From 48d0ba4a1ec10ad3d5b380220a83d7262bc0a7ed Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 17 Apr 2005 12:37:08 +0000 Subject: [PATCH] Modify checkhash.pl so it can be run standalone or included as a funtion in another perl script. --- util/checkhash.pl | 290 ++++++++++++++++++++++++++-------------------- 1 file changed, 163 insertions(+), 127 deletions(-) diff --git a/util/checkhash.pl b/util/checkhash.pl index c7c8a6dd63..3efc0f2d90 100644 --- a/util/checkhash.pl +++ b/util/checkhash.pl @@ -1,81 +1,151 @@ #!/usr/local/bin/perl -w -my $change_dir = ""; -my $check_program = "sha1/fips_standalone_sha1"; +my $package = caller; -my $verbose = 0; -my $badfiles = 0; -my $rebuild = 0; -my $force_rewrite = 0; -my $hash_file = "fipshashes.sha1"; -my $recurse = 0; +if (!(defined $package)) + { + my $retval = check_hashes(@ARGV); + exit $retval; + } -my @fingerprint_files; +1; -while (@ARGV) +sub check_hashes { - my $arg = $ARGV[0]; - if ($arg eq "-chdir") - { - shift @ARGV; - $change_dir = shift @ARGV; - } - elsif ($arg eq "-rebuild") - { - shift @ARGV; - $rebuild = 1; - } - elsif ($arg eq "-verbose") + + my @args = @_; + + my $change_dir = ""; + my $check_program = "sha1/fips_standalone_sha1"; + + my $verbose = 0; + my $badfiles = 0; + my $rebuild = 0; + my $force_rewrite = 0; + my $hash_file = "fipshashes.sha1"; + my $recurse = 0; + + my @fingerprint_files; + + while (@args) { - shift @ARGV; - $verbose = 1; + my $arg = $args[0]; + if ($arg eq "-chdir") + { + shift @args; + $change_dir = shift @args; + } + elsif ($arg eq "-rebuild") + { + shift @args; + $rebuild = 1; + } + elsif ($arg eq "-verbose") + { + shift @args; + $verbose = 1; + } + elsif ($arg eq "-force-rewrite") + { + shift @args; + $force_rewrite = 1; + } + elsif ($arg eq "-hash_file") + { + shift @args; + $hash_file = shift @args; + } + elsif ($arg eq "-recurse") + { + shift @args; + $recurse = 1; + } + elsif ($arg eq "-program_path") + { + shift @args; + $check_program = shift @args; + } + else + { + print STDERR "Unknown Option $arg"; + return 1; + } + } - elsif ($arg eq "-force-rewrite") + + chdir $change_dir if $change_dir ne ""; + + if ($recurse) { - shift @ARGV; - $force_rewrite = 1; + @fingerprint_files = ("fingerprint.sha1", + <*/fingerprint.sha1>); } - elsif ($arg eq "-hash_file") + else { - shift @ARGV; - $hash_file = shift @ARGV; + push @fingerprint_files, $hash_file; } - elsif ($arg eq "-recurse") + + foreach $fp (@fingerprint_files) { - shift @ARGV; - $recurse = 1; + if (!open(IN, "$fp")) + { + print STDERR "Can't open file $fp"; + return 1; + } + print STDERR "Opening Fingerprint file $fp\n" if $verbose; + my $dir = $fp; + $dir =~ s/[^\/]*$//; + while () + { + chomp; + if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/)) + { + print STDERR "FATAL: Invalid syntax in file $fp\n"; + print STDERR "Line:\n$_\n"; + fatal_error(); + return 1; + } + if (!$rebuild && length($hash) != 40) + { + print STDERR "FATAL: Invalid hash length in $fp for file $file\n"; + fatal_error(); + return 1; + } + push @hashed_files, "$dir$file"; + if (exists $hashes{"$dir$file"}) + { + print STDERR "FATAL: Duplicate Hash file $dir$file\n"; + fatal_error(); + return 1; + } + if (! -r "$dir$file") + { + print STDERR "FATAL: Can't access $dir$file\n"; + fatal_error(); + return 1; + } + $hashes{"$dir$file"} = $hash; + } + close IN; } - elsif ($arg eq "-program_path") + + @checked_hashes = `$check_program @hashed_files`; + + if ($? != 0) { - shift @ARGV; - $check_program = shift @ARGV; + print STDERR "Error running hash program $check_program\n"; + fatal_error(); + return 1; } - else + + if (@checked_hashes != @hashed_files) { - die "Unknown Option $arg"; + print STDERR "FATAL: hash count incorrect\n"; + fatal_error(); + return 1; } - } - -chdir $change_dir if $change_dir ne ""; - -if ($recurse) - { - @fingerprint_files = ("fingerprint.sha1", - <*/fingerprint.sha1>); - } -else - { - push @fingerprint_files, $hash_file; - } - -foreach $fp (@fingerprint_files) - { - open(IN, "$fp") || die "Can't open file $fp"; - print STDERR "Opening Fingerprint file $fp\n" if $verbose; - my $dir = $fp; - $dir =~ s/[^\/]*$//; - while () + foreach (@checked_hashes) { chomp; if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/)) @@ -83,99 +153,65 @@ foreach $fp (@fingerprint_files) print STDERR "FATAL: Invalid syntax in file $fp\n"; print STDERR "Line:\n$_\n"; fatal_error(); + return 1; } - if (!$rebuild && length($hash) != 40) - { - print STDERR "FATAL: Invalid hash length in $fp for file $file\n"; - fatal_error(); - } - push @hashed_files, "$dir$file"; - if (exists $hashes{"$dir$file"}) + if (length($hash) != 40) { - print STDERR "FATAL: Duplicate Hash file $dir$file\n"; + print STDERR "FATAL: Invalid hash length for file $file\n"; fatal_error(); + return 1; } - if (! -r "$dir$file") + if ($hash ne $hashes{$file}) { - print STDERR "FATAL: Can't access $dir$file\n"; - fatal_error(); + if ($rebuild) + { + print STDERR "Updating hash on file $file\n"; + $hashes{$file} = $hash; + } + else + { + print STDERR "Hash check failed for file $file\n"; + } + $badfiles++; } - $hashes{"$dir$file"} = $hash; + elsif ($verbose) + { print "Hash Check OK for $file\n";} } - close IN; - } - -@checked_hashes = `$check_program @hashed_files`; + -if ($? != 0) - { - print STDERR "Error running hash program $check_program\n"; - fatal_error(); - } - -if (@checked_hashes != @hashed_files) - { - print STDERR "FATAL: hash count incorrect\n"; - fatal_error(); - } - -foreach (@checked_hashes) - { - chomp; - if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/)) + if ($badfiles && !$rebuild) { - print STDERR "FATAL: Invalid syntax in file $fp\n"; - print STDERR "Line:\n$_\n"; + print STDERR "FATAL: hash mismatch on $badfiles files\n"; fatal_error(); + return 1; } - if (length($hash) != 40) - { - print STDERR "FATAL: Invalid hash length for file $file\n"; - fatal_error(); - } - if ($hash ne $hashes{$file}) + + if ($badfiles || $force_rewrite) { - if ($rebuild) + print "Updating Hash file $hash_file\n"; + if (!open(OUT, ">$hash_file")) { - print STDERR "Updating hash on file $file\n"; - $hashes{$file} = $hash; + print STDERR "Error rewriting $hash_file"; + return 1; } - else + foreach (@hashed_files) { - print STDERR "Hash check failed for file $file\n"; + print OUT "HMAC-SHA1($_)= $hashes{$_}\n"; } - $badfiles++; + close OUT; } - elsif ($verbose) - { print "Hash Check OK for $file\n";} - } - -if ($badfiles && !$rebuild) - { - print STDERR "FATAL: hash mismatch on $badfiles files\n"; - fatal_error(); - } - -if ($badfiles || $force_rewrite) - { - print "Updating Hash file $hash_file\n"; - open OUT, ">$hash_file" || die "Error rewriting $hash_file"; - foreach (@hashed_files) + if (!$badfiles) { - print OUT "HMAC-SHA1($_)= $hashes{$_}\n"; + print "FIPS hash check successful\n"; } - close OUT; - } -if (!$badfiles) - { - print "FIPS hash check successful\n"; } sub fatal_error { print STDERR "*** Your source code does not match the FIPS validated source ***\n"; - exit 1; } + + -- 2.25.1