#!/bin/sh -e
#
-# Copyright (c) 2005-2007 The OpenSSL Project.
+# Copyright (c) 2005-2011 The OpenSSL Project.
#
# Depending on output file name, the script either embeds fingerprint
# into libcrypto.so or static application. "Static" refers to static
HMAC_KEY="etaonrishdlcupfm"
-case "`(uname -s) 2>/dev/null`" in
+case "${CROSS_COMPILE:-`(uname -s) 2>/dev/null`}" in
OSF1|IRIX*) _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain" ;;
HP-UX) _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain" ;;
AIX) _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
PREMAIN_DSO="${THERE}/fips/fips_premain_dso"
elif [ -x "${THERE}/bin/fips_standalone_sha1" ]; then
FINGERTYPE="${THERE}/bin/fips_standalone_sha1"
- PREMAIN_DSO="fips_premain_dso"
+ PREMAIN_DSO="./fips_premain_dso"
fi
# verify fipspremain.c against its detached signature...
diff -w "${CANISTER_O}.sha1" - || \
{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
- [ -z "${FIPSLIBCRYPTO}" -a -f "${THERE}/libcrypto.a" ] && \
- FIPSLIBCRYPTO = -f "${THERE}/libcrypto.a"
+ [ -z "${FIPSLD_LIBCRYPTO}" -a -f "${THERE}/libcrypto.a" ] && \
+ FIPSLD_LIBCRYPTO="${THERE}/libcrypto.a"
# Temporarily remove fipscanister.o from libcrypto.a!
# We are required to use the standalone copy...
- if [ -n "${FIPSLIBCRYPTO}" ]; then
- if ar d "${FIPSLIBCRYPTO}" fipscanister.o; then
- (ranlib "${FIPSLIBCRYPTO}") 2>/dev/null || :
- trap 'ar r "${FIPSLIBCRYPTO}" "${CANISTER_O}";
- (ranlib "${FIPSLIBCRYPTO}") 2>/dev/null || :;
+ if [ -n "${FIPSLD_LIBCRYPTO}" ]; then
+ if ${CROSS_COMPILE}ar d "${FIPSLD_LIBCRYPTO}" fipscanister.o; then
+ (${CROSS_COMPILE}ranlib "${FIPSLD_LIBCRYPTO}") 2>/dev/null || :
+ trap '${CROSS_COMPILE}ar r "${FIPSLD_LIBCRYPTO}" "${CANISTER_O}";
+ (${CROSS_COMPILE}ranlib "${FIPSLD_LIBCRYPTO}") 2>/dev/null || :;
sleep 1;
touch -c "${TARGET}"' 0
fi
"${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
- # generate signature...
- if [ -z "${FIPS_SIG}" ]; then
- SIG=`"${PREMAIN_DSO}" "${TARGET}"`
- else
- SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
+ if [ "x${FIPS_SIG}" != "x" ]; then
+ # embed signature
+ "${FIPS_SIG}" "${TARGET}"
+ [ $? -ne 42 ] && exit $?
fi
+
+ # generate signature...
+ SIG=`"${PREMAIN_DSO}" "${TARGET}"`
+
/bin/rm -f "${TARGET}"
if [ -z "${SIG}" ]; then
echo "unable to collect signature"; exit 1
"${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
- # generate signature...
- if [ -z "${FIPS_SIG}" ]; then
- SIG=`"${TARGET}"`
- else
- SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
+ if [ "x${FIPS_SIG}" != "x" ]; then
+ # embed signature
+ "${FIPS_SIG}" "${TARGET}"
+ [ $? -ne 42 ] && exit $?
fi
+
+ # generate signature...
+ SIG=`"${TARGET}"`
+
/bin/rm -f "${TARGET}"
if [ -z "${SIG}" ]; then
echo "unable to collect signature"; exit 1