File openssl-fips__0090_hmac_key_change.diff of Package compat-openssl098.1339

diff -rNU 20 ../openssl-0.9.8j-o/apps/dgst.c ./apps/dgst.c
--- ../openssl-0.9.8j-o/apps/dgst.c	2008-10-22 20:51:37.000000000 +0200
+++ ./apps/dgst.c	2011-08-09 17:17:57.000000000 +0200
@@ -199,41 +199,41 @@
 			{
 			if (--argc < 1) break;
 			keyform=str2fmt(*(++argv));
 			}
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
 			}
 #endif
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow=1;
 		else if (!strcmp(*argv,"-fips-fingerprint"))
-			hmac_key = "etaonrishdlcupfm";
+			hmac_key = "ppaksykemnsecgtsttplmamstKMEs";
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
 				break;
 			hmac_key=*++argv;
 			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
 			break;
 		argc--;
 		argv++;
 		}
 
 	if (md == NULL)
 		md=EVP_md5();
 
 	if(do_verify && !sigfile) {
 		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
 		err = 1; 
diff -rNU 20 ../openssl-0.9.8j-o/fips/fips.c ./fips/fips.c
--- ../openssl-0.9.8j-o/fips/fips.c	2011-08-09 17:02:07.000000000 +0200
+++ ./fips/fips.c	2011-08-09 17:17:57.000000000 +0200
@@ -324,41 +324,41 @@
       if(path == NULL) {
               return NULL;
       }
 
       fn = strrchr(origpath, '/');
       if (fn == NULL) {
               fn = origpath;
       } else {
               ++fn;
       }
 
       strncpy(path, origpath, fn-origpath);
       p = path + (fn - origpath);
       p = stpcpy(p, HMAC_PREFIX);
       p = stpcpy(p, fn);
       p = stpcpy(p, HMAC_SUFFIX);
 
       return path;
 }
 
-static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
+static const char hmackey[] = "ppaksykemnsecgtsttplmamstKMEs";
 
 static int
 compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
 {
       FILE *f = NULL;
       int rv = -1;
       unsigned char rbuf[READ_BUFFER_LENGTH];
       size_t len;
       unsigned int hlen;
       HMAC_CTX c;
 
       HMAC_CTX_init(&c);
 
       f = fopen(path, "r");
 
       if (f == NULL) {
               goto end;
       }
 
       HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
diff -rNU 20 ../openssl-0.9.8j-o/fips/fipsld ./fips/fipsld
--- ../openssl-0.9.8j-o/fips/fipsld	2008-09-16 12:12:10.000000000 +0200
+++ ./fips/fipsld	2011-08-09 17:17:57.000000000 +0200
@@ -52,41 +52,41 @@
 
 THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
 
 # fipscanister.o can appear in command line
 CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
 if [ -z "${CANISTER_O}" ]; then
 	# If set, FIPSLIBDIR is location of installed validated FIPS module
 	if [ -n "${FIPSLIBDIR}" ]; then
 		CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
 	elif [ -f "${THERE}/fips/fipscanister.o" ]; then
 		CANISTER_O="${THERE}/fips/fipscanister.o"
 	elif [ -f "${THERE}/lib/fipscanister.o" ]; then
 		CANISTER_O="${THERE}/lib/fipscanister.o"
 	fi
 	CANISTER_O_CMD="${CANISTER_O}"
 fi
 [ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }
 
 PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c
 
-HMAC_KEY="etaonrishdlcupfm"
+HMAC_KEY="ppaksykemnsecgtsttplmamstKMEs"
 
 case "`(uname -s) 2>/dev/null`" in
 OSF1|IRIX*)	_WL_PREMAIN="-Wl,-init,FINGERPRINT_premain"	;;
 HP-UX)		_WL_PREMAIN="-Wl,+init,FINGERPRINT_premain"	;;
 AIX)		_WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
 Darwin)		(   while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
 		    [ $# -ge 1 ]
 		) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
 esac
 
 case "${TARGET}" in
 [!/]*)	TARGET=./${TARGET} ;;
 esac
 
 case `basename "${TARGET}"` in
 lib*|*.dll)	# must be linking a shared lib...
 	# Shared lib creation can be taking place in the source
 	# directory only, but fipscanister.o can reside elsewhere...
 	FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
 
diff -rNU 20 ../openssl-0.9.8j-o/fips/openssl_fips_fingerprint ./fips/openssl_fips_fingerprint
--- ../openssl-0.9.8j-o/fips/openssl_fips_fingerprint	2008-09-16 12:12:10.000000000 +0200
+++ ./fips/openssl_fips_fingerprint	2011-08-09 17:17:57.000000000 +0200
@@ -6,26 +6,26 @@
 lib=$1
 exe=$2
 ext=${HMAC_EXT:-sha1}
 
 # deal with the case where we're run from within the build and OpenSSL is
 # not yet installed.  Also, make sure LD_LIBRARY_PATH is properly set in
 # case shared libraries are built.
 if [ "X$TOP" != "X" ]
 then
     if test "$OSTYPE" = msdosdjgpp; then
 	PATH="$TOP/apps;$TOP;$PATH"
     else
     	PATH="$TOP/apps:$TOP:$PATH"
     fi
     LD_LIBRARY_PATH=$TOP; export LD_LIBRARY_PATH
 else
     LD_LIBRARY_PATH=.; export LD_LIBRARY_PATH
 fi
 
 echo "Checking library fingerprint for $lib"
-openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
+openssl sha1 -hmac ppaksykemnsecgtsttplmamstKMEs $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
 
 [ -x $exe.exe ] && exe=$exe.exe
 
 echo "Making fingerprint for $exe"
-openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext
+openssl sha1 -hmac ppaksykemnsecgtsttplmamstKMEs -binary $exe > $exe.$ext || rm $exe.$ext
diff -rNU 20 ../openssl-0.9.8j-o/fips/sha/fips_standalone_sha1.c ./fips/sha/fips_standalone_sha1.c
--- ../openssl-0.9.8j-o/fips/sha/fips_standalone_sha1.c	2011-08-09 17:13:04.000000000 +0200
+++ ./fips/sha/fips_standalone_sha1.c	2011-08-09 17:18:29.000000000 +0200
@@ -89,41 +89,41 @@
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x5c^keymd[i];
     SHA256_Init(o_ctx);
     SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
     }
 
 static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
     {
     unsigned char buf[SHA256_DIGEST_LENGTH];
 
     SHA256_Final(buf,md_ctx);
     SHA256_Update(o_ctx,buf,sizeof buf);
     SHA256_Final(md,o_ctx);
     }
 
 #endif
 
 int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS
-    static char key[]="etaonrishdlcupfm";
+    static char key[]="ppaksykemnsecgtsttplmamstKMEs";
     int n,binary=0;
 
     if(argc < 2)
 	{
 	fprintf(stderr,"%s [<file>]+\n",argv[0]);
 	exit(1);
 	}
 
     n=1;
     if (!strcmp(argv[n],"-binary"))
 	{
 	n++;
 	binary=1;	/* emit binary fingerprint... */
 	}
 
     for(; n < argc ; ++n)
 	{
 	FILE *f=fopen(argv[n],"rb");
 	SHA256_CTX md_ctx,o_ctx;
 	unsigned char md[SHA256_DIGEST_LENGTH];