util/fipslink.pl

   1 #!/usr/bin/perl
   2
   3 sub check_env
   4         {
   5         my @ret;
   6         foreach (@_)
   7                 {
   8                 die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
   9                 push @ret, $ENV{$_};
  10                 }
  11         return @ret;
  12         }
  13
  14
  15 my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
  16          = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
  17                 "FIPSLIB_D", "FIPS_SHA1_EXE");
  18
  19
  20
  21 if (exists $ENV{"PREMAIN_DSO_EXE"})
  22         {
  23         $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
  24         }
  25         else
  26         {
  27         $fips_premain_dso = "";
  28         }
  29
  30 check_hash($sha1_exe, "fips_premain.c");
  31 check_hash($sha1_exe, "fipscanister.lib");
  32
  33
  34 print "Integrity check OK\n";
  35
  36 if (grep /fips_premain\.obj/,@ARGV) {
  37         print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
  38         system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
  39         die "First stage Compile failure" if $? != 0;
  40 } elsif (!defined($ENV{FIPS_SIG})) {
  41         die "no fips_premain.obj";
  42 }
  43
  44 print "$fips_link @ARGV\n";
  45 system "$fips_link @ARGV";
  46 die "First stage Link failure" if $? != 0;
  47
  48 if (defined($ENV{FIPS_SIG})) {
  49         system "$ENV{FIPS_SIG} $fips_target"
  50         die "$ENV{FIPS_SIG} $fips_target failed" if $? != 0;
  51         exit;
  52 }
  53
  54 print "$fips_premain_dso $fips_target\n";
  55 system("$fips_premain_dso $fips_target >$fips_target.sha1");
  56 die "Get hash failure" if $? != 0;
  57 open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
  58 $fips_hash=<$sha1_res>;
  59 close $sha1_res;
  60 unlink $fips_target.".sha1";
  61 chomp $fips_hash;
  62 die "Get hash failure" if $? != 0;
  63
  64
  65 print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
  66 system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
  67 die "Second stage Compile failure" if $? != 0;
  68
  69
  70 print "$fips_link @ARGV\n";
  71 system "$fips_link @ARGV";
  72 die "Second stage Link failure" if $? != 0;
  73
  74 sub check_hash
  75         {
  76         my ($sha1_exe, $filename) = @_;
  77         my ($hashfile, $hashval);
  78
  79         open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
  80         $hashfile = <IN>;
  81         close IN;
  82         $hashval = `$sha1_exe ${fips_libdir}/$filename`;
  83         chomp $hashfile;
  84         chomp $hashval;
  85         $hashfile =~ s/^.*=\s+//;
  86         $hashval =~ s/^.*=\s+//;
  87         die "Invalid hash syntax in file" if (length($hashfile) != 40);
  88         die "Invalid hash received for file" if (length($hashval) != 40);
  89         die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
  90         }
  91
  92