From e1a5486f5d3a74bbf9f7faf9ff76a9e9ce40eb49 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 16 Jan 2007 17:39:58 +0000
Subject: [PATCH] More fixes to build/fipsld to handle detached fips_premain.c
 detached sig.

---
 fips-1.0/Makefile |  3 +--
 fips-1.0/fipsld   | 15 +++------------
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/fips-1.0/Makefile b/fips-1.0/Makefile
index 0510581b7a..d92652b031 100644
--- a/fips-1.0/Makefile
+++ b/fips-1.0/Makefile
@@ -174,9 +174,8 @@ install:
 		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
 	done
 	@cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
+		fips_premain.c.sha1 \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
-	strings fipscanister.o | grep "HMAC-SHA1(fips_premain\\.c)" > \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips_premain.c.sha1; \
 	chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
 
 lint:
diff --git a/fips-1.0/fipsld b/fips-1.0/fipsld
index 9ee9da103d..237910de87 100755
--- a/fips-1.0/fipsld
+++ b/fips-1.0/fipsld
@@ -75,13 +75,6 @@ echo Canister: $CANISTER_O
 		diff -w "${PREMAIN_C}.sha1" - || \
 	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
 
-	# verify fips_premain.c against its signature embedded into
-	# fipscanister.o...
-	#SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
-	#REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
-	#[ "${SIG}" = "${REF}" ] || \
-	#{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
-
 	# Temporarily remove fipscanister.o from libcrypto.a!
 	# We are required to use the standalone copy...
 	trap	'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
@@ -127,11 +120,9 @@ echo Canister: $CANISTER_O
 		diff -w "${CANISTER_O}.sha1" - || \
 	{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
 
-	# verify fips_premain.c against its signature embedded into
-	# fipscanister.o...
-	SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
-	REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
-	[ "${SIG}" = "${REF}" ] || \
+	# verify fips_premain.c against its detached signature...
+	${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
+		diff -w "${PREMAIN_C}.sha1" - || \
 	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
 
 	${CC}	"${CANISTER_O}" \
-- 
2.25.1