From 0c74c1d2cf2ce60a3f13192bfd16ed9566761799 Mon Sep 17 00:00:00 2001 From: tedu Date: Wed, 7 May 2014 21:32:19 +0000 Subject: [PATCH] less than jpake --- lib/libssl/src/apps/apps.c | 234 --------------------------------- lib/libssl/src/apps/apps.h | 4 - lib/libssl/src/apps/s_client.c | 41 +----- lib/libssl/src/apps/s_server.c | 42 +----- 4 files changed, 4 insertions(+), 317 deletions(-) diff --git a/lib/libssl/src/apps/apps.c b/lib/libssl/src/apps/apps.c index b2efe6db39f..a96de0cd9a2 100644 --- a/lib/libssl/src/apps/apps.c +++ b/lib/libssl/src/apps/apps.c @@ -2173,240 +2173,6 @@ policies_print(BIO * out, X509_STORE_CTX * ctx) BIO_free(out); } -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - -static JPAKE_CTX * -jpake_init(const char *us, const char *them, - const char *secret) -{ - BIGNUM *p = NULL; - BIGNUM *g = NULL; - BIGNUM *q = NULL; - BIGNUM *bnsecret = BN_new(); - JPAKE_CTX *ctx; - - /* Use a safe prime for p (that we found earlier) */ - BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); - g = BN_new(); - BN_set_word(g, 2); - q = BN_new(); - BN_rshift1(q, p); - - BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret); - - ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret); - BN_free(bnsecret); - BN_free(q); - BN_free(g); - BN_free(p); - - return ctx; -} - -static void -jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p) -{ - BN_print(conn, p->gx); - BIO_puts(conn, "\n"); - BN_print(conn, p->zkpx.gr); - BIO_puts(conn, "\n"); - BN_print(conn, p->zkpx.b); - BIO_puts(conn, "\n"); -} - -static void -jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx) -{ - JPAKE_STEP1 s1; - - JPAKE_STEP1_init(&s1); - JPAKE_STEP1_generate(&s1, ctx); - jpake_send_part(bconn, &s1.p1); - jpake_send_part(bconn, &s1.p2); - (void) BIO_flush(bconn); - JPAKE_STEP1_release(&s1); -} - -static void -jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx) -{ - JPAKE_STEP2 s2; - - JPAKE_STEP2_init(&s2); - JPAKE_STEP2_generate(&s2, ctx); - jpake_send_part(bconn, &s2); - (void) BIO_flush(bconn); - JPAKE_STEP2_release(&s2); -} - -static void -jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx) -{ - JPAKE_STEP3A s3a; - - JPAKE_STEP3A_init(&s3a); - JPAKE_STEP3A_generate(&s3a, ctx); - BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); - (void) BIO_flush(bconn); - JPAKE_STEP3A_release(&s3a); -} - -static void -jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx) -{ - JPAKE_STEP3B s3b; - - JPAKE_STEP3B_init(&s3b); - JPAKE_STEP3B_generate(&s3b, ctx); - BIO_write(bconn, s3b.hk, sizeof s3b.hk); - (void) BIO_flush(bconn); - JPAKE_STEP3B_release(&s3b); -} - -static void -readbn(BIGNUM ** bn, BIO * bconn) -{ - char buf[10240]; - int l; - - l = BIO_gets(bconn, buf, sizeof buf); - assert(l > 0); - assert(buf[l - 1] == '\n'); - buf[l - 1] = '\0'; - BN_hex2bn(bn, buf); -} - -static void -jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn) -{ - readbn(&p->gx, bconn); - readbn(&p->zkpx.gr, bconn); - readbn(&p->zkpx.b, bconn); -} - -static void -jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn) -{ - JPAKE_STEP1 s1; - - JPAKE_STEP1_init(&s1); - jpake_receive_part(&s1.p1, bconn); - jpake_receive_part(&s1.p2, bconn); - if (!JPAKE_STEP1_process(ctx, &s1)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP1_release(&s1); -} - -static void -jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn) -{ - JPAKE_STEP2 s2; - - JPAKE_STEP2_init(&s2); - jpake_receive_part(&s2, bconn); - if (!JPAKE_STEP2_process(ctx, &s2)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP2_release(&s2); -} - -static void -jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn) -{ - JPAKE_STEP3A s3a; - int l; - - JPAKE_STEP3A_init(&s3a); - l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); - assert(l == sizeof s3a.hhk); - if (!JPAKE_STEP3A_process(ctx, &s3a)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP3A_release(&s3a); -} - -static void -jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn) -{ - JPAKE_STEP3B s3b; - int l; - - JPAKE_STEP3B_init(&s3b); - l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); - assert(l == sizeof s3b.hk); - if (!JPAKE_STEP3B_process(ctx, &s3b)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP3B_release(&s3b); -} - -void -jpake_client_auth(BIO * out, BIO * conn, const char *secret) -{ - JPAKE_CTX *ctx; - BIO *bconn; - - BIO_puts(out, "Authenticating with JPAKE\n"); - - ctx = jpake_init("client", "server", secret); - - bconn = BIO_new(BIO_f_buffer()); - BIO_push(bconn, conn); - - jpake_send_step1(bconn, ctx); - jpake_receive_step1(ctx, bconn); - jpake_send_step2(bconn, ctx); - jpake_receive_step2(ctx, bconn); - jpake_send_step3a(bconn, ctx); - jpake_receive_step3b(ctx, bconn); - - BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - - psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); - - BIO_pop(bconn); - BIO_free(bconn); - - JPAKE_CTX_free(ctx); -} - -void -jpake_server_auth(BIO * out, BIO * conn, const char *secret) -{ - JPAKE_CTX *ctx; - BIO *bconn; - - BIO_puts(out, "Authenticating with JPAKE\n"); - - ctx = jpake_init("server", "client", secret); - - bconn = BIO_new(BIO_f_buffer()); - BIO_push(bconn, conn); - - jpake_receive_step1(ctx, bconn); - jpake_send_step1(bconn, ctx); - jpake_receive_step2(ctx, bconn); - jpake_send_step2(bconn, ctx); - jpake_receive_step3a(ctx, bconn); - jpake_send_step3b(bconn, ctx); - - BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - - psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); - - BIO_pop(bconn); - BIO_free(bconn); - - JPAKE_CTX_free(ctx); -} - -#endif - #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) /* next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h index 42c5f9e3680..cbbf0eaefd5 100644 --- a/lib/libssl/src/apps/apps.h +++ b/lib/libssl/src/apps/apps.h @@ -246,10 +246,6 @@ int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, #ifndef OPENSSL_NO_PSK extern char *psk_key; #endif -#ifndef OPENSSL_NO_JPAKE -void jpake_client_auth(BIO *out, BIO *conn, const char *secret); -void jpake_server_auth(BIO *out, BIO *conn, const char *secret); -#endif #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) unsigned char *next_protos_parse(unsigned short *outlen, const char *in); diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index 3dc613ebc2f..b90a096b406 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -301,9 +301,6 @@ sc_usage(void) #ifndef OPENSSL_NO_PSK BIO_printf(bio_err, " -psk_identity arg - PSK identity\n"); BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); -#ifndef OPENSSL_NO_JPAKE - BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); -#endif #endif BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); @@ -467,9 +464,6 @@ s_client_main(int argc, char **argv) int peerlen = sizeof(peer); int enable_timeouts = 0; long socket_mtu = 0; -#ifndef OPENSSL_NO_JPAKE - char *jpake_secret = NULL; -#endif meth = SSLv23_client_method(); @@ -727,13 +721,6 @@ s_client_main(int argc, char **argv) /* meth=TLSv1_client_method(); */ } #endif -#ifndef OPENSSL_NO_JPAKE - else if (strcmp(*argv, "-jpake") == 0) { - if (--argc < 1) - goto bad; - jpake_secret = *++argv; - } -#endif #ifndef OPENSSL_NO_SRTP else if (strcmp(*argv, "-use_srtp") == 0) { if (--argc < 1) @@ -764,21 +751,6 @@ bad: sc_usage(); goto end; } -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - if (jpake_secret) { - if (psk_key) { - BIO_printf(bio_err, - "Can't use JPAKE and PSK together\n"); - goto end; - } - psk_identity = "JPAKE"; - if (cipher) { - BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); - goto end; - } - cipher = "PSK"; - } -#endif OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); @@ -862,14 +834,9 @@ bad: #endif #ifndef OPENSSL_NO_PSK -#ifdef OPENSSL_NO_JPAKE - if (psk_key != NULL) -#else - if (psk_key != NULL || jpake_secret) -#endif - { + if (psk_key != NULL) { if (c_debug) - BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); + BIO_printf(bio_c_out, "PSK key given, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } #endif @@ -1055,10 +1022,6 @@ re_start: #endif } #endif -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret) - jpake_client_auth(bio_c_out, sbio, jpake_secret); -#endif SSL_set_bio(con, sbio, sbio); SSL_set_connect_state(con); diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c index c34816749a2..6cb43ed45df 100644 --- a/lib/libssl/src/apps/s_server.c +++ b/lib/libssl/src/apps/s_server.c @@ -426,11 +426,7 @@ sv_usage(void) #ifndef OPENSSL_NO_PSK BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n"); BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); -#ifndef OPENSSL_NO_JPAKE - BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); #endif -#endif - BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n"); BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); @@ -676,9 +672,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg) int s_server_main(int, char **); -#ifndef OPENSSL_NO_JPAKE -static char *jpake_secret = NULL; -#endif #ifndef OPENSSL_NO_SRTP static char *srtp_profiles = NULL; #endif @@ -1009,13 +1002,6 @@ s_server_main(int argc, char *argv[]) } #endif #endif -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - else if (strcmp(*argv, "-jpake") == 0) { - if (--argc < 1) - goto bad; - jpake_secret = *(++argv); - } -#endif #ifndef OPENSSL_NO_SRTP else if (strcmp(*argv, "-use_srtp") == 0) { if (--argc < 1) @@ -1046,21 +1032,6 @@ bad: sv_usage(); goto end; } -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - if (jpake_secret) { - if (psk_key) { - BIO_printf(bio_err, - "Can't use JPAKE and PSK together\n"); - goto end; - } - psk_identity = "JPAKE"; - if (cipher) { - BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); - goto end; - } - cipher = "PSK"; - } -#endif SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -1414,14 +1385,9 @@ bad: #endif #ifndef OPENSSL_NO_PSK -#ifdef OPENSSL_NO_JPAKE - if (psk_key != NULL) -#else - if (psk_key != NULL || jpake_secret) -#endif - { + if (psk_key != NULL) { if (s_debug) - BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n"); + BIO_printf(bio_s_out, "PSK key given, setting server callback\n"); SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); } if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { @@ -1628,10 +1594,6 @@ sv_body(char *hostname, int s, unsigned char *context) test = BIO_new(BIO_f_nbio_test()); sbio = BIO_push(test, sbio); } -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret) - jpake_server_auth(bio_s_out, sbio, jpake_secret); -#endif SSL_set_bio(con, sbio, sbio); SSL_set_accept_state(con); -- 2.20.1