Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
compat-openssl098.4153
openssl-fips__0090_hmac_key_change.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-fips__0090_hmac_key_change.diff of Package compat-openssl098.4153
diff -rNU 20 ../openssl-0.9.8j-o/apps/dgst.c ./apps/dgst.c --- ../openssl-0.9.8j-o/apps/dgst.c 2008-10-22 20:51:37.000000000 +0200 +++ ./apps/dgst.c 2011-08-09 17:17:57.000000000 +0200 @@ -199,41 +199,41 @@ { if (--argc < 1) break; keyform=str2fmt(*(++argv)); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) break; engine= *(++argv); } #endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; else if (strcmp(*argv,"-non-fips-allow") == 0) non_fips_allow=1; else if (!strcmp(*argv,"-fips-fingerprint")) - hmac_key = "etaonrishdlcupfm"; + hmac_key = "ppaksykemnsecgtsttplmamstKMEs"; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) break; hmac_key=*++argv; } else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) md=m; else break; argc--; argv++; } if (md == NULL) md=EVP_md5(); if(do_verify && !sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); err = 1; diff -rNU 20 ../openssl-0.9.8j-o/fips/fips.c ./fips/fips.c --- ../openssl-0.9.8j-o/fips/fips.c 2011-08-09 17:02:07.000000000 +0200 +++ ./fips/fips.c 2011-08-09 17:17:57.000000000 +0200 @@ -324,41 +324,41 @@ if(path == NULL) { return NULL; } fn = strrchr(origpath, '/'); if (fn == NULL) { fn = origpath; } else { ++fn; } strncpy(path, origpath, fn-origpath); p = path + (fn - origpath); p = stpcpy(p, HMAC_PREFIX); p = stpcpy(p, fn); p = stpcpy(p, HMAC_SUFFIX); return path; } -static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP"; +static const char hmackey[] = "ppaksykemnsecgtsttplmamstKMEs"; static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) { FILE *f = NULL; int rv = -1; unsigned char rbuf[READ_BUFFER_LENGTH]; size_t len; unsigned int hlen; HMAC_CTX c; HMAC_CTX_init(&c); f = fopen(path, "r"); if (f == NULL) { goto end; } HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256()); diff -rNU 20 ../openssl-0.9.8j-o/fips/fipsld ./fips/fipsld --- ../openssl-0.9.8j-o/fips/fipsld 2008-09-16 12:12:10.000000000 +0200 +++ ./fips/fipsld 2011-08-09 17:17:57.000000000 +0200 @@ -52,41 +52,41 @@ THERE="`echo $0 | sed -e 's|[^/]*$||'`".. # fipscanister.o can appear in command line CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)` if [ -z "${CANISTER_O}" ]; then # If set, FIPSLIBDIR is location of installed validated FIPS module if [ -n "${FIPSLIBDIR}" ]; then CANISTER_O="${FIPSLIBDIR}/fipscanister.o" elif [ -f "${THERE}/fips/fipscanister.o" ]; then CANISTER_O="${THERE}/fips/fipscanister.o" elif [ -f "${THERE}/lib/fipscanister.o" ]; then CANISTER_O="${THERE}/lib/fipscanister.o" fi CANISTER_O_CMD="${CANISTER_O}" fi [ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; } PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c -HMAC_KEY="etaonrishdlcupfm" +HMAC_KEY="ppaksykemnsecgtsttplmamstKMEs" case "`(uname -s) 2>/dev/null`" in OSF1|IRIX*) _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain" ;; HP-UX) _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain" ;; AIX) _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";; Darwin) ( while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done; [ $# -ge 1 ] ) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;; esac case "${TARGET}" in [!/]*) TARGET=./${TARGET} ;; esac case `basename "${TARGET}"` in lib*|*.dll) # must be linking a shared lib... # Shared lib creation can be taking place in the source # directory only, but fipscanister.o can reside elsewhere... FINGERTYPE="${THERE}/fips/fips_standalone_sha1" diff -rNU 20 ../openssl-0.9.8j-o/fips/openssl_fips_fingerprint ./fips/openssl_fips_fingerprint --- ../openssl-0.9.8j-o/fips/openssl_fips_fingerprint 2008-09-16 12:12:10.000000000 +0200 +++ ./fips/openssl_fips_fingerprint 2011-08-09 17:17:57.000000000 +0200 @@ -6,26 +6,26 @@ lib=$1 exe=$2 ext=${HMAC_EXT:-sha1} # deal with the case where we're run from within the build and OpenSSL is # not yet installed. Also, make sure LD_LIBRARY_PATH is properly set in # case shared libraries are built. if [ "X$TOP" != "X" ] then if test "$OSTYPE" = msdosdjgpp; then PATH="$TOP/apps;$TOP;$PATH" else PATH="$TOP/apps:$TOP:$PATH" fi LD_LIBRARY_PATH=$TOP; export LD_LIBRARY_PATH else LD_LIBRARY_PATH=.; export LD_LIBRARY_PATH fi echo "Checking library fingerprint for $lib" -openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; } +openssl sha1 -hmac ppaksykemnsecgtsttplmamstKMEs $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; } [ -x $exe.exe ] && exe=$exe.exe echo "Making fingerprint for $exe" -openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext +openssl sha1 -hmac ppaksykemnsecgtsttplmamstKMEs -binary $exe > $exe.$ext || rm $exe.$ext diff -rNU 20 ../openssl-0.9.8j-o/fips/sha/fips_standalone_sha1.c ./fips/sha/fips_standalone_sha1.c --- ../openssl-0.9.8j-o/fips/sha/fips_standalone_sha1.c 2011-08-09 17:13:04.000000000 +0200 +++ ./fips/sha/fips_standalone_sha1.c 2011-08-09 17:18:29.000000000 +0200 @@ -89,41 +89,41 @@ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) pad[i]=0x5c^keymd[i]; SHA256_Init(o_ctx); SHA256_Update(o_ctx,pad,SHA256_CBLOCK); } static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx) { unsigned char buf[SHA256_DIGEST_LENGTH]; SHA256_Final(buf,md_ctx); SHA256_Update(o_ctx,buf,sizeof buf); SHA256_Final(md,o_ctx); } #endif int main(int argc,char **argv) { #ifdef OPENSSL_FIPS - static char key[]="etaonrishdlcupfm"; + static char key[]="ppaksykemnsecgtsttplmamstKMEs"; int n,binary=0; if(argc < 2) { fprintf(stderr,"%s [<file>]+\n",argv[0]); exit(1); } n=1; if (!strcmp(argv[n],"-binary")) { n++; binary=1; /* emit binary fingerprint... */ } for(; n < argc ; ++n) { FILE *f=fopen(argv[n],"rb"); SHA256_CTX md_ctx,o_ctx; unsigned char md[SHA256_DIGEST_LENGTH];
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor