1 files changed, 53 insertions, 56 deletions
diff --git a/src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c b/src/lib/libcrypto/idea/i_cfb64.c
index 874920b466..66d49d520e 100644
--- a/src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c
+++ b/src/lib/libcrypto/idea/i_cfb64.c
@@ -1,4 +1,4 @@
-/* crypto/dh/dh_check.c */
+/* crypto/idea/i_cfb64.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,70 +56,67 @@
 * [including the GNU Public Licence.]
 */
-#include <stdio.h>
+#include <openssl/idea.h>
-#include <openssl/bn.h>
+#include "idea_lcl.h"
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#ifdef OPENSSL_FIPS
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
-/* Check that p is a safe prime and
+ * 64bit block we have used is contained in *num;
- * if g is 2, 3 or 5, check that is is a suitable generator
- * where
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5
- * for 5, p mod 10 == 3 or 7
- * should hold.
 */
-int DH_check(const DH *dh, int *ret)
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num, int encrypt)
        {
-        int ok=0;
+        register unsigned long v0,v1,t;
-        BN_CTX *ctx=NULL;
+        register int n= *num;
-        BN_ULONG l;
+        register long l=length;
-        BIGNUM *q=NULL;
+        unsigned long ti[2];
+        unsigned char *iv,c,cc;
-        *ret=0;
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        q=BN_new();
-        if (q == NULL) goto err;
-        if (BN_is_word(dh->g,DH_GENERATOR_2))
+        iv=(unsigned char *)ivec;
-                {
+        if (encrypt)
-                l=BN_mod_word(dh->p,24);
-                if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
-                }
-#if 0
-        else if (BN_is_word(dh->g,DH_GENERATOR_3))
                {
-                l=BN_mod_word(dh->p,12);
+                while (l--)
-                if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                idea_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
                }
-#endif
-        else if (BN_is_word(dh->g,DH_GENERATOR_5))
-                {
-                l=BN_mod_word(dh->p,10);
-                if ((l != 3) && (l != 7))
-                        *ret|=DH_NOT_SUITABLE_GENERATOR;
-                }
-        else
-                *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
-        if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
-                *ret|=DH_CHECK_P_NOT_PRIME;
        else
                {
-                if (!BN_rshift1(q,dh->p)) goto err;
+                while (l--)
-                if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+                        {
-                        *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                idea_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
                }
-        ok=1;
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
-err:
+        *num=n;
-        if (ctx != NULL) BN_CTX_free(ctx);
-        if (q != NULL) BN_free(q);
-        return(ok);
        }
-#endif
-#endif

diff --git a/src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c b/src/lib/libcrypto/idea/i_cfb64.c index 874920b466..66d49d520e 100644 --- a/src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c +++ b/src/lib/libcrypto/idea/i_cfb64.c
@@ -1,4 +1,4 @@
1	/* crypto/dh/dh_check.c */	1	/* crypto/idea/i_cfb64.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -56,70 +56,67 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
59	#include <stdio.h>	59	#include <openssl/idea.h>
60	#include <openssl/bn.h>	60	#include "idea_lcl.h"
61	#ifndef OPENSSL_NO_DH
62	#include <openssl/dh.h>
63		61
64	#ifdef OPENSSL_FIPS	62	/* The input and output encrypted as though 64bit cfb mode is being
65		63	* used. The extra state information to record how much of the
66	/* Check that p is a safe prime and	64	* 64bit block we have used is contained in *num;
67	* if g is 2, 3 or 5, check that is is a suitable generator
68	* where
69	* for 2, p mod 24 == 11
70	* for 3, p mod 12 == 5
71	* for 5, p mod 10 == 3 or 7
72	* should hold.
73	*/	65	*/
74		66
75	int DH_check(const DH dh, int ret)	67	void idea_cfb64_encrypt(const unsigned char in, unsigned char out,
		68	long length, IDEA_KEY_SCHEDULE *schedule,
		69	unsigned char ivec, int num, int encrypt)
76	{	70	{
77	int ok=0;	71	register unsigned long v0,v1,t;
78	BN_CTX *ctx=NULL;	72	register int n= *num;
79	BN_ULONG l;	73	register long l=length;
80	BIGNUM *q=NULL;	74	unsigned long ti[2];
81		75	unsigned char *iv,c,cc;
82	*ret=0;
83	ctx=BN_CTX_new();
84	if (ctx == NULL) goto err;
85	q=BN_new();
86	if (q == NULL) goto err;
87		76
88	if (BN_is_word(dh->g,DH_GENERATOR_2))	77	iv=(unsigned char *)ivec;
89	{	78	if (encrypt)
90	l=BN_mod_word(dh->p,24);
91	if (l != 11) *ret\|=DH_NOT_SUITABLE_GENERATOR;
92	}
93	#if 0
94	else if (BN_is_word(dh->g,DH_GENERATOR_3))
95	{	79	{
96	l=BN_mod_word(dh->p,12);	80	while (l--)
97	if (l != 5) *ret\|=DH_NOT_SUITABLE_GENERATOR;	81	{
		82	if (n == 0)
		83	{
		84	n2l(iv,v0); ti[0]=v0;
		85	n2l(iv,v1); ti[1]=v1;
		86	idea_encrypt((unsigned long *)ti,schedule);
		87	iv=(unsigned char *)ivec;
		88	t=ti[0]; l2n(t,iv);
		89	t=ti[1]; l2n(t,iv);
		90	iv=(unsigned char *)ivec;
		91	}
		92	c= *(in++)^iv[n];
		93	*(out++)=c;
		94	iv[n]=c;
		95	n=(n+1)&0x07;
		96	}
98	}	97	}
99	#endif
100	else if (BN_is_word(dh->g,DH_GENERATOR_5))
101	{
102	l=BN_mod_word(dh->p,10);
103	if ((l != 3) && (l != 7))
104	*ret\|=DH_NOT_SUITABLE_GENERATOR;
105	}
106	else
107	*ret\|=DH_UNABLE_TO_CHECK_GENERATOR;
108
109	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
110	*ret\|=DH_CHECK_P_NOT_PRIME;
111	else	98	else
112	{	99	{
113	if (!BN_rshift1(q,dh->p)) goto err;	100	while (l--)
114	if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))	101	{
115	*ret\|=DH_CHECK_P_NOT_SAFE_PRIME;	102	if (n == 0)
		103	{
		104	n2l(iv,v0); ti[0]=v0;
		105	n2l(iv,v1); ti[1]=v1;
		106	idea_encrypt((unsigned long *)ti,schedule);
		107	iv=(unsigned char *)ivec;
		108	t=ti[0]; l2n(t,iv);
		109	t=ti[1]; l2n(t,iv);
		110	iv=(unsigned char *)ivec;
		111	}
		112	cc= *(in++);
		113	c=iv[n];
		114	iv[n]=cc;
		115	*(out++)=c^cc;
		116	n=(n+1)&0x07;
		117	}
116	}	118	}
117	ok=1;	119	v0=v1=ti[0]=ti[1]=t=c=cc=0;
118	err:	120	*num=n;
119	if (ctx != NULL) BN_CTX_free(ctx);
120	if (q != NULL) BN_free(q);
121	return(ok);
122	}	121	}
123		122
124	#endif
125	#endif