openssl/openssl-0.9.8j-fipscheck-hmac.patch

   1 Produce fipscheck compatible HMAC-SHA256 with the fips_standalone_sha1 binary.
   2 We use the binary just during the OpenSSL build to checksum the libcrypto.
   3 diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha/Makefile
   4 --- openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac     2008-10-26 19:42:05.000000000 +0100
   5 +++ openssl-0.9.8j/fips/sha/Makefile    2009-01-14 16:39:41.000000000 +0100
   6 @@ -46,7 +46,7 @@ lib:  $(LIBOBJ)
   7         @echo $(LIBOBJ) > lib
   8
   9  ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
  10 -       FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
  11 +       FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
  12         $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
  13
  14  files:
  15 diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8j/fips/sha/fips_standalone_sha1.c
  16 --- openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac       2008-09-16 12:12:23.000000000 +0200
  17 +++ openssl-0.9.8j/fips/sha/fips_standalone_sha1.c      2009-01-14 17:07:56.000000000 +0100
  18 @@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
  19
  20  #ifdef OPENSSL_FIPS
  21
  22 -static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
  23 +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
  24                       const char *key)
  25      {
  26      int len=strlen(key);
  27 @@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
  28
  29      if (len > SHA_CBLOCK)
  30         {
  31 -       SHA1_Init(md_ctx);
  32 -       SHA1_Update(md_ctx,key,len);
  33 -       SHA1_Final(keymd,md_ctx);
  34 -       len=20;
  35 +       SHA256_Init(md_ctx);
  36 +       SHA256_Update(md_ctx,key,len);
  37 +       SHA256_Final(keymd,md_ctx);
  38 +       len=SHA256_DIGEST_LENGTH;
  39         }
  40      else
  41         memcpy(keymd,key,len);
  42 @@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
  43
  44      for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
  45         pad[i]=0x36^keymd[i];
  46 -    SHA1_Init(md_ctx);
  47 -    SHA1_Update(md_ctx,pad,SHA_CBLOCK);
  48 +    SHA256_Init(md_ctx);
  49 +    SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
  50
  51      for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
  52         pad[i]=0x5c^keymd[i];
  53 -    SHA1_Init(o_ctx);
  54 -    SHA1_Update(o_ctx,pad,SHA_CBLOCK);
  55 +    SHA256_Init(o_ctx);
  56 +    SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
  57      }
  58
  59 -static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
  60 +static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
  61      {
  62 -    unsigned char buf[20];
  63 +    unsigned char buf[SHA256_DIGEST_LENGTH];
  64
  65 -    SHA1_Final(buf,md_ctx);
  66 -    SHA1_Update(o_ctx,buf,sizeof buf);
  67 -    SHA1_Final(md,o_ctx);
  68 +    SHA256_Final(buf,md_ctx);
  69 +    SHA256_Update(o_ctx,buf,sizeof buf);
  70 +    SHA256_Final(md,o_ctx);
  71      }
  72
  73  #endif
  74 @@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
  75  int main(int argc,char **argv)
  76      {
  77  #ifdef OPENSSL_FIPS
  78 -    static char key[]="etaonrishdlcupfm";
  79 +    static char key[]="orboDeJITITejsirpADONivirpUkvarP";
  80      int n,binary=0;
  81
  82      if(argc < 2)
  83 @@ -125,8 +125,8 @@ int main(int argc,char **argv)
  84      for(; n < argc ; ++n)
  85         {
  86         FILE *f=fopen(argv[n],"rb");
  87 -       SHA_CTX md_ctx,o_ctx;
  88 -       unsigned char md[20];
  89 +       SHA256_CTX md_ctx,o_ctx;
  90 +       unsigned char md[SHA256_DIGEST_LENGTH];
  91         int i;
  92
  93         if(!f)
  94 @@ -139,7 +139,7 @@ int main(int argc,char **argv)
  95         for( ; ; )
  96             {
  97             char buf[1024];
  98 -           int l=fread(buf,1,sizeof buf,f);
  99 +           size_t l=fread(buf,1,sizeof buf,f);
 100
 101             if(l == 0)
 102                 {
 103 @@ -151,18 +151,18 @@ int main(int argc,char **argv)
 104                 else
 105                     break;
 106                 }
 107 -           SHA1_Update(&md_ctx,buf,l);
 108 +           SHA256_Update(&md_ctx,buf,l);
 109             }
 110         hmac_final(md,&md_ctx,&o_ctx);
 111
 112         if (binary)
 113             {
 114 -           fwrite(md,20,1,stdout);
 115 +           fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
 116             break;      /* ... for single(!) file */
 117             }
 118
 119 -       printf("HMAC-SHA1(%s)= ",argv[n]);
 120 -       for(i=0 ; i < 20 ; ++i)
 121 +/*     printf("HMAC-SHA1(%s)= ",argv[n]); */
 122 +       for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
 123             printf("%02x",md[i]);
 124         printf("\n");
 125         }