--- /dev/null
+Produce fipscheck compatible HMAC-SHA256 with the fips_standalone_sha1 binary.
+We use the binary just during the OpenSSL build to checksum the libcrypto.
+diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha/Makefile
+--- openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100
++++ openssl-0.9.8j/fips/sha/Makefile 2009-01-14 16:39:41.000000000 +0100
+@@ -46,7 +46,7 @@ lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+ ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
+- FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
++ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
+ $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
+
+ files:
+diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8j/fips/sha/fips_standalone_sha1.c
+--- openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2008-09-16 12:12:23.000000000 +0200
++++ openssl-0.9.8j/fips/sha/fips_standalone_sha1.c 2009-01-14 17:07:56.000000000 +0100
+@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
+
+ #ifdef OPENSSL_FIPS
+
+-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
++static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
+ const char *key)
+ {
+ int len=strlen(key);
+@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
+
+ if (len > SHA_CBLOCK)
+ {
+- SHA1_Init(md_ctx);
+- SHA1_Update(md_ctx,key,len);
+- SHA1_Final(keymd,md_ctx);
+- len=20;
++ SHA256_Init(md_ctx);
++ SHA256_Update(md_ctx,key,len);
++ SHA256_Final(keymd,md_ctx);
++ len=SHA256_DIGEST_LENGTH;
+ }
+ else
+ memcpy(keymd,key,len);
+@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x36^keymd[i];
+- SHA1_Init(md_ctx);
+- SHA1_Update(md_ctx,pad,SHA_CBLOCK);
++ SHA256_Init(md_ctx);
++ SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x5c^keymd[i];
+- SHA1_Init(o_ctx);
+- SHA1_Update(o_ctx,pad,SHA_CBLOCK);
++ SHA256_Init(o_ctx);
++ SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
+ }
+
+-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
++static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
+ {
+- unsigned char buf[20];
++ unsigned char buf[SHA256_DIGEST_LENGTH];
+
+- SHA1_Final(buf,md_ctx);
+- SHA1_Update(o_ctx,buf,sizeof buf);
+- SHA1_Final(md,o_ctx);
++ SHA256_Final(buf,md_ctx);
++ SHA256_Update(o_ctx,buf,sizeof buf);
++ SHA256_Final(md,o_ctx);
+ }
+
+ #endif
+@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
+ int main(int argc,char **argv)
+ {
+ #ifdef OPENSSL_FIPS
+- static char key[]="etaonrishdlcupfm";
++ static char key[]="orboDeJITITejsirpADONivirpUkvarP";
+ int n,binary=0;
+
+ if(argc < 2)
+@@ -125,8 +125,8 @@ int main(int argc,char **argv)
+ for(; n < argc ; ++n)
+ {
+ FILE *f=fopen(argv[n],"rb");
+- SHA_CTX md_ctx,o_ctx;
+- unsigned char md[20];
++ SHA256_CTX md_ctx,o_ctx;
++ unsigned char md[SHA256_DIGEST_LENGTH];
+ int i;
+
+ if(!f)
+@@ -139,7 +139,7 @@ int main(int argc,char **argv)
+ for( ; ; )
+ {
+ char buf[1024];
+- int l=fread(buf,1,sizeof buf,f);
++ size_t l=fread(buf,1,sizeof buf,f);
+
+ if(l == 0)
+ {
+@@ -151,18 +151,18 @@ int main(int argc,char **argv)
+ else
+ break;
+ }
+- SHA1_Update(&md_ctx,buf,l);
++ SHA256_Update(&md_ctx,buf,l);
+ }
+ hmac_final(md,&md_ctx,&o_ctx);
+
+ if (binary)
+ {
+- fwrite(md,20,1,stdout);
++ fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
+ break; /* ... for single(!) file */
+ }
+
+- printf("HMAC-SHA1(%s)= ",argv[n]);
+- for(i=0 ; i < 20 ; ++i)
++/* printf("HMAC-SHA1(%s)= ",argv[n]); */
++ for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
+ printf("%02x",md[i]);
+ printf("\n");
+ }
git.annexia.org / fedora-mingw.git / blobdiff