| 1 |
diff -up openssl-fips-0.9.8e/fips/fips.c.sha2test openssl-fips-0.9.8e/fips/fips.c |
| 2 |
--- openssl-fips-0.9.8e/fips/fips.c.sha2test 2011-04-04 16:40:28.000000000 +0200 |
| 3 |
+++ openssl-fips-0.9.8e/fips/fips.c 2011-10-18 16:30:21.000000000 +0200 |
| 4 |
@@ -56,6 +56,7 @@ |
| 5 |
#include <openssl/bio.h> |
| 6 |
#include <openssl/hmac.h> |
| 7 |
#include <openssl/rsa.h> |
| 8 |
+#include <openssl/sha.h> |
| 9 |
#include <string.h> |
| 10 |
#include <limits.h> |
| 11 |
#include <dlfcn.h> |
| 12 |
@@ -161,6 +162,7 @@ int FIPS_selftest() |
| 13 |
{ |
| 14 |
|
| 15 |
return FIPS_selftest_sha1() |
| 16 |
+ && FIPS_selftest_sha2() |
| 17 |
&& FIPS_selftest_hmac() |
| 18 |
&& FIPS_selftest_aes() |
| 19 |
&& FIPS_selftest_des() |
| 20 |
@@ -401,6 +403,8 @@ FIPSCHECK_verify(const char *libname, co |
| 21 |
return 0; |
| 22 |
|
| 23 |
hmacpath = make_hmac_path(path); |
| 24 |
+ if (hmacpath == NULL) |
| 25 |
+ return 0; |
| 26 |
|
| 27 |
hf = fopen(hmacpath, "r"); |
| 28 |
if (hf == NULL) { |
| 29 |
@@ -712,6 +716,45 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx |
| 30 |
return 1; |
| 31 |
} |
| 32 |
|
| 33 |
+static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30, |
| 34 |
+ 0xfc }; |
| 35 |
+static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b, |
| 36 |
+ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01, |
| 37 |
+ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83, |
| 38 |
+ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a }; |
| 39 |
+ |
| 40 |
+static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7, |
| 41 |
+ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd }; |
| 42 |
+static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16, |
| 43 |
+ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44, |
| 44 |
+ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0, |
| 45 |
+ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f, |
| 46 |
+ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38, |
| 47 |
+ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04, |
| 48 |
+ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1, |
| 49 |
+ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 }; |
| 50 |
+ |
| 51 |
+int FIPS_selftest_sha2(void) |
| 52 |
+ { |
| 53 |
+ unsigned char md[SHA512_DIGEST_LENGTH]; |
| 54 |
+ |
| 55 |
+ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL); |
| 56 |
+ if(memcmp(dig_sha256, md, sizeof(dig_sha256))) |
| 57 |
+ { |
| 58 |
+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); |
| 59 |
+ return 0; |
| 60 |
+ } |
| 61 |
+ |
| 62 |
+ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL); |
| 63 |
+ if(memcmp(dig_sha512, md, sizeof(dig_sha512))) |
| 64 |
+ { |
| 65 |
+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); |
| 66 |
+ return 0; |
| 67 |
+ } |
| 68 |
+ |
| 69 |
+ return 1; |
| 70 |
+ } |
| 71 |
+ |
| 72 |
#if 0 |
| 73 |
/* The purpose of this is to ensure the error code exists and the function |
| 74 |
* name is to keep the error checking script quiet |
| 75 |
diff -up openssl-fips-0.9.8e/fips/fips.h.sha2test openssl-fips-0.9.8e/fips/fips.h |
| 76 |
--- openssl-fips-0.9.8e/fips/fips.h.sha2test 2007-09-12 19:46:03.000000000 +0200 |
| 77 |
+++ openssl-fips-0.9.8e/fips/fips.h 2011-09-26 10:43:08.000000000 +0200 |
| 78 |
@@ -68,6 +68,7 @@ int FIPS_selftest_failed(void); |
| 79 |
void FIPS_selftest_check(void); |
| 80 |
void FIPS_corrupt_sha1(void); |
| 81 |
int FIPS_selftest_sha1(void); |
| 82 |
+int FIPS_selftest_sha2(void); |
| 83 |
void FIPS_corrupt_aes(void); |
| 84 |
int FIPS_selftest_aes(void); |
| 85 |
void FIPS_corrupt_des(void); |
Parent Directory
| 
Revision Log
| 
Revision Graph
