xref: /freebsd/crypto/openssl/apps/srp.c (revision 4f52dfbb8d6c4d446500c5b097e3806ec219fbd4)
1 /* apps/srp.c */
2 /*
3  * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
4  * project and contributed to the OpenSSL project 2004.
5  */
6 /* ====================================================================
7  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  *
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in
18  *    the documentation and/or other materials provided with the
19  *    distribution.
20  *
21  * 3. All advertising materials mentioning features or use of this
22  *    software must display the following acknowledgment:
23  *    "This product includes software developed by the OpenSSL Project
24  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25  *
26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27  *    endorse or promote products derived from this software without
28  *    prior written permission. For written permission, please contact
29  *    licensing@OpenSSL.org.
30  *
31  * 5. Products derived from this software may not be called "OpenSSL"
32  *    nor may "OpenSSL" appear in their names without prior written
33  *    permission of the OpenSSL Project.
34  *
35  * 6. Redistributions of any form whatsoever must retain the following
36  *    acknowledgment:
37  *    "This product includes software developed by the OpenSSL Project
38  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51  * OF THE POSSIBILITY OF SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This product includes cryptographic software written by Eric Young
55  * (eay@cryptsoft.com).  This product includes software written by Tim
56  * Hudson (tjh@cryptsoft.com).
57  *
58  */
59 #include <openssl/opensslconf.h>
60 
61 #ifndef OPENSSL_NO_SRP
62 # include <stdio.h>
63 # include <stdlib.h>
64 # include <string.h>
65 # include <openssl/conf.h>
66 # include <openssl/bio.h>
67 # include <openssl/err.h>
68 # include <openssl/txt_db.h>
69 # include <openssl/buffer.h>
70 # include <openssl/srp.h>
71 
72 # include "apps.h"
73 
74 # undef PROG
75 # define PROG srp_main
76 
77 # define BASE_SECTION    "srp"
78 # define CONFIG_FILE "openssl.cnf"
79 
80 # define ENV_RANDFILE            "RANDFILE"
81 
82 # define ENV_DATABASE            "srpvfile"
83 # define ENV_DEFAULT_SRP         "default_srp"
84 
85 static char *srp_usage[] = {
86     "usage: srp [args] [user] \n",
87     "\n",
88     " -verbose        Talk alot while doing things\n",
89     " -config file    A config file\n",
90     " -name arg       The particular srp definition to use\n",
91     " -srpvfile arg   The srp verifier file name\n",
92     " -add            add an user and srp verifier\n",
93     " -modify         modify the srp verifier of an existing user\n",
94     " -delete         delete user from verifier file\n",
95     " -list           list user\n",
96     " -gn arg         g and N values to be used for new verifier\n",
97     " -userinfo arg   additional info to be set for user\n",
98     " -passin arg     input file pass phrase source\n",
99     " -passout arg    output file pass phrase source\n",
100 # ifndef OPENSSL_NO_ENGINE
101     " -engine e         - use engine e, possibly a hardware device.\n",
102 # endif
103     NULL
104 };
105 
106 # ifdef EFENCE
107 extern int EF_PROTECT_FREE;
108 extern int EF_PROTECT_BELOW;
109 extern int EF_ALIGNMENT;
110 # endif
111 
112 static CONF *conf = NULL;
113 static char *section = NULL;
114 
115 # define VERBOSE if (verbose)
116 # define VVERBOSE if (verbose>1)
117 
118 int MAIN(int, char **);
119 
120 static int get_index(CA_DB *db, char *id, char type)
121 {
122     char **pp;
123     int i;
124     if (id == NULL)
125         return -1;
126     if (type == DB_SRP_INDEX) {
127         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
128             pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
129             if (pp[DB_srptype][0] == DB_SRP_INDEX
130                 && !strcmp(id, pp[DB_srpid]))
131                 return i;
132         }
133     } else {
134         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
135             pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
136 
137             if (pp[DB_srptype][0] != DB_SRP_INDEX
138                 && !strcmp(id, pp[DB_srpid]))
139                 return i;
140         }
141     }
142 
143     return -1;
144 }
145 
146 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
147 {
148     if (indx >= 0 && verbose) {
149         int j;
150         char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
151         BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
152         for (j = 0; j < DB_NUMBER; j++) {
153             BIO_printf(bio_err, "  %d = \"%s\"\n", j, pp[j]);
154         }
155     }
156 }
157 
158 static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
159 {
160     print_entry(db, bio, indexindex, verbose, "g N entry");
161 }
162 
163 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
164 {
165     if (verbose > 0) {
166         char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
167 
168         if (pp[DB_srptype][0] != 'I') {
169             print_entry(db, bio, userindex, verbose, "User entry");
170             print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,
171                         "g N entry");
172         }
173 
174     }
175 }
176 
177 static int update_index(CA_DB *db, BIO *bio, char **row)
178 {
179     char **irow;
180     int i;
181 
182     irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
183     if (irow == NULL) {
184         BIO_printf(bio_err, "Memory allocation failure\n");
185         return 0;
186     }
187 
188     for (i = 0; i < DB_NUMBER; i++)
189         irow[i] = row[i];
190     irow[DB_NUMBER] = NULL;
191 
192     if (!TXT_DB_insert(db->db, irow)) {
193         BIO_printf(bio, "failed to update srpvfile\n");
194         BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
195         OPENSSL_free(irow);
196         return 0;
197     }
198     return 1;
199 }
200 
201 static void lookup_fail(const char *name, char *tag)
202 {
203     BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
204 }
205 
206 static char *srp_verify_user(const char *user, const char *srp_verifier,
207                              char *srp_usersalt, const char *g, const char *N,
208                              const char *passin, BIO *bio, int verbose)
209 {
210     char password[1025];
211     PW_CB_DATA cb_tmp;
212     char *verifier = NULL;
213     char *gNid = NULL;
214     int len;
215 
216     cb_tmp.prompt_info = user;
217     cb_tmp.password = passin;
218 
219     len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
220     if (len > 0) {
221         password[len] = 0;
222         VERBOSE BIO_printf(bio,
223                            "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
224                            user, srp_verifier, srp_usersalt, g, N);
225         VVERBOSE BIO_printf(bio, "Pass %s\n", password);
226 
227         if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
228                                          &verifier, N, g))) {
229             BIO_printf(bio, "Internal error validating SRP verifier\n");
230         } else {
231             if (strcmp(verifier, srp_verifier))
232                 gNid = NULL;
233             OPENSSL_free(verifier);
234         }
235         OPENSSL_cleanse(password, len);
236     }
237     return gNid;
238 }
239 
240 static char *srp_create_user(char *user, char **srp_verifier,
241                              char **srp_usersalt, char *g, char *N,
242                              char *passout, BIO *bio, int verbose)
243 {
244     char password[1025];
245     PW_CB_DATA cb_tmp;
246     char *gNid = NULL;
247     char *salt = NULL;
248     int len;
249     cb_tmp.prompt_info = user;
250     cb_tmp.password = passout;
251 
252     len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
253     if (len > 0) {
254         password[len] = 0;
255         VERBOSE BIO_printf(bio,
256                            "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
257                            user, g, N);
258         if (!(gNid = SRP_create_verifier(user, password, &salt,
259                                          srp_verifier, N, g))) {
260             BIO_printf(bio, "Internal error creating SRP verifier\n");
261         } else {
262             *srp_usersalt = salt;
263         }
264         OPENSSL_cleanse(password, len);
265         VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
266                             gNid, salt, *srp_verifier);
267 
268     }
269     return gNid;
270 }
271 
272 int MAIN(int argc, char **argv)
273 {
274     int add_user = 0;
275     int list_user = 0;
276     int delete_user = 0;
277     int modify_user = 0;
278     char *user = NULL;
279 
280     char *passargin = NULL, *passargout = NULL;
281     char *passin = NULL, *passout = NULL;
282     char *gN = NULL;
283     int gNindex = -1;
284     char **gNrow = NULL;
285     int maxgN = -1;
286 
287     char *userinfo = NULL;
288 
289     int badops = 0;
290     int ret = 1;
291     int errors = 0;
292     int verbose = 0;
293     int doupdatedb = 0;
294     char *configfile = NULL;
295     char *dbfile = NULL;
296     CA_DB *db = NULL;
297     char **pp;
298     int i;
299     long errorline = -1;
300     char *randfile = NULL;
301     ENGINE *e = NULL;
302     char *engine = NULL;
303     char *tofree = NULL;
304     DB_ATTR db_attr;
305 
306 # ifdef EFENCE
307     EF_PROTECT_FREE = 1;
308     EF_PROTECT_BELOW = 1;
309     EF_ALIGNMENT = 0;
310 # endif
311 
312     apps_startup();
313 
314     conf = NULL;
315     section = NULL;
316 
317     if (bio_err == NULL)
318         if ((bio_err = BIO_new(BIO_s_file())) != NULL)
319             BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
320 
321     argc--;
322     argv++;
323     while (argc >= 1 && badops == 0) {
324         if (strcmp(*argv, "-verbose") == 0) {
325             verbose++;
326         } else if (strcmp(*argv, "-config") == 0) {
327             if (--argc < 1)
328                 goto bad;
329             configfile = *(++argv);
330         } else if (strcmp(*argv, "-name") == 0) {
331             if (--argc < 1)
332                 goto bad;
333             section = *(++argv);
334         } else if (strcmp(*argv, "-srpvfile") == 0) {
335             if (--argc < 1)
336                 goto bad;
337             dbfile = *(++argv);
338         } else if (strcmp(*argv, "-add") == 0) {
339             add_user = 1;
340         } else if (strcmp(*argv, "-delete") == 0) {
341             delete_user = 1;
342         } else if (strcmp(*argv, "-modify") == 0) {
343             modify_user = 1;
344         } else if (strcmp(*argv, "-list") == 0) {
345             list_user = 1;
346         } else if (strcmp(*argv, "-gn") == 0) {
347             if (--argc < 1)
348                 goto bad;
349             gN = *(++argv);
350         } else if (strcmp(*argv, "-userinfo") == 0) {
351             if (--argc < 1)
352                 goto bad;
353             userinfo = *(++argv);
354         } else if (strcmp(*argv, "-passin") == 0) {
355             if (--argc < 1)
356                 goto bad;
357             passargin = *(++argv);
358         } else if (strcmp(*argv, "-passout") == 0) {
359             if (--argc < 1)
360                 goto bad;
361             passargout = *(++argv);
362         }
363 # ifndef OPENSSL_NO_ENGINE
364         else if (strcmp(*argv, "-engine") == 0) {
365             if (--argc < 1)
366                 goto bad;
367             engine = *(++argv);
368         }
369 # endif
370 
371         else if (**argv == '-') {
372  bad:
373             BIO_printf(bio_err, "unknown option %s\n", *argv);
374             badops = 1;
375             break;
376         } else {
377             break;
378         }
379 
380         argc--;
381         argv++;
382     }
383 
384     if (dbfile && configfile) {
385         BIO_printf(bio_err,
386                    "-dbfile and -configfile cannot be specified together.\n");
387         badops = 1;
388     }
389     if (add_user + delete_user + modify_user + list_user != 1) {
390         BIO_printf(bio_err,
391                    "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
392         badops = 1;
393     }
394     if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
395         BIO_printf(bio_err,
396                    "Need at least one user for options -add, -delete, -modify. \n");
397         badops = 1;
398     }
399     if ((passargin || passargout) && argc != 1) {
400         BIO_printf(bio_err,
401                    "-passin, -passout arguments only valid with one user.\n");
402         badops = 1;
403     }
404 
405     if (badops) {
406         for (pp = srp_usage; (*pp != NULL); pp++)
407             BIO_printf(bio_err, "%s", *pp);
408 
409         BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
410                    LIST_SEPARATOR_CHAR);
411         BIO_printf(bio_err,
412                    "                 load the file (or the files in the directory) into\n");
413         BIO_printf(bio_err, "                 the random number generator\n");
414         goto err;
415     }
416 
417     ERR_load_crypto_strings();
418 
419     e = setup_engine(bio_err, engine, 0);
420 
421     if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
422         BIO_printf(bio_err, "Error getting passwords\n");
423         goto err;
424     }
425 
426     if (!dbfile) {
427 
428         /*****************************************************************/
429         tofree = NULL;
430         if (configfile == NULL)
431             configfile = getenv("OPENSSL_CONF");
432         if (configfile == NULL)
433             configfile = getenv("SSLEAY_CONF");
434         if (configfile == NULL) {
435             const char *s = X509_get_default_cert_area();
436             size_t len;
437 
438 # ifdef OPENSSL_SYS_VMS
439             len = strlen(s) + sizeof(CONFIG_FILE);
440             tofree = OPENSSL_malloc(len);
441             if (!tofree) {
442                 BIO_printf(bio_err, "Out of memory\n");
443                 goto err;
444             }
445             strcpy(tofree, s);
446 # else
447             len = strlen(s) + sizeof(CONFIG_FILE) + 1;
448             tofree = OPENSSL_malloc(len);
449             if (!tofree) {
450                 BIO_printf(bio_err, "Out of memory\n");
451                 goto err;
452             }
453             BUF_strlcpy(tofree, s, len);
454             BUF_strlcat(tofree, "/", len);
455 # endif
456             BUF_strlcat(tofree, CONFIG_FILE, len);
457             configfile = tofree;
458         }
459 
460         VERBOSE BIO_printf(bio_err, "Using configuration from %s\n",
461                            configfile);
462         conf = NCONF_new(NULL);
463         if (NCONF_load(conf, configfile, &errorline) <= 0) {
464             if (errorline <= 0)
465                 BIO_printf(bio_err, "error loading the config file '%s'\n",
466                            configfile);
467             else
468                 BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
469                            errorline, configfile);
470             goto err;
471         }
472         if (tofree) {
473             OPENSSL_free(tofree);
474             tofree = NULL;
475         }
476 
477         if (!load_config(bio_err, conf))
478             goto err;
479 
480         /* Lets get the config section we are using */
481         if (section == NULL) {
482             VERBOSE BIO_printf(bio_err,
483                                "trying to read " ENV_DEFAULT_SRP
484                                " in \" BASE_SECTION \"\n");
485 
486             section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
487             if (section == NULL) {
488                 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
489                 goto err;
490             }
491         }
492 
493         if (randfile == NULL && conf)
494             randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
495 
496         VERBOSE BIO_printf(bio_err,
497                            "trying to read " ENV_DATABASE
498                            " in section \"%s\"\n", section);
499 
500         if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
501             lookup_fail(section, ENV_DATABASE);
502             goto err;
503         }
504 
505     }
506     if (randfile == NULL)
507         ERR_clear_error();
508     else
509         app_RAND_load_file(randfile, bio_err, 0);
510 
511     VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
512                        dbfile);
513 
514     db = load_index(dbfile, &db_attr);
515     if (db == NULL)
516         goto err;
517 
518     /* Lets check some fields */
519     for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
520         pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
521 
522         if (pp[DB_srptype][0] == DB_SRP_INDEX) {
523             maxgN = i;
524             if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
525                 gNindex = i;
526 
527             print_index(db, bio_err, i, verbose > 1);
528         }
529     }
530 
531     VERBOSE BIO_printf(bio_err, "Database initialised\n");
532 
533     if (gNindex >= 0) {
534         gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
535         print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
536     } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
537         BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
538         goto err;
539     } else {
540         VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
541         gNrow = NULL;
542     }
543 
544     VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
545 
546     if (argc > 0)
547         user = *(argv++);
548 
549     while (list_user || user) {
550         int userindex = -1;
551         if (user)
552             VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
553         if ((userindex = get_index(db, user, 'U')) >= 0) {
554             print_user(db, bio_err, userindex, (verbose > 0) || list_user);
555         }
556 
557         if (list_user) {
558             if (user == NULL) {
559                 BIO_printf(bio_err, "List all users\n");
560 
561                 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
562                     print_user(db, bio_err, i, 1);
563                 }
564                 list_user = 0;
565             } else if (userindex < 0) {
566                 BIO_printf(bio_err,
567                            "user \"%s\" does not exist, ignored. t\n", user);
568                 errors++;
569             }
570         } else if (add_user) {
571             if (userindex >= 0) {
572                 /* reactivation of a new user */
573                 char **row =
574                     sk_OPENSSL_PSTRING_value(db->db->data, userindex);
575                 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
576                 row[DB_srptype][0] = 'V';
577 
578                 doupdatedb = 1;
579             } else {
580                 char *row[DB_NUMBER];
581                 char *gNid;
582                 row[DB_srpverifier] = NULL;
583                 row[DB_srpsalt] = NULL;
584                 row[DB_srpinfo] = NULL;
585                 if (!
586                     (gNid =
587                      srp_create_user(user, &(row[DB_srpverifier]),
588                                      &(row[DB_srpsalt]),
589                                      gNrow ? gNrow[DB_srpsalt] : gN,
590                                      gNrow ? gNrow[DB_srpverifier] : NULL,
591                                      passout, bio_err, verbose))) {
592                     BIO_printf(bio_err,
593                                "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
594                                user);
595                     errors++;
596                     goto err;
597                 }
598                 row[DB_srpid] = BUF_strdup(user);
599                 row[DB_srptype] = BUF_strdup("v");
600                 row[DB_srpgN] = BUF_strdup(gNid);
601 
602                 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
603                     || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
604                                                                     &&
605                                                                     (!(row
606                                                                        [DB_srpinfo]
607                                                                        =
608                                                                        BUF_strdup
609                                                                        (userinfo))))
610                     || !update_index(db, bio_err, row)) {
611                     if (row[DB_srpid])
612                         OPENSSL_free(row[DB_srpid]);
613                     if (row[DB_srpgN])
614                         OPENSSL_free(row[DB_srpgN]);
615                     if (row[DB_srpinfo])
616                         OPENSSL_free(row[DB_srpinfo]);
617                     if (row[DB_srptype])
618                         OPENSSL_free(row[DB_srptype]);
619                     if (row[DB_srpverifier])
620                         OPENSSL_free(row[DB_srpverifier]);
621                     if (row[DB_srpsalt])
622                         OPENSSL_free(row[DB_srpsalt]);
623                     goto err;
624                 }
625                 doupdatedb = 1;
626             }
627         } else if (modify_user) {
628             if (userindex < 0) {
629                 BIO_printf(bio_err,
630                            "user \"%s\" does not exist, operation ignored.\n",
631                            user);
632                 errors++;
633             } else {
634 
635                 char **row =
636                     sk_OPENSSL_PSTRING_value(db->db->data, userindex);
637                 char type = row[DB_srptype][0];
638                 if (type == 'v') {
639                     BIO_printf(bio_err,
640                                "user \"%s\" already updated, operation ignored.\n",
641                                user);
642                     errors++;
643                 } else {
644                     char *gNid;
645 
646                     if (row[DB_srptype][0] == 'V') {
647                         int user_gN;
648                         char **irow = NULL;
649                         VERBOSE BIO_printf(bio_err,
650                                            "Verifying password for user \"%s\"\n",
651                                            user);
652                         if ((user_gN =
653                              get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
654                             irow =
655                                 (char **)sk_OPENSSL_PSTRING_value(db->
656                                                                   db->data,
657                                                                   userindex);
658 
659                         if (!srp_verify_user
660                             (user, row[DB_srpverifier], row[DB_srpsalt],
661                              irow ? irow[DB_srpsalt] : row[DB_srpgN],
662                              irow ? irow[DB_srpverifier] : NULL, passin,
663                              bio_err, verbose)) {
664                             BIO_printf(bio_err,
665                                        "Invalid password for user \"%s\", operation abandoned.\n",
666                                        user);
667                             errors++;
668                             goto err;
669                         }
670                     }
671                     VERBOSE BIO_printf(bio_err,
672                                        "Password for user \"%s\" ok.\n",
673                                        user);
674 
675                     if (!
676                         (gNid =
677                          srp_create_user(user, &(row[DB_srpverifier]),
678                                          &(row[DB_srpsalt]),
679                                          gNrow ? gNrow[DB_srpsalt] : NULL,
680                                          gNrow ? gNrow[DB_srpverifier] : NULL,
681                                          passout, bio_err, verbose))) {
682                         BIO_printf(bio_err,
683                                    "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
684                                    user);
685                         errors++;
686                         goto err;
687                     }
688 
689                     row[DB_srptype][0] = 'v';
690                     row[DB_srpgN] = BUF_strdup(gNid);
691 
692                     if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
693                         || !row[DB_srpverifier] || !row[DB_srpsalt]
694                         || (userinfo
695                             && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
696                         goto err;
697 
698                     doupdatedb = 1;
699                 }
700             }
701         } else if (delete_user) {
702             if (userindex < 0) {
703                 BIO_printf(bio_err,
704                            "user \"%s\" does not exist, operation ignored. t\n",
705                            user);
706                 errors++;
707             } else {
708                 char **xpp =
709                     sk_OPENSSL_PSTRING_value(db->db->data, userindex);
710                 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
711 
712                 xpp[DB_srptype][0] = 'R';
713 
714                 doupdatedb = 1;
715             }
716         }
717         if (--argc > 0) {
718             user = *(argv++);
719         } else {
720             user = NULL;
721             list_user = 0;
722         }
723     }
724 
725     VERBOSE BIO_printf(bio_err, "User procession done.\n");
726 
727     if (doupdatedb) {
728         /* Lets check some fields */
729         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
730             pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
731 
732             if (pp[DB_srptype][0] == 'v') {
733                 pp[DB_srptype][0] = 'V';
734                 print_user(db, bio_err, i, verbose);
735             }
736         }
737 
738         VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
739         if (!save_index(dbfile, "new", db))
740             goto err;
741 
742         VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
743         if (!rotate_index(dbfile, "new", "old"))
744             goto err;
745 
746         VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
747     }
748 
749     ret = (errors != 0);
750  err:
751     if (errors != 0)
752         VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
753 
754     VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
755     if (tofree)
756         OPENSSL_free(tofree);
757     if (ret)
758         ERR_print_errors(bio_err);
759     if (randfile)
760         app_RAND_write_file(randfile, bio_err);
761     if (conf)
762         NCONF_free(conf);
763     if (db)
764         free_index(db);
765 
766     release_engine(e);
767     OBJ_cleanup();
768     apps_shutdown();
769     OPENSSL_EXIT(ret);
770 }
771 
772 #else
773 static void *dummy = &dummy;
774 #endif
775