summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2014-05-07 21:32:20 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2014-05-07 21:32:20 +0000
commitb77f6354cc35f5b9ac2774ce6c72bb535b5d8e6c (patch)
treebaec4ea75ba276830cd544cdcd406aeea6e03463 /lib/libssl
parent0443570fcc0e6e1bb321c6e9d28a525f098c0f87 (diff)
less than jpake
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/src/apps/apps.c234
-rw-r--r--lib/libssl/src/apps/apps.h4
-rw-r--r--lib/libssl/src/apps/s_client.c41
-rw-r--r--lib/libssl/src/apps/s_server.c42
4 files changed, 4 insertions, 317 deletions
diff --git a/lib/libssl/src/apps/apps.c b/lib/libssl/src/apps/apps.c
index b2efe6db39f..a96de0cd9a2 100644
--- a/lib/libssl/src/apps/apps.c
+++ b/lib/libssl/src/apps/apps.c
@@ -2173,240 +2173,6 @@ policies_print(BIO * out, X509_STORE_CTX * ctx)
BIO_free(out);
}
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-
-static JPAKE_CTX *
-jpake_init(const char *us, const char *them,
- const char *secret)
-{
- BIGNUM *p = NULL;
- BIGNUM *g = NULL;
- BIGNUM *q = NULL;
- BIGNUM *bnsecret = BN_new();
- JPAKE_CTX *ctx;
-
- /* Use a safe prime for p (that we found earlier) */
- BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
- g = BN_new();
- BN_set_word(g, 2);
- q = BN_new();
- BN_rshift1(q, p);
-
- BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret);
-
- ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
- BN_free(bnsecret);
- BN_free(q);
- BN_free(g);
- BN_free(p);
-
- return ctx;
-}
-
-static void
-jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p)
-{
- BN_print(conn, p->gx);
- BIO_puts(conn, "\n");
- BN_print(conn, p->zkpx.gr);
- BIO_puts(conn, "\n");
- BN_print(conn, p->zkpx.b);
- BIO_puts(conn, "\n");
-}
-
-static void
-jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx)
-{
- JPAKE_STEP1 s1;
-
- JPAKE_STEP1_init(&s1);
- JPAKE_STEP1_generate(&s1, ctx);
- jpake_send_part(bconn, &s1.p1);
- jpake_send_part(bconn, &s1.p2);
- (void) BIO_flush(bconn);
- JPAKE_STEP1_release(&s1);
-}
-
-static void
-jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx)
-{
- JPAKE_STEP2 s2;
-
- JPAKE_STEP2_init(&s2);
- JPAKE_STEP2_generate(&s2, ctx);
- jpake_send_part(bconn, &s2);
- (void) BIO_flush(bconn);
- JPAKE_STEP2_release(&s2);
-}
-
-static void
-jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx)
-{
- JPAKE_STEP3A s3a;
-
- JPAKE_STEP3A_init(&s3a);
- JPAKE_STEP3A_generate(&s3a, ctx);
- BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
- (void) BIO_flush(bconn);
- JPAKE_STEP3A_release(&s3a);
-}
-
-static void
-jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx)
-{
- JPAKE_STEP3B s3b;
-
- JPAKE_STEP3B_init(&s3b);
- JPAKE_STEP3B_generate(&s3b, ctx);
- BIO_write(bconn, s3b.hk, sizeof s3b.hk);
- (void) BIO_flush(bconn);
- JPAKE_STEP3B_release(&s3b);
-}
-
-static void
-readbn(BIGNUM ** bn, BIO * bconn)
-{
- char buf[10240];
- int l;
-
- l = BIO_gets(bconn, buf, sizeof buf);
- assert(l > 0);
- assert(buf[l - 1] == '\n');
- buf[l - 1] = '\0';
- BN_hex2bn(bn, buf);
-}
-
-static void
-jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn)
-{
- readbn(&p->gx, bconn);
- readbn(&p->zkpx.gr, bconn);
- readbn(&p->zkpx.b, bconn);
-}
-
-static void
-jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn)
-{
- JPAKE_STEP1 s1;
-
- JPAKE_STEP1_init(&s1);
- jpake_receive_part(&s1.p1, bconn);
- jpake_receive_part(&s1.p2, bconn);
- if (!JPAKE_STEP1_process(ctx, &s1)) {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP1_release(&s1);
-}
-
-static void
-jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn)
-{
- JPAKE_STEP2 s2;
-
- JPAKE_STEP2_init(&s2);
- jpake_receive_part(&s2, bconn);
- if (!JPAKE_STEP2_process(ctx, &s2)) {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP2_release(&s2);
-}
-
-static void
-jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn)
-{
- JPAKE_STEP3A s3a;
- int l;
-
- JPAKE_STEP3A_init(&s3a);
- l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
- assert(l == sizeof s3a.hhk);
- if (!JPAKE_STEP3A_process(ctx, &s3a)) {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP3A_release(&s3a);
-}
-
-static void
-jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn)
-{
- JPAKE_STEP3B s3b;
- int l;
-
- JPAKE_STEP3B_init(&s3b);
- l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
- assert(l == sizeof s3b.hk);
- if (!JPAKE_STEP3B_process(ctx, &s3b)) {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP3B_release(&s3b);
-}
-
-void
-jpake_client_auth(BIO * out, BIO * conn, const char *secret)
-{
- JPAKE_CTX *ctx;
- BIO *bconn;
-
- BIO_puts(out, "Authenticating with JPAKE\n");
-
- ctx = jpake_init("client", "server", secret);
-
- bconn = BIO_new(BIO_f_buffer());
- BIO_push(bconn, conn);
-
- jpake_send_step1(bconn, ctx);
- jpake_receive_step1(ctx, bconn);
- jpake_send_step2(bconn, ctx);
- jpake_receive_step2(ctx, bconn);
- jpake_send_step3a(bconn, ctx);
- jpake_receive_step3b(ctx, bconn);
-
- BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
- psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
- BIO_pop(bconn);
- BIO_free(bconn);
-
- JPAKE_CTX_free(ctx);
-}
-
-void
-jpake_server_auth(BIO * out, BIO * conn, const char *secret)
-{
- JPAKE_CTX *ctx;
- BIO *bconn;
-
- BIO_puts(out, "Authenticating with JPAKE\n");
-
- ctx = jpake_init("server", "client", secret);
-
- bconn = BIO_new(BIO_f_buffer());
- BIO_push(bconn, conn);
-
- jpake_receive_step1(ctx, bconn);
- jpake_send_step1(bconn, ctx);
- jpake_receive_step2(ctx, bconn);
- jpake_send_step2(bconn, ctx);
- jpake_receive_step3a(ctx, bconn);
- jpake_send_step3b(bconn, ctx);
-
- BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
- psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
- BIO_pop(bconn);
- BIO_free(bconn);
-
- JPAKE_CTX_free(ctx);
-}
-
-#endif
-
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
/* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h
index 42c5f9e3680..cbbf0eaefd5 100644
--- a/lib/libssl/src/apps/apps.h
+++ b/lib/libssl/src/apps/apps.h
@@ -246,10 +246,6 @@ int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
#ifndef OPENSSL_NO_PSK
extern char *psk_key;
#endif
-#ifndef OPENSSL_NO_JPAKE
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
-#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c
index 3dc613ebc2f..b90a096b406 100644
--- a/lib/libssl/src/apps/s_client.c
+++ b/lib/libssl/src/apps/s_client.c
@@ -301,9 +301,6 @@ sc_usage(void)
#ifndef OPENSSL_NO_PSK
BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");
BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
-#ifndef OPENSSL_NO_JPAKE
- BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
-#endif
#endif
BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n");
@@ -467,9 +464,6 @@ s_client_main(int argc, char **argv)
int peerlen = sizeof(peer);
int enable_timeouts = 0;
long socket_mtu = 0;
-#ifndef OPENSSL_NO_JPAKE
- char *jpake_secret = NULL;
-#endif
meth = SSLv23_client_method();
@@ -727,13 +721,6 @@ s_client_main(int argc, char **argv)
/* meth=TLSv1_client_method(); */
}
#endif
-#ifndef OPENSSL_NO_JPAKE
- else if (strcmp(*argv, "-jpake") == 0) {
- if (--argc < 1)
- goto bad;
- jpake_secret = *++argv;
- }
-#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -764,21 +751,6 @@ bad:
sc_usage();
goto end;
}
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- if (jpake_secret) {
- if (psk_key) {
- BIO_printf(bio_err,
- "Can't use JPAKE and PSK together\n");
- goto end;
- }
- psk_identity = "JPAKE";
- if (cipher) {
- BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
- goto end;
- }
- cipher = "PSK";
- }
-#endif
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
@@ -862,14 +834,9 @@ bad:
#endif
#ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
- if (psk_key != NULL)
-#else
- if (psk_key != NULL || jpake_secret)
-#endif
- {
+ if (psk_key != NULL) {
if (c_debug)
- BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
+ BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
}
#endif
@@ -1055,10 +1022,6 @@ re_start:
#endif
}
#endif
-#ifndef OPENSSL_NO_JPAKE
- if (jpake_secret)
- jpake_client_auth(bio_c_out, sbio, jpake_secret);
-#endif
SSL_set_bio(con, sbio, sbio);
SSL_set_connect_state(con);
diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c
index c34816749a2..6cb43ed45df 100644
--- a/lib/libssl/src/apps/s_server.c
+++ b/lib/libssl/src/apps/s_server.c
@@ -426,11 +426,7 @@ sv_usage(void)
#ifndef OPENSSL_NO_PSK
BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
-#ifndef OPENSSL_NO_JPAKE
- BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
#endif
-#endif
- BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");
@@ -676,9 +672,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
int s_server_main(int, char **);
-#ifndef OPENSSL_NO_JPAKE
-static char *jpake_secret = NULL;
-#endif
#ifndef OPENSSL_NO_SRTP
static char *srtp_profiles = NULL;
#endif
@@ -1009,13 +1002,6 @@ s_server_main(int argc, char *argv[])
}
#endif
#endif
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- else if (strcmp(*argv, "-jpake") == 0) {
- if (--argc < 1)
- goto bad;
- jpake_secret = *(++argv);
- }
-#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -1046,21 +1032,6 @@ bad:
sv_usage();
goto end;
}
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- if (jpake_secret) {
- if (psk_key) {
- BIO_printf(bio_err,
- "Can't use JPAKE and PSK together\n");
- goto end;
- }
- psk_identity = "JPAKE";
- if (cipher) {
- BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
- goto end;
- }
- cipher = "PSK";
- }
-#endif
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
@@ -1414,14 +1385,9 @@ bad:
#endif
#ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
- if (psk_key != NULL)
-#else
- if (psk_key != NULL || jpake_secret)
-#endif
- {
+ if (psk_key != NULL) {
if (s_debug)
- BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
+ BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
}
if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
@@ -1628,10 +1594,6 @@ sv_body(char *hostname, int s, unsigned char *context)
test = BIO_new(BIO_f_nbio_test());
sbio = BIO_push(test, sbio);
}
-#ifndef OPENSSL_NO_JPAKE
- if (jpake_secret)
- jpake_server_auth(bio_s_out, sbio, jpake_secret);
-#endif
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);