File openssl-fips__0230_sha256_sha512_selftests.diff of Package compat-openssl098.1339

diff -rNU 20 ../openssl-0.9.8j-o/crypto/fips_err.h ./crypto/fips_err.h
--- ../openssl-0.9.8j-o/crypto/fips_err.h	2008-09-17 00:48:18.000000000 +0200
+++ ./crypto/fips_err.h	2011-11-01 00:01:16.000000000 +0100
@@ -71,40 +71,42 @@
 static ERR_STRING_DATA FIPS_str_functs[]=
 	{
 {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN),	"DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(FIPS_F_DSA_DO_SIGN),	"DSA_do_sign"},
 {ERR_FUNC(FIPS_F_DSA_DO_VERIFY),	"DSA_do_verify"},
 {ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX),	"EVP_CipherInit_ex"},
 {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA),	"FIPS_CHECK_DSA"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),	"FIPS_CHECK_INCORE_FINGERPRINT"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA),	"FIPS_CHECK_RSA"},
 {ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),	"FIPS_DSA_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_MODE_SET),	"FIPS_mode_set"},
 {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),	"fips_pkey_signature_test"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES),	"FIPS_selftest_aes"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES),	"FIPS_selftest_des"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),	"FIPS_selftest_dsa"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC),	"FIPS_selftest_hmac"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),	"FIPS_selftest_rng"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1),	"FIPS_selftest_sha1"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA256),   "FIPS_selftest_sha256"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA512),   "FIPS_selftest_sha512"},
 {ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},
 {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT),	"RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX),	"RSA_X931_generate_key_ex"},
 {ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
 {0,NULL}
 	};
 
 static ERR_STRING_DATA FIPS_str_reasons[]=
 	{
 {ERR_REASON(FIPS_R_CANNOT_READ_EXE)      ,"cannot read exe"},
 {ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"},
 {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
 {ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"},
 {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"},
 {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"},
 {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"},
diff -rNU 20 ../openssl-0.9.8j-o/fips/fips.c ./fips/fips.c
--- ../openssl-0.9.8j-o/fips/fips.c	2011-10-28 13:43:36.000000000 +0200
+++ ./fips/fips.c	2011-11-01 00:53:09.000000000 +0100
@@ -147,40 +147,42 @@
  * overhead possible to avoid too big a performance hit.
  */
 
 void FIPS_selftest_check(void)
     {
     if (fips_selftest_fail)
 	{
 	OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
 	}
     }
 
 void fips_set_selftest_fail(void)
     {
     fips_selftest_fail = 1;
     }
 
 int FIPS_selftest()
     {
 
     return FIPS_selftest_sha1()
+	&& FIPS_selftest_sha256()
+	&& FIPS_selftest_sha512()
 	&& FIPS_selftest_hmac()
 	&& FIPS_selftest_aes()
 	&& FIPS_selftest_des()
 	&& FIPS_selftest_rsa()
 	&& FIPS_selftest_dsa();
     }
 
 #if 0
 extern const void         *FIPS_text_start(),  *FIPS_text_end();
 extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
 unsigned char              FIPS_signature [20] = { 0 };
 static const char          FIPS_hmac_key[]="etaonrishdlcupfm";
 
 unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
     {
     const unsigned char *p1 = FIPS_text_start();
     const unsigned char *p2 = FIPS_text_end();
     const unsigned char *p3 = FIPS_rodata_start;
     const unsigned char *p4 = FIPS_rodata_end;
     HMAC_CTX c;
diff -rNU 20 ../openssl-0.9.8j-o/fips/fips.h ./fips/fips.h
--- ../openssl-0.9.8j-o/fips/fips.h	2008-09-16 12:12:09.000000000 +0200
+++ ./fips/fips.h	2011-11-01 00:51:48.000000000 +0100
@@ -55,40 +55,44 @@
 
 #ifdef OPENSSL_FIPS
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 struct dsa_st;
 struct evp_pkey_st;
 struct env_md_st;
 struct evp_cipher_st;
 struct evp_cipher_ctx_st;
 
 int FIPS_mode_set(int onoff);
 int FIPS_mode(void);
 const void *FIPS_rand_check(void);
 int FIPS_selftest_failed(void);
 void FIPS_selftest_check(void);
 void FIPS_corrupt_sha1(void);
 int FIPS_selftest_sha1(void);
+void FIPS_corrupt_sha256(void);
+int FIPS_selftest_sha256(void);
+void FIPS_corrupt_sha512(void);
+int FIPS_selftest_sha512(void);
 void FIPS_corrupt_aes(void);
 int FIPS_selftest_aes(void);
 void FIPS_corrupt_des(void);
 int FIPS_selftest_des(void);
 void FIPS_corrupt_rsa(void);
 void FIPS_corrupt_rsa_keygen(void);
 int FIPS_selftest_rsa(void);
 void FIPS_corrupt_dsa(void);
 void FIPS_corrupt_dsa_keygen(void);
 int FIPS_selftest_dsa(void);
 void FIPS_corrupt_rng(void);
 void FIPS_rng_stick(void);
 int FIPS_selftest_rng(void);
 int FIPS_selftest_hmac(void);
 
 int fips_pkey_signature_test(struct evp_pkey_st *pkey,
 			const unsigned char *tbs, int tbslen,
 			const unsigned char *kat, unsigned int katlen,
 			const struct env_md_st *digest, unsigned int md_flags,
 			const char *fail_str);
@@ -120,40 +124,44 @@
 #define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT		 105
 #define FIPS_F_FIPS_CHECK_RSA				 106
 #define FIPS_F_FIPS_DSA_CHECK				 107
 #define FIPS_F_FIPS_MODE_SET				 108
 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 109
 #define FIPS_F_FIPS_SELFTEST_AES			 110
 #define FIPS_F_FIPS_SELFTEST_DES			 111
 #define FIPS_F_FIPS_SELFTEST_DSA			 112
 #define FIPS_F_FIPS_SELFTEST_HMAC			 113
 #define FIPS_F_FIPS_SELFTEST_RNG			 114
 #define FIPS_F_FIPS_SELFTEST_SHA1			 115
 #define FIPS_F_HASH_FINAL				 123
 #define FIPS_F_RSA_BUILTIN_KEYGEN			 116
 #define FIPS_F_RSA_EAY_PRIVATE_DECRYPT			 117
 #define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT			 118
 #define FIPS_F_RSA_EAY_PUBLIC_DECRYPT			 119
 #define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 120
 #define FIPS_F_RSA_X931_GENERATE_KEY_EX			 121
 #define FIPS_F_SSLEAY_RAND_BYTES			 122
 
+#define FIPS_F_FIPS_SELFTEST_SHA256                      130
+#define FIPS_F_FIPS_SELFTEST_SHA512                      131
+
+
 /* Reason codes. */
 #define FIPS_R_CANNOT_READ_EXE				 103
 #define FIPS_R_CANNOT_READ_EXE_DIGEST			 104
 #define FIPS_R_CONTRADICTING_EVIDENCE			 114
 #define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH		 105
 #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH		 110
 #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
 #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
 #define FIPS_R_FIPS_MODE_ALREADY_SET			 102
 #define FIPS_R_FIPS_SELFTEST_FAILED			 106
 #define FIPS_R_INVALID_KEY_LENGTH			 109
 #define FIPS_R_KEY_TOO_SHORT				 108
 #define FIPS_R_NON_FIPS_METHOD				 100
 #define FIPS_R_PAIRWISE_TEST_FAILED			 107
 #define FIPS_R_RSA_DECRYPT_ERROR			 115
 #define FIPS_R_RSA_ENCRYPT_ERROR			 116
 #define FIPS_R_SELFTEST_FAILED				 101
 #define FIPS_R_TEST_FAILURE				 117
 #define FIPS_R_UNSUPPORTED_PLATFORM			 113
 
diff -rNU 20 ../openssl-0.9.8j-o/fips/sha/fips_sha1_selftest.c ./fips/sha/fips_sha1_selftest.c
--- ../openssl-0.9.8j-o/fips/sha/fips_sha1_selftest.c	2008-09-16 12:12:23.000000000 +0200
+++ ./fips/sha/fips_sha1_selftest.c	2011-11-01 00:51:57.000000000 +0100
@@ -44,54 +44,145 @@
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
 #include <openssl/evp.h>
 #include <openssl/sha.h>
 
 #ifdef OPENSSL_FIPS
 static char test[][60]=
     {
     "",
     "abc",
     "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
     };
 
+static char test256[][60]=
+    {
+    "",
+    "abc",
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    };
+
+static char test512[][60]=
+    {
+    "",
+    "abc",
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    };
+
+
 static const unsigned char ret[][SHA_DIGEST_LENGTH]=
     {
     { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
       0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
     { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
       0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
     { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
       0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
     };
 
+
+static const unsigned char ret256[][SHA256_DIGEST_LENGTH]=
+    {
+    { 0xe3,0xb0,0xc4,0x42,0x98,0xfc,0x1c,0x14,0x9a,0xfb,0xf4,0xc8,0x99,0x6f,0xb9,0x24,
+      0x27,0xae,0x41,0xe4,0x64,0x9b,0x93,0x4c,0xa4,0x95,0x99,0x1b,0x78,0x52,0xb8,0x55 },
+    { 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+      0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad },
+    { 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+      0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 },
+    };
+
+static const unsigned char ret512[][SHA512_DIGEST_LENGTH]=
+    {
+    { 0xcf,0x83,0xe1,0x35,0x7e,0xef,0xb8,0xbd,0xf1,0x54,0x28,0x50,0xd6,0x6d,0x80,0x07,
+      0xd6,0x20,0xe4,0x05,0x0b,0x57,0x15,0xdc,0x83,0xf4,0xa9,0x21,0xd3,0x6c,0xe9,0xce,
+      0x47,0xd0,0xd1,0x3c,0x5d,0x85,0xf2,0xb0,0xff,0x83,0x18,0xd2,0x87,0x7e,0xec,0x2f,
+      0x63,0xb9,0x31,0xbd,0x47,0x41,0x7a,0x81,0xa5,0x38,0x32,0x7a,0xf9,0x27,0xda,0x3e },
+    { 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
+      0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
+      0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
+      0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f },
+    { 0x20,0x4a,0x8f,0xc6,0xdd,0xa8,0x2f,0x0a,0x0c,0xed,0x7b,0xeb,0x8e,0x08,0xa4,0x16,
+      0x57,0xc1,0x6e,0xf4,0x68,0xb2,0x28,0xa8,0x27,0x9b,0xe3,0x31,0xa7,0x03,0xc3,0x35,
+      0x96,0xfd,0x15,0xc1,0x3b,0x1b,0x07,0xf9,0xaa,0x1d,0x3b,0xea,0x57,0x78,0x9c,0xa0,
+      0x31,0xad,0x85,0xc7,0xa7,0x1d,0xd7,0x03,0x54,0xec,0x63,0x12,0x38,0xca,0x34,0x45 },
+    };
+
+
 void FIPS_corrupt_sha1()
     {
     test[2][0]++;
     }
 
 int FIPS_selftest_sha1()
     {
     int n;
 
     for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
 	{
 	unsigned char md[SHA_DIGEST_LENGTH];
 
 	EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL);
 	if(memcmp(md,ret[n],sizeof md))
 	    {
 	    FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
 	    return 0;
 	    }
 	}
     return 1;
     }
 
+void FIPS_corrupt_sha256()
+    {
+    test256[2][0]++;
+    }
+
+int FIPS_selftest_sha256()
+    {
+    int n;
+
+    for(n=0 ; n<sizeof(test256)/sizeof(test256[0]) ; ++n)
+	{
+	unsigned char md[SHA256_DIGEST_LENGTH];
+
+	EVP_Digest(test256[n],strlen(test256[n]),md, NULL, EVP_sha256(), NULL);
+	if(memcmp(md,ret256[n],sizeof md))
+	    {
+	    FIPSerr(FIPS_F_FIPS_SELFTEST_SHA256,FIPS_R_SELFTEST_FAILED);
+	    return 0;
+	    }
+	}
+    return 1;
+    }
+
+
+void FIPS_corrupt_sha512()
+    {
+    test512[2][0]++;
+    }
+
+int FIPS_selftest_sha512()
+    {
+    int n;
+
+    for(n=0 ; n<sizeof(test512)/sizeof(test512[0]) ; ++n)
+	{
+	unsigned char md[SHA512_DIGEST_LENGTH];
+
+	EVP_Digest(test512[n],strlen(test512[n]),md, NULL, EVP_sha512(), NULL);
+	if(memcmp(md,ret512[n],sizeof md))
+	    {
+	    FIPSerr(FIPS_F_FIPS_SELFTEST_SHA512,FIPS_R_SELFTEST_FAILED);
+	    return 0;
+	    }
+	}
+    return 1;
+    }
+
 #endif
+