| Index: openssl/fips/fipsld
|
| ===================================================================
|
| --- openssl/fips/fipsld (revision 105093)
|
| +++ openssl/fips/fipsld (working copy)
|
| @@ -1,178 +0,0 @@
|
| -#!/bin/sh -e
|
| -#
|
| -# Copyright (c) 2005-2007 The OpenSSL Project.
|
| -#
|
| -# Depending on output file name, the script either embeds fingerprint
|
| -# into libcrypto.so or static application. "Static" refers to static
|
| -# libcrypto.a, not [necessarily] application per se.
|
| -#
|
| -# Even though this script is called fipsld, it expects C compiler
|
| -# command line syntax and $FIPSLD_CC or $CC environment variable set
|
| -# and can even be used to compile source files.
|
| -
|
| -#set -x
|
| -
|
| -CC=${FIPSLD_CC:-${CC}}
|
| -[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }
|
| -
|
| -# Initially -c wasn't intended to be interpreted here, but it might
|
| -# make life easier for those who want to build FIPS-ified applications
|
| -# with minimal [if any] modifications to their Makefiles...
|
| -( while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
|
| - [ $# -ge 1 ]
|
| -) && exec ${CC} "$@"
|
| -
|
| -TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
|
| -
|
| -# If using an auto-tooled (autoconf/automake/libtool) project,
|
| -# configure will fail when testing the compiler or even performing
|
| -# simple checks. Pass-through to compiler directly if application is
|
| -# is not being linked with libcrypto, allowing auto-tooled applications
|
| -# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
|
| -# ./configure && make). But keep in mind[!] that if certified code
|
| -# resides in a shared library, then fipsld *may not* be used and
|
| -# end-developer should not modify application configuration and build
|
| -# procedures. This is because in-core fingerprint and associated
|
| -# procedures are already embedded into and executed in shared library
|
| -# context.
|
| -case `basename "${TARGET}"` in
|
| -libcrypto*|libfips*|*.dll) ;;
|
| -*) case "$*" in
|
| - *libcrypto.a*|*-lcrypto*|*fipscanister.o*) ;;
|
| - *) exec ${CC} "$@" ;;
|
| - esac
|
| -esac
|
| -
|
| -[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
|
| -
|
| -# Turn on debugging output?
|
| -( while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
|
| - [ $# -ge 1 ]
|
| -) && set -x
|
| -
|
| -THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
|
| -
|
| -# fipscanister.o can appear in command line
|
| -CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
|
| -if [ -z "${CANISTER_O}" ]; then
|
| - # If set, FIPSLIBDIR is location of installed validated FIPS module
|
| - if [ -n "${FIPSLIBDIR}" ]; then
|
| - CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
|
| - elif [ -f "${THERE}/fips/fipscanister.o" ]; then
|
| - CANISTER_O="${THERE}/fips/fipscanister.o"
|
| - elif [ -f "${THERE}/lib/fipscanister.o" ]; then
|
| - CANISTER_O="${THERE}/lib/fipscanister.o"
|
| - fi
|
| - CANISTER_O_CMD="${CANISTER_O}"
|
| -fi
|
| -[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }
|
| -
|
| -PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c
|
| -
|
| -HMAC_KEY="etaonrishdlcupfm"
|
| -
|
| -case "`(uname -s) 2>/dev/null`" in
|
| -OSF1|IRIX*) _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain" ;;
|
| -HP-UX) _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain" ;;
|
| -AIX) _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
|
| -Darwin) ( while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
|
| - [ $# -ge 1 ]
|
| - ) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
|
| -esac
|
| -
|
| -case "${TARGET}" in
|
| -[!/]*) TARGET=./${TARGET} ;;
|
| -esac
|
| -
|
| -case `basename "${TARGET}"` in
|
| -lib*|*.dll) # must be linking a shared lib...
|
| - # Shared lib creation can be taking place in the source
|
| - # directory only, but fipscanister.o can reside elsewhere...
|
| - FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
|
| -
|
| - # verify fipspremain.c against its detached signature...
|
| - ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
|
| - diff -w "${PREMAIN_C}.sha1" - || \
|
| - { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
|
| - # verify fipscanister.o against its detached signature...
|
| - ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
|
| - diff -w "${CANISTER_O}.sha1" - || \
|
| - { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
|
| -
|
| - # Temporarily remove fipscanister.o from libcrypto.a!
|
| - # We are required to use the standalone copy...
|
| - if [ -f "${THERE}/libcrypto.a" ]; then
|
| - if ar d "${THERE}/libcrypto.a" fipscanister.o; then
|
| - (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
|
| - trap 'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
|
| - (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :;
|
| - sleep 1;
|
| - touch -c "${TARGET}"' 0
|
| - fi
|
| - fi
|
| -
|
| - /bin/rm -f "${TARGET}"
|
| - ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
|
| - "${PREMAIN_C}" \
|
| - ${_WL_PREMAIN} "$@"
|
| -
|
| - # generate signature...
|
| - if [ -z "${FIPS_SIG}" ]; then
|
| - SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
|
| - else
|
| - SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
|
| - fi
|
| - /bin/rm -f "${TARGET}"
|
| - if [ -z "${SIG}" ]; then
|
| - echo "unable to collect signature"; exit 1
|
| - fi
|
| -
|
| - # recompile with signature...
|
| - ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
|
| - -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
|
| - ${_WL_PREMAIN} "$@"
|
| - ;;
|
| -
|
| -*) # must be linking statically...
|
| - # Static linking can be taking place either in the source
|
| - # directory or off the installed binary target destination.
|
| - if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
|
| - FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
|
| - else # Installed tree is expected to contain
|
| - # lib/fipscanister.o, lib/fipscanister.o.sha1 and
|
| - # lib/fips_premain.c [not to mention bin/openssl].
|
| - FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
|
| - fi
|
| -
|
| - # verify fipscanister.o against its detached signature...
|
| - ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
|
| - diff -w "${CANISTER_O}.sha1" - || \
|
| - { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
|
| -
|
| - # verify fips_premain.c against its detached signature...
|
| - ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
|
| - diff -w "${PREMAIN_C}.sha1" - || \
|
| - { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
|
| -
|
| - /bin/rm -f "${TARGET}"
|
| - ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
|
| - "${PREMAIN_C}" \
|
| - ${_WL_PREMAIN} "$@"
|
| -
|
| - # generate signature...
|
| - if [ -z "${FIPS_SIG}" ]; then
|
| - SIG=`"${TARGET}"`
|
| - else
|
| - SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
|
| - fi
|
| - /bin/rm -f "${TARGET}"
|
| - if [ -z "${SIG}" ]; then
|
| - echo "unable to collect signature"; exit 1
|
| - fi
|
| -
|
| - # recompile with signature...
|
| - ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
|
| - -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
|
| - ${_WL_PREMAIN} "$@"
|
| - ;;
|
| -esac
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/