4 files changed, 4 insertions, 317 deletions

diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index b2efe6db39..a96de0cd9a 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -2173,240 +2173,6 @@ policies_print(BIO * out, X509_STORE_CTX * ctx)
                 BIO_free(out);
 }
 
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-
-static JPAKE_CTX *
-jpake_init(const char *us, const char *them,
-    const char *secret)
-{
-        BIGNUM *p = NULL;
-        BIGNUM *g = NULL;
-        BIGNUM *q = NULL;
-        BIGNUM *bnsecret = BN_new();
-        JPAKE_CTX *ctx;
-
-        /* Use a safe prime for p (that we found earlier) */
-        BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
-        g = BN_new();
-        BN_set_word(g, 2);
-        q = BN_new();
-        BN_rshift1(q, p);
-
-        BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret);
-
-        ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
-        BN_free(bnsecret);
-        BN_free(q);
-        BN_free(g);
-        BN_free(p);
-
-        return ctx;
-}
-
-static void
-jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p)
-{
-        BN_print(conn, p->gx);
-        BIO_puts(conn, "\n");
-        BN_print(conn, p->zkpx.gr);
-        BIO_puts(conn, "\n");
-        BN_print(conn, p->zkpx.b);
-        BIO_puts(conn, "\n");
-}
-
-static void
-jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP1 s1;
-
-        JPAKE_STEP1_init(&s1);
-        JPAKE_STEP1_generate(&s1, ctx);
-        jpake_send_part(bconn, &s1.p1);
-        jpake_send_part(bconn, &s1.p2);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP1_release(&s1);
-}
-
-static void
-jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP2 s2;
-
-        JPAKE_STEP2_init(&s2);
-        JPAKE_STEP2_generate(&s2, ctx);
-        jpake_send_part(bconn, &s2);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP2_release(&s2);
-}
-
-static void
-jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP3A s3a;
-
-        JPAKE_STEP3A_init(&s3a);
-        JPAKE_STEP3A_generate(&s3a, ctx);
-        BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP3A_release(&s3a);
-}
-
-static void
-jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP3B s3b;
-
-        JPAKE_STEP3B_init(&s3b);
-        JPAKE_STEP3B_generate(&s3b, ctx);
-        BIO_write(bconn, s3b.hk, sizeof s3b.hk);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP3B_release(&s3b);
-}
-
-static void
-readbn(BIGNUM ** bn, BIO * bconn)
-{
-        char buf[10240];
-        int l;
-
-        l = BIO_gets(bconn, buf, sizeof buf);
-        assert(l > 0);
-        assert(buf[l - 1] == '\n');
-        buf[l - 1] = '\0';
-        BN_hex2bn(bn, buf);
-}
-
-static void
-jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn)
-{
-        readbn(&p->gx, bconn);
-        readbn(&p->zkpx.gr, bconn);
-        readbn(&p->zkpx.b, bconn);
-}
-
-static void
-jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP1 s1;
-
-        JPAKE_STEP1_init(&s1);
-        jpake_receive_part(&s1.p1, bconn);
-        jpake_receive_part(&s1.p2, bconn);
-        if (!JPAKE_STEP1_process(ctx, &s1)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP1_release(&s1);
-}
-
-static void
-jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP2 s2;
-
-        JPAKE_STEP2_init(&s2);
-        jpake_receive_part(&s2, bconn);
-        if (!JPAKE_STEP2_process(ctx, &s2)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP2_release(&s2);
-}
-
-static void
-jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP3A s3a;
-        int l;
-
-        JPAKE_STEP3A_init(&s3a);
-        l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
-        assert(l == sizeof s3a.hhk);
-        if (!JPAKE_STEP3A_process(ctx, &s3a)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP3A_release(&s3a);
-}
-
-static void
-jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP3B s3b;
-        int l;
-
-        JPAKE_STEP3B_init(&s3b);
-        l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
-        assert(l == sizeof s3b.hk);
-        if (!JPAKE_STEP3B_process(ctx, &s3b)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP3B_release(&s3b);
-}
-
-void
-jpake_client_auth(BIO * out, BIO * conn, const char *secret)
-{
-        JPAKE_CTX *ctx;
-        BIO *bconn;
-
-        BIO_puts(out, "Authenticating with JPAKE\n");
-
-        ctx = jpake_init("client", "server", secret);
-
-        bconn = BIO_new(BIO_f_buffer());
-        BIO_push(bconn, conn);
-
-        jpake_send_step1(bconn, ctx);
-        jpake_receive_step1(ctx, bconn);
-        jpake_send_step2(bconn, ctx);
-        jpake_receive_step2(ctx, bconn);
-        jpake_send_step3a(bconn, ctx);
-        jpake_receive_step3b(ctx, bconn);
-
-        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
-        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
-        BIO_pop(bconn);
-        BIO_free(bconn);
-
-        JPAKE_CTX_free(ctx);
-}
-
-void
-jpake_server_auth(BIO * out, BIO * conn, const char *secret)
-{
-        JPAKE_CTX *ctx;
-        BIO *bconn;
-
-        BIO_puts(out, "Authenticating with JPAKE\n");
-
-        ctx = jpake_init("server", "client", secret);
-
-        bconn = BIO_new(BIO_f_buffer());
-        BIO_push(bconn, conn);
-
-        jpake_receive_step1(ctx, bconn);
-        jpake_send_step1(bconn, ctx);
-        jpake_receive_step2(ctx, bconn);
-        jpake_send_step2(bconn, ctx);
-        jpake_receive_step3a(ctx, bconn);
-        jpake_send_step3b(bconn, ctx);
-
-        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
-        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
-        BIO_pop(bconn);
-        BIO_free(bconn);
-
-        JPAKE_CTX_free(ctx);
-}
-
-#endif
-
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 /* next_protos_parse parses a comma separated list of strings into a string
  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index 42c5f9e368..cbbf0eaefd 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -246,10 +246,6 @@ int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
 #ifndef OPENSSL_NO_PSK
 extern char *psk_key;
 #endif
-#ifndef OPENSSL_NO_JPAKE
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
-#endif
 
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 3dc613ebc2..b90a096b40 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -301,9 +301,6 @@ sc_usage(void)
 #ifndef OPENSSL_NO_PSK
         BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");
         BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
-#ifndef OPENSSL_NO_JPAKE
-        BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
-#endif
 #endif
         BIO_printf(bio_err, " -ssl3         - just use SSLv3\n");
         BIO_printf(bio_err, " -tls1_2       - just use TLSv1.2\n");
@@ -467,9 +464,6 @@ s_client_main(int argc, char **argv)
         int peerlen = sizeof(peer);
         int enable_timeouts = 0;
         long socket_mtu = 0;
-#ifndef OPENSSL_NO_JPAKE
-        char *jpake_secret = NULL;
-#endif
 
         meth = SSLv23_client_method();
 
@@ -727,13 +721,6 @@ s_client_main(int argc, char **argv)
                         /* meth=TLSv1_client_method(); */
                 }
 #endif
-#ifndef OPENSSL_NO_JPAKE
-                else if (strcmp(*argv, "-jpake") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        jpake_secret = *++argv;
-                }
-#endif
 #ifndef OPENSSL_NO_SRTP
                 else if (strcmp(*argv, "-use_srtp") == 0) {
                         if (--argc < 1)
@@ -764,21 +751,6 @@ bad:
                 sc_usage();
                 goto end;
         }
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-        if (jpake_secret) {
-                if (psk_key) {
-                        BIO_printf(bio_err,
-                            "Can't use JPAKE and PSK together\n");
-                        goto end;
-                }
-                psk_identity = "JPAKE";
-                if (cipher) {
-                        BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-                        goto end;
-                }
-                cipher = "PSK";
-        }
-#endif
 
         OpenSSL_add_ssl_algorithms();
         SSL_load_error_strings();
@@ -862,14 +834,9 @@ bad:
 #endif
 
 #ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
-        if (psk_key != NULL)
-#else
-        if (psk_key != NULL || jpake_secret)
-#endif
-        {
+        if (psk_key != NULL) {
                 if (c_debug)
-                        BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
+                        BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
                 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
         }
 #endif
@@ -1055,10 +1022,6 @@ re_start:
 #endif
         }
 #endif
-#ifndef OPENSSL_NO_JPAKE
-        if (jpake_secret)
-                jpake_client_auth(bio_c_out, sbio, jpake_secret);
-#endif
 
         SSL_set_bio(con, sbio, sbio);
         SSL_set_connect_state(con);
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index c34816749a..6cb43ed45d 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -426,11 +426,7 @@ sv_usage(void)
 #ifndef OPENSSL_NO_PSK
         BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
         BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
-#ifndef OPENSSL_NO_JPAKE
-        BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
 #endif
-#endif
-        BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
         BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
         BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
         BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
@@ -676,9 +672,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
 
 int s_server_main(int, char **);
 
-#ifndef OPENSSL_NO_JPAKE
-static char *jpake_secret = NULL;
-#endif
 #ifndef OPENSSL_NO_SRTP
 static char *srtp_profiles = NULL;
 #endif
@@ -1009,13 +1002,6 @@ s_server_main(int argc, char *argv[])
                 }
 #endif
 #endif
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-                else if (strcmp(*argv, "-jpake") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        jpake_secret = *(++argv);
-                }
-#endif
 #ifndef OPENSSL_NO_SRTP
                 else if (strcmp(*argv, "-use_srtp") == 0) {
                         if (--argc < 1)
@@ -1046,21 +1032,6 @@ bad:
                 sv_usage();
                 goto end;
         }
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-        if (jpake_secret) {
-                if (psk_key) {
-                        BIO_printf(bio_err,
-                            "Can't use JPAKE and PSK together\n");
-                        goto end;
-                }
-                psk_identity = "JPAKE";
-                if (cipher) {
-                        BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-                        goto end;
-                }
-                cipher = "PSK";
-        }
-#endif
 
         SSL_load_error_strings();
         OpenSSL_add_ssl_algorithms();
@@ -1414,14 +1385,9 @@ bad:
 #endif
 
 #ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
-        if (psk_key != NULL)
-#else
-        if (psk_key != NULL || jpake_secret)
-#endif
-        {
+        if (psk_key != NULL) {
                 if (s_debug)
-                        BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
+                        BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
                 SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
         }
         if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
@@ -1628,10 +1594,6 @@ sv_body(char *hostname, int s, unsigned char *context)
                 test = BIO_new(BIO_f_nbio_test());
                 sbio = BIO_push(test, sbio);
         }
-#ifndef OPENSSL_NO_JPAKE
-        if (jpake_secret)
-                jpake_server_auth(bio_s_out, sbio, jpake_secret);
-#endif
 
         SSL_set_bio(con, sbio, sbio);
         SSL_set_accept_state(con);