3 files changed, 522 insertions, 0 deletions
diff --git a/src/lib/libcrypto/util/checkhash.pl b/src/lib/libcrypto/util/checkhash.pl
new file mode 100644
index 0000000000..c61fa72178
--- /dev/null
+++ b/src/lib/libcrypto/util/checkhash.pl
@@ -0,0 +1,222 @@
+#!/usr/bin/env perl -w
+my $package = caller;
+if (!(defined $package))
+        {
+        my $retval = check_hashes(@ARGV);
+        exit $retval;
+        }
+1;
+sub check_hashes
+        {
+        my @args = @_;
+        my $change_dir = "";
+        my $check_program = "sha/fips_standalone_sha1";
+        my $verbose = 0;
+        my $badfiles = 0;
+        my $rebuild = 0;
+        my $force_rewrite = 0;
+        my $hash_file = "fipshashes.c";
+        my $recurse = 0;
+        my @fingerprint_files;
+        while (@args)
+                {
+                my $arg = $args[0];
+                if ($arg eq "-chdir")
+                        {
+                        shift @args;
+                        $change_dir = shift @args;
+                        }
+                elsif ($arg eq "-rebuild")
+                        {
+                        shift @args;
+                        $rebuild = 1;
+                        }
+                elsif ($arg eq "-verbose")
+                        {
+                        shift @args;
+                        $verbose = 1;
+                        }
+                elsif ($arg eq "-force-rewrite")
+                        {
+                        shift @args;
+                        $force_rewrite = 1;
+                        }
+                elsif ($arg eq "-hash_file")
+                        {
+                        shift @args;
+                        $hash_file = shift @args;
+                        }
+                elsif ($arg eq "-recurse")
+                        {
+                        shift @args;
+                        $recurse = 1;
+                        }
+                elsif ($arg eq "-program_path")
+                        {
+                        shift @args;
+                        $check_program = shift @args;
+                        }
+                else
+                        {
+                        print STDERR "Unknown Option $arg";
+                        return 1;
+                        }
+                }
+        chdir $change_dir if $change_dir ne "";
+        if ($recurse)
+                {
+                @fingerprint_files = ("fingerprint.sha1",
+                                        <*/fingerprint.sha1>);
+                }
+        else
+                {
+                push @fingerprint_files, $hash_file;
+                }
+        foreach $fp (@fingerprint_files)
+                {
+                if (!open(IN, "$fp"))
+                        {
+                        print STDERR "Can't open file $fp";
+                        return 1;
+                        }
+                print STDERR "Opening Fingerprint file $fp\n" if $verbose;
+                my $dir = $fp;
+                $dir =~ s/[^\/]*$//;
+                while (<IN>)
+                        {
+                        chomp;
+                        if (!(($file, $hash) = /^\"HMAC-SHA1\((.*)\)\s*=\s*(\w*)\",$/))
+                                {
+                                /^\"/ || next;
+                                print STDERR "FATAL: Invalid syntax in file $fp\n";
+                                print STDERR "Line:\n$_\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        if (!$rebuild && length($hash) != 40)
+                                {
+                                print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        push @hashed_files, "$dir$file";
+                        if (exists $hashes{"$dir$file"})
+                                {
+                                print STDERR "FATAL: Duplicate Hash file $dir$file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        if (! -r "$dir$file")
+                                {
+                                print STDERR "FATAL: Can't access $dir$file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        $hashes{"$dir$file"} = $hash;
+                        }
+                close IN;
+                }
+        @checked_hashes = `$check_program @hashed_files`;
+        if ($? != 0)
+                {
+                print STDERR "Error running hash program $check_program\n";
+                fatal_error();
+                return 1;
+                }
+        if (@checked_hashes != @hashed_files)
+                {
+                print STDERR "FATAL: hash count incorrect\n";
+                fatal_error();
+                return 1;
+                }
+        foreach (@checked_hashes)
+                {
+                chomp;
+                if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
+                        {
+                        print STDERR "FATAL: Invalid syntax in file $fp\n";
+                        print STDERR "Line:\n$_\n";
+                        fatal_error();
+                        return 1;
+                        }
+                if (length($hash) != 40)
+                        {
+                        print STDERR "FATAL: Invalid hash length for file $file\n";
+                        fatal_error();
+                        return 1;
+                        }
+                if ($hash ne $hashes{$file})
+                        {
+                        if ($rebuild)
+                                {
+                                print STDERR "Updating hash on file $file\n";
+                                $hashes{$file} = $hash;
+                                }
+                        else
+                                {
+                                print STDERR "Hash check failed for file $file\n";
+                                }
+                        $badfiles++;
+                        }
+                elsif ($verbose)
+                        { print "Hash Check OK for $file\n";}
+                }
+                
+        if ($badfiles && !$rebuild)
+                {
+                print STDERR "FATAL: hash mismatch on $badfiles files\n";
+                fatal_error();
+                return 1;
+                }
+        if ($badfiles || $force_rewrite)
+                {
+                print "Updating Hash file $hash_file\n";
+                if (!open(OUT, ">$hash_file"))
+                        {
+                        print STDERR "Error rewriting $hash_file";
+                        return 1;
+                        }
+                print OUT "const char * const FIPS_source_hashes[] = {\n";
+                foreach (@hashed_files)
+                        {
+                        print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
+                        }
+                print OUT "};\n";
+                close OUT;
+                }
+        if (!$badfiles)
+                {
+                print "FIPS hash check successful\n";
+                }
+        return 0;
+        }
+sub fatal_error
+        {
+        print STDERR "*** Your source code does not match the FIPS validated source ***\n";
+        }
diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl
new file mode 100644
index 0000000000..a893833c5c
--- /dev/null
+++ b/src/lib/libcrypto/util/fipslink.pl
@@ -0,0 +1,78 @@
+#!/usr/bin/perl
+sub check_env
+        {
+        my @ret;
+        foreach (@_)
+                {
+                die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
+                push @ret, $ENV{$_};
+                }
+        return @ret;
+        }
+my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
+         = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
+                "FIPSLIB_D", "FIPS_SHA1_EXE");
+if (exists $ENV{"PREMAIN_DSO_EXE"})
+        {
+        $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
+        }
+        else
+        {
+        $fips_premain_dso = "";
+        }
+check_hash($sha1_exe, "fips_premain.c");
+check_hash($sha1_exe, "fipscanister.o");
+print "Integrity check OK\n";
+print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
+die "First stage Compile failure" if $? != 0;
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "First stage Link failure" if $? != 0;
+print "$fips_premain_dso $fips_target\n";
+$fips_hash=`$fips_premain_dso $fips_target`;
+chomp $fips_hash;
+die "Get hash failure" if $? != 0;
+print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
+die "Second stage Compile failure" if $? != 0;
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "Second stage Link failure" if $? != 0;
+sub check_hash
+        {
+        my ($sha1_exe, $filename) = @_;
+        my ($hashfile, $hashval);
+        open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
+        $hashfile = <IN>;
+        close IN;
+        $hashval = `$sha1_exe ${fips_libdir}/$filename`;
+        chomp $hashfile;
+        chomp $hashval;
+        $hashfile =~ s/^.*=\s+//;
+        $hashval =~ s/^.*=\s+//;
+        die "Invalid hash syntax in file" if (length($hashfile) != 40);
+        die "Invalid hash received for file" if (length($hashval) != 40);
+        die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); 
+        }
diff --git a/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
new file mode 100644
index 0000000000..b5bbcac6c2
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
@@ -0,0 +1,222 @@
+#!/usr/local/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+if ($fips && !$shlib)
+        {
+        $crypto="libeayfips32";
+        $crypto_compat = "libeaycompat32.lib";
+        }
+else
+        {
+        $crypto="libeay32";
+        }
+$ssl=   "ssleay32";
+$o='/';
+#$cp='copy nul+';       # Timestamps get stuffed otherwise
+#$rm='del';
+$cp='cp';
+$rm='rm';
+$zlib_lib="zlib1.lib";
+# C compiler stuff
+$cc='cl';
+$cflags=' -MD -W3 -WX -Ox -O2 -Ob2 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE';         # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';        # shut up VC8
+$lflags="-nologo -subsystem:console -machine:I386 -opt:ref";
+$mlflags='';
+$out_def="gmout32";
+$tmp_def="gmtmp32";
+$inc_def="gminc32";
+if ($debug)
+        {
+        $cflags=" -MDd -W3 -WX -Zi -Yd -Od -nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+        $lflags.=" -debug";
+        $mlflags.=' -debug';
+        }
+$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
+$obj='.obj';
+$ofile="-Fo";
+# EXE linking stuff
+$link="link";
+$efile="-out:";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='-out:';
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+if ($nasm) {
+        $asm='nasmw -f win32';
+        $afile='-o ';
+} else {
+        $asm='ml -Cp -coff -c -Cx';
+        $asm.=" -Zi" if $debug;
+        $afile='-Fo';
+}
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm && !$fips)
+        {
+        $bn_asm_obj='crypto/bn/asm/bn_win32.obj';
+        $bn_asm_src='crypto/bn/asm/bn_win32.asm';
+        $des_enc_obj='crypto/des/asm/d_win32.obj crypto/des/asm/y_win32.obj';
+        $des_enc_src='crypto/des/asm/d_win32.asm crypto/des/asm/y_win32.asm';
+        $bf_enc_obj='crypto/bf/asm/b_win32.obj';
+        $bf_enc_src='crypto/bf/asm/b_win32.asm';
+        $cast_enc_obj='crypto/cast/asm/c_win32.obj';
+        $cast_enc_src='crypto/cast/asm/c_win32.asm';
+        $rc4_enc_obj='crypto/rc4/asm/r4_win32.obj';
+        $rc4_enc_src='crypto/rc4/asm/r4_win32.asm';
+        $rc5_enc_obj='crypto/rc5/asm/r5_win32.obj';
+        $rc5_enc_src='crypto/rc5/asm/r5_win32.asm';
+        $md5_asm_obj='crypto/md5/asm/m5_win32.obj';
+        $md5_asm_src='crypto/md5/asm/m5_win32.asm';
+        $sha1_asm_obj='crypto/sha/asm/s1_win32.obj';
+        $sha1_asm_src='crypto/sha/asm/s1_win32.asm';
+        $rmd160_asm_obj='crypto/ripemd/asm/rm_win32.obj';
+        $rmd160_asm_src='crypto/ripemd/asm/rm_win32.asm';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+        }
+if ($shlib)
+        {
+        $mlflags.=" $lflags -dll";
+#       $cflags =~ s| -MD| -MT|;
+        $lib_cflag=" -D_WINDLL";
+        $out_def="gmout32dll";
+        $tmp_def="gmtmp32dll";
+        }
+$cflags.=" -Fd$out_def";
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib,$ign,$base_addr, $fips_get_sig, $fips_premain_src)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        my $base_arg;
+        if ($base_addr ne "")
+                {
+                $base_arg= " -base:$base_addr";
+                }
+        else
+                {
+                $base_arg = "";
+                }
+#       $target="\$(LIB_D)$o$target";
+        if (!$shlib)
+                {
+#               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ret.="$target: $objs\n";
+                $ex =' advapi32.lib';
+                $ret.="\t\$(MKLIB) $lfile$target $objs $ex\n\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+                if (defined $fips_get_sig)
+                        {
+                        $ret.="$target: \$(O_FIPSCANISTER) $objs $fips_get_sig\n";
+                        $ret.="\tFIPS_LINK=\$(LINK) ";
+                        $ret.="FIPS_CC=\$(CC) ";
+                        $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+                        $ret.="FIPS_PREMAIN_DSO=$fips_get_sig ";
+                        $ret.="FIPS_TARGET=$target ";
+                        $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+                        $ret.="\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+                        $ret.="-def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs ";
+                        $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n\n";
+                        }
+                else
+                        {
+                        $ret.="$target: $objs\n";
+                        $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs $ex\n\n";
+                        }
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$standalone)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        if ($standalone)
+                {
+                $ret.="$target: $files $dep_libs\n";
+                $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+                $ret.="$files $libs\n\n";
+                }
+        elsif ($fips && !$shlib)
+                {
+                $ret.="$target: \$(O_FIPSCANISTER) $files $dep_libs\n";
+                $ret.="\tFIPS_LINK=\$(LINK) ";
+                $ret.="FIPS_CC=\$(CC) ";
+                $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+                $ret.="FIPS_PREMAIN_DSO= ";
+                $ret.="FIPS_TARGET=$target ";
+                $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+                $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target ";
+                $ret.="\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n\n";
+                }
+        else
+                {
+                $ret.="$target: $files $dep_libs\n";
+                $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+                $ret.="\$(APP_EX_OBJ) $files $libs\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_rlink_rule
+        {
+        local($target,$files,$check_hash, $deps)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $check_hash $files $deps\n";
+        $ret.="\t\$(PERL) util${o}checkhash.pl -chdir fips-1.0 -program_path ..$o$check_hash\n";
+        $ret.="\t\$(MKCANISTER) $target $files\n";
+        $ret.="\t$check_hash $target > $target.sha1\n";
+        $ret.="\t\$(CP) fips-1.0${o}fips_premain.c \$(FIPSLIB_D)\n";
+        $ret.="\t$check_hash \$(FIPSLIB_D)${o}fips_premain.c > \$(FIPSLIB_D)${o}fips_premain.c.sha1\n\n";
+        return($ret);
+        }
+1;

diff --git a/src/lib/libcrypto/util/checkhash.pl b/src/lib/libcrypto/util/checkhash.pl new file mode 100644 index 0000000000..c61fa72178 --- /dev/null +++ b/src/lib/libcrypto/util/checkhash.pl
@@ -0,0 +1,222 @@
	1	#!/usr/bin/env perl -w
	2
	3	my $package = caller;
	4
	5	if (!(defined $package))
	6	{
	7	my $retval = check_hashes(@ARGV);
	8	exit $retval;
	9	}
	10
	11	1;
	12
	13	sub check_hashes
	14	{
	15
	16	my @args = @_;
	17
	18	my $change_dir = "";
	19	my $check_program = "sha/fips_standalone_sha1";
	20
	21	my $verbose = 0;
	22	my $badfiles = 0;
	23	my $rebuild = 0;
	24	my $force_rewrite = 0;
	25	my $hash_file = "fipshashes.c";
	26	my $recurse = 0;
	27
	28	my @fingerprint_files;
	29
	30	while (@args)
	31	{
	32	my $arg = $args[0];
	33	if ($arg eq "-chdir")
	34	{
	35	shift @args;
	36	$change_dir = shift @args;
	37	}
	38	elsif ($arg eq "-rebuild")
	39	{
	40	shift @args;
	41	$rebuild = 1;
	42	}
	43	elsif ($arg eq "-verbose")
	44	{
	45	shift @args;
	46	$verbose = 1;
	47	}
	48	elsif ($arg eq "-force-rewrite")
	49	{
	50	shift @args;
	51	$force_rewrite = 1;
	52	}
	53	elsif ($arg eq "-hash_file")
	54	{
	55	shift @args;
	56	$hash_file = shift @args;
	57	}
	58	elsif ($arg eq "-recurse")
	59	{
	60	shift @args;
	61	$recurse = 1;
	62	}
	63	elsif ($arg eq "-program_path")
	64	{
	65	shift @args;
	66	$check_program = shift @args;
	67	}
	68	else
	69	{
	70	print STDERR "Unknown Option $arg";
	71	return 1;
	72	}
	73
	74	}
	75
	76	chdir $change_dir if $change_dir ne "";
	77
	78	if ($recurse)
	79	{
	80	@fingerprint_files = ("fingerprint.sha1",
	81	<*/fingerprint.sha1>);
	82	}
	83	else
	84	{
	85	push @fingerprint_files, $hash_file;
	86	}
	87
	88	foreach $fp (@fingerprint_files)
	89	{
	90	if (!open(IN, "$fp"))
	91	{
	92	print STDERR "Can't open file $fp";
	93	return 1;
	94	}
	95	print STDERR "Opening Fingerprint file $fp\n" if $verbose;
	96	my $dir = $fp;
	97	$dir =~ s/[^\/]*$//;
	98	while (<IN>)
	99	{
	100	chomp;
	101	if (!(($file, $hash) = /^\"HMAC-SHA1\((.)\)\s=\s(\w)\",$/))
	102	{
	103	/^\"/ \|\| next;
	104	print STDERR "FATAL: Invalid syntax in file $fp\n";
	105	print STDERR "Line:\n$_\n";
	106	fatal_error();
	107	return 1;
	108	}
	109	if (!$rebuild && length($hash) != 40)
	110	{
	111	print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
	112	fatal_error();
	113	return 1;
	114	}
	115	push @hashed_files, "$dir$file";
	116	if (exists $hashes{"$dir$file"})
	117	{
	118	print STDERR "FATAL: Duplicate Hash file $dir$file\n";
	119	fatal_error();
	120	return 1;
	121	}
	122	if (! -r "$dir$file")
	123	{
	124	print STDERR "FATAL: Can't access $dir$file\n";
	125	fatal_error();
	126	return 1;
	127	}
	128	$hashes{"$dir$file"} = $hash;
	129	}
	130	close IN;
	131	}
	132
	133	@checked_hashes = `$check_program @hashed_files`;
	134
	135	if ($? != 0)
	136	{
	137	print STDERR "Error running hash program $check_program\n";
	138	fatal_error();
	139	return 1;
	140	}
	141
	142	if (@checked_hashes != @hashed_files)
	143	{
	144	print STDERR "FATAL: hash count incorrect\n";
	145	fatal_error();
	146	return 1;
	147	}
	148
	149	foreach (@checked_hashes)
	150	{
	151	chomp;
	152	if (!(($file, $hash) = /^HMAC-SHA1\((.)\)\s=\s(\w)$/))
	153	{
	154	print STDERR "FATAL: Invalid syntax in file $fp\n";
	155	print STDERR "Line:\n$_\n";
	156	fatal_error();
	157	return 1;
	158	}
	159	if (length($hash) != 40)
	160	{
	161	print STDERR "FATAL: Invalid hash length for file $file\n";
	162	fatal_error();
	163	return 1;
	164	}
	165	if ($hash ne $hashes{$file})
	166	{
	167	if ($rebuild)
	168	{
	169	print STDERR "Updating hash on file $file\n";
	170	$hashes{$file} = $hash;
	171	}
	172	else
	173	{
	174	print STDERR "Hash check failed for file $file\n";
	175	}
	176	$badfiles++;
	177	}
	178	elsif ($verbose)
	179	{ print "Hash Check OK for $file\n";}
	180	}
	181
	182
	183	if ($badfiles && !$rebuild)
	184	{
	185	print STDERR "FATAL: hash mismatch on $badfiles files\n";
	186	fatal_error();
	187	return 1;
	188	}
	189
	190	if ($badfiles \|\| $force_rewrite)
	191	{
	192	print "Updating Hash file $hash_file\n";
	193	if (!open(OUT, ">$hash_file"))
	194	{
	195	print STDERR "Error rewriting $hash_file";
	196	return 1;
	197	}
	198	print OUT "const char * const FIPS_source_hashes[] = {\n";
	199	foreach (@hashed_files)
	200	{
	201	print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
	202	}
	203	print OUT "};\n";
	204	close OUT;
	205	}
	206
	207	if (!$badfiles)
	208	{
	209	print "FIPS hash check successful\n";
	210	}
	211
	212	return 0;
	213
	214	}
	215
	216
	217	sub fatal_error
	218	{
	219	print STDERR "* Your source code does not match the FIPS validated source *\n";
	220	}
	221
	222


diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl new file mode 100644 index 0000000000..a893833c5c --- /dev/null +++ b/src/lib/libcrypto/util/fipslink.pl
@@ -0,0 +1,78 @@
	1	#!/usr/bin/perl
	2
	3	sub check_env
	4	{
	5	my @ret;
	6	foreach (@_)
	7	{
	8	die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
	9	push @ret, $ENV{$_};
	10	}
	11	return @ret;
	12	}
	13
	14
	15	my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
	16	= check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
	17	"FIPSLIB_D", "FIPS_SHA1_EXE");
	18
	19
	20
	21	if (exists $ENV{"PREMAIN_DSO_EXE"})
	22	{
	23	$fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
	24	}
	25	else
	26	{
	27	$fips_premain_dso = "";
	28	}
	29
	30	check_hash($sha1_exe, "fips_premain.c");
	31	check_hash($sha1_exe, "fipscanister.o");
	32
	33
	34	print "Integrity check OK\n";
	35
	36	print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
	37	system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
	38	die "First stage Compile failure" if $? != 0;
	39
	40	print "$fips_link @ARGV\n";
	41	system "$fips_link @ARGV";
	42	die "First stage Link failure" if $? != 0;
	43
	44
	45	print "$fips_premain_dso $fips_target\n";
	46	$fips_hash=`$fips_premain_dso $fips_target`;
	47	chomp $fips_hash;
	48	die "Get hash failure" if $? != 0;
	49
	50
	51	print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
	52	system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
	53	die "Second stage Compile failure" if $? != 0;
	54
	55
	56	print "$fips_link @ARGV\n";
	57	system "$fips_link @ARGV";
	58	die "Second stage Link failure" if $? != 0;
	59
	60	sub check_hash
	61	{
	62	my ($sha1_exe, $filename) = @_;
	63	my ($hashfile, $hashval);
	64
	65	open(IN, "${fips_libdir}/${filename}.sha1") \|\| die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
	66	$hashfile = <IN>;
	67	close IN;
	68	$hashval = `$sha1_exe ${fips_libdir}/$filename`;
	69	chomp $hashfile;
	70	chomp $hashval;
	71	$hashfile =~ s/^.*=\s+//;
	72	$hashval =~ s/^.*=\s+//;
	73	die "Invalid hash syntax in file" if (length($hashfile) != 40);
	74	die "Invalid hash received for file" if (length($hashval) != 40);
	75	die "*HASH VALUE MISMATCH FOR FILE $filename *" if ($hashval ne $hashfile);
	76	}
	77
	78


diff --git a/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl new file mode 100644 index 0000000000..b5bbcac6c2 --- /dev/null +++ b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
@@ -0,0 +1,222 @@
	1	#!/usr/local/bin/perl
	2	# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
	3	#
	4
	5
	6	if ($fips && !$shlib)
	7	{
	8	$crypto="libeayfips32";
	9	$crypto_compat = "libeaycompat32.lib";
	10	}
	11	else
	12	{
	13	$crypto="libeay32";
	14	}
	15	$ssl= "ssleay32";
	16
	17	$o='/';
	18	#$cp='copy nul+'; # Timestamps get stuffed otherwise
	19	#$rm='del';
	20
	21	$cp='cp';
	22	$rm='rm';
	23
	24	$zlib_lib="zlib1.lib";
	25
	26	# C compiler stuff
	27	$cc='cl';
	28	$cflags=' -MD -W3 -WX -Ox -O2 -Ob2 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
	29	$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
	30	$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
	31	$lflags="-nologo -subsystem:console -machine:I386 -opt:ref";
	32	$mlflags='';
	33
	34	$out_def="gmout32";
	35	$tmp_def="gmtmp32";
	36	$inc_def="gminc32";
	37
	38	if ($debug)
	39	{
	40	$cflags=" -MDd -W3 -WX -Zi -Yd -Od -nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
	41	$lflags.=" -debug";
	42	$mlflags.=' -debug';
	43	}
	44	$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
	45
	46	$obj='.obj';
	47	$ofile="-Fo";
	48
	49	# EXE linking stuff
	50	$link="link";
	51	$efile="-out:";
	52	$exep='.exe';
	53	if ($no_sock)
	54	{ $ex_libs=""; }
	55	else { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
	56
	57	# static library stuff
	58	$mklib='lib';
	59	$ranlib='';
	60	$plib="";
	61	$libp=".lib";
	62	$shlibp=($shlib)?".dll":".lib";
	63	$lfile='-out:';
	64
	65	$shlib_ex_obj="";
	66	$app_ex_obj="setargv.obj";
	67	if ($nasm) {
	68	$asm='nasmw -f win32';
	69	$afile='-o ';
	70	} else {
	71	$asm='ml -Cp -coff -c -Cx';
	72	$asm.=" -Zi" if $debug;
	73	$afile='-Fo';
	74	}
	75
	76	$bn_asm_obj='';
	77	$bn_asm_src='';
	78	$des_enc_obj='';
	79	$des_enc_src='';
	80	$bf_enc_obj='';
	81	$bf_enc_src='';
	82
	83	if (!$no_asm && !$fips)
	84	{
	85	$bn_asm_obj='crypto/bn/asm/bn_win32.obj';
	86	$bn_asm_src='crypto/bn/asm/bn_win32.asm';
	87	$des_enc_obj='crypto/des/asm/d_win32.obj crypto/des/asm/y_win32.obj';
	88	$des_enc_src='crypto/des/asm/d_win32.asm crypto/des/asm/y_win32.asm';
	89	$bf_enc_obj='crypto/bf/asm/b_win32.obj';
	90	$bf_enc_src='crypto/bf/asm/b_win32.asm';
	91	$cast_enc_obj='crypto/cast/asm/c_win32.obj';
	92	$cast_enc_src='crypto/cast/asm/c_win32.asm';
	93	$rc4_enc_obj='crypto/rc4/asm/r4_win32.obj';
	94	$rc4_enc_src='crypto/rc4/asm/r4_win32.asm';
	95	$rc5_enc_obj='crypto/rc5/asm/r5_win32.obj';
	96	$rc5_enc_src='crypto/rc5/asm/r5_win32.asm';
	97	$md5_asm_obj='crypto/md5/asm/m5_win32.obj';
	98	$md5_asm_src='crypto/md5/asm/m5_win32.asm';
	99	$sha1_asm_obj='crypto/sha/asm/s1_win32.obj';
	100	$sha1_asm_src='crypto/sha/asm/s1_win32.asm';
	101	$rmd160_asm_obj='crypto/ripemd/asm/rm_win32.obj';
	102	$rmd160_asm_src='crypto/ripemd/asm/rm_win32.asm';
	103	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
	104	}
	105
	106	if ($shlib)
	107	{
	108	$mlflags.=" $lflags -dll";
	109	# $cflags =~ s\| -MD\| -MT\|;
	110	$lib_cflag=" -D_WINDLL";
	111	$out_def="gmout32dll";
	112	$tmp_def="gmtmp32dll";
	113	}
	114
	115	$cflags.=" -Fd$out_def";
	116
	117	sub do_lib_rule
	118	{
	119	local($objs,$target,$name,$shlib,$ign,$base_addr, $fips_get_sig, $fips_premain_src)=@_;
	120	local($ret,$Name);
	121
	122	$taget =~ s/\//$o/g if $o ne '/';
	123	($Name=$name) =~ tr/a-z/A-Z/;
	124	my $base_arg;
	125	if ($base_addr ne "")
	126	{
	127	$base_arg= " -base:$base_addr";
	128	}
	129	else
	130	{
	131	$base_arg = "";
	132	}
	133
	134
	135	# $target="\$(LIB_D)$o$target";
	136	if (!$shlib)
	137	{
	138	# $ret.="\t\$(RM) \$(O_$Name)\n";
	139	$ret.="$target: $objs\n";
	140	$ex =' advapi32.lib';
	141	$ret.="\t\$(MKLIB) $lfile$target $objs $ex\n\n";
	142	}
	143	else
	144	{
	145	local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
	146	$ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
	147	$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
	148	if (defined $fips_get_sig)
	149	{
	150	$ret.="$target: \$(O_FIPSCANISTER) $objs $fips_get_sig\n";
	151	$ret.="\tFIPS_LINK=\$(LINK) ";
	152	$ret.="FIPS_CC=\$(CC) ";
	153	$ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
	154	$ret.="FIPS_PREMAIN_DSO=$fips_get_sig ";
	155	$ret.="FIPS_TARGET=$target ";
	156	$ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
	157	$ret.="\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
	158	$ret.="-def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs ";
	159	$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n\n";
	160	}
	161	else
	162	{
	163	$ret.="$target: $objs\n";
	164	$ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs $ex\n\n";
	165	}
	166	}
	167	$ret.="\n";
	168	return($ret);
	169	}
	170
	171	sub do_link_rule
	172	{
	173	local($target,$files,$dep_libs,$libs,$standalone)=@_;
	174	local($ret,$_);
	175	$file =~ s/\//$o/g if $o ne '/';
	176	$n=&bname($targer);
	177	if ($standalone)
	178	{
	179	$ret.="$target: $files $dep_libs\n";
	180	$ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
	181	$ret.="$files $libs\n\n";
	182	}
	183	elsif ($fips && !$shlib)
	184	{
	185	$ret.="$target: \$(O_FIPSCANISTER) $files $dep_libs\n";
	186	$ret.="\tFIPS_LINK=\$(LINK) ";
	187	$ret.="FIPS_CC=\$(CC) ";
	188	$ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
	189	$ret.="FIPS_PREMAIN_DSO= ";
	190	$ret.="FIPS_TARGET=$target ";
	191	$ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
	192	$ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target ";
	193	$ret.="\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n\n";
	194	}
	195	else
	196	{
	197	$ret.="$target: $files $dep_libs\n";
	198	$ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
	199	$ret.="\$(APP_EX_OBJ) $files $libs\n\n";
	200	}
	201	$ret.="\n";
	202	return($ret);
	203	}
	204
	205	sub do_rlink_rule
	206	{
	207	local($target,$files,$check_hash, $deps)=@_;
	208	local($ret,$_);
	209
	210	$file =~ s/\//$o/g if $o ne '/';
	211	$n=&bname($targer);
	212	$ret.="$target: $check_hash $files $deps\n";
	213	$ret.="\t\$(PERL) util${o}checkhash.pl -chdir fips-1.0 -program_path ..$o$check_hash\n";
	214	$ret.="\t\$(MKCANISTER) $target $files\n";
	215	$ret.="\t$check_hash $target > $target.sha1\n";
	216	$ret.="\t\$(CP) fips-1.0${o}fips_premain.c \$(FIPSLIB_D)\n";
	217	$ret.="\t$check_hash \$(FIPSLIB_D)${o}fips_premain.c > \$(FIPSLIB_D)${o}fips_premain.c.sha1\n\n";
	218	return($ret);
	219	}
	220
	221
	222	1;