From dba317774555fbd5bccdfc5270fc486e0d02d9db Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Sun, 14 Feb 2016 00:17:59 -0500 Subject: [PATCH] Remove JPAKE Reviewed-by: Viktor Dukhovni --- CHANGES | 3 + Configure | 5 +- apps/apps.c | 226 --------------- apps/apps.h | 4 - apps/openssl.c | 3 - apps/s_apps.h | 3 +- apps/s_cb.c | 17 +- apps/s_client.c | 31 +- apps/s_server.c | 37 +-- crypto/err/err_all.c | 6 - crypto/err/openssl.ec | 1 - crypto/jpake/Makefile.in | 36 --- crypto/jpake/build.info | 3 - crypto/jpake/jpake.c | 543 ----------------------------------- crypto/jpake/jpake_err.c | 107 ------- include/openssl/jpake.h | 128 --------- test/Makefile.in | 10 +- test/build.info | 6 +- test/jpaketest.c | 184 ------------ test/recipes/90-test_jpake.t | 5 - util/indent.pro | 7 - util/libeay.num | 21 -- util/mk1mf.pl | 3 - util/mkdef.pl | 3 - util/mkfiles.pl | 1 - 25 files changed, 19 insertions(+), 1374 deletions(-) delete mode 100644 crypto/jpake/Makefile.in delete mode 100644 crypto/jpake/build.info delete mode 100644 crypto/jpake/jpake.c delete mode 100644 crypto/jpake/jpake_err.c delete mode 100644 include/openssl/jpake.h delete mode 100644 test/jpaketest.c delete mode 100644 test/recipes/90-test_jpake.t diff --git a/CHANGES b/CHANGES index cf7d272149..ee1d37415d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 1.0.2f and 1.1.0 [xx XXX xxxx] + *) Removed JPAKE code. It was experimental and has no wide use. + [Rich Salz] + *) The INSTALL_PREFIX Makefile variable has been renamed to DESTDIR. That makes for less confusion on what this variable is for. Also, the configuration option --install_prefix is diff --git a/Configure b/Configure index 0cf893ee7a..bc753633f3 100755 --- a/Configure +++ b/Configure @@ -226,7 +226,7 @@ $config{sdirs} = [ "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", "buffer", "bio", "stack", "lhash", "rand", "err", "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", - "cms", "ts", "jpake", "srp", "cmac", "ct", "async", "kdf" + "cms", "ts", "srp", "cmac", "ct", "async", "kdf" ]; # Known TLS and DTLS protocols @@ -274,7 +274,6 @@ my @disablables = ( "hmac", "hw(-.+)?", "idea", - "jpake", "locking", # Really??? "md2", "md4", @@ -327,7 +326,6 @@ foreach my $proto ((@tls, @dtls)) my %disabled = ( # "what" => "comment" [or special keyword "experimental"] "ec_nistp_64_gcc_128" => "default", "egd" => "default", - "jpake" => "experimental", "md2" => "default", "rc5" => "default", "sctp" => "default", @@ -351,7 +349,6 @@ my @disable_cascades = ( "rijndael" => [ "aes" ], "des" => [ "mdc2" ], "ec" => [ "ecdsa", "ecdh" ], - "psk" => [ "jpake" ], "dgram" => [ "dtls" ], "dtls" => [ @dtls ], diff --git a/apps/apps.c b/apps/apps.c index 2a189f20a0..1ba86050e6 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -141,9 +141,6 @@ # include #endif #include -#ifndef OPENSSL_NO_JPAKE -# include -#endif #include #include "apps.h" @@ -1990,229 +1987,6 @@ void policies_print(X509_STORE_CTX *ctx) nodes_print("User", X509_policy_tree_get0_user_policies(tree)); } -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - -static JPAKE_CTX *jpake_init(const char *us, const char *them, - const char *secret) -{ - BIGNUM *p = NULL; - BIGNUM *g = NULL; - BIGNUM *q = NULL; - BIGNUM *bnsecret = BN_new(); - JPAKE_CTX *ctx; - - /* Use a safe prime for p (that we found earlier) */ - BN_hex2bn(&p, - "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); - g = BN_new(); - BN_set_word(g, 2); - q = BN_new(); - BN_rshift1(q, p); - - BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret); - - ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret); - BN_free(bnsecret); - BN_free(q); - BN_free(g); - BN_free(p); - - return ctx; -} - -static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p) -{ - BN_print(conn, p->gx); - BIO_puts(conn, "\n"); - BN_print(conn, p->zkpx.gr); - BIO_puts(conn, "\n"); - BN_print(conn, p->zkpx.b); - BIO_puts(conn, "\n"); -} - -static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP1 s1; - - JPAKE_STEP1_init(&s1); - JPAKE_STEP1_generate(&s1, ctx); - jpake_send_part(bconn, &s1.p1); - jpake_send_part(bconn, &s1.p2); - (void)BIO_flush(bconn); - JPAKE_STEP1_release(&s1); -} - -static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP2 s2; - - JPAKE_STEP2_init(&s2); - JPAKE_STEP2_generate(&s2, ctx); - jpake_send_part(bconn, &s2); - (void)BIO_flush(bconn); - JPAKE_STEP2_release(&s2); -} - -static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP3A s3a; - - JPAKE_STEP3A_init(&s3a); - JPAKE_STEP3A_generate(&s3a, ctx); - BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); - (void)BIO_flush(bconn); - JPAKE_STEP3A_release(&s3a); -} - -static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP3B s3b; - - JPAKE_STEP3B_init(&s3b); - JPAKE_STEP3B_generate(&s3b, ctx); - BIO_write(bconn, s3b.hk, sizeof s3b.hk); - (void)BIO_flush(bconn); - JPAKE_STEP3B_release(&s3b); -} - -static void readbn(BIGNUM **bn, BIO *bconn) -{ - char buf[10240]; - int l; - - l = BIO_gets(bconn, buf, sizeof buf); - assert(l > 0); - assert(buf[l - 1] == '\n'); - buf[l - 1] = '\0'; - BN_hex2bn(bn, buf); -} - -static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn) -{ - readbn(&p->gx, bconn); - readbn(&p->zkpx.gr, bconn); - readbn(&p->zkpx.b, bconn); -} - -static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP1 s1; - - JPAKE_STEP1_init(&s1); - jpake_receive_part(&s1.p1, bconn); - jpake_receive_part(&s1.p2, bconn); - if (!JPAKE_STEP1_process(ctx, &s1)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP1_release(&s1); -} - -static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP2 s2; - - JPAKE_STEP2_init(&s2); - jpake_receive_part(&s2, bconn); - if (!JPAKE_STEP2_process(ctx, &s2)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP2_release(&s2); -} - -static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP3A s3a; - int l; - - JPAKE_STEP3A_init(&s3a); - l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); - assert(l == sizeof s3a.hhk); - if (!JPAKE_STEP3A_process(ctx, &s3a)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP3A_release(&s3a); -} - -static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP3B s3b; - int l; - - JPAKE_STEP3B_init(&s3b); - l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); - assert(l == sizeof s3b.hk); - if (!JPAKE_STEP3B_process(ctx, &s3b)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP3B_release(&s3b); -} - -void jpake_client_auth(BIO *out, BIO *conn, const char *secret) -{ - JPAKE_CTX *ctx; - BIO *bconn; - - BIO_puts(out, "Authenticating with JPAKE\n"); - - ctx = jpake_init("client", "server", secret); - - bconn = BIO_new(BIO_f_buffer()); - BIO_push(bconn, conn); - - jpake_send_step1(bconn, ctx); - jpake_receive_step1(ctx, bconn); - jpake_send_step2(bconn, ctx); - jpake_receive_step2(ctx, bconn); - jpake_send_step3a(bconn, ctx); - jpake_receive_step3b(ctx, bconn); - - BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - - OPENSSL_free(psk_key); - psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); - - BIO_pop(bconn); - BIO_free(bconn); - - JPAKE_CTX_free(ctx); -} - -void jpake_server_auth(BIO *out, BIO *conn, const char *secret) -{ - JPAKE_CTX *ctx; - BIO *bconn; - - BIO_puts(out, "Authenticating with JPAKE\n"); - - ctx = jpake_init("server", "client", secret); - - bconn = BIO_new(BIO_f_buffer()); - BIO_push(bconn, conn); - - jpake_receive_step1(ctx, bconn); - jpake_send_step1(bconn, ctx); - jpake_receive_step2(ctx, bconn); - jpake_send_step2(bconn, ctx); - jpake_receive_step3a(ctx, bconn); - jpake_send_step3b(bconn, ctx); - - BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - - OPENSSL_free(psk_key); - psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); - - BIO_pop(bconn); - BIO_free(bconn); - - JPAKE_CTX_free(ctx); -} - -#endif - /*- * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. diff --git a/apps/apps.h b/apps/apps.h index 878dc11c07..8f7ec18b1c 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -571,10 +571,6 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, # ifndef OPENSSL_NO_PSK extern char *psk_key; # endif -# ifndef OPENSSL_NO_JPAKE -void jpake_client_auth(BIO *out, BIO *conn, const char *secret); -void jpake_server_auth(BIO *out, BIO *conn, const char *secret); -# endif unsigned char *next_protos_parse(unsigned short *outlen, const char *in); diff --git a/apps/openssl.c b/apps/openssl.c index 732cdf105a..7783cc48c1 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -757,9 +757,6 @@ static void list_disabled(void) #ifdef OPENSSL_NO_IDEA BIO_puts(bio_out, "IDEA\n"); #endif -#ifdef OPENSSL_NO_JPAKE - BIO_puts(bio_out, "JPAKE\n"); -#endif #ifdef OPENSSL_NO_MD2 BIO_puts(bio_out, "MD2\n"); #endif diff --git a/apps/s_apps.h b/apps/s_apps.h index 8e12c2146c..435741547a 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -195,8 +195,7 @@ int load_excert(SSL_EXCERT **pexc); void print_verify_detail(SSL *s, BIO *bio); void print_ssl_summary(SSL *s); #ifdef HEADER_SSL_H -int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, - SSL_CTX *ctx, int no_jpake); +int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download); int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, diff --git a/apps/s_cb.c b/apps/s_cb.c index 30c9147d5c..a463dac4ff 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1198,7 +1198,7 @@ void print_ssl_summary(SSL *s) } int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, - SSL_CTX *ctx, int no_jpake) + SSL_CTX *ctx) { int i; @@ -1206,12 +1206,6 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) { const char *flag = sk_OPENSSL_STRING_value(str, i); const char *arg = sk_OPENSSL_STRING_value(str, i + 1); -#ifndef OPENSSL_NO_JPAKE - if (!no_jpake && (strcmp(flag, "-cipher") == 0)) { - BIO_puts(bio_err, "JPAKE sets cipher to PSK\n"); - return 0; - } -#endif if (SSL_CONF_cmd(cctx, flag, arg) <= 0) { if (arg) BIO_printf(bio_err, "Error with command: \"%s %s\"\n", @@ -1222,15 +1216,6 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, return 0; } } -#ifndef OPENSSL_NO_JPAKE - if (!no_jpake) { - if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0) { - BIO_puts(bio_err, "Error setting cipher to PSK\n"); - ERR_print_errors(bio_err); - return 0; - } - } -#endif if (!SSL_CONF_CTX_finish(cctx)) { BIO_puts(bio_err, "Error finishing context\n"); ERR_print_errors(bio_err); diff --git a/apps/s_client.c b/apps/s_client.c index 55d1283b1c..e820e7c03c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -648,7 +648,7 @@ typedef enum OPTION_choice { OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN, - OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE, + OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST, OPT_ASYNC, OPT_V_ENUM, @@ -780,9 +780,6 @@ OPTIONS s_client_options[] = { #ifndef OPENSSL_NO_PSK {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"}, {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, -# ifndef OPENSSL_NO_JPAKE - {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, -# endif #endif #ifndef OPENSSL_NO_SRP {"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"}, @@ -853,7 +850,7 @@ int s_client_main(int argc, char **argv) char *inrand = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p; - char *jpake_secret = NULL, *xmpphost = NULL; + char *xmpphost = NULL; const char *ehlo = "mail.example.com"; struct sockaddr peer; struct timeval timeout, *timeoutp; @@ -1316,11 +1313,6 @@ int s_client_main(int argc, char **argv) case OPT_SERVERNAME: servername = opt_arg(); break; - case OPT_JPAKE: -#ifndef OPENSSL_NO_JPAKE - jpake_secret = opt_arg(); -#endif - break; case OPT_USE_SRTP: srtp_profiles = opt_arg(); break; @@ -1378,15 +1370,6 @@ int s_client_main(int argc, char **argv) "Can't use unix sockets and datagrams together\n"); goto end; } -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - if (jpake_secret) { - if (psk_key) { - BIO_printf(bio_err, "Can't use JPAKE and PSK together\n"); - goto end; - } - psk_identity = "JPAKE"; - } -#endif #if !defined(OPENSSL_NO_NEXTPROTONEG) next_proto.status = -1; @@ -1506,7 +1489,7 @@ int s_client_main(int argc, char **argv) SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); } - if (!config_ctx(cctx, ssl_args, ctx, jpake_secret == NULL)) + if (!config_ctx(cctx, ssl_args, ctx)) goto end; if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, @@ -1528,10 +1511,10 @@ int s_client_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_PSK - if (psk_key != NULL || jpake_secret) { + if (psk_key != NULL) { if (c_debug) BIO_printf(bio_c_out, - "PSK key given or JPAKE in use, setting client callback\n"); + "PSK key given, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } #endif @@ -1774,10 +1757,6 @@ int s_client_main(int argc, char **argv) SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); } -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret) - jpake_client_auth(bio_c_out, sbio, jpake_secret); -#endif SSL_set_bio(con, sbio, sbio); SSL_set_connect_state(con); diff --git a/apps/s_server.c b/apps/s_server.c index 38030364bd..3c5b4222ef 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -785,7 +785,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure) return is_forward_secure; } -static char *jpake_secret = NULL; #ifndef OPENSSL_NO_SRP static srpsrvparm srp_callback_parm; #endif @@ -814,7 +813,7 @@ typedef enum OPTION_choice { OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, - OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_JPAKE, + OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_S_ENUM, OPT_V_ENUM, @@ -952,9 +951,6 @@ OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_PSK {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, -# ifndef OPENSSL_NO_JPAKE - {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, -# endif #endif #ifndef OPENSSL_NO_SRP {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, @@ -1501,14 +1497,6 @@ int s_server_main(int argc, char *argv[]) case OPT_ALPN: alpn_in = opt_arg(); break; -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - case OPT_JPAKE: - jpake_secret = opt_arg(); - break; -#else - case OPT_JPAKE: - goto opthelp; -#endif case OPT_SRTP_PROFILES: srtp_profiles = opt_arg(); break; @@ -1545,15 +1533,6 @@ int s_server_main(int argc, char *argv[]) goto end; } #endif -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - if (jpake_secret) { - if (psk_key) { - BIO_printf(bio_err, "Can't use JPAKE and PSK together\n"); - goto end; - } - psk_identity = "JPAKE"; - } -#endif if (!app_passwd(passarg, dpassarg, &pass, &dpass)) { BIO_printf(bio_err, "Error getting password\n"); @@ -1768,7 +1747,7 @@ int s_server_main(int argc, char *argv[]) } ssl_ctx_add_crls(ctx, crls, 0); - if (!config_ctx(cctx, ssl_args, ctx, jpake_secret == NULL)) + if (!config_ctx(cctx, ssl_args, ctx)) goto end; if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, @@ -1831,7 +1810,7 @@ int s_server_main(int argc, char *argv[]) } ssl_ctx_add_crls(ctx2, crls, 0); - if (!config_ctx(cctx, ssl_args, ctx2, jpake_secret == NULL)) + if (!config_ctx(cctx, ssl_args, ctx2)) goto end; } #ifndef OPENSSL_NO_NEXTPROTONEG @@ -1917,15 +1896,11 @@ int s_server_main(int argc, char *argv[]) not_resumable_sess_cb); } #ifndef OPENSSL_NO_PSK -# ifdef OPENSSL_NO_JPAKE if (psk_key != NULL) -# else - if (psk_key != NULL || jpake_secret) -# endif { if (s_debug) BIO_printf(bio_s_out, - "PSK key given or JPAKE in use, setting server callback\n"); + "PSK key given, setting server callback\n"); SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); } @@ -2175,10 +2150,6 @@ static int sv_body(const char *hostname, int s, int stype, test = BIO_new(BIO_f_nbio_test()); sbio = BIO_push(test, sbio); } -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret) - jpake_server_auth(bio_s_out, sbio, jpake_secret); -#endif SSL_set_bio(con, sbio, sbio); SSL_set_accept_state(con); diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index ffb1b834c7..4932587c9f 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -98,9 +98,6 @@ #ifndef OPENSSL_NO_CMS # include #endif -#ifndef OPENSSL_NO_JPAKE -# include -#endif #include #include @@ -154,9 +151,6 @@ void err_load_crypto_strings_intern(void) # ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); # endif -# ifndef OPENSSL_NO_JPAKE - ERR_load_JPAKE_strings(); -# endif # ifndef OPENSSL_NO_CT ERR_load_CT_strings(); # endif diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 1c6e96d977..88d7be50a9 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -32,7 +32,6 @@ L STORE include/openssl/store.h crypto/store/str_err.c L TS include/openssl/ts.h crypto/ts/ts_err.c L HMAC include/openssl/hmac.h crypto/hmac/hmac_err.c L CMS include/openssl/cms.h crypto/cms/cms_err.c -L JPAKE include/openssl/jpake.h crypto/jpake/jpake_err.c L FIPS include/openssl/fips.h crypto/fips_err.h L ASYNC include/openssl/async.h crypto/async/async_err.c diff --git a/crypto/jpake/Makefile.in b/crypto/jpake/Makefile.in deleted file mode 100644 index 9a75fae7ca..0000000000 --- a/crypto/jpake/Makefile.in +++ /dev/null @@ -1,36 +0,0 @@ -DIR=jpake -TOP=../.. - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL= Makefile - -LIB=$(TOP)/libcrypto.a -LIBOBJ=jpake.o jpake_err.o -LIBSRC=jpake.c jpake_err.c -SRC= $(LIBSRC) - -HEADER= - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -depend: - $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - -clean: - rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/jpake/build.info b/crypto/jpake/build.info deleted file mode 100644 index 7dfcf24611..0000000000 --- a/crypto/jpake/build.info +++ /dev/null @@ -1,3 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - jpake.c jpake_err.c diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c deleted file mode 100644 index abbcb89a2a..0000000000 --- a/crypto/jpake/jpake.c +++ /dev/null @@ -1,543 +0,0 @@ -#include -#include -#include -#include -#include -#include - -/* - * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or - * Bob's (x3, x4, x1, x2). If you see what I mean. - */ - -typedef struct { - char *name; /* Must be unique */ - char *peer_name; - BIGNUM *p; - BIGNUM *g; - BIGNUM *q; - BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */ - BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */ -} JPAKE_CTX_PUBLIC; - -struct JPAKE_CTX { - JPAKE_CTX_PUBLIC p; - BIGNUM *secret; /* The shared secret */ - BN_CTX *ctx; - BIGNUM *xa; /* Alice's x1 or Bob's x3 */ - BIGNUM *xb; /* Alice's x2 or Bob's x4 */ - BIGNUM *key; /* The calculated (shared) key */ -}; - -static void JPAKE_ZKP_init(JPAKE_ZKP *zkp) -{ - zkp->gr = BN_new(); - zkp->b = BN_new(); -} - -static void JPAKE_ZKP_release(JPAKE_ZKP *zkp) -{ - BN_free(zkp->b); - BN_free(zkp->gr); -} - -/* Two birds with one stone - make the global name as expected */ -#define JPAKE_STEP_PART_init JPAKE_STEP2_init -#define JPAKE_STEP_PART_release JPAKE_STEP2_release - -void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p) -{ - p->gx = BN_new(); - JPAKE_ZKP_init(&p->zkpx); -} - -void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p) -{ - JPAKE_ZKP_release(&p->zkpx); - BN_free(p->gx); -} - -void JPAKE_STEP1_init(JPAKE_STEP1 *s1) -{ - JPAKE_STEP_PART_init(&s1->p1); - JPAKE_STEP_PART_init(&s1->p2); -} - -void JPAKE_STEP1_release(JPAKE_STEP1 *s1) -{ - JPAKE_STEP_PART_release(&s1->p2); - JPAKE_STEP_PART_release(&s1->p1); -} - -static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name, - const char *peer_name, const BIGNUM *p, - const BIGNUM *g, const BIGNUM *q, - const BIGNUM *secret) -{ - ctx->p.name = OPENSSL_strdup(name); - ctx->p.peer_name = OPENSSL_strdup(peer_name); - ctx->p.p = BN_dup(p); - ctx->p.g = BN_dup(g); - ctx->p.q = BN_dup(q); - ctx->secret = BN_dup(secret); - - ctx->p.gxc = BN_new(); - ctx->p.gxd = BN_new(); - - ctx->xa = BN_new(); - ctx->xb = BN_new(); - ctx->key = BN_new(); - ctx->ctx = BN_CTX_new(); -} - -static void JPAKE_CTX_release(JPAKE_CTX *ctx) -{ - BN_CTX_free(ctx->ctx); - BN_clear_free(ctx->key); - BN_clear_free(ctx->xb); - BN_clear_free(ctx->xa); - - BN_free(ctx->p.gxd); - BN_free(ctx->p.gxc); - - BN_clear_free(ctx->secret); - BN_free(ctx->p.q); - BN_free(ctx->p.g); - BN_free(ctx->p.p); - OPENSSL_free(ctx->p.peer_name); - OPENSSL_free(ctx->p.name); - - memset(ctx, 0, sizeof(*ctx)); -} - -JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, - const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, - const BIGNUM *secret) -{ - JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); - if (ctx == NULL) - return NULL; - - JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret); - - return ctx; -} - -void JPAKE_CTX_free(JPAKE_CTX *ctx) -{ - if (!ctx) - return; - JPAKE_CTX_release(ctx); - OPENSSL_free(ctx); -} - -static void hashlength(SHA_CTX *sha, size_t l) -{ - unsigned char b[2]; - - OPENSSL_assert(l <= 0xffff); - b[0] = l >> 8; - b[1] = l & 0xff; - SHA1_Update(sha, b, 2); -} - -static void hashstring(SHA_CTX *sha, const char *string) -{ - size_t l = strlen(string); - - hashlength(sha, l); - SHA1_Update(sha, string, l); -} - -static int hashbn(SHA_CTX *sha, const BIGNUM *bn) -{ - size_t l = BN_num_bytes(bn); - unsigned char *bin = OPENSSL_malloc(l); - - if (bin == NULL) - return 0; - - hashlength(sha, l); - BN_bn2bin(bn, bin); - SHA1_Update(sha, bin, l); - OPENSSL_free(bin); - return 1; -} - -/* h=hash(g, g^r, g^x, name) */ -static int zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, - const char *proof_name) -{ - unsigned char md[SHA_DIGEST_LENGTH]; - SHA_CTX sha; - - /* - * XXX: hash should not allow moving of the boundaries - Java code - * is flawed in this respect. Length encoding seems simplest. - */ - SHA1_Init(&sha); - if (!hashbn(&sha, zkpg)) - return 0; - OPENSSL_assert(!BN_is_zero(p->zkpx.gr)); - if (!hashbn(&sha, p->zkpx.gr)) - return 0; - if (!hashbn(&sha, p->gx)) - return 0; - hashstring(&sha, proof_name); - SHA1_Final(md, &sha); - BN_bin2bn(md, SHA_DIGEST_LENGTH, h); - return 1; -} - -/* - * Prove knowledge of x - * Note that p->gx has already been calculated - */ -static int generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x, - const BIGNUM *zkpg, JPAKE_CTX *ctx) -{ - int res = 0; - BIGNUM *r = BN_new(); - BIGNUM *h = BN_new(); - BIGNUM *t = BN_new(); - - if (r == NULL || h == NULL || t == NULL) - goto end; - - /*- - * r in [0,q) - * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform - */ - BN_rand_range(r, ctx->p.q); - /* g^r */ - BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx); - - /* h=hash... */ - if (!zkp_hash(h, zkpg, p, ctx->p.name)) - goto end; - - /* b = r - x*h */ - BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx); - BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx); - - res = 1; - end: - /* cleanup */ - BN_free(t); - BN_free(h); - BN_free(r); - return res; -} - -static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, - JPAKE_CTX *ctx) -{ - BIGNUM *h = BN_new(); - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - BIGNUM *t3 = BN_new(); - int ret = 0; - - if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL) - goto end; - - if (!zkp_hash(h, zkpg, p, ctx->p.peer_name)) - goto end; - - /* t1 = g^b */ - BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx); - /* t2 = (g^x)^h = g^{hx} */ - BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx); - /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */ - BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx); - - /* verify t3 == g^r */ - if (BN_cmp(t3, p->zkpx.gr) == 0) - ret = 1; - else - JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); - - end: - /* cleanup */ - BN_free(t3); - BN_free(t2); - BN_free(t1); - BN_free(h); - - return ret; -} - -static int generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x, - const BIGNUM *g, JPAKE_CTX *ctx) -{ - BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx); - if (!generate_zkp(p, x, g, ctx)) - return 0; - return 1; -} - -/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */ -static void genrand(JPAKE_CTX *ctx) -{ - BIGNUM *qm1; - - /* xa in [0, q) */ - BN_rand_range(ctx->xa, ctx->p.q); - - /* q-1 */ - qm1 = BN_new(); - BN_copy(qm1, ctx->p.q); - BN_sub_word(qm1, 1); - - /* ... and xb in [0, q-1) */ - BN_rand_range(ctx->xb, qm1); - /* [1, q) */ - BN_add_word(ctx->xb, 1); - - /* cleanup */ - BN_free(qm1); -} - -int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) -{ - genrand(ctx); - if (!generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx)) - return 0; - if (!generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx)) - return 0; - - return 1; -} - -/* g^x is a legal value */ -static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) -{ - BIGNUM *t; - int res; - - if (BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) - return 0; - - t = BN_new(); - BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); - res = BN_is_one(t); - BN_free(t); - - return res; -} - -int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) -{ - if (!is_legal(received->p1.gx, ctx)) { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, - JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); - return 0; - } - - if (!is_legal(received->p2.gx, ctx)) { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, - JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); - return 0; - } - - /* verify their ZKP(xc) */ - if (!verify_zkp(&received->p1, ctx->p.g, ctx)) { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); - return 0; - } - - /* verify their ZKP(xd) */ - if (!verify_zkp(&received->p2, ctx->p.g, ctx)) { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED); - return 0; - } - - /* g^xd != 1 */ - if (BN_is_one(received->p2.gx)) { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE); - return 0; - } - - /* Save the bits we need for later */ - BN_copy(ctx->p.gxc, received->p1.gx); - BN_copy(ctx->p.gxd, received->p2.gx); - - return 1; -} - -int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) -{ - int ret; - - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - - /*- - * X = g^{(xa + xc + xd) * xb * s} - * t1 = g^xa - */ - BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx); - /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */ - BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx); - /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */ - BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx); - /* t2 = xb * s */ - BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx); - - /*- - * ZKP(xb * s) - * XXX: this is kinda funky, because we're using - * - * g' = g^{xa + xc + xd} - * - * as the generator, which means X is g'^{xb * s} - * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s} - */ - ret = generate_step_part(send, t2, t1, ctx); - - /* cleanup */ - BN_free(t1); - BN_free(t2); - - return ret; -} - -/* gx = g^{xc + xa + xb} * xd * s */ -static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx) -{ - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - BIGNUM *t3 = BN_new(); - - /*- - * K = (gx/g^{xb * xd * s})^{xb} - * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} - * = (g^{(xa + xc) * xd * s})^{xb} - * = g^{(xa + xc) * xb * xd * s} - * [which is the same regardless of who calculates it] - */ - - /* t1 = (g^{xd})^{xb} = g^{xb * xd} */ - BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx); - /* t2 = -s = q-s */ - BN_sub(t2, ctx->p.q, ctx->secret); - /* t3 = t1^t2 = g^{-xb * xd * s} */ - BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx); - /* t1 = gx * t3 = X/g^{xb * xd * s} */ - BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx); - /* K = t1^{xb} */ - BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx); - - /* cleanup */ - BN_free(t3); - BN_free(t2); - BN_free(t1); - - return 1; -} - -int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received) -{ - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - int ret = 0; - - /*- - * g' = g^{xc + xa + xb} [from our POV] - * t1 = xa + xb - */ - BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx); - /* t2 = g^{t1} = g^{xa+xb} */ - BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx); - /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */ - BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx); - - if (verify_zkp(received, t1, ctx)) - ret = 1; - else - JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED); - - compute_key(ctx, received->gx); - - /* cleanup */ - BN_free(t2); - BN_free(t1); - - return ret; -} - -static int quickhashbn(unsigned char *md, const BIGNUM *bn) -{ - SHA_CTX sha; - - SHA1_Init(&sha); - if (!hashbn(&sha, bn)) - return 0; - SHA1_Final(md, &sha); - return 1; -} - -void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a) -{ -} - -int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) -{ - if (!quickhashbn(send->hhk, ctx->key)) - return 0; - SHA1(send->hhk, sizeof send->hhk, send->hhk); - - return 1; -} - -int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received) -{ - unsigned char hhk[SHA_DIGEST_LENGTH]; - - if (!quickhashbn(hhk, ctx->key)) - return 0; - SHA1(hhk, sizeof hhk, hhk); - if (memcmp(hhk, received->hhk, sizeof hhk)) { - JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, - JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); - return 0; - } - return 1; -} - -void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a) -{ -} - -void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b) -{ -} - -int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx) -{ - if (!quickhashbn(send->hk, ctx->key)) - return 0; - return 1; -} - -int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received) -{ - unsigned char hk[SHA_DIGEST_LENGTH]; - - if (!quickhashbn(hk, ctx->key)) - return 0; - if (memcmp(hk, received->hk, sizeof hk)) { - JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); - return 0; - } - return 1; -} - -void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) -{ -} - -const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) -{ - return ctx->key; -} diff --git a/crypto/jpake/jpake_err.c b/crypto/jpake/jpake_err.c deleted file mode 100644 index d45f86c643..0000000000 --- a/crypto/jpake/jpake_err.c +++ /dev/null @@ -1,107 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason) - -static ERR_STRING_DATA JPAKE_str_functs[] = { - {ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"}, - {ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"}, - {ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"}, - {ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"}, - {ERR_FUNC(JPAKE_F_VERIFY_ZKP), "verify_zkp"}, - {0, NULL} -}; - -static ERR_STRING_DATA JPAKE_str_reasons[] = { - {ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL), - "g to the x3 is not legal"}, - {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL), - "g to the x4 is not legal"}, - {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE), "g to the x4 is one"}, - {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH), - "hash of hash of key mismatch"}, - {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH), "hash of key mismatch"}, - {ERR_REASON(JPAKE_R_VERIFY_B_FAILED), "verify b failed"}, - {ERR_REASON(JPAKE_R_VERIFY_X3_FAILED), "verify x3 failed"}, - {ERR_REASON(JPAKE_R_VERIFY_X4_FAILED), "verify x4 failed"}, - {ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED), "zkp verify failed"}, - {0, NULL} -}; - -#endif - -void ERR_load_JPAKE_strings(void) -{ -#ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL) { - ERR_load_strings(0, JPAKE_str_functs); - ERR_load_strings(0, JPAKE_str_reasons); - } -#endif -} diff --git a/include/openssl/jpake.h b/include/openssl/jpake.h deleted file mode 100644 index 371eed679c..0000000000 --- a/include/openssl/jpake.h +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Implement J-PAKE, as described in - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - * - * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. - */ - -#ifndef HEADER_JPAKE_H -# define HEADER_JPAKE_H - -# include - -# ifdef OPENSSL_NO_JPAKE -# error JPAKE is disabled. -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -# include -# include - -typedef struct JPAKE_CTX JPAKE_CTX; - -/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ -typedef struct { - BIGNUM *gr; /* g^r (r random) */ - BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ -} JPAKE_ZKP; - -typedef struct { - BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s - * in step 2 */ - JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ -} JPAKE_STEP_PART; - -typedef struct { - JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ - JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ -} JPAKE_STEP1; - -typedef JPAKE_STEP_PART JPAKE_STEP2; - -typedef struct { - unsigned char hhk[SHA_DIGEST_LENGTH]; -} JPAKE_STEP3A; - -typedef struct { - unsigned char hk[SHA_DIGEST_LENGTH]; -} JPAKE_STEP3B; - -/* Parameters are copied */ -JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, - const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, - const BIGNUM *secret); -void JPAKE_CTX_free(JPAKE_CTX *ctx); - -/* - * Note that JPAKE_STEP1 can be used multiple times before release - * without another init. - */ -void JPAKE_STEP1_init(JPAKE_STEP1 *s1); -int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); -int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); -void JPAKE_STEP1_release(JPAKE_STEP1 *s1); - -/* - * Note that JPAKE_STEP2 can be used multiple times before release - * without another init. - */ -void JPAKE_STEP2_init(JPAKE_STEP2 *s2); -int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); -int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); -void JPAKE_STEP2_release(JPAKE_STEP2 *s2); - -/* - * Optionally verify the shared key. If the shared secrets do not - * match, the two ends will disagree about the shared key, but - * otherwise the protocol will succeed. - */ -void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); -int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); -int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); -void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); - -void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); -int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); -int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); -void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); - -/* - * the return value belongs to the library and will be released when - * ctx is released, and will change when a new handshake is performed. - */ -const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_JPAKE_strings(void); - -/* Error codes for the JPAKE functions. */ - -/* Function codes. */ -# define JPAKE_F_JPAKE_STEP1_PROCESS 101 -# define JPAKE_F_JPAKE_STEP2_PROCESS 102 -# define JPAKE_F_JPAKE_STEP3A_PROCESS 103 -# define JPAKE_F_JPAKE_STEP3B_PROCESS 104 -# define JPAKE_F_VERIFY_ZKP 100 - -/* Reason codes. */ -# define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 -# define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 -# define JPAKE_R_G_TO_THE_X4_IS_ONE 105 -# define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 -# define JPAKE_R_HASH_OF_KEY_MISMATCH 107 -# define JPAKE_R_VERIFY_B_FAILED 102 -# define JPAKE_R_VERIFY_X3_FAILED 103 -# define JPAKE_R_VERIFY_X4_FAILED 104 -# define JPAKE_R_ZKP_VERIFY_FAILED 100 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/test/Makefile.in b/test/Makefile.in index 5a1839fad2..0a75304a2a 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -67,7 +67,6 @@ EVPTEST= evp_test EVPEXTRATEST=evp_extra_test P5_CRPT2_TEST= p5_crpt2_test IGETEST= igetest -JPAKETEST= jpaketest SECMEMTEST= secmemtest SRPTEST= srptest V3NAMETEST= v3nametest @@ -98,7 +97,7 @@ EXE= $(NPTEST)$(EXE_EXT) $(MEMLEAKTEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) \ $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \ - $(JPAKETEST)$(EXE_EXT) $(SECMEMTEST)$(EXE_EXT) \ + $(SECMEMTEST)$(EXE_EXT) \ $(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \ $(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \ $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ @@ -117,7 +116,7 @@ OBJ= $(NPTEST).o $(MEMLEAKTEST).o \ $(MDC2TEST).o $(RMDTEST).o $(DANETEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \ + $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(V3NAMETEST).o \ $(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \ $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o \ $(PACKETTEST).o $(ASYNCTEST).o $(DTLSV1LISTENTEST).o testutil.o @@ -131,7 +130,7 @@ SRC= $(NPTEST).c $(MEMLEAKTEST).c \ $(DESTEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \ + $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(V3NAMETEST).c \ $(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \ $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c $(CLIENTHELLOTEST).c \ $(PACKETTEST).c $(ASYNCTEST).c $(DTLSV1LISTENTEST).c testutil.c @@ -340,9 +339,6 @@ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) @target=$(IGETEST); $(BUILD_CMD) -$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) - @target=$(JPAKETEST); $(BUILD_CMD) - $(SECMEMTEST)$(EXE_EXT): $(SECMEMTEST).o $(DLIBCRYPTO) @target=$(SECMEMTEST); $(BUILD_CMD) diff --git a/test/build.info b/test/build.info index a32169220a..39b052f0f1 100644 --- a/test/build.info +++ b/test/build.info @@ -9,7 +9,7 @@ PROGRAMS=\ mdc2test rmdtest \ randtest dhtest enginetest casttest \ bftest ssltest dsatest exptest rsa_test \ - evp_test evp_extra_test igetest jpaketest v3nametest \ + evp_test evp_extra_test igetest v3nametest \ danetest heartbeat_test p5_crpt2_test \ constant_time_test verify_extra_test clienthellotest \ packettest asynctest secmemtest srptest memleaktest \ @@ -151,10 +151,6 @@ SOURCE[igetest]=igetest.c INCLUDE[igetest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include DEPEND[igetest]=../libcrypto -SOURCE[jpaketest]=jpaketest.c -INCLUDE[jpaketest]={- rel2abs(catdir($builddir,"../include")) -} ../include -DEPEND[jpaketest]=../libcrypto - SOURCE[v3nametest]=v3nametest.c INCLUDE[v3nametest]={- rel2abs(catdir($builddir,"../include")) -} ../include DEPEND[v3nametest]=../libcrypto diff --git a/test/jpaketest.c b/test/jpaketest.c deleted file mode 100644 index 2b61705bf8..0000000000 --- a/test/jpaketest.c +++ /dev/null @@ -1,184 +0,0 @@ -#include - -#ifdef OPENSSL_NO_JPAKE - -# include - -int main(int argc, char *argv[]) -{ - printf("No J-PAKE support\n"); - return (0); -} - -#else - -# include -# include - -static void showbn(const char *name, const BIGNUM *bn) -{ - fputs(name, stdout); - fputs(" = ", stdout); - BN_print_fp(stdout, bn); - putc('\n', stdout); -} - -static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) -{ - JPAKE_STEP1 alice_s1; - JPAKE_STEP1 bob_s1; - JPAKE_STEP2 alice_s2; - JPAKE_STEP2 bob_s2; - JPAKE_STEP3A alice_s3a; - JPAKE_STEP3B bob_s3b; - - /* Alice -> Bob: step 1 */ - puts("A->B s1"); - JPAKE_STEP1_init(&alice_s1); - JPAKE_STEP1_generate(&alice_s1, alice); - if (!JPAKE_STEP1_process(bob, &alice_s1)) { - printf("Bob fails to process Alice's step 1\n"); - ERR_print_errors_fp(stdout); - return 1; - } - JPAKE_STEP1_release(&alice_s1); - - /* Bob -> Alice: step 1 */ - puts("B->A s1"); - JPAKE_STEP1_init(&bob_s1); - JPAKE_STEP1_generate(&bob_s1, bob); - if (!JPAKE_STEP1_process(alice, &bob_s1)) { - printf("Alice fails to process Bob's step 1\n"); - ERR_print_errors_fp(stdout); - return 2; - } - JPAKE_STEP1_release(&bob_s1); - - /* Alice -> Bob: step 2 */ - puts("A->B s2"); - JPAKE_STEP2_init(&alice_s2); - JPAKE_STEP2_generate(&alice_s2, alice); - if (!JPAKE_STEP2_process(bob, &alice_s2)) { - printf("Bob fails to process Alice's step 2\n"); - ERR_print_errors_fp(stdout); - return 3; - } - JPAKE_STEP2_release(&alice_s2); - - /* Bob -> Alice: step 2 */ - puts("B->A s2"); - JPAKE_STEP2_init(&bob_s2); - JPAKE_STEP2_generate(&bob_s2, bob); - if (!JPAKE_STEP2_process(alice, &bob_s2)) { - printf("Alice fails to process Bob's step 2\n"); - ERR_print_errors_fp(stdout); - return 4; - } - JPAKE_STEP2_release(&bob_s2); - - showbn("Alice's key", JPAKE_get_shared_key(alice)); - showbn("Bob's key ", JPAKE_get_shared_key(bob)); - - /* Alice -> Bob: step 3a */ - puts("A->B s3a"); - JPAKE_STEP3A_init(&alice_s3a); - JPAKE_STEP3A_generate(&alice_s3a, alice); - if (!JPAKE_STEP3A_process(bob, &alice_s3a)) { - printf("Bob fails to process Alice's step 3a\n"); - ERR_print_errors_fp(stdout); - return 5; - } - JPAKE_STEP3A_release(&alice_s3a); - - /* Bob -> Alice: step 3b */ - puts("B->A s3b"); - JPAKE_STEP3B_init(&bob_s3b); - JPAKE_STEP3B_generate(&bob_s3b, bob); - if (!JPAKE_STEP3B_process(alice, &bob_s3b)) { - printf("Alice fails to process Bob's step 3b\n"); - ERR_print_errors_fp(stdout); - return 6; - } - JPAKE_STEP3B_release(&bob_s3b); - - return 0; -} - -int main(int argc, char **argv) -{ - JPAKE_CTX *alice; - JPAKE_CTX *bob; - BIGNUM *p = NULL; - BIGNUM *g = NULL; - BIGNUM *q = NULL; - BIGNUM *secret = BN_new(); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - BIO *bio_err; - - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); -#endif - - /*- - BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); - BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); - BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5"); - */ - /*- - p = BN_new(); - BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); - */ - /* Use a safe prime for p (that we found earlier) */ - BN_hex2bn(&p, - "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); - showbn("p", p); - g = BN_new(); - BN_set_word(g, 2); - showbn("g", g); - q = BN_new(); - BN_rshift1(q, p); - showbn("q", q); - - BN_rand(secret, 32, -1, 0); - - /* A normal run, expect this to work... */ - alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); - bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); - - if (run_jpake(alice, bob) != 0) { - fprintf(stderr, "Plain JPAKE run failed\n"); - return 1; - } - - JPAKE_CTX_free(bob); - JPAKE_CTX_free(alice); - - /* Now give Alice and Bob different secrets */ - alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); - BN_add_word(secret, 1); - bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); - - if (run_jpake(alice, bob) != 5) { - fprintf(stderr, "Mismatched secret JPAKE run failed\n"); - return 1; - } - - JPAKE_CTX_free(bob); - JPAKE_CTX_free(alice); - - BN_free(secret); - BN_free(q); - BN_free(g); - BN_free(p); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - return 1; -#endif - - return 0; -} - -#endif diff --git a/test/recipes/90-test_jpake.t b/test/recipes/90-test_jpake.t deleted file mode 100644 index 519bf1ebba..0000000000 --- a/test/recipes/90-test_jpake.t +++ /dev/null @@ -1,5 +0,0 @@ -#! /usr/bin/perl - -use OpenSSL::Test::Simple; - -simple_test("test_jpake", "jpaketest", "jpake"); diff --git a/util/indent.pro b/util/indent.pro index abfccc7841..b7958e31aa 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -297,13 +297,6 @@ -T IPAddressOrRange -T IPAddressOrRanges -T ISSUING_DIST_POINT --T JPAKE_CTX --T JPAKE_STEP1 --T JPAKE_STEP2 --T JPAKE_STEP3A --T JPAKE_STEP3B --T JPAKE_STEP_PART --T JPAKE_ZKP -T KEY_TABLE_TYPE -T LHASH -T LHASH_COMP_FN_TYPE diff --git a/util/libeay.num b/util/libeay.num index 4d50324464..ca8e9ece68 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3616,27 +3616,6 @@ CRYPTO_dbg_remove_all_info 4090 1_1_0 NOEXIST::FUNCTION: OPENSSL_init 4091 1_1_0 EXIST::FUNCTION: private_Camellia_set_key 4092 1_1_0 NOEXIST::FUNCTION: CRYPTO_strdup 4093 1_1_0 EXIST::FUNCTION: -JPAKE_STEP3A_process 4094 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP1_release 4095 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_get_shared_key 4096 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP3B_init 4097 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP1_generate 4098 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP1_init 4099 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP3B_process 4100 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP2_generate 4101 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_CTX_new 4102 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_CTX_free 4103 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP3B_release 4104 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP3A_release 4105 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP2_process 4106 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP3B_generate 4107 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP1_process 4108 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP3A_generate 4109 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP2_release 4110 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP3A_init 4111 1_1_0 EXIST::FUNCTION:JPAKE -ERR_load_JPAKE_strings 4112 1_1_0 EXIST::FUNCTION:JPAKE -JPAKE_STEP2_init 4113 1_1_0 EXIST::FUNCTION:JPAKE -pqueue_size 4114 1_1_0 NOEXIST::FUNCTION: i2d_TS_ACCURACY 4115 1_1_0 EXIST::FUNCTION: i2d_TS_MSG_IMPRINT_fp 4116 1_1_0 EXIST::FUNCTION:STDIO i2d_TS_MSG_IMPRINT 4117 1_1_0 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 4b5acbe81b..085db5f4c5 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -306,7 +306,6 @@ $cflags.=" -DOPENSSL_NO_ASYNC" if $no_async; $cflags.=" -DOPENSSL_NO_AUTOALGINIT" if $no_autoalginit; $cflags.=" -DOPENSSL_NO_AUTOERRINIT" if $no_autoerrinit; $cflags.=" -DOPENSSL_FIPS" if $fips; -$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -1037,7 +1036,6 @@ sub var_add return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; return("") if $no_cms && $dir =~ /\/cms/; - return("") if $no_jpake && $dir =~ /\/jpake/; return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { @@ -1397,7 +1395,6 @@ sub read_options "no-ssl3-method" => 0, "no-srp" => \$no_srp, "no-cms" => \$no_cms, - "no-jpake" => \$no_jpake, "no-ec2m" => \$no_ec2m, "no-ec_nistp_64_gcc_128" => 0, "no-err" => \$no_err, diff --git a/util/mkdef.pl b/util/mkdef.pl index 2de27c078a..4ada9ad528 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -102,8 +102,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAPIENG", # SSL v3 method "SSL3_METHOD", - # JPAKE - "JPAKE", # NEXTPROTONEG "NEXTPROTONEG", # Deprecated functions @@ -293,7 +291,6 @@ $crypto.=" include/openssl/ocsp.h"; $crypto.=" include/openssl/ui.h"; #$crypto.=" include/openssl/store.h"; $crypto.=" include/openssl/cms.h"; -$crypto.=" include/openssl/jpake.h"; $crypto.=" include/openssl/srp.h"; $crypto.=" include/openssl/modes.h"; $crypto.=" include/openssl/async.h"; diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 55dfbc64e3..1e5f84e049 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -48,7 +48,6 @@ my @dirs = ( "crypto/x509v3", "crypto/cms", "crypto/conf", -"crypto/jpake", "crypto/txt_db", "crypto/pkcs7", "crypto/pkcs12", -- 2.25.1