src - OpenBSD base system

diff options


context:
space:
mode:

author	Ted Unangst <tedu@cvs.openbsd.org>	2014-04-15 22:45:38 +0000
committer	Ted Unangst <tedu@cvs.openbsd.org>	2014-04-15 22:45:38 +0000
commit	f2fca235264996bc78f6ed87673741ac54b93542 (patch)
tree	0faa5180a15cd9418425f47a5365a131e5406527 /lib
parent	650244e5fadf09c477c9944ecc8f6f654473c259 (diff)

remove md2, jpake, and seed clutter.

Diffstat (limited to 'lib')

-rw-r--r--

lib/libcrypto/evp/e_seed.c

-rw-r--r--

lib/libcrypto/evp/m_md2.c

101

-rw-r--r--

lib/libcrypto/jpake/jpake.c

483

-rw-r--r--

lib/libcrypto/jpake/jpake.h

129

-rw-r--r--

lib/libcrypto/jpake/jpake_err.c

105

-rw-r--r--

lib/libcrypto/md2/md2.c

124

-rw-r--r--

lib/libcrypto/md2/md2.h

-rw-r--r--

lib/libcrypto/md2/md2_dgst.c

227

-rw-r--r--

lib/libcrypto/md2/md2_one.c

-rw-r--r--

lib/libcrypto/seed/seed.c

329

-rw-r--r--

lib/libcrypto/seed/seed.h

136

-rw-r--r--

lib/libcrypto/seed/seed_cbc.c

129

-rw-r--r--

lib/libcrypto/seed/seed_cfb.c

144

-rw-r--r--

lib/libcrypto/seed/seed_ecb.c

-rw-r--r--

lib/libcrypto/seed/seed_locl.h

116

-rw-r--r--

lib/libcrypto/seed/seed_ofb.c

128

16 files changed, 0 insertions, 2464 deletions

diff --git a/lib/libcrypto/evp/e_seed.c b/lib/libcrypto/evp/e_seed.c
deleted file mode 100644
index 8c1ec0d43a6..00000000000
--- a/lib/libcrypto/evp/e_seed.c
+++ /dev/null

@@ -1,83 +0,0 @@

-/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- * notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in

- * the documentation and/or other materials provided with the

- * distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- * software must display the following acknowledgment:

- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- * endorse or promote products derived from this software without

- * prior written permission. For written permission, please contact

- * openssl-core@openssl.org.

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- * nor may "OpenSSL" appear in their names without prior written

- * permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- * acknowledgment:

- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * (eay@cryptsoft.com). This product includes software written by Tim

- * Hudson (tjh@cryptsoft.com).

- *

- */

-#include <openssl/opensslconf.h>

-#include <openssl/evp.h>

-#include <openssl/err.h>

-#include <string.h>

-#include <assert.h>

-#ifndef OPENSSL_NO_SEED

-#include <openssl/seed.h>

-#include "evp_locl.h"

-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc);

-typedef struct

- {

- SEED_KEY_SCHEDULE ks;

- } EVP_SEED_KEY;

-IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,

- 16, 16, 16, 128,

- 0, seed_init_key, 0, 0, 0, 0)

-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

- const unsigned char *iv, int enc)

- {

- SEED_set_key(key, ctx->cipher_data);

- return 1;

- }

-#endif

diff --git a/lib/libcrypto/evp/m_md2.c b/lib/libcrypto/evp/m_md2.c
deleted file mode 100644
index 5ce849f161d..00000000000
--- a/lib/libcrypto/evp/m_md2.c
+++ /dev/null

@@ -1,101 +0,0 @@

-/* crypto/evp/m_md2.c */

- *

- * This package is an SSL implementation written

- * by Eric Young (eay@cryptsoft.com).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to. The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code. The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson (tjh@cryptsoft.com).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the

- * documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- * must display the following acknowledgement:

- * "This product includes cryptographic software written by

- * Eric Young (eay@cryptsoft.com)"

- * The word 'cryptographic' can be left out if the rouines from the library

- * being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- * the apps directory (application code) you must include an acknowledgement:

- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed. i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_MD2

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/md2.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

- { return MD2_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

- { return MD2_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

- { return MD2_Final(md,ctx->md_data); }

-static const EVP_MD md2_md=

- {

- NID_md2,

- NID_md2WithRSAEncryption,

- MD2_DIGEST_LENGTH,

- 0,

- init,

- update,

- final,

- NULL,

- EVP_PKEY_RSA_method,

- MD2_BLOCK,

- sizeof(EVP_MD *)+sizeof(MD2_CTX),

- };

-const EVP_MD *EVP_md2(void)

- {

- return(&md2_md);

- }

-#endif

diff --git a/lib/libcrypto/jpake/jpake.c b/lib/libcrypto/jpake/jpake.c
deleted file mode 100644
index 577b7ef375c..00000000000
--- a/lib/libcrypto/jpake/jpake.c
+++ /dev/null

@@ -1,483 +0,0 @@

-#include "jpake.h"

-#include <openssl/crypto.h>

-#include <openssl/sha.h>

-#include <openssl/err.h>

-#include <memory.h>

-#include <assert.h>

-/*

- * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or

- * Bob's (x3, x4, x1, x2). If you see what I mean.

- */

-typedef struct

- {

- char *name; /* Must be unique */

- char *peer_name;

- BIGNUM *p;

- BIGNUM *g;

- BIGNUM *q;

- BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */

- BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */

- } JPAKE_CTX_PUBLIC;

-struct JPAKE_CTX

- {

- JPAKE_CTX_PUBLIC p;

- BIGNUM *secret; /* The shared secret */

- BN_CTX *ctx;

- BIGNUM *xa; /* Alice's x1 or Bob's x3 */

- BIGNUM *xb; /* Alice's x2 or Bob's x4 */

- BIGNUM *key; /* The calculated (shared) key */

- };

-static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)

- {

- zkp->gr = BN_new();

- zkp->b = BN_new();

- }

-static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)

- {

- BN_free(zkp->b);

- BN_free(zkp->gr);

- }

-/* Two birds with one stone - make the global name as expected */

-#define JPAKE_STEP_PART_init JPAKE_STEP2_init

-#define JPAKE_STEP_PART_release JPAKE_STEP2_release

-void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)

- {

- p->gx = BN_new();

- JPAKE_ZKP_init(&p->zkpx);

- }

-void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)

- {

- JPAKE_ZKP_release(&p->zkpx);

- BN_free(p->gx);

- }

-void JPAKE_STEP1_init(JPAKE_STEP1 *s1)

- {

- JPAKE_STEP_PART_init(&s1->p1);

- JPAKE_STEP_PART_init(&s1->p2);

- }

-void JPAKE_STEP1_release(JPAKE_STEP1 *s1)

- {

- JPAKE_STEP_PART_release(&s1->p2);

- JPAKE_STEP_PART_release(&s1->p1);

- }

-static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,

- const char *peer_name, const BIGNUM *p,

- const BIGNUM *g, const BIGNUM *q,

- const BIGNUM *secret)

- {

- ctx->p.name = OPENSSL_strdup(name);

- ctx->p.peer_name = OPENSSL_strdup(peer_name);

- ctx->p.p = BN_dup(p);

- ctx->p.g = BN_dup(g);

- ctx->p.q = BN_dup(q);

- ctx->secret = BN_dup(secret);

- ctx->p.gxc = BN_new();

- ctx->p.gxd = BN_new();

- ctx->xa = BN_new();

- ctx->xb = BN_new();

- ctx->key = BN_new();

- ctx->ctx = BN_CTX_new();

- }

-static void JPAKE_CTX_release(JPAKE_CTX *ctx)

- {

- BN_CTX_free(ctx->ctx);

- BN_clear_free(ctx->key);

- BN_clear_free(ctx->xb);

- BN_clear_free(ctx->xa);

- BN_free(ctx->p.gxd);

- BN_free(ctx->p.gxc);

- BN_clear_free(ctx->secret);

- BN_free(ctx->p.q);

- BN_free(ctx->p.g);

- BN_free(ctx->p.p);

- OPENSSL_free(ctx->p.peer_name);

- OPENSSL_free(ctx->p.name);

- memset(ctx, '\0', sizeof *ctx);

- }

-JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,

- const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,

- const BIGNUM *secret)

- {

- JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);

- JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);

- return ctx;

- }

-void JPAKE_CTX_free(JPAKE_CTX *ctx)

- {

- JPAKE_CTX_release(ctx);

- OPENSSL_free(ctx);

- }

-static void hashlength(SHA_CTX *sha, size_t l)

- {

- unsigned char b[2];

- assert(l <= 0xffff);

- b[0] = l >> 8;

- b[1] = l&0xff;

- SHA1_Update(sha, b, 2);

- }

-static void hashstring(SHA_CTX *sha, const char *string)

- {

- size_t l = strlen(string);

- hashlength(sha, l);

- SHA1_Update(sha, string, l);

- }

-static void hashbn(SHA_CTX *sha, const BIGNUM *bn)

- {

- size_t l = BN_num_bytes(bn);

- unsigned char *bin = OPENSSL_malloc(l);

- hashlength(sha, l);

- BN_bn2bin(bn, bin);

- SHA1_Update(sha, bin, l);

- OPENSSL_free(bin);

- }

-/* h=hash(g, g^r, g^x, name) */

-static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,

- const char *proof_name)

- {

- unsigned char md[SHA_DIGEST_LENGTH];

- SHA_CTX sha;

- /*

- * XXX: hash should not allow moving of the boundaries - Java code

- * is flawed in this respect. Length encoding seems simplest.

- */

- SHA1_Init(&sha);

- hashbn(&sha, zkpg);

- assert(!BN_is_zero(p->zkpx.gr));

- hashbn(&sha, p->zkpx.gr);

- hashbn(&sha, p->gx);

- hashstring(&sha, proof_name);

- SHA1_Final(md, &sha);

- BN_bin2bn(md, SHA_DIGEST_LENGTH, h);

- }

-/*

- * Prove knowledge of x

- * Note that p->gx has already been calculated

- */

-static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,

- const BIGNUM *zkpg, JPAKE_CTX *ctx)

- {

- BIGNUM *r = BN_new();

- BIGNUM *h = BN_new();

- BIGNUM *t = BN_new();

- /*

- * r in [0,q)

- * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform

- */

- BN_rand_range(r, ctx->p.q);

- /* g^r */

- BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);

- /* h=hash... */

- zkp_hash(h, zkpg, p, ctx->p.name);

- /* b = r - x*h */

- BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);

- BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);

- /* cleanup */

- BN_free(t);

- BN_free(h);

- BN_free(r);

- }

-static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,

- JPAKE_CTX *ctx)

- {

- BIGNUM *h = BN_new();

- BIGNUM *t1 = BN_new();

- BIGNUM *t2 = BN_new();

- BIGNUM *t3 = BN_new();

- int ret = 0;

- zkp_hash(h, zkpg, p, ctx->p.peer_name);

- /* t1 = g^b */

- BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);

- /* t2 = (g^x)^h = g^{hx} */

- BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);

- /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */

- BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);

- /* verify t3 == g^r */

- if(BN_cmp(t3, p->zkpx.gr) == 0)

- ret = 1;

- else

- JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);

- /* cleanup */

- BN_free(t3);

- BN_free(t2);

- BN_free(t1);

- BN_free(h);

- return ret;

- }

-static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,

- const BIGNUM *g, JPAKE_CTX *ctx)

- {

- BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);

- generate_zkp(p, x, g, ctx);

- }

-/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */

-static void genrand(JPAKE_CTX *ctx)

- {

- BIGNUM *qm1;

- /* xa in [0, q) */

- BN_rand_range(ctx->xa, ctx->p.q);

- /* q-1 */

- qm1 = BN_new();

- BN_copy(qm1, ctx->p.q);

- BN_sub_word(qm1, 1);

- /* ... and xb in [0, q-1) */

- BN_rand_range(ctx->xb, qm1);

- /* [1, q) */

- BN_add_word(ctx->xb, 1);

- /* cleanup */

- BN_free(qm1);

- }

-int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)

- {

- genrand(ctx);

- generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx);

- generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);

- return 1;

- }

-int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)

- {

- /* verify their ZKP(xc) */

- if(!verify_zkp(&received->p1, ctx->p.g, ctx))

- {

- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);

- return 0;

- }

- /* verify their ZKP(xd) */

- if(!verify_zkp(&received->p2, ctx->p.g, ctx))

- {

- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);

- return 0;

- }

- /* g^xd != 1 */

- if(BN_is_one(received->p2.gx))

- {

- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);

- return 0;

- }

- /* Save the bits we need for later */

- BN_copy(ctx->p.gxc, received->p1.gx);

- BN_copy(ctx->p.gxd, received->p2.gx);

- return 1;

- }

-int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)

- {

- BIGNUM *t1 = BN_new();

- BIGNUM *t2 = BN_new();

- /*

- * X = g^{(xa + xc + xd) * xb * s}

- * t1 = g^xa

- */

- BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);

- /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */

- BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);

- /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */

- BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);

- /* t2 = xb * s */

- BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);

- /*

- * ZKP(xb * s)

- * XXX: this is kinda funky, because we're using

- *

- * g' = g^{xa + xc + xd}

- *

- * as the generator, which means X is g'^{xb * s}

- * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}

- */

- generate_step_part(send, t2, t1, ctx);

- /* cleanup */

- BN_free(t1);

- BN_free(t2);

- return 1;

- }

-/* gx = g^{xc + xa + xb} * xd * s */

-static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)

- {

- BIGNUM *t1 = BN_new();

- BIGNUM *t2 = BN_new();

- BIGNUM *t3 = BN_new();

- /*

- * K = (gx/g^{xb * xd * s})^{xb}

- * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}

- * = (g^{(xa + xc) * xd * s})^{xb}

- * = g^{(xa + xc) * xb * xd * s}

- * [which is the same regardless of who calculates it]

- */

- /* t1 = (g^{xd})^{xb} = g^{xb * xd} */

- BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);

- /* t2 = -s = q-s */

- BN_sub(t2, ctx->p.q, ctx->secret);

- /* t3 = t1^t2 = g^{-xb * xd * s} */

- BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);

- /* t1 = gx * t3 = X/g^{xb * xd * s} */

- BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);

- /* K = t1^{xb} */

- BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);

- /* cleanup */

- BN_free(t3);

- BN_free(t2);

- BN_free(t1);

- return 1;

- }

-int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)

- {

- BIGNUM *t1 = BN_new();

- BIGNUM *t2 = BN_new();

- int ret = 0;

- /*

- * g' = g^{xc + xa + xb} [from our POV]

- * t1 = xa + xb

- */

- BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);

- /* t2 = g^{t1} = g^{xa+xb} */

- BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);

- /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */

- BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);

- if(verify_zkp(received, t1, ctx))

- ret = 1;

- else

- JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);

- compute_key(ctx, received->gx);

- /* cleanup */

- BN_free(t2);

- BN_free(t1);

- return ret;

- }

-static void quickhashbn(unsigned char *md, const BIGNUM *bn)

- {

- SHA_CTX sha;

- SHA1_Init(&sha);

- hashbn(&sha, bn);

- SHA1_Final(md, &sha);

- }

-void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)

- {}

-int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)

- {

- quickhashbn(send->hhk, ctx->key);

- SHA1(send->hhk, sizeof send->hhk, send->hhk);

- return 1;

- }

-int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)

- {

- unsigned char hhk[SHA_DIGEST_LENGTH];

- quickhashbn(hhk, ctx->key);

- SHA1(hhk, sizeof hhk, hhk);

- if(memcmp(hhk, received->hhk, sizeof hhk))

- {

- JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);

- return 0;

- }

- return 1;

- }

-void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)

- {}

-void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)

- {}

-int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)

- {

- quickhashbn(send->hk, ctx->key);

- return 1;

- }

-int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)

- {

- unsigned char hk[SHA_DIGEST_LENGTH];

- quickhashbn(hk, ctx->key);

- if(memcmp(hk, received->hk, sizeof hk))

- {

- JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);

- return 0;

- }

- return 1;

- }

-void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)

- {}

-const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)

- {

- return ctx->key;

- }

diff --git a/lib/libcrypto/jpake/jpake.h b/lib/libcrypto/jpake/jpake.h
deleted file mode 100644
index 693ea188cb8..00000000000
--- a/lib/libcrypto/jpake/jpake.h
+++ /dev/null

@@ -1,129 +0,0 @@

-/*

- * Implement J-PAKE, as described in

- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf

- *

- * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.

- */

-#ifndef HEADER_JPAKE_H

-#define HEADER_JPAKE_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_JPAKE

-#error JPAKE is disabled.

-#endif

-#ifdef __cplusplus

-extern "C" {

-#endif

-#include <openssl/bn.h>

-#include <openssl/sha.h>

-typedef struct JPAKE_CTX JPAKE_CTX;

-/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */

-typedef struct

- {

- BIGNUM *gr; /* g^r (r random) */

- BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */

- } JPAKE_ZKP;

-typedef struct

- {

- BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */

- JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */

- } JPAKE_STEP_PART;

-typedef struct

- {

- JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */

- JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */

- } JPAKE_STEP1;

-typedef JPAKE_STEP_PART JPAKE_STEP2;

-typedef struct

- {

- unsigned char hhk[SHA_DIGEST_LENGTH];

- } JPAKE_STEP3A;

-typedef struct

- {

- unsigned char hk[SHA_DIGEST_LENGTH];

- } JPAKE_STEP3B;

-/* Parameters are copied */

-JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,

- const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,

- const BIGNUM *secret);

-void JPAKE_CTX_free(JPAKE_CTX *ctx);

-/*

- * Note that JPAKE_STEP1 can be used multiple times before release

- * without another init.

- */

-void JPAKE_STEP1_init(JPAKE_STEP1 *s1);

-int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);

-int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);

-void JPAKE_STEP1_release(JPAKE_STEP1 *s1);

-/*

- * Note that JPAKE_STEP2 can be used multiple times before release

- * without another init.

- */

-void JPAKE_STEP2_init(JPAKE_STEP2 *s2);

-int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);

-int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);

-void JPAKE_STEP2_release(JPAKE_STEP2 *s2);

-/*

- * Optionally verify the shared key. If the shared secrets do not

- * match, the two ends will disagree about the shared key, but

- * otherwise the protocol will succeed.

- */

-void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);

-int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);

-int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);

-void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);

-void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);

-int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);

-int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);

-void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);

-/*

- * the return value belongs to the library and will be released when

- * ctx is released, and will change when a new handshake is performed.

- */

-const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_JPAKE_strings(void);

-/* Error codes for the JPAKE functions. */

-/* Function codes. */

-#define JPAKE_F_JPAKE_STEP1_PROCESS 101

-#define JPAKE_F_JPAKE_STEP2_PROCESS 102

-#define JPAKE_F_JPAKE_STEP3A_PROCESS 103

-#define JPAKE_F_JPAKE_STEP3B_PROCESS 104

-#define JPAKE_F_VERIFY_ZKP 100

-/* Reason codes. */

-#define JPAKE_R_G_TO_THE_X4_IS_ONE 105

-#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106

-#define JPAKE_R_HASH_OF_KEY_MISMATCH 107

-#define JPAKE_R_VERIFY_B_FAILED 102

-#define JPAKE_R_VERIFY_X3_FAILED 103

-#define JPAKE_R_VERIFY_X4_FAILED 104

-#define JPAKE_R_ZKP_VERIFY_FAILED 100

-#ifdef __cplusplus

-#endif

diff --git a/lib/libcrypto/jpake/jpake_err.c b/lib/libcrypto/jpake/jpake_err.c
deleted file mode 100644
index 1b950679679..00000000000
--- a/lib/libcrypto/jpake/jpake_err.c
+++ /dev/null

@@ -1,105 +0,0 @@

-/* crypto/jpake/jpake_err.c */

-/* ====================================================================

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- * notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in

- * the documentation and/or other materials provided with the

- * distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- * software must display the following acknowledgment:

- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- * endorse or promote products derived from this software without

- * prior written permission. For written permission, please contact

- * openssl-core@OpenSSL.org.

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- * nor may "OpenSSL" appear in their names without prior written

- * permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- * acknowledgment:

- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"