]> git.ipfire.org Git - thirdparty/openssl.git/blob - util/fipslink.pl
util/fipslink.pl: further adjustments.
[thirdparty/openssl.git] / util / fipslink.pl
1 #!/usr/bin/perl
2
3 sub check_env
4 {
5 my @ret;
6 foreach (@_)
7 {
8 die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
9 push @ret, $ENV{$_};
10 }
11 return @ret;
12 }
13
14
15 my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
16 = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
17 "FIPSLIB_D", "FIPS_SHA1_EXE");
18
19
20
21 if (exists $ENV{"PREMAIN_DSO_EXE"})
22 {
23 $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
24 }
25 else
26 {
27 $fips_premain_dso = "";
28 }
29
30 check_hash($sha1_exe, "fips_premain.c");
31 check_hash($sha1_exe, "fipscanister.lib");
32
33
34 print "Integrity check OK\n";
35
36 if (is_premain_linked(@ARGV)) {
37 print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
38 system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
39 die "First stage Compile failure" if $? != 0;
40 } elsif (!defined($ENV{FIPS_SIG})) {
41 die "no fips_premain.obj linked";
42 }
43
44 print "$fips_link @ARGV\n";
45 system "$fips_link @ARGV";
46 die "First stage Link failure" if $? != 0;
47
48 if (defined($ENV{FIPS_SIG})) {
49 print "$ENV{FIPS_SIG} $fips_target\n";
50 system "$ENV{FIPS_SIG} $fips_target";
51 die "$ENV{FIPS_SIG} $fips_target failed" if $? != 0;
52 exit;
53 }
54
55 print "$fips_premain_dso $fips_target\n";
56 system("$fips_premain_dso $fips_target >$fips_target.sha1");
57 die "Get hash failure" if $? != 0;
58 open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
59 $fips_hash=<$sha1_res>;
60 close $sha1_res;
61 unlink $fips_target.".sha1";
62 chomp $fips_hash;
63 die "Get hash failure" if $? != 0;
64
65
66 print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
67 system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
68 die "Second stage Compile failure" if $? != 0;
69
70
71 print "$fips_link @ARGV\n";
72 system "$fips_link @ARGV";
73 die "Second stage Link failure" if $? != 0;
74
75 sub is_premain_linked
76 {
77 return 1 if (grep /fips_premain\.obj/,@_);
78 foreach (@_)
79 {
80 if (/^@(.*)/ && -f $1)
81 {
82 open FD,$1 or die "can't open $1";
83 my $ret = (grep /fips_premain\.obj/,<FD>)?1:0;
84 close FD;
85 return $ret;
86 }
87 }
88 return 0;
89 }
90
91 sub check_hash
92 {
93 my ($sha1_exe, $filename) = @_;
94 my ($hashfile, $hashval);
95
96 open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
97 $hashfile = <IN>;
98 close IN;
99 $hashval = `$sha1_exe ${fips_libdir}/$filename`;
100 chomp $hashfile;
101 chomp $hashval;
102 $hashfile =~ s/^.*=\s+//;
103 $hashval =~ s/^.*=\s+//;
104 die "Invalid hash syntax in file" if (length($hashfile) != 40);
105 die "Invalid hash received for file" if (length($hashval) != 40);
106 die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
107 }
108
109