devel/openssl/openssl-1.0.0-beta3-fipscheck.patch

diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips.c
--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck	2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips.c	2009-08-10 20:11:59.000000000 +0200
@@ -47,6 +47,7 @@
  *
  */
 
+#define _GNU_SOURCE
 
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
@@ -56,6 +57,9 @@
 #include <openssl/rsa.h>
 #include <string.h>
 #include <limits.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
@@ -165,6 +169,204 @@ int FIPS_selftest()
 	&& FIPS_selftest_dsa();
     }
 
+/* we implement what libfipscheck does ourselves */
+
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+	Dl_info info;
+	void *dl, *sym;
+	int rv = -1;
+
+        dl = dlopen(libname, RTLD_LAZY);
+        if (dl == NULL) {
+	        return -1;
+        }       
+
+	sym = dlsym(dl, symbolname);
+
+	if (sym != NULL && dladdr(sym, &info)) {
+		strncpy(path, info.dli_fname, pathlen-1);
+		path[pathlen-1] = '\0';
+		rv = 0;
+	}
+
+	dlclose(dl);	
+	
+	return rv;
+}
+
+static const char conv[] = "0123456789abcdef";
+
+static char *
+bin2hex(void *buf, size_t len)
+{
+	char *hex, *p;
+	unsigned char *src = buf;
+	
+	hex = malloc(len * 2 + 1);
+	if (hex == NULL)
+		return NULL;
+
+	p = hex;
+
+	while (len > 0) {
+		unsigned c;
+
+		c = *src;
+		src++;
+
+		*p = conv[c >> 4];
+		++p;
+		*p = conv[c & 0x0f];
+		++p;
+		--len;
+	}
+	*p = '\0';
+	return hex;
+}
+
+#define HMAC_PREFIX "." 
+#define HMAC_SUFFIX ".hmac" 
+#define READ_BUFFER_LENGTH 16384
+
+static char *
+make_hmac_path(const char *origpath)
+{
+	char *path, *p;
+	const char *fn;
+
+	path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
+	if(path == NULL) {
+		return NULL;
+	}
+
+	fn = strrchr(origpath, '/');
+	if (fn == NULL) {
+		fn = origpath;
+	} else {
+		++fn;
+	}
+
+	strncpy(path, origpath, fn-origpath);
+	p = path + (fn - origpath);
+	p = stpcpy(p, HMAC_PREFIX);
+	p = stpcpy(p, fn);
+	p = stpcpy(p, HMAC_SUFFIX);
+
+	return path;
+}
+
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+static int
+compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
+{
+	FILE *f = NULL;
+	int rv = -1;
+	unsigned char rbuf[READ_BUFFER_LENGTH];
+	size_t len;
+	unsigned int hlen;
+	HMAC_CTX c;
+
+	HMAC_CTX_init(&c);
+
+	f = fopen(path, "r");
+
+	if (f == NULL) {
+		goto end;
+	}
+
+	HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
+
+	while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
+		HMAC_Update(&c, rbuf, len);
+	}
+
+	len = sizeof(rbuf);
+	/* reuse rbuf for hmac */
+	HMAC_Final(&c, rbuf, &hlen);
+
+	*buf = malloc(hlen);
+	if (*buf == NULL) {
+		goto end;
+	}
+
+	*hmaclen = hlen;
+
+	memcpy(*buf, rbuf, hlen);
+
+	rv = 0;
+end:
+	HMAC_CTX_cleanup(&c);
+
+	if (f)
+		fclose(f);
+
+	return rv;
+}
+
+static int
+FIPSCHECK_verify(const char *libname, const char *symbolname)
+{
+	char path[PATH_MAX+1];
+	int rv;
+	FILE *hf;
+	char *hmacpath, *p;
+	char *hmac = NULL;
+	size_t n;
+	
+	rv = get_library_path(libname, symbolname, path, sizeof(path));
+
+	if (rv < 0)
+		return 0;
+
+	hmacpath = make_hmac_path(path);
+
+	hf = fopen(hmacpath, "r");
+	if (hf == NULL) {
+		free(hmacpath);
+		return 0;
+	}
+
+	if (getline(&hmac, &n, hf) > 0) {
+		void *buf;
+		size_t hmaclen;
+		char *hex;
+
+		if ((p=strchr(hmac, '\n')) != NULL)
+			*p = '\0';
+
+		if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
+			rv = -4;
+			goto end;
+		}
+
+		if ((hex=bin2hex(buf, hmaclen)) == NULL) {
+			free(buf);
+			rv = -5;
+			goto end;
+		}
+
+		if (strcmp(hex, hmac) != 0) {
+			rv = -1;
+		}
+		free(buf);
+		free(hex);
+	}
+
+end:
+	free(hmac);
+	free(hmacpath);
+	fclose(hf);
+
+	if (rv < 0)
+		return 0;
+
+	/* check successful */
+	return 1;	
+}
+
 int FIPS_mode_set(int onoff)
     {
     int fips_set_owning_thread();
@@ -201,6 +403,22 @@ int FIPS_mode_set(int onoff)
 	    }
 #endif
 
+	if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
+	    {
+	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+	    fips_selftest_fail = 1;
+	    ret = 0;
+	    goto end;
+	    }
+
+	if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
+	    {
+	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+	    fips_selftest_fail = 1;
+	    ret = 0;
+	    goto end;
+	    }
+
 	/* Perform RNG KAT before seeding */
 	if (!FIPS_selftest_rng())
 	    {
diff -up openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c
--- openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck	2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c	2009-08-10 20:11:59.000000000 +0200
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
 
 #ifdef OPENSSL_FIPS
 
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
 		      const char *key)
     {
     size_t len=strlen(key);
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
 
     if (len > SHA_CBLOCK)
 	{
-	SHA1_Init(md_ctx);
-	SHA1_Update(md_ctx,key,len);
-	SHA1_Final(keymd,md_ctx);
-	len=20;
+	SHA256_Init(md_ctx);
+	SHA256_Update(md_ctx,key,len);
+	SHA256_Final(keymd,md_ctx);
+	len=SHA256_DIGEST_LENGTH;
 	}
     else
 	memcpy(keymd,key,len);
@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
 
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x36^keymd[i];
-    SHA1_Init(md_ctx);
-    SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+    SHA256_Init(md_ctx);
+    SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
 
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x5c^keymd[i];
-    SHA1_Init(o_ctx);
-    SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+    SHA256_Init(o_ctx);
+    SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
     }
 
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
     {
-    unsigned char buf[20];
+    unsigned char buf[SHA256_DIGEST_LENGTH];
 
-    SHA1_Final(buf,md_ctx);
-    SHA1_Update(o_ctx,buf,sizeof buf);
-    SHA1_Final(md,o_ctx);
+    SHA256_Final(buf,md_ctx);
+    SHA256_Update(o_ctx,buf,sizeof buf);
+    SHA256_Final(md,o_ctx);
     }
 
 #endif
@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
 int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS
-    static char key[]="etaonrishdlcupfm";
+    static char key[]="orboDeJITITejsirpADONivirpUkvarP";
     int n,binary=0;
 
     if(argc < 2)
@@ -125,8 +125,8 @@ int main(int argc,char **argv)
     for(; n < argc ; ++n)
 	{
 	FILE *f=fopen(argv[n],"rb");
-	SHA_CTX md_ctx,o_ctx;
-	unsigned char md[20];
+	SHA256_CTX md_ctx,o_ctx;
+	unsigned char md[SHA256_DIGEST_LENGTH];
 	int i;
 
 	if(!f)
@@ -151,18 +151,18 @@ int main(int argc,char **argv)
 		else
 		    break;
 		}
-	    SHA1_Update(&md_ctx,buf,l);
+	    SHA256_Update(&md_ctx,buf,l);
 	    }
 	hmac_final(md,&md_ctx,&o_ctx);
 
 	if (binary)
 	    {
-	    fwrite(md,20,1,stdout);
+	    fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
 	    break;	/* ... for single(!) file */
 	    }
 
-	printf("HMAC-SHA1(%s)= ",argv[n]);
-	for(i=0 ; i < 20 ; ++i)
+/*	printf("HMAC-SHA1(%s)= ",argv[n]); */
+	for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
 	    printf("%02x",md[i]);
 	printf("\n");
 	}
diff -up openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck openssl-1.0.0-beta3/crypto/fips/Makefile
--- openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck	2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/Makefile	2009-08-10 20:27:45.000000000 +0200
@@ -16,6 +16,9 @@ GENERAL=Makefile
 TEST=fips_test_suite.c fips_randtest.c
 APPS=
 
+PROGRAM= fips_standalone_sha1
+EXE= $(PROGRAM)$(EXE_EXT)
+
 LIB=$(TOP)/libcrypto.a
 LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
     fips_rsa_selftest.c fips_sha1_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
@@ -25,6 +28,8 @@ LIBOBJ=fips_aes_selftest.o fips_des_self
     fips_rsa_selftest.o fips_sha1_selftest.o fips.o fips_dsa_selftest.o  fips_rand.o \
     fips_rsa_x931g.o
 
+LIBCRYPTO=-L.. -lcrypto
+
 SRC= $(LIBSRC) fips_standalone_sha1.c
 
 EXHEADER= fips.h fips_rand.h
@@ -35,13 +40,15 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 
-all:	lib
+all:	lib exe
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
+exe:	$(EXE)
+
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 
@@ -77,5 +84,9 @@ dclean:
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
+$(EXE): $(PROGRAM).o
+	FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
+	$(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
+
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
1	diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips.c
2	--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
3	+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-10 20:11:59.000000000 +0200
4	@@ -47,6 +47,7 @@
5	*
6	*/
7
8	+#define _GNU_SOURCE
9
10	#include <openssl/rand.h>
11	#include <openssl/fips_rand.h>
12	@@ -56,6 +57,9 @@
13	#include <openssl/rsa.h>
14	#include <string.h>
15	#include <limits.h>
16	+#include <dlfcn.h>
17	+#include <stdio.h>
18	+#include <stdlib.h>
19	#include "fips_locl.h"
20
21	#ifdef OPENSSL_FIPS
22	@@ -165,6 +169,204 @@ int FIPS_selftest()
23	&& FIPS_selftest_dsa();
24	}
25
26	+/* we implement what libfipscheck does ourselves */
27	+
28	+static int
29	+get_library_path(const char libname, const char symbolname, char *path, size_t pathlen)
30	+{
31	+ Dl_info info;
32	+ void dl, sym;
33	+ int rv = -1;
34	+
35	+ dl = dlopen(libname, RTLD_LAZY);
36	+ if (dl == NULL) {
37	+ return -1;
38	+ }
39	+
40	+ sym = dlsym(dl, symbolname);
41	+
42	+ if (sym != NULL && dladdr(sym, &info)) {
43	+ strncpy(path, info.dli_fname, pathlen-1);
44	+ path[pathlen-1] = '\0';
45	+ rv = 0;
46	+ }
47	+
48	+ dlclose(dl);
49	+
50	+ return rv;
51	+}
52	+
53	+static const char conv[] = "0123456789abcdef";
54	+
55	+static char *
56	+bin2hex(void *buf, size_t len)
57	+{
58	+ char hex, p;
59	+ unsigned char *src = buf;
60	+
61	+ hex = malloc(len * 2 + 1);
62	+ if (hex == NULL)
63	+ return NULL;
64	+
65	+ p = hex;
66	+
67	+ while (len > 0) {
68	+ unsigned c;
69	+
70	+ c = *src;
71	+ src++;
72	+
73	+ *p = conv[c >> 4];
74	+ ++p;
75	+ *p = conv[c & 0x0f];
76	+ ++p;
77	+ --len;
78	+ }
79	+ *p = '\0';
80	+ return hex;
81	+}
82	+
83	+#define HMAC_PREFIX "."
84	+#define HMAC_SUFFIX ".hmac"
85	+#define READ_BUFFER_LENGTH 16384
86	+
87	+static char *
88	+make_hmac_path(const char *origpath)
89	+{
90	+ char path, p;
91	+ const char *fn;
92	+
93	+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
94	+ if(path == NULL) {
95	+ return NULL;
96	+ }
97	+
98	+ fn = strrchr(origpath, '/');
99	+ if (fn == NULL) {
100	+ fn = origpath;
101	+ } else {
102	+ ++fn;
103	+ }
104	+
105	+ strncpy(path, origpath, fn-origpath);
106	+ p = path + (fn - origpath);
107	+ p = stpcpy(p, HMAC_PREFIX);
108	+ p = stpcpy(p, fn);
109	+ p = stpcpy(p, HMAC_SUFFIX);
110	+
111	+ return path;
112	+}
113	+
114	+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
115	+
116	+static int
117	+compute_file_hmac(const char path, void buf, size_t hmaclen)
118	+{
119	+ FILE *f = NULL;
120	+ int rv = -1;
121	+ unsigned char rbuf[READ_BUFFER_LENGTH];
122	+ size_t len;
123	+ unsigned int hlen;
124	+ HMAC_CTX c;
125	+
126	+ HMAC_CTX_init(&c);
127	+
128	+ f = fopen(path, "r");
129	+
130	+ if (f == NULL) {
131	+ goto end;
132	+ }
133	+
134	+ HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
135	+
136	+ while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
137	+ HMAC_Update(&c, rbuf, len);
138	+ }
139	+
140	+ len = sizeof(rbuf);
141	+ /* reuse rbuf for hmac */
142	+ HMAC_Final(&c, rbuf, &hlen);
143	+
144	+ *buf = malloc(hlen);
145	+ if (*buf == NULL) {
146	+ goto end;
147	+ }
148	+
149	+ *hmaclen = hlen;
150	+
151	+ memcpy(*buf, rbuf, hlen);
152	+
153	+ rv = 0;
154	+end:
155	+ HMAC_CTX_cleanup(&c);
156	+
157	+ if (f)
158	+ fclose(f);
159	+
160	+ return rv;
161	+}
162	+
163	+static int
164	+FIPSCHECK_verify(const char libname, const char symbolname)
165	+{
166	+ char path[PATH_MAX+1];
167	+ int rv;
168	+ FILE *hf;
169	+ char hmacpath, p;
170	+ char *hmac = NULL;
171	+ size_t n;
172	+
173	+ rv = get_library_path(libname, symbolname, path, sizeof(path));
174	+
175	+ if (rv < 0)
176	+ return 0;
177	+
178	+ hmacpath = make_hmac_path(path);
179	+
180	+ hf = fopen(hmacpath, "r");
181	+ if (hf == NULL) {
182	+ free(hmacpath);
183	+ return 0;
184	+ }
185	+
186	+ if (getline(&hmac, &n, hf) > 0) {
187	+ void *buf;
188	+ size_t hmaclen;
189	+ char *hex;
190	+
191	+ if ((p=strchr(hmac, '\n')) != NULL)
192	+ *p = '\0';
193	+
194	+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
195	+ rv = -4;
196	+ goto end;
197	+ }
198	+
199	+ if ((hex=bin2hex(buf, hmaclen)) == NULL) {
200	+ free(buf);
201	+ rv = -5;
202	+ goto end;
203	+ }
204	+
205	+ if (strcmp(hex, hmac) != 0) {
206	+ rv = -1;
207	+ }
208	+ free(buf);
209	+ free(hex);
210	+ }
211	+
212	+end:
213	+ free(hmac);
214	+ free(hmacpath);
215	+ fclose(hf);
216	+
217	+ if (rv < 0)
218	+ return 0;
219	+
220	+ /* check successful */
221	+ return 1;
222	+}
223	+
224	int FIPS_mode_set(int onoff)
225	{
226	int fips_set_owning_thread();
227	@@ -201,6 +403,22 @@ int FIPS_mode_set(int onoff)
228	}
229	#endif
230
231	+ if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
232	+ {
233	+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
234	+ fips_selftest_fail = 1;
235	+ ret = 0;
236	+ goto end;
237	+ }
238	+
239	+ if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
240	+ {
241	+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
242	+ fips_selftest_fail = 1;
243	+ ret = 0;
244	+ goto end;
245	+ }
246	+
247	/* Perform RNG KAT before seeding */
248	if (!FIPS_selftest_rng())
249	{
250	diff -up openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c
251	--- openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
252	+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-08-10 20:11:59.000000000 +0200
253	@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
254
255	#ifdef OPENSSL_FIPS
256
257	-static void hmac_init(SHA_CTX md_ctx,SHA_CTX o_ctx,
258	+static void hmac_init(SHA256_CTX md_ctx,SHA256_CTX o_ctx,
259	const char *key)
260	{
261	size_t len=strlen(key);
262	@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
263
264	if (len > SHA_CBLOCK)
265	{
266	- SHA1_Init(md_ctx);
267	- SHA1_Update(md_ctx,key,len);
268	- SHA1_Final(keymd,md_ctx);
269	- len=20;
270	+ SHA256_Init(md_ctx);
271	+ SHA256_Update(md_ctx,key,len);
272	+ SHA256_Final(keymd,md_ctx);
273	+ len=SHA256_DIGEST_LENGTH;
274	}
275	else
276	memcpy(keymd,key,len);
277	@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
278
279	for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
280	pad[i]=0x36^keymd[i];
281	- SHA1_Init(md_ctx);
282	- SHA1_Update(md_ctx,pad,SHA_CBLOCK);
283	+ SHA256_Init(md_ctx);
284	+ SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
285
286	for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
287	pad[i]=0x5c^keymd[i];
288	- SHA1_Init(o_ctx);
289	- SHA1_Update(o_ctx,pad,SHA_CBLOCK);
290	+ SHA256_Init(o_ctx);
291	+ SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
292	}
293
294	-static void hmac_final(unsigned char md,SHA_CTX md_ctx,SHA_CTX *o_ctx)
295	+static void hmac_final(unsigned char md,SHA256_CTX md_ctx,SHA256_CTX *o_ctx)
296	{
297	- unsigned char buf[20];
298	+ unsigned char buf[SHA256_DIGEST_LENGTH];
299
300	- SHA1_Final(buf,md_ctx);
301	- SHA1_Update(o_ctx,buf,sizeof buf);
302	- SHA1_Final(md,o_ctx);
303	+ SHA256_Final(buf,md_ctx);
304	+ SHA256_Update(o_ctx,buf,sizeof buf);
305	+ SHA256_Final(md,o_ctx);
306	}
307
308	#endif
309	@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
310	int main(int argc,char **argv)
311	{
312	#ifdef OPENSSL_FIPS
313	- static char key[]="etaonrishdlcupfm";
314	+ static char key[]="orboDeJITITejsirpADONivirpUkvarP";
315	int n,binary=0;
316
317	if(argc < 2)
318	@@ -125,8 +125,8 @@ int main(int argc,char **argv)
319	for(; n < argc ; ++n)
320	{
321	FILE *f=fopen(argv[n],"rb");
322	- SHA_CTX md_ctx,o_ctx;
323	- unsigned char md[20];
324	+ SHA256_CTX md_ctx,o_ctx;
325	+ unsigned char md[SHA256_DIGEST_LENGTH];
326	int i;
327
328	if(!f)
329	@@ -151,18 +151,18 @@ int main(int argc,char **argv)
330	else
331	break;
332	}
333	- SHA1_Update(&md_ctx,buf,l);
334	+ SHA256_Update(&md_ctx,buf,l);
335	}
336	hmac_final(md,&md_ctx,&o_ctx);
337
338	if (binary)
339	{
340	- fwrite(md,20,1,stdout);
341	+ fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
342	break; /* ... for single(!) file */
343	}
344
345	- printf("HMAC-SHA1(%s)= ",argv[n]);
346	- for(i=0 ; i < 20 ; ++i)
347	+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
348	+ for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
349	printf("%02x",md[i]);
350	printf("\n");
351	}
352	diff -up openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck openssl-1.0.0-beta3/crypto/fips/Makefile
353	--- openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck 2009-08-10 20:11:59.000000000 +0200
354	+++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-08-10 20:27:45.000000000 +0200
355	@@ -16,6 +16,9 @@ GENERAL=Makefile
356	TEST=fips_test_suite.c fips_randtest.c
357	APPS=
358
359	+PROGRAM= fips_standalone_sha1
360	+EXE= $(PROGRAM)$(EXE_EXT)
361	+
362	LIB=$(TOP)/libcrypto.a
363	LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
364	fips_rsa_selftest.c fips_sha1_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
365	@@ -25,6 +28,8 @@ LIBOBJ=fips_aes_selftest.o fips_des_self
366	fips_rsa_selftest.o fips_sha1_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
367	fips_rsa_x931g.o
368
369	+LIBCRYPTO=-L.. -lcrypto
370	+
371	SRC= $(LIBSRC) fips_standalone_sha1.c
372
373	EXHEADER= fips.h fips_rand.h
374	@@ -35,13 +40,15 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
375	top:
376	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
377
378	-all: lib
379	+all: lib exe
380
381	lib: $(LIBOBJ)
382	$(AR) $(LIB) $(LIBOBJ)
383	$(RANLIB) $(LIB) \|\| echo Never mind.
384	@touch lib
385
386	+exe: $(EXE)
387	+
388	files:
389	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
390
391	@@ -77,5 +84,9 @@ dclean:
392	clean:
393	rm -f .o .obj lib tags core .pure .nfs* .old .bak fluff
394
395	+$(EXE): $(PROGRAM).o
396	+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
397	+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
398	+
399	# DO NOT DELETE THIS LINE -- make depend depends on it.
400
admin@fedoraproject.org	ViewVC Help
Powered by ViewVC 1.1.2