1 files changed, 78 insertions, 0 deletions
diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl
new file mode 100644
index 0000000000..a893833c5c
--- /dev/null
+++ b/src/lib/libcrypto/util/fipslink.pl
@@ -0,0 +1,78 @@
+#!/usr/bin/perl
+sub check_env
+        {
+        my @ret;
+        foreach (@_)
+                {
+                die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
+                push @ret, $ENV{$_};
+                }
+        return @ret;
+        }
+my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
+         = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
+                "FIPSLIB_D", "FIPS_SHA1_EXE");
+if (exists $ENV{"PREMAIN_DSO_EXE"})
+        {
+        $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
+        }
+        else
+        {
+        $fips_premain_dso = "";
+        }
+check_hash($sha1_exe, "fips_premain.c");
+check_hash($sha1_exe, "fipscanister.o");
+print "Integrity check OK\n";
+print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
+die "First stage Compile failure" if $? != 0;
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "First stage Link failure" if $? != 0;
+print "$fips_premain_dso $fips_target\n";
+$fips_hash=`$fips_premain_dso $fips_target`;
+chomp $fips_hash;
+die "Get hash failure" if $? != 0;
+print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
+die "Second stage Compile failure" if $? != 0;
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "Second stage Link failure" if $? != 0;
+sub check_hash
+        {
+        my ($sha1_exe, $filename) = @_;
+        my ($hashfile, $hashval);
+        open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
+        $hashfile = <IN>;
+        close IN;
+        $hashval = `$sha1_exe ${fips_libdir}/$filename`;
+        chomp $hashfile;
+        chomp $hashval;
+        $hashfile =~ s/^.*=\s+//;
+        $hashval =~ s/^.*=\s+//;
+        die "Invalid hash syntax in file" if (length($hashfile) != 40);
+        die "Invalid hash received for file" if (length($hashval) != 40);
+        die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); 
+        }

diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl new file mode 100644 index 0000000000..a893833c5c --- /dev/null +++ b/src/lib/libcrypto/util/fipslink.pl
@@ -0,0 +1,78 @@
	1	#!/usr/bin/perl
	2
	3	sub check_env
	4	{
	5	my @ret;
	6	foreach (@_)
	7	{
	8	die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
	9	push @ret, $ENV{$_};
	10	}
	11	return @ret;
	12	}
	13
	14
	15	my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
	16	= check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
	17	"FIPSLIB_D", "FIPS_SHA1_EXE");
	18
	19
	20
	21	if (exists $ENV{"PREMAIN_DSO_EXE"})
	22	{
	23	$fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
	24	}
	25	else
	26	{
	27	$fips_premain_dso = "";
	28	}
	29
	30	check_hash($sha1_exe, "fips_premain.c");
	31	check_hash($sha1_exe, "fipscanister.o");
	32
	33
	34	print "Integrity check OK\n";
	35
	36	print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
	37	system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
	38	die "First stage Compile failure" if $? != 0;
	39
	40	print "$fips_link @ARGV\n";
	41	system "$fips_link @ARGV";
	42	die "First stage Link failure" if $? != 0;
	43
	44
	45	print "$fips_premain_dso $fips_target\n";
	46	$fips_hash=`$fips_premain_dso $fips_target`;
	47	chomp $fips_hash;
	48	die "Get hash failure" if $? != 0;
	49
	50
	51	print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
	52	system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
	53	die "Second stage Compile failure" if $? != 0;
	54
	55
	56	print "$fips_link @ARGV\n";
	57	system "$fips_link @ARGV";
	58	die "Second stage Link failure" if $? != 0;
	59
	60	sub check_hash
	61	{
	62	my ($sha1_exe, $filename) = @_;
	63	my ($hashfile, $hashval);
	64
	65	open(IN, "${fips_libdir}/${filename}.sha1") \|\| die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
	66	$hashfile = <IN>;
	67	close IN;
	68	$hashval = `$sha1_exe ${fips_libdir}/$filename`;
	69	chomp $hashfile;
	70	chomp $hashval;
	71	$hashfile =~ s/^.*=\s+//;
	72	$hashval =~ s/^.*=\s+//;
	73	die "Invalid hash syntax in file" if (length($hashfile) != 40);
	74	die "Invalid hash received for file" if (length($hashval) != 40);
	75	die "*HASH VALUE MISMATCH FOR FILE $filename *" if ($hashval ne $hashfile);
	76	}
	77
	78