5 if (!(defined $package))
7 my $retval = check_hashes(@ARGV);
19 my $check_program = "sha/fips_standalone_sha1";
24 my $force_rewrite = 0;
25 my $hash_file = "fipshashes.c";
28 my @fingerprint_files;
36 $change_dir = shift @args;
38 elsif ($arg eq "-rebuild")
43 elsif ($arg eq "-verbose")
48 elsif ($arg eq "-force-rewrite")
53 elsif ($arg eq "-hash_file")
56 $hash_file = shift @args;
58 elsif ($arg eq "-recurse")
63 elsif ($arg eq "-program_path")
66 $check_program = shift @args;
70 print STDERR "Unknown Option $arg";
76 chdir $change_dir if $change_dir ne "";
80 @fingerprint_files = ("fingerprint.sha1",
81 <*/fingerprint.sha1>);
85 push @fingerprint_files, $hash_file;
88 foreach $fp (@fingerprint_files)
92 print STDERR "Can't open file $fp";
95 print STDERR "Opening Fingerprint file $fp\n" if $verbose;
101 if (!(($file, $hash) = /^\"HMAC-SHA1\((.*)\)\s*=\s*(\w*)\",$/))
104 print STDERR "FATAL: Invalid syntax in file $fp\n";
105 print STDERR "Line:\n$_\n";
109 if (!$rebuild && length($hash) != 40)
111 print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
115 push @hashed_files, "$dir$file";
116 if (exists $hashes{"$dir$file"})
118 print STDERR "FATAL: Duplicate Hash file $dir$file\n";
122 if (! -r "$dir$file")
124 print STDERR "FATAL: Can't access $dir$file\n";
128 $hashes{"$dir$file"} = $hash;
133 @checked_hashes = `$check_program @hashed_files`;
137 print STDERR "Error running hash program $check_program\n";
142 if (@checked_hashes != @hashed_files)
144 print STDERR "FATAL: hash count incorrect\n";
149 foreach (@checked_hashes)
152 if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
154 print STDERR "FATAL: Invalid syntax in file $fp\n";
155 print STDERR "Line:\n$_\n";
159 if (length($hash) != 40)
161 print STDERR "FATAL: Invalid hash length for file $file\n";
165 if ($hash ne $hashes{$file})
169 print STDERR "Updating hash on file $file\n";
170 $hashes{$file} = $hash;
174 print STDERR "Hash check failed for file $file\n";
179 { print "Hash Check OK for $file\n";}
183 if ($badfiles && !$rebuild)
185 print STDERR "FATAL: hash mismatch on $badfiles files\n";
190 if ($badfiles || $force_rewrite)
192 print "Updating Hash file $hash_file\n";
193 if (!open(OUT, ">$hash_file"))
195 print STDERR "Error rewriting $hash_file";
198 print OUT "const char * const FIPS_source_hashes[] = {\n";
199 foreach (@hashed_files)
201 print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
209 print "FIPS hash check successful\n";
219 print STDERR "*** Your source code does not match the FIPS validated source ***\n";