
981 else if (strcmp(*argv, "-srpvfile") == 0) {
982 if (--argc < 1)
983 goto bad;
984 srp_verifier_file = *(++argv);
985 meth = TLSv1_server_method();
986 } else if (strcmp(*argv, "-srpuserseed") == 0) {
987 if (--argc < 1)
988 goto bad;
989 srpuserseed = *(++argv);
990 meth = TLSv1_server_method();
991 }
992#endif
993 else if (strcmp(*argv, "-www") == 0) { 925 else if (strcmp(*argv, "-www") == 0) {
994 www = 1; 926 www = 1;
995 } else if (strcmp(*argv, "-WWW") == 0) { 927 } else if (strcmp(*argv, "-WWW") == 0) {
@@ -1535,22 +1467,6 @@ bad:
1535 } 1467 }
1536#endif 1468#endif
1537 1469
1538#ifndef OPENSSL_NO_SRP
1539 if (srp_verifier_file != NULL) {
1540 srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
1541 srp_callback_parm.user = NULL;
1542 srp_callback_parm.login = NULL;
1543 if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) {
1544 BIO_printf(bio_err,
1545 "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
1546 srp_verifier_file, ret);
1547 goto end;
1548 }
1549 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
1550 SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
1551 SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
1552 } else
1553#endif
1554 if (CAfile != NULL) { 1470 if (CAfile != NULL) {
1555 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); 1471 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1556#ifndef OPENSSL_NO_TLSEXT 1472#ifndef OPENSSL_NO_TLSEXT
@@ -1866,17 +1782,6 @@ sv_body(char *hostname, int s, unsigned char *context)
1866 } 1782 }
1867#endif 1783#endif
1868 k = SSL_write(con, &(buf[l]), (unsigned int) i); 1784 k = SSL_write(con, &(buf[l]), (unsigned int) i);
1869#ifndef OPENSSL_NO_SRP
1870 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
1871 BIO_printf(bio_s_out, "LOOKUP renego during write\n");
1872 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
1873 if (srp_callback_parm.user)
1874 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
1875 else
1876 BIO_printf(bio_s_out, "LOOKUP not successful\n");
1877 k = SSL_write(con, &(buf[l]), (unsigned int) i);
1878 }
1879#endif
1880 switch (SSL_get_error(con, k)) { 1785 switch (SSL_get_error(con, k)) {
1881 case SSL_ERROR_NONE: 1786 case SSL_ERROR_NONE:
1882 break; 1787 break;
@@ -1917,17 +1822,6 @@ sv_body(char *hostname, int s, unsigned char *context)
1917 } else { 1822 } else {
1918 again: 1823 again:
1919 i = SSL_read(con, (char *) buf, bufsize); 1824 i = SSL_read(con, (char *) buf, bufsize);
1920#ifndef OPENSSL_NO_SRP
1921 while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
1922 BIO_printf(bio_s_out, "LOOKUP renego during read\n");
1923 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
1924 if (srp_callback_parm.user)
1925 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
1926 else
1927 BIO_printf(bio_s_out, "LOOKUP not successful\n");
1928 i = SSL_read(con, (char *) buf, bufsize);
1929 }
1930#endif
1931 switch (SSL_get_error(con, i)) { 1825 switch (SSL_get_error(con, i)) {
1932 case SSL_ERROR_NONE: 1826 case SSL_ERROR_NONE:
1933 write(fileno(stdout), buf, 1827 write(fileno(stdout), buf,
@@ -2002,17 +1896,6 @@ init_ssl_connection(SSL * con)
2002 1896
2003 1897
2004 i = SSL_accept(con); 1898 i = SSL_accept(con);
2005#ifndef OPENSSL_NO_SRP
2006 while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2007 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2008 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2009 if (srp_callback_parm.user)
2010 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2011 else
2012 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2013 i = SSL_accept(con);
2014 }
2015#endif
2016 if (i <= 0) { 1899 if (i <= 0) {
2017 if (BIO_sock_should_retry(i)) { 1900 if (BIO_sock_should_retry(i)) {
2018 BIO_printf(bio_s_out, "DELAY\n"); 1901 BIO_printf(bio_s_out, "DELAY\n");
@@ -2223,17 +2106,6 @@ www_body(char *hostname, int s, unsigned char *context)
2223 for (;;) { 2106 for (;;) {
2224 if (hack) { 2107 if (hack) {
2225 i = SSL_accept(con); 2108 i = SSL_accept(con);
2226#ifndef OPENSSL_NO_SRP
2227 while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2228 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2229 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2230 if (srp_callback_parm.user)
2231 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2232 else
2233 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2234 i = SSL_accept(con);
2235 }
2236#endif
2237 switch (SSL_get_error(con, i)) { 2109 switch (SSL_get_error(con, i)) {
2238 case SSL_ERROR_NONE: 2110 case SSL_ERROR_NONE:
2239 break; 2111 break;
diff --git a/src/lib/libssl/src/apps/srp.c b/src/lib/libssl/src/apps/srp.c
deleted file mode 100644
index 24b7f317c3..0000000000
--- a/src/lib/libssl/src/apps/srp.c
+++ /dev/null
@@ -1,669 +0,0 @@
1/* apps/srp.c */
2/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)
3 * for the EdelKey project and contributed to the OpenSSL project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#include <openssl/opensslconf.h>
59
60#ifndef OPENSSL_NO_SRP
61#include <stdio.h>
62#include <stdlib.h>
63#include <string.h>
64#include <openssl/conf.h>
65#include <openssl/bio.h>
66#include <openssl/err.h>
67#include <openssl/txt_db.h>
68#include <openssl/buffer.h>
69#include <openssl/srp.h>
70
71#include "apps.h"
72
73
74#define BASE_SECTION "srp"
75
76#define ENV_RANDFILE "RANDFILE"
77
78#define ENV_DATABASE "srpvfile"
79#define ENV_DEFAULT_SRP "default_srp"
80
81static char *srp_usage[] = {
82 "usage: srp [args] [user] \n",
83 "\n",
84 " -verbose Talk alot while doing things\n",
85 " -config file A config file\n",
86 " -name arg The particular srp definition to use\n",
87 " -srpvfile arg The srp verifier file name\n",
88 " -add add an user and srp verifier\n",
89 " -modify modify the srp verifier of an existing user\n",
90 " -delete delete user from verifier file\n",
91 " -list list user\n",
92 " -gn arg g and N values to be used for new verifier\n",
93 " -userinfo arg additional info to be set for user\n",
94 " -passin arg input file pass phrase source\n",
95 " -passout arg output file pass phrase source\n",
96#ifndef OPENSSL_NO_ENGINE
97 " -engine e - use engine e, possibly a hardware device.\n",
98#endif
99 NULL
100};
101
102#ifdef EFENCE
103extern int EF_PROTECT_FREE;
104extern int EF_PROTECT_BELOW;
105extern int EF_ALIGNMENT;
106#endif
107
108static CONF *conf = NULL;
109static char *section = NULL;
110
111#define VERBOSE if (verbose)
112#define VVERBOSE if (verbose>1)
113
114
115int srp_main(int, char **);
116
117static int
118get_index(CA_DB * db, char *id, char type)
119{
120 char **pp;
121 int i;
122 if (id == NULL)
123 return -1;
124 if (type == DB_SRP_INDEX)
125 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
126 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
127 if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
128 return i;
129 }
130 else
131 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
132 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
133
134 if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
135 return i;
136 }
137
138 return -1;
139}
140
141static void
142print_entry(CA_DB * db, BIO * bio, int indx, int verbose, char *s)
143{
144 if (indx >= 0 && verbose) {
145 int j;
146 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
147 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
148 for (j = 0; j < DB_NUMBER; j++) {
149 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
150 }
151 }
152}
153
154static void
155print_index(CA_DB * db, BIO * bio, int indexindex, int verbose)
156{
157 print_entry(db, bio, indexindex, verbose, "g N entry");
158}
159
160static void
161print_user(CA_DB * db, BIO * bio, int userindex, int verbose)
162{
163 if (verbose > 0) {
164 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
165
166 if (pp[DB_srptype][0] != 'I') {
167 print_entry(db, bio, userindex, verbose, "User entry");
168 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
169 }
170 }
171}
172
173static int
174update_index(CA_DB * db, BIO * bio, char **row)
175{
176 char **irow;
177 int i;
178
179 if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
180 BIO_printf(bio_err, "Memory allocation failure\n");
181 return 0;
182 }
183 for (i = 0; i < DB_NUMBER; i++) {
184 irow[i] = row[i];
185 row[i] = NULL;
186 }
187 irow[DB_NUMBER] = NULL;
188
189 if (!TXT_DB_insert(db->db, irow)) {
190 BIO_printf(bio, "failed to update srpvfile\n");
191 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
192 free(irow);
193 return 0;
194 }
195 return 1;
196}
197
198static void
199lookup_fail(const char *name, char *tag)
200{
201 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
202}
203
204
205static char *
206srp_verify_user(const char *user, const char *srp_verifier,
207 char *srp_usersalt, const char *g, const char *N,
208 const char *passin, BIO * bio, int verbose)
209{
210 char password[1024];
211 PW_CB_DATA cb_tmp;
212 char *verifier = NULL;
213 char *gNid = NULL;
214
215 cb_tmp.prompt_info = user;
216 cb_tmp.password = passin;
217
218 if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
219 VERBOSE BIO_printf(bio, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N);
220 BIO_printf(bio, "Pass %s\n", password);
221
222 if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g))) {
223 BIO_printf(bio, "Internal error validating SRP verifier\n");
224 } else {
225 if (strcmp(verifier, srp_verifier))
226 gNid = NULL;
227 free(verifier);
228 }
229 }
230 return gNid;
231}
232
233static char *
234srp_create_user(char *user, char **srp_verifier,
235 char **srp_usersalt, char *g, char *N,
236 char *passout, BIO * bio, int verbose)
237{
238 char password[1024];
239 PW_CB_DATA cb_tmp;
240 char *gNid = NULL;
241 char *salt = NULL;
242 cb_tmp.prompt_info = user;
243 cb_tmp.password = passout;
244
245 if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
246 VERBOSE BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N);
247 if (!(gNid = SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) {
248 BIO_printf(bio, "Internal error creating SRP verifier\n");
249 } else
250 *srp_usersalt = salt;
251 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier);
252
253 }
254 return gNid;
255}
256
257int
258srp_main(int argc, char **argv)
259{
260 int add_user = 0;
261 int list_user = 0;
262 int delete_user = 0;
263 int modify_user = 0;
264 char *user = NULL;
265
266 char *passargin = NULL, *passargout = NULL;
267 char *passin = NULL, *passout = NULL;
268 char *gN = NULL;
269 int gNindex = -1;
270 char **gNrow = NULL;
271 int maxgN = -1;
272
273 char *userinfo = NULL;
274
275 int badops = 0;
276 int ret = 1;
277 int errors = 0;
278 int verbose = 0;
279 int doupdatedb = 0;
280 char *configfile = NULL;
281 char *dbfile = NULL;
282 CA_DB *db = NULL;
283 char **pp;
284 int i;
285 long errorline = -1;
286#ifndef OPENSSL_NO_ENGINE
287 char *engine = NULL;
288#endif
289 char *tofree = NULL;
290 DB_ATTR db_attr;
291
292#ifdef EFENCE
293 EF_PROTECT_FREE = 1;
294 EF_PROTECT_BELOW = 1;
295 EF_ALIGNMENT = 0;
296#endif
297
298 signal(SIGPIPE, SIG_IGN);
299
300 conf = NULL;
301 section = NULL;
302
303 if (bio_err == NULL)
304 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
305 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
306
307 argc--;
308 argv++;
309 while (argc >= 1 && badops == 0) {
310 if (strcmp(*argv, "-verbose") == 0)
311 verbose++;
312 else if (strcmp(*argv, "-config") == 0) {
313 if (--argc < 1)
314 goto bad;
315 configfile = *(++argv);
316 } else if (strcmp(*argv, "-name") == 0) {
317 if (--argc < 1)
318 goto bad;
319 section = *(++argv);
320 } else if (strcmp(*argv, "-srpvfile") == 0) {
321 if (--argc < 1)
322 goto bad;
323 dbfile = *(++argv);
324 } else if (strcmp(*argv, "-add") == 0)
325 add_user = 1;
326 else if (strcmp(*argv, "-delete") == 0)
327 delete_user = 1;
328 else if (strcmp(*argv, "-modify") == 0)
329 modify_user = 1;
330 else if (strcmp(*argv, "-list") == 0)
331 list_user = 1;
332 else if (strcmp(*argv, "-gn") == 0) {
333 if (--argc < 1)
334 goto bad;
335 gN = *(++argv);
336 } else if (strcmp(*argv, "-userinfo") == 0) {
337 if (--argc < 1)
338 goto bad;
339 userinfo = *(++argv);
340 } else if (strcmp(*argv, "-passin") == 0) {
341 if (--argc < 1)
342 goto bad;
343 passargin = *(++argv);
344 } else if (strcmp(*argv, "-passout") == 0) {
345 if (--argc < 1)
346 goto bad;
347 passargout = *(++argv);
348 }
349#ifndef OPENSSL_NO_ENGINE
350 else if (strcmp(*argv, "-engine") == 0) {
351 if (--argc < 1)
352 goto bad;
353 engine = *(++argv);
354 }
355#endif
356
357 else if (**argv == '-') {
358 bad:
359 BIO_printf(bio_err, "unknown option %s\n", *argv);
360 badops = 1;
361 break;
362 } else
363 break;
364
365 argc--;
366 argv++;
367 }
368
369 if (dbfile && configfile) {
370 BIO_printf(bio_err, "-dbfile and -configfile cannot be specified together.\n");
371 badops = 1;
372 }
373 if (add_user + delete_user + modify_user + list_user != 1) {
374 BIO_printf(bio_err, "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
375 badops = 1;
376 }
377 if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
378 BIO_printf(bio_err, "Need at least one user for options -add, -delete, -modify. \n");
379 badops = 1;
380 }
381 if ((passin || passout) && argc != 1) {
382 BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n");
383 badops = 1;
384 }
385 if (badops) {
386 for (pp = srp_usage; (*pp != NULL); pp++)
387 BIO_printf(bio_err, "%s", *pp);
388
389 BIO_printf(bio_err, " -rand file:file:...\n");
390 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
391 BIO_printf(bio_err, " the random number generator\n");
392 goto err;
393 }
394 ERR_load_crypto_strings();
395
396#ifndef OPENSSL_NO_ENGINE
397 setup_engine(bio_err, engine, 0);
398#endif
399
400 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
401 BIO_printf(bio_err, "Error getting passwords\n");
402 goto err;
403 }
404 if (!dbfile) {
405
406
407 /*****************************************************************/
408 tofree = NULL;
409 if (configfile == NULL)
410 configfile = getenv("OPENSSL_CONF");
411 if (configfile == NULL)
412 configfile = getenv("SSLEAY_CONF");
413 if (configfile == NULL) {
414 if ((tofree = make_config_name()) == NULL) {
415 BIO_printf(bio_err, "error making config file name\n");
416 goto err;
417 }
418 configfile = tofree;
419 }
420 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", configfile);
421 conf = NCONF_new(NULL);
422 if (NCONF_load(conf, configfile, &errorline) <= 0) {
423 if (errorline <= 0)
424 BIO_printf(bio_err, "error loading the config file '%s'\n",
425 configfile);
426 else
427 BIO_printf(bio_err, "error on line %ld of config file '%s'\n"
428 ,errorline, configfile);
429 goto err;
430 }
431 if (tofree) {
432 free(tofree);
433 tofree = NULL;
434 }
435 if (!load_config(bio_err, conf))
436 goto err;
437
438 /* Lets get the config section we are using */
439 if (section == NULL) {
440 VERBOSE BIO_printf(bio_err, "trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
441
442 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
443 if (section == NULL) {
444 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
445 goto err;
446 }
447 }
448
449 VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section);
450
451 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
452 lookup_fail(section, ENV_DATABASE);
453 goto err;
454 }
455 }
456 ERR_clear_error();
457
458 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile);
459
460 db = load_index(dbfile, &db_attr);
461 if (db == NULL)
462 goto err;
463
464 /* Lets check some fields */
465 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
466 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
467
468 if (pp[DB_srptype][0] == DB_SRP_INDEX) {
469 maxgN = i;
470 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
471 gNindex = i;
472
473 print_index(db, bio_err, i, verbose > 1);
474 }
475 }
476
477 VERBOSE BIO_printf(bio_err, "Database initialised\n");
478
479 if (gNindex >= 0) {
480 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
481 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
482 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
483 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
484 goto err;
485 } else {
486 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
487 gNrow = NULL;
488 }
489
490
491 VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
492
493 if (argc > 0)
494 user = *(argv++);
495
496 while (list_user || user) {
497 int userindex = -1;
498 if (user)
499 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
500 if ((userindex = get_index(db, user, 'U')) >= 0) {
501 print_user(db, bio_err, userindex, (verbose > 0) || list_user);
502 }
503 if (list_user) {
504 if (user == NULL) {
505 BIO_printf(bio_err, "List all users\n");
506
507 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
508 print_user(db, bio_err, i, 1);
509 }
510 list_user = 0;
511 } else if (userindex < 0) {
512 BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
513 user);
514 errors++;
515 }
516 } else if (add_user) {
517 if (userindex >= 0) {
518 /* reactivation of a new user */
519 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
520 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
521 row[DB_srptype][0] = 'V';
522
523 doupdatedb = 1;
524 } else {
525 char *row[DB_NUMBER];
526 char *gNid;
527 row[DB_srpverifier] = NULL;
528 row[DB_srpsalt] = NULL;
529 row[DB_srpinfo] = NULL;
530 if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : gN, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
531 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
532 errors++;
533 goto err;
534 }
535 row[DB_srpid] = BUF_strdup(user);
536 row[DB_srptype] = BUF_strdup("v");
537 row[DB_srpgN] = BUF_strdup(gNid);
538
539 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
540 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) ||
541 !update_index(db, bio_err, row)) {
542 if (row[DB_srpid])
543 free(row[DB_srpid]);
544 if (row[DB_srpgN])
545 free(row[DB_srpgN]);
546 if (row[DB_srpinfo])
547 free(row[DB_srpinfo]);
548 if (row[DB_srptype])
549 free(row[DB_srptype]);
550 if (row[DB_srpverifier])
551 free(row[DB_srpverifier]);
552 if (row[DB_srpsalt])
553 free(row[DB_srpsalt]);
554 goto err;
555 }
556 doupdatedb = 1;
557 }
558 } else if (modify_user) {
559 if (userindex < 0) {
560 BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored.\n", user);
561 errors++;
562 } else {
563
564 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
565 char type = row[DB_srptype][0];
566 if (type == 'v') {
567 BIO_printf(bio_err, "user \"%s\" already updated, operation ignored.\n", user);
568 errors++;
569 } else {
570 char *gNid;
571
572 if (row[DB_srptype][0] == 'V') {
573 int user_gN;
574 char **irow = NULL;
575 VERBOSE BIO_printf(bio_err, "Verifying password for user \"%s\"\n", user);
576 if ((user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
577 irow = (char **) sk_OPENSSL_PSTRING_value(db->db->data, userindex);
578
579 if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose)) {
580 BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
581 errors++;
582 goto err;
583 }
584 }
585 VERBOSE BIO_printf(bio_err, "Password for user \"%s\" ok.\n", user);
586
587 if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : NULL, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
588 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
589 errors++;
590 goto err;
591 }
592 row[DB_srptype][0] = 'v';
593 row[DB_srpgN] = BUF_strdup(gNid);
594
595 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
596 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
597 goto err;
598
599 doupdatedb = 1;
600 }
601 }
602 } else if (delete_user) {
603 if (userindex < 0) {
604 BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
605 errors++;
606 } else {
607 char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
608 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
609
610 xpp[DB_srptype][0] = 'R';
611
612 doupdatedb = 1;
613 }
614 }
615 if (--argc > 0)
616 user = *(argv++);
617 else {
618 user = NULL;
619 list_user = 0;
620 }
621 }
622
623 VERBOSE BIO_printf(bio_err, "User procession done.\n");
624
625
626 if (doupdatedb) {
627 /* Lets check some fields */
628 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
629 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
630
631 if (pp[DB_srptype][0] == 'v') {
632 pp[DB_srptype][0] = 'V';
633 print_user(db, bio_err, i, verbose);
634 }
635 }
636
637 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
638 if (!save_index(dbfile, "new", db))
639 goto err;
640
641 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
642 if (!rotate_index(dbfile, "new", "old"))
643 goto err;
644
645 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
646 }
647 ret = (errors != 0);
648err:
649 if (errors != 0)
650 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
651
652 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
653 if (tofree)
654 free(tofree);
655 if (ret)
656 ERR_print_errors(bio_err);
657 if (conf)
658 NCONF_free(conf);
659 if (db)
660 free_index(db);
661
662 OBJ_cleanup();
663
664 return (ret);
665}
666
667
668
669#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 20:22:54 +0000