File openssl-fips__0045_fipscheck_sha1_sha256.diff of Package compat-openssl098.703

diff -rNU 20 ../openssl-0.9.8j-o/fips/sha/Makefile ./fips/sha/Makefile
--- ../openssl-0.9.8j-o/fips/sha/Makefile	2008-10-26 19:42:05.000000000 +0100
+++ ./fips/sha/Makefile	2011-08-09 17:03:08.000000000 +0200
@@ -29,41 +29,41 @@
 LIB=$(TOP)/libcrypto.a
 LIBSRC=fips_sha1_selftest.c
 LIBOBJ=fips_sha1_selftest.o
 
 SRC= $(LIBSRC) fips_standalone_sha1.c
 
 EXHEADER=
 HEADER=	
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
 	(cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
 
 all:	../fips_standalone_sha1$(EXE_EXT) lib
 
 lib:	$(LIBOBJ)
 	@echo $(LIBOBJ) > lib
 
 ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
-	FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
+	FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
 	$(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
 
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 
 links:
 	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
 
 install:
 	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
 	do  \
 	  (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	  chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done
 
 tags:
 	ctags $(SRC)
 
diff -rNU 20 ../openssl-0.9.8j-o/fips/sha/fips_standalone_sha1.c ./fips/sha/fips_standalone_sha1.c
--- ../openssl-0.9.8j-o/fips/sha/fips_standalone_sha1.c	2008-09-16 12:12:23.000000000 +0200
+++ ./fips/sha/fips_standalone_sha1.c	2011-08-09 17:13:04.000000000 +0200
@@ -45,129 +45,129 @@
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/opensslconf.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 
 #ifndef FIPSCANISTER_O
 int FIPS_selftest_failed() { return 0; }
 void FIPS_selftest_check() {}
 void OPENSSL_cleanse(void *p,size_t len) {}
 #endif
 
 #ifdef OPENSSL_FIPS
 
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
 		      const char *key)
     {
-    int len=strlen(key);
+    size_t len=strlen(key);
     int i;
     unsigned char keymd[HMAC_MAX_MD_CBLOCK];
     unsigned char pad[HMAC_MAX_MD_CBLOCK];
 
     if (len > SHA_CBLOCK)
 	{
-	SHA1_Init(md_ctx);
-	SHA1_Update(md_ctx,key,len);
-	SHA1_Final(keymd,md_ctx);
-	len=20;
+	SHA256_Init(md_ctx);
+	SHA256_Update(md_ctx,key,len);
+	SHA256_Final(keymd,md_ctx);
+	len=SHA256_DIGEST_LENGTH;
 	}
     else
 	memcpy(keymd,key,len);
     memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
 
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x36^keymd[i];
-    SHA1_Init(md_ctx);
-    SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+    SHA256_Init(md_ctx);
+    SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
 
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x5c^keymd[i];
-    SHA1_Init(o_ctx);
-    SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+    SHA256_Init(o_ctx);
+    SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
     }
 
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
     {
-    unsigned char buf[20];
+    unsigned char buf[SHA256_DIGEST_LENGTH];
 
-    SHA1_Final(buf,md_ctx);
-    SHA1_Update(o_ctx,buf,sizeof buf);
-    SHA1_Final(md,o_ctx);
+    SHA256_Final(buf,md_ctx);
+    SHA256_Update(o_ctx,buf,sizeof buf);
+    SHA256_Final(md,o_ctx);
     }
 
 #endif
 
 int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS
     static char key[]="etaonrishdlcupfm";
     int n,binary=0;
 
     if(argc < 2)
 	{
 	fprintf(stderr,"%s [<file>]+\n",argv[0]);
 	exit(1);
 	}
 
     n=1;
     if (!strcmp(argv[n],"-binary"))
 	{
 	n++;
 	binary=1;	/* emit binary fingerprint... */
 	}
 
     for(; n < argc ; ++n)
 	{
 	FILE *f=fopen(argv[n],"rb");
-	SHA_CTX md_ctx,o_ctx;
-	unsigned char md[20];
+	SHA256_CTX md_ctx,o_ctx;
+	unsigned char md[SHA256_DIGEST_LENGTH];
 	int i;
 
 	if(!f)
 	    {
 	    perror(argv[n]);
 	    exit(2);
 	    }
 
 	hmac_init(&md_ctx,&o_ctx,key);
 	for( ; ; )
 	    {
 	    char buf[1024];
-	    int l=fread(buf,1,sizeof buf,f);
+	    size_t l=fread(buf,1,sizeof buf,f);
 
 	    if(l == 0)
 		{
 		if(ferror(f))
 		    {
 		    perror(argv[n]);
 		    exit(3);
 		    }
 		else
 		    break;
 		}
-	    SHA1_Update(&md_ctx,buf,l);
+	    SHA256_Update(&md_ctx,buf,l);
 	    }
 	hmac_final(md,&md_ctx,&o_ctx);
 
 	if (binary)
 	    {
-	    fwrite(md,20,1,stdout);
+	    fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
 	    break;	/* ... for single(!) file */
 	    }
 
-	printf("HMAC-SHA1(%s)= ",argv[n]);
-	for(i=0 ; i < 20 ; ++i)
+/*	printf("HMAC-SHA1(%s)= ",argv[n]); */
+	for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
 	    printf("%02x",md[i]);
 	printf("\n");
 	}
 #endif
     return 0;
     }