1 Produce fipscheck compatible HMAC-SHA256 with the fips_standalone_sha1 binary.
2 We use the binary just during the OpenSSL build to checksum the libcrypto.
3 diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha/Makefile
4 --- openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100
5 +++ openssl-0.9.8j/fips/sha/Makefile 2009-01-14 16:39:41.000000000 +0100
6 @@ -46,7 +46,7 @@ lib: $(LIBOBJ)
9 ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
10 - FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
11 + FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
12 $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
15 diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8j/fips/sha/fips_standalone_sha1.c
16 --- openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2008-09-16 12:12:23.000000000 +0200
17 +++ openssl-0.9.8j/fips/sha/fips_standalone_sha1.c 2009-01-14 17:07:56.000000000 +0100
18 @@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
22 -static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
23 +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
27 @@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
32 - SHA1_Update(md_ctx,key,len);
33 - SHA1_Final(keymd,md_ctx);
35 + SHA256_Init(md_ctx);
36 + SHA256_Update(md_ctx,key,len);
37 + SHA256_Final(keymd,md_ctx);
38 + len=SHA256_DIGEST_LENGTH;
41 memcpy(keymd,key,len);
42 @@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
44 for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
47 - SHA1_Update(md_ctx,pad,SHA_CBLOCK);
48 + SHA256_Init(md_ctx);
49 + SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
51 for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
54 - SHA1_Update(o_ctx,pad,SHA_CBLOCK);
56 + SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
59 -static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
60 +static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
62 - unsigned char buf[20];
63 + unsigned char buf[SHA256_DIGEST_LENGTH];
65 - SHA1_Final(buf,md_ctx);
66 - SHA1_Update(o_ctx,buf,sizeof buf);
67 - SHA1_Final(md,o_ctx);
68 + SHA256_Final(buf,md_ctx);
69 + SHA256_Update(o_ctx,buf,sizeof buf);
70 + SHA256_Final(md,o_ctx);
74 @@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
75 int main(int argc,char **argv)
78 - static char key[]="etaonrishdlcupfm";
79 + static char key[]="orboDeJITITejsirpADONivirpUkvarP";
83 @@ -125,8 +125,8 @@ int main(int argc,char **argv)
86 FILE *f=fopen(argv[n],"rb");
87 - SHA_CTX md_ctx,o_ctx;
88 - unsigned char md[20];
89 + SHA256_CTX md_ctx,o_ctx;
90 + unsigned char md[SHA256_DIGEST_LENGTH];
94 @@ -139,7 +139,7 @@ int main(int argc,char **argv)
98 - int l=fread(buf,1,sizeof buf,f);
99 + size_t l=fread(buf,1,sizeof buf,f);
103 @@ -151,18 +151,18 @@ int main(int argc,char **argv)
107 - SHA1_Update(&md_ctx,buf,l);
108 + SHA256_Update(&md_ctx,buf,l);
110 hmac_final(md,&md_ctx,&o_ctx);
114 - fwrite(md,20,1,stdout);
115 + fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
116 break; /* ... for single(!) file */
119 - printf("HMAC-SHA1(%s)= ",argv[n]);
120 - for(i=0 ; i < 20 ; ++i)
121 +/* printf("HMAC-SHA1(%s)= ",argv[n]); */
122 + for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
123 printf("%02x",md[i]);