mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
done
@cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
+ fips_premain.c.sha1 \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
- strings fipscanister.o | grep "HMAC-SHA1(fips_premain\\.c)" > \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips_premain.c.sha1; \
chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
lint:
diff -w "${PREMAIN_C}.sha1" - || \
{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
- # verify fips_premain.c against its signature embedded into
- # fipscanister.o...
- #SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
- #REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
- #[ "${SIG}" = "${REF}" ] || \
- #{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
-
# Temporarily remove fipscanister.o from libcrypto.a!
# We are required to use the standalone copy...
trap 'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
diff -w "${CANISTER_O}.sha1" - || \
{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
- # verify fips_premain.c against its signature embedded into
- # fipscanister.o...
- SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
- REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
- [ "${SIG}" = "${REF}" ] || \
+ # verify fips_premain.c against its detached signature...
+ ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
+ diff -w "${PREMAIN_C}.sha1" - || \
{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
${CC} "${CANISTER_O}" \
projects / oweals / openssl.git / commitdiff