diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-09-18 11:20:08 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-09-18 11:20:08 +0000 |
commit | 94539213a121c25f3290a46efc9420c5cf48f339 (patch) | |
tree | a3b4de98b9bad258a24ef31d6d4b28bf797dcb18 /util | |
parent | c5c4246319b27ad7a9516ed772af5d8e6cb08e70 (diff) | |
download | openssl-new-94539213a121c25f3290a46efc9420c5cf48f339.tar.gz |
Add extra utilities from FIPS branch.
Diffstat (limited to 'util')
-rw-r--r-- | util/fipslink.pl | 78 | ||||
-rw-r--r-- | util/mksdef.pl | 87 |
2 files changed, 165 insertions, 0 deletions
diff --git a/util/fipslink.pl b/util/fipslink.pl new file mode 100644 index 0000000000..3597bc1740 --- /dev/null +++ b/util/fipslink.pl @@ -0,0 +1,78 @@ +#!/usr/bin/perl + +sub check_env + { + my @ret; + foreach (@_) + { + die "Environment variable $_ not defined!\n" unless exists $ENV{$_}; + push @ret, $ENV{$_}; + } + return @ret; + } + + +my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe) + = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET", + "FIPSLIB_D", "FIPS_SHA1_EXE"); + + + +if (exists $ENV{"PREMAIN_DSO_EXE"}) + { + $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"}; + } + else + { + $fips_premain_dso = ""; + } + +check_hash($sha1_exe, "fips_premain.c"); +check_hash($sha1_exe, "fipscanister.lib"); + + +print "Integrity check OK\n"; + +print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n"; +system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c"; +die "First stage Compile failure" if $? != 0; + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "First stage Link failure" if $? != 0; + + +print "$fips_premain_dso $fips_target\n"; +$fips_hash=`$fips_premain_dso $fips_target`; +chomp $fips_hash; +die "Get hash failure" if $? != 0; + + +print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n"; +system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c"; +die "Second stage Compile failure" if $? != 0; + + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "Second stage Link failure" if $? != 0; + +sub check_hash + { + my ($sha1_exe, $filename) = @_; + my ($hashfile, $hashval); + + open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1"; + $hashfile = <IN>; + close IN; + $hashval = `$sha1_exe ${fips_libdir}/$filename`; + chomp $hashfile; + chomp $hashval; + $hashfile =~ s/^.*=\s+//; + $hashval =~ s/^.*=\s+//; + die "Invalid hash syntax in file" if (length($hashfile) != 40); + die "Invalid hash received for file" if (length($hashval) != 40); + die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); + } + + diff --git a/util/mksdef.pl b/util/mksdef.pl new file mode 100644 index 0000000000..065dc675f1 --- /dev/null +++ b/util/mksdef.pl @@ -0,0 +1,87 @@ + +# Perl script to split libeay32.def into two distinct DEF files for use in +# fipdso mode. It works out symbols in each case by running "link" command and +# parsing the output to find the list of missing symbols then splitting +# libeay32.def based on the result. + + +# Get list of unknown symbols + +my @deferr = `link @ARGV`; + +my $preamble = ""; +my @fipsdll; +my @fipsrest; +my %nosym; + +# Add symbols to a hash for easy lookup + +foreach (@deferr) + { + if (/^.*symbol (\S+)$/) + { + $nosym{$1} = 1; + } + } + +open (IN, "ms/libeay32.def") || die "Can't Open DEF file for spliting"; + +my $started = 0; + +# Parse libeay32.def into two arrays depending on whether the symbol matches +# the missing list. + + +foreach (<IN>) + { + if (/^\s*(\S+)\s*(\@\S+)\s*$/) + { + $started = 1; + if (exists $nosym{$1}) + { + push @fipsrest, $_; + } + else + { + my $imptmp = sprintf " %-39s %s\n", + "$1=libosslfips.$1", $2; + push @fipsrest, $imptmp; + push @fipsdll, "\t$1\n"; + } + } + $preamble .= $_ unless $started; + } + +close IN; + +# Hack! Add some additional exports needed for libcryptofips.dll +# + +push @fipsdll, "\tOPENSSL_showfatal\n"; +push @fipsdll, "\tOPENSSL_cpuid_setup\n"; + +# Write out DEF files for each array + +write_def("ms/libosslfips.def", "LIBOSSLFIPS", $preamble, \@fipsdll); +write_def("ms/libeayfips.def", "", $preamble, \@fipsrest); + + +sub write_def + { + my ($fnam, $defname, $preamble, $rdefs) = @_; + open (OUT, ">$fnam") || die "Can't Open DEF file $fnam for Writing\n"; + + if ($defname ne "") + { + $preamble =~ s/LIBEAY32/$defname/g; + $preamble =~ s/LIBEAY/$defname/g; + } + print OUT $preamble; + foreach (@$rdefs) + { + print OUT $_; + } + close OUT; + } + + |