--- /dev/null
+HMAC-SHA1(fips.c)= 4eef19c535c1f3deacdf93eb806479ea3b374115
+HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898
+HMAC-SHA1(fips.h)= 9a7c66b93923f83dc0a9c4acd03506059ddafe5f
+HMAC-SHA1(fips_err.h)= 03468e3b593f7528fd934e49bf052c23cc98d301
+HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55
+HMAC-SHA1(aes/fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0
+HMAC-SHA1(aes/fips_aes_locl.h)= a98eb0aa449f1d95b8064e261b2ac2b1f328685e
+HMAC-SHA1(des/fips_des_enc.c)= 9527f8ea81602358f1aa11348237fdb1e9eeff32
+HMAC-SHA1(des/asm/fips-dx86-elf.s)= 2f85e8e86806c92ee4c12cf5354e19eccf6ed47d
+HMAC-SHA1(des/fips_des_selftest.c)= 3bc574e51647c5f5ab45d1007b2cf461d67764a9
+HMAC-SHA1(des/fips_set_key.c)= 2858450d3d9c8d4ab8edea683baa54fa34f3a605
+HMAC-SHA1(des/fips_des_locl.h)= 7053848e884df47f06de9f2248380b92e58ef4e5
+HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3
+HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85
+HMAC-SHA1(dh/fips_dh_key.c)= 7bf23b329a776953bbe7c30ebd7f9faf5249ddbe
+HMAC-SHA1(dsa/fips_dsa_ossl.c)= d5f718695397fe56d6bb46f7c410794cb895e206
+HMAC-SHA1(dsa/fips_dsa_gen.c)= c252db14699f3ff641db052311da7d7521569c53
+HMAC-SHA1(dsa/fips_dsa_selftest.c)= 4bfc5d3a6b977527b053f3a03d0760a822a26135
+HMAC-SHA1(rand/fips_rand.c)= 5dc4aa11c0377a049bee01d427e5b0bc3dd9f10f
+HMAC-SHA1(rand/fips_rand.h)= 0567b1fe9b0efe034a537f335659b0b681809791
+HMAC-SHA1(rsa/fips_rsa_eay.c)= eabab59a2f11f3da4c21e1144efe1684f5e8f1ec
+HMAC-SHA1(rsa/fips_rsa_gen.c)= 4bbc0afcade1ac53f469aaa89f84c413678254bf
+HMAC-SHA1(rsa/fips_rsa_selftest.c)= 70553a5212e86f65b068564946d39b738a201e22
+HMAC-SHA1(sha1/fips_sha1dgst.c)= 10575600a9540eb15188a7d3b0b031e60aedbc18
+HMAC-SHA1(sha1/fips_standalone_sha1.c)= 93203c569097189b47a0085bc9fc55193867d4ce
+HMAC-SHA1(sha1/fips_sha1_selftest.c)= 98910a0c85eff1688bd7adb23e738dc75b39546e
+HMAC-SHA1(sha1/asm/sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63
+HMAC-SHA1(sha1/fips_sha_locl.h)= c1b4c82eec5f0ee119658456690f3ea9d77ed1c5
+HMAC-SHA1(sha1/fips_md32_common.h)= 08a057a7b94acf5df4301ea6c894ce14082e1ec4
--- /dev/null
+#!/usr/local/bin/perl -w
+
+my $change_dir = "";
+my $check_program = "sha1/fips_standalone_sha1";
+
+my $verbose = 0;
+my $badfiles = 0;
+my $rebuild = 0;
+my $force_rewrite = 0;
+my $hash_file = "fipshashes.sha1";
+my $recurse = 0;
+
+my @fingerprint_files;
+
+while (@ARGV)
+ {
+ my $arg = $ARGV[0];
+ if ($arg eq "-chdir")
+ {
+ shift @ARGV;
+ $change_dir = shift @ARGV;
+ }
+ elsif ($arg eq "-rebuild")
+ {
+ shift @ARGV;
+ $rebuild = 1;
+ }
+ elsif ($arg eq "-verbose")
+ {
+ shift @ARGV;
+ $verbose = 1;
+ }
+ elsif ($arg eq "-force-rewrite")
+ {
+ shift @ARGV;
+ $force_rewrite = 1;
+ }
+ elsif ($arg eq "-hash_file")
+ {
+ shift @ARGV;
+ $hash_file = shift @ARGV;
+ }
+ elsif ($arg eq "-recurse")
+ {
+ shift @ARGV;
+ $recurse = 1;
+ }
+ elsif ($arg eq "-program_path")
+ {
+ shift @ARGV;
+ $check_program = shift @ARGV;
+ }
+ else
+ {
+ die "Unknown Option $arg";
+ }
+
+ }
+
+chdir $change_dir if $change_dir ne "";
+
+if ($recurse)
+ {
+ @fingerprint_files = ("fingerprint.sha1",
+ <*/fingerprint.sha1>);
+ }
+else
+ {
+ push @fingerprint_files, $hash_file;
+ }
+
+foreach $fp (@fingerprint_files)
+ {
+ open(IN, "$fp") || die "Can't open file $fp";
+ print STDERR "Opening Fingerprint file $fp\n" if $verbose;
+ my $dir = $fp;
+ $dir =~ s/[^\/]*$//;
+ while (<IN>)
+ {
+ chomp;
+ if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
+ {
+ print STDERR "FATAL: Invalid syntax in file $fp\n";
+ print STDERR "Line:\n$_\n";
+ fatal_error();
+ }
+ if (!$rebuild && length($hash) != 40)
+ {
+ print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
+ fatal_error();
+ }
+ push @hashed_files, "$dir$file";
+ if (exists $hashes{"$dir$file"})
+ {
+ print STDERR "FATAL: Duplicate Hash file $dir$file\n";
+ fatal_error();
+ }
+ if (! -r "$dir$file")
+ {
+ print STDERR "FATAL: Can't access $dir$file\n";
+ fatal_error();
+ }
+ $hashes{"$dir$file"} = $hash;
+ }
+ close IN;
+ }
+
+@checked_hashes = `$check_program @hashed_files`;
+
+if ($? != 0)
+ {
+ print STDERR "Error running hash program $check_program\n";
+ fatal_error();
+ }
+
+if (@checked_hashes != @hashed_files)
+ {
+ print STDERR "FATAL: hash count incorrect\n";
+ fatal_error();
+ }
+
+foreach (@checked_hashes)
+ {
+ chomp;
+ if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
+ {
+ print STDERR "FATAL: Invalid syntax in file $fp\n";
+ print STDERR "Line:\n$_\n";
+ fatal_error();
+ }
+ if (length($hash) != 40)
+ {
+ print STDERR "FATAL: Invalid hash length for file $file\n";
+ fatal_error();
+ }
+ if ($hash ne $hashes{$file})
+ {
+ if ($rebuild)
+ {
+ print STDERR "Updating hash on file $file\n";
+ $hashes{$file} = $hash;
+ }
+ else
+ {
+ print STDERR "Hash check failed for file $file\n";
+ }
+ $badfiles++;
+ }
+ elsif ($verbose)
+ { print "Hash Check OK for $file\n";}
+ }
+
+
+if ($badfiles && !$rebuild)
+ {
+ print STDERR "FATAL: hash mismatch on $badfiles files\n";
+ fatal_error();
+ }
+
+if ($badfiles || $force_rewrite)
+ {
+ print "Updating Hash file $hash_file\n";
+ open OUT, ">$hash_file" || die "Error rewriting $hash_file";
+ foreach (@hashed_files)
+ {
+ print OUT "HMAC-SHA1($_)= $hashes{$_}\n";
+ }
+ close OUT;
+ }
+
+if (!$badfiles)
+ {
+ print "FIPS hash check successful\n";
+ }
+
+
+sub fatal_error
+ {
+ print STDERR "*** Your source code does not match the FIPS validated source ***\n";
+ exit 1;
+ }
projects / openssl.git / commitdiff