head	1.3;
access;
symbols
	RELENG_8_4:1.3.0.2
	RELENG_9_1_0_RELEASE:1.2
	RELENG_9_1:1.2.0.8
	RELENG_9_1_BP:1.2
	RELENG_8_3_0_RELEASE:1.1.2.1
	RELENG_8_3:1.1.2.1.0.6
	RELENG_8_3_BP:1.1.2.1
	RELENG_9_0_0_RELEASE:1.2
	RELENG_9_0:1.2.0.6
	RELENG_9_0_BP:1.2
	RELENG_9:1.2.0.4
	RELENG_9_BP:1.2
	RELENG_7_4_0_RELEASE:1.2.2.2
	RELENG_8_2_0_RELEASE:1.1.2.1
	RELENG_7_4:1.2.2.2.0.2
	RELENG_7_4_BP:1.2.2.2
	RELENG_8_2:1.1.2.1.0.4
	RELENG_8_2_BP:1.1.2.1
	RELENG_7:1.2.0.2
	RELENG_8_1_0_RELEASE:1.1.2.1
	RELENG_8_1:1.1.2.1.0.2
	RELENG_8_1_BP:1.1.2.1
	RELENG_8_0_0_RELEASE:1.1
	RELENG_8_0:1.1.0.4
	RELENG_8_0_BP:1.1
	RELENG_8:1.1.0.2
	RELENG_8_BP:1.1;
locks; strict;
comment	@# @;


1.3
date	2012.07.12.19.30.53;	author jkim;	state dead;
branches
	1.3.2.1;
next	1.2;

1.2
date	2010.03.13.19.22.41;	author simon;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2009.06.14.19.45.16;	author simon;	state Exp;
branches
	1.1.2.1;
next	;

1.3.2.1
date	2012.07.12.19.30.53;	author svnexp;	state dead;
branches;
next	1.3.2.2;

1.3.2.2
date	2013.03.28.13.02.39;	author svnexp;	state Exp;
branches;
next	;

1.2.2.1
date	2010.11.28.13.45.51;	author simon;	state dead;
branches;
next	1.2.2.2;

1.2.2.2
date	2010.11.28.13.45.51;	author simon;	state Exp;
branches;
next	;

1.1.2.1
date	2010.05.22.18.40.54;	author simon;	state Exp;
branches;
next	;


desc
@@


1.3
log
@SVN rev 238405 on 2012-07-12 19:30:53Z by jkim

Merge OpenSSL 1.0.1c.

Approved by:	benl (maintainer)
@
text
@#!/bin/sh -e
#
# Copyright (c) 2005-2007 The OpenSSL Project.
#
# Depending on output file name, the script either embeds fingerprint
# into libcrypto.so or static application. "Static" refers to static
# libcrypto.a, not [necessarily] application per se.
#
# Even though this script is called fipsld, it expects C compiler
# command line syntax and $FIPSLD_CC or $CC environment variable set
# and can even be used to compile source files.

#set -x

CC=${FIPSLD_CC:-${CC}}
[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }

# Initially -c wasn't intended to be interpreted here, but it might
# make life easier for those who want to build FIPS-ified applications
# with minimal [if any] modifications to their Makefiles...
(   while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
    [ $# -ge 1 ]
) && exec ${CC} "$@@"

TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`

# If using an auto-tooled (autoconf/automake/libtool) project,
# configure will fail when testing the compiler or even performing
# simple checks. Pass-through to compiler directly if application is
# is not being linked with libcrypto, allowing auto-tooled applications
# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
# ./configure && make). But keep in mind[!] that if certified code
# resides in a shared library, then fipsld *may not* be used and
# end-developer should not modify application configuration and build
# procedures. This is because in-core fingerprint and associated
# procedures are already embedded into and executed in shared library
# context.
case `basename "${TARGET}"` in
libcrypto*|libfips*|*.dll)		;;
*)	case "$*" in
	*libcrypto.a*|*-lcrypto*|*fipscanister.o*)	;;
	*)	exec ${CC} "$@@"		;;
	esac
esac

[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }

# Turn on debugging output?
(   while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
    [ $# -ge 1 ]
) && set -x

THERE="`echo $0 | sed -e 's|[^/]*$||'`"..

# fipscanister.o can appear in command line
CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
if [ -z "${CANISTER_O}" ]; then
	# If set, FIPSLIBDIR is location of installed validated FIPS module
	if [ -n "${FIPSLIBDIR}" ]; then
		CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
	elif [ -f "${THERE}/fips/fipscanister.o" ]; then
		CANISTER_O="${THERE}/fips/fipscanister.o"
	elif [ -f "${THERE}/lib/fipscanister.o" ]; then
		CANISTER_O="${THERE}/lib/fipscanister.o"
	fi
	CANISTER_O_CMD="${CANISTER_O}"
fi
[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }

PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c

HMAC_KEY="etaonrishdlcupfm"

case "`(uname -s) 2>/dev/null`" in
OSF1|IRIX*)	_WL_PREMAIN="-Wl,-init,FINGERPRINT_premain"	;;
HP-UX)		_WL_PREMAIN="-Wl,+init,FINGERPRINT_premain"	;;
AIX)		_WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
Darwin)		(   while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
		    [ $# -ge 1 ]
		) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
esac

case "${TARGET}" in
[!/]*)	TARGET=./${TARGET} ;;
esac

case `basename "${TARGET}"` in
lib*|*.dll)	# must be linking a shared lib...
	# Shared lib creation can be taking place in the source
	# directory only, but fipscanister.o can reside elsewhere...
	FINGERTYPE="${THERE}/fips/fips_standalone_sha1"

	# verify fipspremain.c against its detached signature...
	${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
		diff -w "${PREMAIN_C}.sha1" - || \
	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
	# verify fipscanister.o against its detached signature...
	${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
		diff -w "${CANISTER_O}.sha1" - || \
	{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }

	# Temporarily remove fipscanister.o from libcrypto.a!
	# We are required to use the standalone copy...
	if [ -f "${THERE}/libcrypto.a" ]; then
	    if ar d "${THERE}/libcrypto.a" fipscanister.o; then
		(ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
		trap	'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
			 (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :;
			 sleep 1;
			 touch -c "${TARGET}"' 0
	    fi
	fi

	/bin/rm -f "${TARGET}"
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		"${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"

	# generate signature...
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
	fi
	/bin/rm -f "${TARGET}"
	if [ -z "${SIG}" ]; then
	   echo "unable to collect signature"; exit 1
	fi

	# recompile with signature...
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"
	;;

*)	# must be linking statically...
	# Static linking can be taking place either in the source
	# directory or off the installed binary target destination.
	if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
		FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
	else	# Installed tree is expected to contain
		# lib/fipscanister.o, lib/fipscanister.o.sha1 and
		# lib/fips_premain.c [not to mention bin/openssl].
		FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
	fi

	# verify fipscanister.o against its detached signature...
	${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
		diff -w "${CANISTER_O}.sha1" - || \
	{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }

	# verify fips_premain.c against its detached signature...
	${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
		diff -w "${PREMAIN_C}.sha1" - || \
	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }

	/bin/rm -f "${TARGET}"
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		"${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"

	# generate signature...
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
	fi
	/bin/rm -f "${TARGET}"
	if [ -z "${SIG}" ]; then
	   echo "unable to collect signature"; exit 1
	fi

	# recompile with signature...
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"
	;;
esac
@


1.3.2.1
log
@file fipsld was added on branch RELENG_8_4 on 2013-03-28 13:02:39 +0000
@
text
@d1 178
@


1.3.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 178
#!/bin/sh -e
#
# Copyright (c) 2005-2007 The OpenSSL Project.
#
# Depending on output file name, the script either embeds fingerprint
# into libcrypto.so or static application. "Static" refers to static
# libcrypto.a, not [necessarily] application per se.
#
# Even though this script is called fipsld, it expects C compiler
# command line syntax and $FIPSLD_CC or $CC environment variable set
# and can even be used to compile source files.

#set -x

CC=${FIPSLD_CC:-${CC}}
[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }

# Initially -c wasn't intended to be interpreted here, but it might
# make life easier for those who want to build FIPS-ified applications
# with minimal [if any] modifications to their Makefiles...
(   while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
    [ $# -ge 1 ]
) && exec ${CC} "$@@"

TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`

# If using an auto-tooled (autoconf/automake/libtool) project,
# configure will fail when testing the compiler or even performing
# simple checks. Pass-through to compiler directly if application is
# is not being linked with libcrypto, allowing auto-tooled applications
# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
# ./configure && make). But keep in mind[!] that if certified code
# resides in a shared library, then fipsld *may not* be used and
# end-developer should not modify application configuration and build
# procedures. This is because in-core fingerprint and associated
# procedures are already embedded into and executed in shared library
# context.
case `basename "${TARGET}"` in
libcrypto*|libfips*|*.dll)		;;
*)	case "$*" in
	*libcrypto.a*|*-lcrypto*|*fipscanister.o*)	;;
	*)	exec ${CC} "$@@"		;;
	esac
esac

[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }

# Turn on debugging output?
(   while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
    [ $# -ge 1 ]
) && set -x

THERE="`echo $0 | sed -e 's|[^/]*$||'`"..

# fipscanister.o can appear in command line
CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
if [ -z "${CANISTER_O}" ]; then
	# If set, FIPSLIBDIR is location of installed validated FIPS module
	if [ -n "${FIPSLIBDIR}" ]; then
		CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
	elif [ -f "${THERE}/fips/fipscanister.o" ]; then
		CANISTER_O="${THERE}/fips/fipscanister.o"
	elif [ -f "${THERE}/lib/fipscanister.o" ]; then
		CANISTER_O="${THERE}/lib/fipscanister.o"
	fi
	CANISTER_O_CMD="${CANISTER_O}"
fi
[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }

PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c

HMAC_KEY="etaonrishdlcupfm"

case "`(uname -s) 2>/dev/null`" in
OSF1|IRIX*)	_WL_PREMAIN="-Wl,-init,FINGERPRINT_premain"	;;
HP-UX)		_WL_PREMAIN="-Wl,+init,FINGERPRINT_premain"	;;
AIX)		_WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
Darwin)		(   while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
		    [ $# -ge 1 ]
		) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
esac

case "${TARGET}" in
[!/]*)	TARGET=./${TARGET} ;;
esac

case `basename "${TARGET}"` in
lib*|*.dll)	# must be linking a shared lib...
	# Shared lib creation can be taking place in the source
	# directory only, but fipscanister.o can reside elsewhere...
	FINGERTYPE="${THERE}/fips/fips_standalone_sha1"

	# verify fipspremain.c against its detached signature...
	${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
		diff -w "${PREMAIN_C}.sha1" - || \
	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
	# verify fipscanister.o against its detached signature...
	${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
		diff -w "${CANISTER_O}.sha1" - || \
	{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }

	# Temporarily remove fipscanister.o from libcrypto.a!
	# We are required to use the standalone copy...
	if [ -f "${THERE}/libcrypto.a" ]; then
	    if ar d "${THERE}/libcrypto.a" fipscanister.o; then
		(ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
		trap	'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
			 (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :;
			 sleep 1;
			 touch -c "${TARGET}"' 0
	    fi
	fi

	/bin/rm -f "${TARGET}"
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		"${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"

	# generate signature...
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
	fi
	/bin/rm -f "${TARGET}"
	if [ -z "${SIG}" ]; then
	   echo "unable to collect signature"; exit 1
	fi

	# recompile with signature...
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"
	;;

*)	# must be linking statically...
	# Static linking can be taking place either in the source
	# directory or off the installed binary target destination.
	if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
		FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
	else	# Installed tree is expected to contain
		# lib/fipscanister.o, lib/fipscanister.o.sha1 and
		# lib/fips_premain.c [not to mention bin/openssl].
		FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
	fi

	# verify fipscanister.o against its detached signature...
	${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
		diff -w "${CANISTER_O}.sha1" - || \
	{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }

	# verify fips_premain.c against its detached signature...
	${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
		diff -w "${PREMAIN_C}.sha1" - || \
	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }

	/bin/rm -f "${TARGET}"
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		"${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"

	# generate signature...
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
	fi
	/bin/rm -f "${TARGET}"
	if [ -z "${SIG}" ]; then
	   echo "unable to collect signature"; exit 1
	fi

	# recompile with signature...
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"
	;;
esac
@


1.2
log
@SVN rev 205128 on 2010-03-13 19:22:41Z by simon

Merge OpenSSL 0.9.8m into head.

This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL.  The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after:	3 weeks
@
text
@@


1.2.2.1
log
@file fipsld was added on branch RELENG_7 on 2010-11-28 20:05:32 +0000
@
text
@d1 178
@


1.2.2.2
log
@SVN rev 215997 on 2010-11-28 13:45:51Z by simon

Merge OpenSSL 0.9.8p into stable/7.

This merges up to and including head/crypto/openssl/ r215697; and
head/secure/lib/libcrypto/, head/secure/lib/libssl/,
head/secure/usr.bin/openssl/ r215698.

To make the merge simpler, a hack was added to set MACHINE_CPUARCH.

A few old OpenSSL security fixes are still the stable/7 tree - these
will be backed out to the vendor version shortly.

Security:	CVE-2010-2939, CVE-2010-3864
Security:	http://www.openssl.org/news/secadv_20101116.txt
Security:	FreeBSD-SA-10:10.openssl
Approved by:	re (implicitly - they did not object of the general idea
		of OpenSSL update)
@
text
@a0 178
#!/bin/sh -e
#
# Copyright (c) 2005-2007 The OpenSSL Project.
#
# Depending on output file name, the script either embeds fingerprint
# into libcrypto.so or static application. "Static" refers to static
# libcrypto.a, not [necessarily] application per se.
#
# Even though this script is called fipsld, it expects C compiler
# command line syntax and $FIPSLD_CC or $CC environment variable set
# and can even be used to compile source files.

#set -x

CC=${FIPSLD_CC:-${CC}}
[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }

# Initially -c wasn't intended to be interpreted here, but it might
# make life easier for those who want to build FIPS-ified applications
# with minimal [if any] modifications to their Makefiles...
(   while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
    [ $# -ge 1 ]
) && exec ${CC} "$@@"

TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`

# If using an auto-tooled (autoconf/automake/libtool) project,
# configure will fail when testing the compiler or even performing
# simple checks. Pass-through to compiler directly if application is
# is not being linked with libcrypto, allowing auto-tooled applications
# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
# ./configure && make). But keep in mind[!] that if certified code
# resides in a shared library, then fipsld *may not* be used and
# end-developer should not modify application configuration and build
# procedures. This is because in-core fingerprint and associated
# procedures are already embedded into and executed in shared library
# context.
case `basename "${TARGET}"` in
libcrypto*|libfips*|*.dll)		;;
*)	case "$*" in
	*libcrypto.a*|*-lcrypto*|*fipscanister.o*)	;;
	*)	exec ${CC} "$@@"		;;
	esac
esac

[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }

# Turn on debugging output?
(   while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
    [ $# -ge 1 ]
) && set -x

THERE="`echo $0 | sed -e 's|[^/]*$||'`"..

# fipscanister.o can appear in command line
CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
if [ -z "${CANISTER_O}" ]; then
	# If set, FIPSLIBDIR is location of installed validated FIPS module
	if [ -n "${FIPSLIBDIR}" ]; then
		CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
	elif [ -f "${THERE}/fips/fipscanister.o" ]; then
		CANISTER_O="${THERE}/fips/fipscanister.o"
	elif [ -f "${THERE}/lib/fipscanister.o" ]; then
		CANISTER_O="${THERE}/lib/fipscanister.o"
	fi
	CANISTER_O_CMD="${CANISTER_O}"
fi
[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }

PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c

HMAC_KEY="etaonrishdlcupfm"

case "`(uname -s) 2>/dev/null`" in
OSF1|IRIX*)	_WL_PREMAIN="-Wl,-init,FINGERPRINT_premain"	;;
HP-UX)		_WL_PREMAIN="-Wl,+init,FINGERPRINT_premain"	;;
AIX)		_WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
Darwin)		(   while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
		    [ $# -ge 1 ]
		) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
esac

case "${TARGET}" in
[!/]*)	TARGET=./${TARGET} ;;
esac

case `basename "${TARGET}"` in
lib*|*.dll)	# must be linking a shared lib...
	# Shared lib creation can be taking place in the source
	# directory only, but fipscanister.o can reside elsewhere...
	FINGERTYPE="${THERE}/fips/fips_standalone_sha1"

	# verify fipspremain.c against its detached signature...
	${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
		diff -w "${PREMAIN_C}.sha1" - || \
	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
	# verify fipscanister.o against its detached signature...
	${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
		diff -w "${CANISTER_O}.sha1" - || \
	{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }

	# Temporarily remove fipscanister.o from libcrypto.a!
	# We are required to use the standalone copy...
	if [ -f "${THERE}/libcrypto.a" ]; then
	    if ar d "${THERE}/libcrypto.a" fipscanister.o; then
		(ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
		trap	'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
			 (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :;
			 sleep 1;
			 touch -c "${TARGET}"' 0
	    fi
	fi

	/bin/rm -f "${TARGET}"
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		"${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"

	# generate signature...
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
	fi
	/bin/rm -f "${TARGET}"
	if [ -z "${SIG}" ]; then
	   echo "unable to collect signature"; exit 1
	fi

	# recompile with signature...
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"
	;;

*)	# must be linking statically...
	# Static linking can be taking place either in the source
	# directory or off the installed binary target destination.
	if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
		FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
	else	# Installed tree is expected to contain
		# lib/fipscanister.o, lib/fipscanister.o.sha1 and
		# lib/fips_premain.c [not to mention bin/openssl].
		FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
	fi

	# verify fipscanister.o against its detached signature...
	${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
		diff -w "${CANISTER_O}.sha1" - || \
	{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }

	# verify fips_premain.c against its detached signature...
	${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
		diff -w "${PREMAIN_C}.sha1" - || \
	{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }

	/bin/rm -f "${TARGET}"
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		"${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"

	# generate signature...
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
	fi
	/bin/rm -f "${TARGET}"
	if [ -z "${SIG}" ]; then
	   echo "unable to collect signature"; exit 1
	fi

	# recompile with signature...
	${CC}	${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
		-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
		${_WL_PREMAIN} "$@@"
	;;
esac
@


1.1
log
@SVN rev 194206 on 2009-06-14 19:45:16Z by simon

Merge OpenSSL 0.9.8k into head.

Approved by:	re
@
text
@d120 5
a124 1
	SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
d163 5
a167 1
	SIG=`"${TARGET}"`
@


1.1.2.1
log
@SVN rev 208419 on 2010-05-22 18:40:54Z by simon

Merge OpenSSL 0.9.8n from head into stable/8.

Approved by:	re (kib)
@
text
@d120 1
a120 5
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
	fi
d159 1
a159 5
	if [ -z "${FIPS_SIG}" ]; then
		SIG=`"${TARGET}"`
	else
		SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
	fi
@


