1 |
wellsi |
1.1 |
diff -up openssl-fips-0.9.8e/fips/fips.c.sha2test openssl-fips-0.9.8e/fips/fips.c |
2 |
|
|
--- openssl-fips-0.9.8e/fips/fips.c.sha2test 2011-04-04 16:40:28.000000000 +0200 |
3 |
|
|
+++ openssl-fips-0.9.8e/fips/fips.c 2011-10-18 16:30:21.000000000 +0200 |
4 |
|
|
@@ -56,6 +56,7 @@ |
5 |
|
|
#include <openssl/bio.h> |
6 |
|
|
#include <openssl/hmac.h> |
7 |
|
|
#include <openssl/rsa.h> |
8 |
|
|
+#include <openssl/sha.h> |
9 |
|
|
#include <string.h> |
10 |
|
|
#include <limits.h> |
11 |
|
|
#include <dlfcn.h> |
12 |
|
|
@@ -161,6 +162,7 @@ int FIPS_selftest() |
13 |
|
|
{ |
14 |
|
|
|
15 |
|
|
return FIPS_selftest_sha1() |
16 |
|
|
+ && FIPS_selftest_sha2() |
17 |
|
|
&& FIPS_selftest_hmac() |
18 |
|
|
&& FIPS_selftest_aes() |
19 |
|
|
&& FIPS_selftest_des() |
20 |
|
|
@@ -401,6 +403,8 @@ FIPSCHECK_verify(const char *libname, co |
21 |
|
|
return 0; |
22 |
|
|
|
23 |
|
|
hmacpath = make_hmac_path(path); |
24 |
|
|
+ if (hmacpath == NULL) |
25 |
|
|
+ return 0; |
26 |
|
|
|
27 |
|
|
hf = fopen(hmacpath, "r"); |
28 |
|
|
if (hf == NULL) { |
29 |
|
|
@@ -712,6 +716,45 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx |
30 |
|
|
return 1; |
31 |
|
|
} |
32 |
|
|
|
33 |
|
|
+static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30, |
34 |
|
|
+ 0xfc }; |
35 |
|
|
+static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b, |
36 |
|
|
+ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01, |
37 |
|
|
+ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83, |
38 |
|
|
+ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a }; |
39 |
|
|
+ |
40 |
|
|
+static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7, |
41 |
|
|
+ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd }; |
42 |
|
|
+static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16, |
43 |
|
|
+ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44, |
44 |
|
|
+ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0, |
45 |
|
|
+ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f, |
46 |
|
|
+ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38, |
47 |
|
|
+ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04, |
48 |
|
|
+ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1, |
49 |
|
|
+ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 }; |
50 |
|
|
+ |
51 |
|
|
+int FIPS_selftest_sha2(void) |
52 |
|
|
+ { |
53 |
|
|
+ unsigned char md[SHA512_DIGEST_LENGTH]; |
54 |
|
|
+ |
55 |
|
|
+ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL); |
56 |
|
|
+ if(memcmp(dig_sha256, md, sizeof(dig_sha256))) |
57 |
|
|
+ { |
58 |
|
|
+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); |
59 |
|
|
+ return 0; |
60 |
|
|
+ } |
61 |
|
|
+ |
62 |
|
|
+ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL); |
63 |
|
|
+ if(memcmp(dig_sha512, md, sizeof(dig_sha512))) |
64 |
|
|
+ { |
65 |
|
|
+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); |
66 |
|
|
+ return 0; |
67 |
|
|
+ } |
68 |
|
|
+ |
69 |
|
|
+ return 1; |
70 |
|
|
+ } |
71 |
|
|
+ |
72 |
|
|
#if 0 |
73 |
|
|
/* The purpose of this is to ensure the error code exists and the function |
74 |
|
|
* name is to keep the error checking script quiet |
75 |
|
|
diff -up openssl-fips-0.9.8e/fips/fips.h.sha2test openssl-fips-0.9.8e/fips/fips.h |
76 |
|
|
--- openssl-fips-0.9.8e/fips/fips.h.sha2test 2007-09-12 19:46:03.000000000 +0200 |
77 |
|
|
+++ openssl-fips-0.9.8e/fips/fips.h 2011-09-26 10:43:08.000000000 +0200 |
78 |
|
|
@@ -68,6 +68,7 @@ int FIPS_selftest_failed(void); |
79 |
|
|
void FIPS_selftest_check(void); |
80 |
|
|
void FIPS_corrupt_sha1(void); |
81 |
|
|
int FIPS_selftest_sha1(void); |
82 |
|
|
+int FIPS_selftest_sha2(void); |
83 |
|
|
void FIPS_corrupt_aes(void); |
84 |
|
|
int FIPS_selftest_aes(void); |
85 |
|
|
void FIPS_corrupt_des(void); |