54db796991
Under Windows, there seems to be a problem relinking fips_premain_dso because that file is locked. Changing from backtick op to using system() with redirection and reading the hash from the output file seems to fix the problem. In an ideal world, there should be no difference, as a command in a backtick op should terminate before the backtick returns, same as it does with system(). We suspect, though, that the loaded binary is cached by Windows for a little while, and that reading the output from a file provides enough delay for the lock to drop before we try to relink.
83 lines
2.1 KiB
Perl
83 lines
2.1 KiB
Perl
#!/usr/bin/perl
|
|
|
|
sub check_env
|
|
{
|
|
my @ret;
|
|
foreach (@_)
|
|
{
|
|
die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
|
|
push @ret, $ENV{$_};
|
|
}
|
|
return @ret;
|
|
}
|
|
|
|
|
|
my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
|
|
= check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
|
|
"FIPSLIB_D", "FIPS_SHA1_EXE");
|
|
|
|
|
|
|
|
if (exists $ENV{"PREMAIN_DSO_EXE"})
|
|
{
|
|
$fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
|
|
}
|
|
else
|
|
{
|
|
$fips_premain_dso = "";
|
|
}
|
|
|
|
check_hash($sha1_exe, "fips_premain.c");
|
|
check_hash($sha1_exe, "fipscanister.lib");
|
|
|
|
|
|
print "Integrity check OK\n";
|
|
|
|
print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
|
|
system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
|
|
die "First stage Compile failure" if $? != 0;
|
|
|
|
print "$fips_link @ARGV\n";
|
|
system "$fips_link @ARGV";
|
|
die "First stage Link failure" if $? != 0;
|
|
|
|
|
|
print "$fips_premain_dso $fips_target\n";
|
|
system("$fips_premain_dso $fips_target >$fips_target.sha1");
|
|
die "Get hash failure" if $? != 0;
|
|
open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
|
|
$fips_hash=<$sha1_res>;
|
|
close $sha1_res;
|
|
unlink $fips_target.".sha1";
|
|
chomp $fips_hash;
|
|
die "Get hash failure" if $? != 0;
|
|
|
|
|
|
print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
|
|
system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
|
|
die "Second stage Compile failure" if $? != 0;
|
|
|
|
|
|
print "$fips_link @ARGV\n";
|
|
system "$fips_link @ARGV";
|
|
die "Second stage Link failure" if $? != 0;
|
|
|
|
sub check_hash
|
|
{
|
|
my ($sha1_exe, $filename) = @_;
|
|
my ($hashfile, $hashval);
|
|
|
|
open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
|
|
$hashfile = <IN>;
|
|
close IN;
|
|
$hashval = `$sha1_exe ${fips_libdir}/$filename`;
|
|
chomp $hashfile;
|
|
chomp $hashval;
|
|
$hashfile =~ s/^.*=\s+//;
|
|
$hashval =~ s/^.*=\s+//;
|
|
die "Invalid hash syntax in file" if (length($hashfile) != 40);
|
|
die "Invalid hash received for file" if (length($hashval) != 40);
|
|
die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
|
|
}
|
|
|
|
|