aboutsummaryrefslogtreecommitdiff
path: root/apps/srp.c
diff options
context:
space:
mode:
Diffstat (limited to 'apps/srp.c')
-rw-r--r--apps/srp.c66
1 files changed, 37 insertions, 29 deletions
diff --git a/apps/srp.c b/apps/srp.c
index ce01a24f2a78..491445df60b0 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
int i;
if (id == NULL)
return -1;
- if (type == DB_SRP_INDEX)
+ if (type == DB_SRP_INDEX) {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX
&& !strcmp(id, pp[DB_srpid]))
return i;
- } else
+ }
+ } else {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
&& !strcmp(id, pp[DB_srpid]))
return i;
}
+ }
return -1;
}
@@ -177,8 +179,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
char **irow;
int i;
- if ((irow =
- (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
+ irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
+ if (irow == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
return 0;
}
@@ -205,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
char *srp_usersalt, const char *g, const char *N,
const char *passin, BIO *bio, int verbose)
{
- char password[1024];
+ char password[1025];
PW_CB_DATA cb_tmp;
char *verifier = NULL;
char *gNid = NULL;
+ int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
- if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
+ len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
+ if (len > 0) {
+ password[len] = 0;
VERBOSE BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N);
- BIO_printf(bio, "Pass %s\n", password);
+ VVERBOSE BIO_printf(bio, "Pass %s\n", password);
- if (!
- (gNid =
- SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
- g))) {
+ if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
+ &verifier, N, g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n");
} else {
if (strcmp(verifier, srp_verifier))
gNid = NULL;
OPENSSL_free(verifier);
}
+ OPENSSL_cleanse(password, len);
}
return gNid;
}
@@ -237,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
char **srp_usersalt, char *g, char *N,
char *passout, BIO *bio, int verbose)
{
- char password[1024];
+ char password[1025];
PW_CB_DATA cb_tmp;
char *gNid = NULL;
char *salt = NULL;
+ int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passout;
- if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
+ len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
+ if (len > 0) {
+ password[len] = 0;
VERBOSE BIO_printf(bio,
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N);
- if (!
- (gNid =
- SRP_create_verifier(user, password, &salt, srp_verifier, N,
- g))) {
+ if (!(gNid = SRP_create_verifier(user, password, &salt,
+ srp_verifier, N, g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n");
- } else
+ } else {
*srp_usersalt = salt;
+ }
+ OPENSSL_cleanse(password, len);
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier);
@@ -314,9 +321,9 @@ int MAIN(int argc, char **argv)
argc--;
argv++;
while (argc >= 1 && badops == 0) {
- if (strcmp(*argv, "-verbose") == 0)
+ if (strcmp(*argv, "-verbose") == 0) {
verbose++;
- else if (strcmp(*argv, "-config") == 0) {
+ } else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
configfile = *(++argv);
@@ -328,15 +335,15 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
dbfile = *(++argv);
- } else if (strcmp(*argv, "-add") == 0)
+ } else if (strcmp(*argv, "-add") == 0) {
add_user = 1;
- else if (strcmp(*argv, "-delete") == 0)
+ } else if (strcmp(*argv, "-delete") == 0) {
delete_user = 1;
- else if (strcmp(*argv, "-modify") == 0)
+ } else if (strcmp(*argv, "-modify") == 0) {
modify_user = 1;
- else if (strcmp(*argv, "-list") == 0)
+ } else if (strcmp(*argv, "-list") == 0) {
list_user = 1;
- else if (strcmp(*argv, "-gn") == 0) {
+ } else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1)
goto bad;
gN = *(++argv);
@@ -366,8 +373,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
- } else
+ } else {
break;
+ }
argc--;
argv++;
@@ -388,7 +396,7 @@ int MAIN(int argc, char **argv)
"Need at least one user for options -add, -delete, -modify. \n");
badops = 1;
}
- if ((passin || passout) && argc != 1) {
+ if ((passargin || passargout) && argc != 1) {
BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n");
badops = 1;
@@ -706,9 +714,9 @@ int MAIN(int argc, char **argv)
doupdatedb = 1;
}
}
- if (--argc > 0)
+ if (--argc > 0) {
user = *(argv++);
- else {
+ } else {
user = NULL;
list_user = 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-22 13:38:43 +0000