Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.

[openssl.git] / apps / apps.c
diff --git a/apps/apps.c b/apps/apps.c

index f3087fc2650c5935bc4dc04f9cb0f86cd664c663..6a65f94434055a43ac0b03eee2c0801e3fb55e0d 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -137,7 +137,9 @@
  #include <openssl/rsa.h>
  #endif
  #include <openssl/bn.h>
+#ifdef OPENSSL_EXPERIMENTAL_JPAKE
  #include <openssl/jpake.h>
+#endif
  
  #define NON_MAIN
  #include "apps.h"
@@ -2379,6 +2381,8 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
                 BIO_free(out);
         }
  
+#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+
  static JPAKE_CTX *jpake_init(const char *us, const char *them,
                                                          const char *secret)
         {
@@ -2388,14 +2392,14 @@ static JPAKE_CTX *jpake_init(const char *us, const char *them,
         BIGNUM *bnsecret = BN_new();
         JPAKE_CTX *ctx;
  
-       // Use a safe prime for p (that we found earlier)
+       /* Use a safe prime for p (that we found earlier) */
         BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
         g = BN_new();
         BN_set_word(g, 2);
         q = BN_new();
         BN_rshift1(q, p);
  
-       BN_bin2bn(secret, strlen(secret), bnsecret);
+       BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
  
         ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
         BN_free(bnsecret);
@@ -2424,7 +2428,7 @@ static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
         JPAKE_STEP1_generate(&s1, ctx);
         jpake_send_part(bconn, &s1.p1);
         jpake_send_part(bconn, &s1.p2);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
         JPAKE_STEP1_release(&s1);
         }
  
@@ -2435,7 +2439,7 @@ static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
         JPAKE_STEP2_init(&s2);
         JPAKE_STEP2_generate(&s2, ctx);
         jpake_send_part(bconn, &s2);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
         JPAKE_STEP2_release(&s2);
         }
  
@@ -2446,7 +2450,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
         JPAKE_STEP3A_init(&s3a);
         JPAKE_STEP3A_generate(&s3a, ctx);
         BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
         JPAKE_STEP3A_release(&s3a);
         }
  
@@ -2457,7 +2461,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
         JPAKE_STEP3B_init(&s3b);
         JPAKE_STEP3B_generate(&s3b, ctx);
         BIO_write(bconn, s3b.hk, sizeof s3b.hk);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
         JPAKE_STEP3B_release(&s3b);
         }
  
@@ -2560,10 +2564,14 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
         jpake_send_step3a(bconn, ctx);
         jpake_receive_step3b(ctx, bconn);
  
-       BIO_puts(out, "JPAKE authentication succeeded\n");
+       BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+       psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
  
         BIO_pop(bconn);
         BIO_free(bconn);
+
+       JPAKE_CTX_free(ctx);
         }
  
  void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
@@ -2585,12 +2593,18 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
         jpake_receive_step3a(ctx, bconn);
         jpake_send_step3b(bconn, ctx);
  
-       BIO_puts(out, "JPAKE authentication succeeded\n");
+       BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+       psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
  
         BIO_pop(bconn);
         BIO_free(bconn);
+
+       JPAKE_CTX_free(ctx);
         }
  
+#endif
+
  /*
   * Platform-specific sections
   */