1 files changed, 222 insertions, 0 deletions
diff --git a/src/lib/libcrypto/util/checkhash.pl b/src/lib/libcrypto/util/checkhash.pl
new file mode 100644
index 0000000000..c61fa72178
--- /dev/null
+++ b/src/lib/libcrypto/util/checkhash.pl
@@ -0,0 +1,222 @@
+#!/usr/bin/env perl -w
+my $package = caller;
+if (!(defined $package))
+        {
+        my $retval = check_hashes(@ARGV);
+        exit $retval;
+        }
+1;
+sub check_hashes
+        {
+        my @args = @_;
+        my $change_dir = "";
+        my $check_program = "sha/fips_standalone_sha1";
+        my $verbose = 0;
+        my $badfiles = 0;
+        my $rebuild = 0;
+        my $force_rewrite = 0;
+        my $hash_file = "fipshashes.c";
+        my $recurse = 0;
+        my @fingerprint_files;
+        while (@args)
+                {
+                my $arg = $args[0];
+                if ($arg eq "-chdir")
+                        {
+                        shift @args;
+                        $change_dir = shift @args;
+                        }
+                elsif ($arg eq "-rebuild")
+                        {
+                        shift @args;
+                        $rebuild = 1;
+                        }
+                elsif ($arg eq "-verbose")
+                        {
+                        shift @args;
+                        $verbose = 1;
+                        }
+                elsif ($arg eq "-force-rewrite")
+                        {
+                        shift @args;
+                        $force_rewrite = 1;
+                        }
+                elsif ($arg eq "-hash_file")
+                        {
+                        shift @args;
+                        $hash_file = shift @args;
+                        }
+                elsif ($arg eq "-recurse")
+                        {
+                        shift @args;
+                        $recurse = 1;
+                        }
+                elsif ($arg eq "-program_path")
+                        {
+                        shift @args;
+                        $check_program = shift @args;
+                        }
+                else
+                        {
+                        print STDERR "Unknown Option $arg";
+                        return 1;
+                        }
+                }
+        chdir $change_dir if $change_dir ne "";
+        if ($recurse)
+                {
+                @fingerprint_files = ("fingerprint.sha1",
+                                        <*/fingerprint.sha1>);
+                }
+        else
+                {
+                push @fingerprint_files, $hash_file;
+                }
+        foreach $fp (@fingerprint_files)
+                {
+                if (!open(IN, "$fp"))
+                        {
+                        print STDERR "Can't open file $fp";
+                        return 1;
+                        }
+                print STDERR "Opening Fingerprint file $fp\n" if $verbose;
+                my $dir = $fp;
+                $dir =~ s/[^\/]*$//;
+                while (<IN>)
+                        {
+                        chomp;
+                        if (!(($file, $hash) = /^\"HMAC-SHA1\((.*)\)\s*=\s*(\w*)\",$/))
+                                {
+                                /^\"/ || next;
+                                print STDERR "FATAL: Invalid syntax in file $fp\n";
+                                print STDERR "Line:\n$_\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        if (!$rebuild && length($hash) != 40)
+                                {
+                                print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        push @hashed_files, "$dir$file";
+                        if (exists $hashes{"$dir$file"})
+                                {
+                                print STDERR "FATAL: Duplicate Hash file $dir$file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        if (! -r "$dir$file")
+                                {
+                                print STDERR "FATAL: Can't access $dir$file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        $hashes{"$dir$file"} = $hash;
+                        }
+                close IN;
+                }
+        @checked_hashes = `$check_program @hashed_files`;
+        if ($? != 0)
+                {
+                print STDERR "Error running hash program $check_program\n";
+                fatal_error();
+                return 1;
+                }
+        if (@checked_hashes != @hashed_files)
+                {
+                print STDERR "FATAL: hash count incorrect\n";
+                fatal_error();
+                return 1;
+                }
+        foreach (@checked_hashes)
+                {
+                chomp;
+                if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
+                        {
+                        print STDERR "FATAL: Invalid syntax in file $fp\n";
+                        print STDERR "Line:\n$_\n";
+                        fatal_error();
+                        return 1;
+                        }
+                if (length($hash) != 40)
+                        {
+                        print STDERR "FATAL: Invalid hash length for file $file\n";
+                        fatal_error();
+                        return 1;
+                        }
+                if ($hash ne $hashes{$file})
+                        {
+                        if ($rebuild)
+                                {
+                                print STDERR "Updating hash on file $file\n";
+                                $hashes{$file} = $hash;
+                                }
+                        else
+                                {
+                                print STDERR "Hash check failed for file $file\n";
+                                }
+                        $badfiles++;
+                        }
+                elsif ($verbose)
+                        { print "Hash Check OK for $file\n";}
+                }
+                
+        if ($badfiles && !$rebuild)
+                {
+                print STDERR "FATAL: hash mismatch on $badfiles files\n";
+                fatal_error();
+                return 1;
+                }
+        if ($badfiles || $force_rewrite)
+                {
+                print "Updating Hash file $hash_file\n";
+                if (!open(OUT, ">$hash_file"))
+                        {
+                        print STDERR "Error rewriting $hash_file";
+                        return 1;
+                        }
+                print OUT "const char * const FIPS_source_hashes[] = {\n";
+                foreach (@hashed_files)
+                        {
+                        print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
+                        }
+                print OUT "};\n";
+                close OUT;
+                }
+        if (!$badfiles)
+                {
+                print "FIPS hash check successful\n";
+                }
+        return 0;
+        }
+sub fatal_error
+        {
+        print STDERR "*** Your source code does not match the FIPS validated source ***\n";
+        }

diff --git a/src/lib/libcrypto/util/checkhash.pl b/src/lib/libcrypto/util/checkhash.pl new file mode 100644 index 0000000000..c61fa72178 --- /dev/null +++ b/src/lib/libcrypto/util/checkhash.pl
@@ -0,0 +1,222 @@
	1	#!/usr/bin/env perl -w
	2
	3	my $package = caller;
	4
	5	if (!(defined $package))
	6	{
	7	my $retval = check_hashes(@ARGV);
	8	exit $retval;
	9	}
	10
	11	1;
	12
	13	sub check_hashes
	14	{
	15
	16	my @args = @_;
	17
	18	my $change_dir = "";
	19	my $check_program = "sha/fips_standalone_sha1";
	20
	21	my $verbose = 0;
	22	my $badfiles = 0;
	23	my $rebuild = 0;
	24	my $force_rewrite = 0;
	25	my $hash_file = "fipshashes.c";
	26	my $recurse = 0;
	27
	28	my @fingerprint_files;
	29
	30	while (@args)
	31	{
	32	my $arg = $args[0];
	33	if ($arg eq "-chdir")
	34	{
	35	shift @args;
	36	$change_dir = shift @args;
	37	}
	38	elsif ($arg eq "-rebuild")
	39	{
	40	shift @args;
	41	$rebuild = 1;
	42	}
	43	elsif ($arg eq "-verbose")
	44	{
	45	shift @args;
	46	$verbose = 1;
	47	}
	48	elsif ($arg eq "-force-rewrite")
	49	{
	50	shift @args;
	51	$force_rewrite = 1;
	52	}
	53	elsif ($arg eq "-hash_file")
	54	{
	55	shift @args;
	56	$hash_file = shift @args;
	57	}
	58	elsif ($arg eq "-recurse")
	59	{
	60	shift @args;
	61	$recurse = 1;
	62	}
	63	elsif ($arg eq "-program_path")
	64	{
	65	shift @args;
	66	$check_program = shift @args;
	67	}
	68	else
	69	{
	70	print STDERR "Unknown Option $arg";
	71	return 1;
	72	}
	73
	74	}
	75
	76	chdir $change_dir if $change_dir ne "";
	77
	78	if ($recurse)
	79	{
	80	@fingerprint_files = ("fingerprint.sha1",
	81	<*/fingerprint.sha1>);
	82	}
	83	else
	84	{
	85	push @fingerprint_files, $hash_file;
	86	}
	87
	88	foreach $fp (@fingerprint_files)
	89	{
	90	if (!open(IN, "$fp"))
	91	{
	92	print STDERR "Can't open file $fp";
	93	return 1;
	94	}
	95	print STDERR "Opening Fingerprint file $fp\n" if $verbose;
	96	my $dir = $fp;
	97	$dir =~ s/[^\/]*$//;
	98	while (<IN>)
	99	{
	100	chomp;
	101	if (!(($file, $hash) = /^\"HMAC-SHA1\((.)\)\s=\s(\w)\",$/))
	102	{
	103	/^\"/ \|\| next;
	104	print STDERR "FATAL: Invalid syntax in file $fp\n";
	105	print STDERR "Line:\n$_\n";
	106	fatal_error();
	107	return 1;
	108	}
	109	if (!$rebuild && length($hash) != 40)
	110	{
	111	print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
	112	fatal_error();
	113	return 1;
	114	}
	115	push @hashed_files, "$dir$file";
	116	if (exists $hashes{"$dir$file"})
	117	{
	118	print STDERR "FATAL: Duplicate Hash file $dir$file\n";
	119	fatal_error();
	120	return 1;
	121	}
	122	if (! -r "$dir$file")
	123	{
	124	print STDERR "FATAL: Can't access $dir$file\n";
	125	fatal_error();
	126	return 1;
	127	}
	128	$hashes{"$dir$file"} = $hash;
	129	}
	130	close IN;
	131	}
	132
	133	@checked_hashes = `$check_program @hashed_files`;
	134
	135	if ($? != 0)
	136	{
	137	print STDERR "Error running hash program $check_program\n";
	138	fatal_error();
	139	return 1;
	140	}
	141
	142	if (@checked_hashes != @hashed_files)
	143	{
	144	print STDERR "FATAL: hash count incorrect\n";
	145	fatal_error();
	146	return 1;
	147	}
	148
	149	foreach (@checked_hashes)
	150	{
	151	chomp;
	152	if (!(($file, $hash) = /^HMAC-SHA1\((.)\)\s=\s(\w)$/))
	153	{
	154	print STDERR "FATAL: Invalid syntax in file $fp\n";
	155	print STDERR "Line:\n$_\n";
	156	fatal_error();
	157	return 1;
	158	}
	159	if (length($hash) != 40)
	160	{
	161	print STDERR "FATAL: Invalid hash length for file $file\n";
	162	fatal_error();
	163	return 1;
	164	}
	165	if ($hash ne $hashes{$file})
	166	{
	167	if ($rebuild)
	168	{
	169	print STDERR "Updating hash on file $file\n";
	170	$hashes{$file} = $hash;
	171	}
	172	else
	173	{
	174	print STDERR "Hash check failed for file $file\n";
	175	}
	176	$badfiles++;
	177	}
	178	elsif ($verbose)
	179	{ print "Hash Check OK for $file\n";}
	180	}
	181
	182
	183	if ($badfiles && !$rebuild)
	184	{
	185	print STDERR "FATAL: hash mismatch on $badfiles files\n";
	186	fatal_error();
	187	return 1;
	188	}
	189
	190	if ($badfiles \|\| $force_rewrite)
	191	{
	192	print "Updating Hash file $hash_file\n";
	193	if (!open(OUT, ">$hash_file"))
	194	{
	195	print STDERR "Error rewriting $hash_file";
	196	return 1;
	197	}
	198	print OUT "const char * const FIPS_source_hashes[] = {\n";
	199	foreach (@hashed_files)
	200	{
	201	print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
	202	}
	203	print OUT "};\n";
	204	close OUT;
	205	}
	206
	207	if (!$badfiles)
	208	{
	209	print "FIPS hash check successful\n";
	210	}
	211
	212	return 0;
	213
	214	}
	215
	216
	217	sub fatal_error
	218	{
	219	print STDERR "* Your source code does not match the FIPS validated source *\n";
	220	}
	221
	222