Loading fips/fipsld +27 −51 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)` case `basename "${TARGET}"` in libcrypto*|libfips*|*.dll) ;; *) case "$*" in *libcrypto.a*|*-lcrypto*) ;; *libcrypto.a*|*-lcrypto*|*fipscanister.o*) ;; *) exec ${CC} "$@" ;; esac esac Loading @@ -52,6 +52,9 @@ esac THERE="`echo $0 | sed -e 's|[^/]*$||'`".. # fipscanister.o can appear in command line CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)` if [ -z "${CANISTER_O}" ]; then # If set, FIPSLIBDIR is location of installed validated FIPS module if [ -n "${FIPSLIBDIR}" ]; then CANISTER_O="${FIPSLIBDIR}/fipscanister.o" Loading @@ -60,6 +63,8 @@ elif [ -f "${THERE}/fips/fipscanister.o" ]; then elif [ -f "${THERE}/lib/fipscanister.o" ]; then CANISTER_O="${THERE}/lib/fipscanister.o" fi CANISTER_O_CMD="${CANISTER_O}" fi [ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; } PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c Loading @@ -80,38 +85,7 @@ case "${TARGET}" in esac case `basename "${TARGET}"` in libfips*|*fips.dll) # libfips.so creation can be taking place in the source # directory only!!! FINGERTYPE="${THERE}/fips/fips_standalone_sha1" # fipscanister.o should be specified on command line... CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)` [ -n "$CANISTER_O" ] || { echo "fipscanister.o is not found"; exit 1; } PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c # verify fipspremain.c against its detached signature... ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \ diff -w "${PREMAIN_C}.sha1" - || \ { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; } # verify fipscanister.o against its detached signature... ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \ diff -w "${CANISTER_O}.sha1" - || \ { echo "${CANISTER_O} fingerprint mismatch"; exit 1; } /bin/rm -f "${TARGET}" ${CC} "${PREMAIN_C}" ${_WL_PREMAIN} "$@" # generate signature... SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"` /bin/rm -f "${TARGET}" if [ -z "${SIG}" ]; then echo "unable to collect signature"; exit 1 fi # recompile with signature... ${CC} -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" ${_WL_PREMAIN} "$@" ;; libcrypto*|*.dll) # must be linking a shared lib... lib*|*.dll) # must be linking a shared lib... # Shared lib creation can be taking place in the source # directory only, but fipscanister.o can reside elsewhere... FINGERTYPE="${THERE}/fips/fips_standalone_sha1" Loading @@ -127,16 +101,18 @@ libcrypto*|*.dll) # must be linking a shared lib... # Temporarily remove fipscanister.o from libcrypto.a! # We are required to use the standalone copy... if [ -f "${THERE}/libcrypto.a" ]; then if ar d "${THERE}/libcrypto.a" fipscanister.o; then (ranlib "${THERE}/libcrypto.a") 2>/dev/null || : trap 'ar r "${THERE}/libcrypto.a" "${CANISTER_O}"; (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :; sleep 1; touch -c "${TARGET}"' 0 ar d "${THERE}/libcrypto.a" fipscanister.o 2>&1 > /dev/null || : (ranlib "${THERE}/libcrypto.a") 2>/dev/null || : fi fi /bin/rm -f "${TARGET}" ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" Loading @@ -148,7 +124,7 @@ libcrypto*|*.dll) # must be linking a shared lib... fi # recompile with signature... ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" ;; Loading @@ -175,7 +151,7 @@ libcrypto*|*.dll) # must be linking a shared lib... { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; } /bin/rm -f "${TARGET}" ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" Loading @@ -187,7 +163,7 @@ libcrypto*|*.dll) # must be linking a shared lib... fi # recompile with signature... ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" ;; Loading test/Makefile +4 −3 Original line number Diff line number Diff line Loading @@ -392,11 +392,12 @@ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ LIBRARIES="$(LIBCRYPTO) $(LIBKRB5)"; \ if [ -z "$(SHARED_LIBS)" ] ; then \ if [ "$(FIPSCANLIB)" = "libfips" ]; then \ LIBRARIES="-L$(TOP) -lfips"; \ else \ FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ fi; \ [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="-L$(TOP) -lfips"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ Loading Loading
fips/fipsld +27 −51 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)` case `basename "${TARGET}"` in libcrypto*|libfips*|*.dll) ;; *) case "$*" in *libcrypto.a*|*-lcrypto*) ;; *libcrypto.a*|*-lcrypto*|*fipscanister.o*) ;; *) exec ${CC} "$@" ;; esac esac Loading @@ -52,6 +52,9 @@ esac THERE="`echo $0 | sed -e 's|[^/]*$||'`".. # fipscanister.o can appear in command line CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)` if [ -z "${CANISTER_O}" ]; then # If set, FIPSLIBDIR is location of installed validated FIPS module if [ -n "${FIPSLIBDIR}" ]; then CANISTER_O="${FIPSLIBDIR}/fipscanister.o" Loading @@ -60,6 +63,8 @@ elif [ -f "${THERE}/fips/fipscanister.o" ]; then elif [ -f "${THERE}/lib/fipscanister.o" ]; then CANISTER_O="${THERE}/lib/fipscanister.o" fi CANISTER_O_CMD="${CANISTER_O}" fi [ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; } PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c Loading @@ -80,38 +85,7 @@ case "${TARGET}" in esac case `basename "${TARGET}"` in libfips*|*fips.dll) # libfips.so creation can be taking place in the source # directory only!!! FINGERTYPE="${THERE}/fips/fips_standalone_sha1" # fipscanister.o should be specified on command line... CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)` [ -n "$CANISTER_O" ] || { echo "fipscanister.o is not found"; exit 1; } PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c # verify fipspremain.c against its detached signature... ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \ diff -w "${PREMAIN_C}.sha1" - || \ { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; } # verify fipscanister.o against its detached signature... ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \ diff -w "${CANISTER_O}.sha1" - || \ { echo "${CANISTER_O} fingerprint mismatch"; exit 1; } /bin/rm -f "${TARGET}" ${CC} "${PREMAIN_C}" ${_WL_PREMAIN} "$@" # generate signature... SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"` /bin/rm -f "${TARGET}" if [ -z "${SIG}" ]; then echo "unable to collect signature"; exit 1 fi # recompile with signature... ${CC} -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" ${_WL_PREMAIN} "$@" ;; libcrypto*|*.dll) # must be linking a shared lib... lib*|*.dll) # must be linking a shared lib... # Shared lib creation can be taking place in the source # directory only, but fipscanister.o can reside elsewhere... FINGERTYPE="${THERE}/fips/fips_standalone_sha1" Loading @@ -127,16 +101,18 @@ libcrypto*|*.dll) # must be linking a shared lib... # Temporarily remove fipscanister.o from libcrypto.a! # We are required to use the standalone copy... if [ -f "${THERE}/libcrypto.a" ]; then if ar d "${THERE}/libcrypto.a" fipscanister.o; then (ranlib "${THERE}/libcrypto.a") 2>/dev/null || : trap 'ar r "${THERE}/libcrypto.a" "${CANISTER_O}"; (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :; sleep 1; touch -c "${TARGET}"' 0 ar d "${THERE}/libcrypto.a" fipscanister.o 2>&1 > /dev/null || : (ranlib "${THERE}/libcrypto.a") 2>/dev/null || : fi fi /bin/rm -f "${TARGET}" ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" Loading @@ -148,7 +124,7 @@ libcrypto*|*.dll) # must be linking a shared lib... fi # recompile with signature... ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" ;; Loading @@ -175,7 +151,7 @@ libcrypto*|*.dll) # must be linking a shared lib... { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; } /bin/rm -f "${TARGET}" ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" Loading @@ -187,7 +163,7 @@ libcrypto*|*.dll) # must be linking a shared lib... fi # recompile with signature... ${CC} "${CANISTER_O}" \ ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ ${_WL_PREMAIN} "$@" ;; Loading
test/Makefile +4 −3 Original line number Diff line number Diff line Loading @@ -392,11 +392,12 @@ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ LIBRARIES="$(LIBCRYPTO) $(LIBKRB5)"; \ if [ -z "$(SHARED_LIBS)" ] ; then \ if [ "$(FIPSCANLIB)" = "libfips" ]; then \ LIBRARIES="-L$(TOP) -lfips"; \ else \ FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ fi; \ [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="-L$(TOP) -lfips"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ Loading
