diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-05-03 13:12:59 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-05-04 11:32:16 +0200 |
| commit | be22315235605ac50f735758f6c6edcb262146db (patch) | |
| tree | 68fd3250ab3f7ebfbb7484c68a68645fb0e1c20e /Configurations | |
| parent | Unix build file: Add a target to create providers/fips.module.sources (diff) | |
| download | openssl-be22315235605ac50f735758f6c6edcb262146db.tar.xz openssl-be22315235605ac50f735758f6c6edcb262146db.zip | |
FIPS module checksums: add scripts and Makefile rule
This adds the following scripts:
util/lang-compress.pl:
Compress source code, which language is determined by the first argument.
For the moment, we know 'perl' (perlasm source code), 'C' (C source code)
and 'S' (Assembler with C preprocessor directives).
This removes comments and empty lines, and compresses series of horizontal
spaces to one single space in the languages where that's appropriate.
util/fips-checksums.sh:
Takes source file names as arguments, pushes them through
util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates
the checksum on the result.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)
Diffstat (limited to 'Configurations')
| -rw-r--r-- | Configurations/unix-Makefile.tmpl | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index e730e1dee1..d98c42c85e 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1055,6 +1055,9 @@ uninstall_html_docs: # It's important that generate_buildinfo comes after ordinals, as ordinals # is sensitive to build.info changes. update: generate errors ordinals generate_buildinfo +{- output_off() if $disabled{fips}; "" -} +update: fips-checksums +{- output_on() if $disabled{fips}; "" -} generate: generate_apps generate_crypto_bn generate_crypto_objects \ generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids @@ -1267,6 +1270,20 @@ tags TAGS: FORCE -ctags -R . -etags `find . -name '*.[ch]' -o -name '*.pm'` +{- output_off() if $disabled{fips}; "" -} +fips-checksums: generate_fips_sources + if which unifdef > /dev/null; then \ + ( cd $(SRCDIR) \ + && cat providers/fips.module.sources \ + | xargs ./util/fips-checksums.sh \ + > providers/fips-sources.checksums \ + && sha256sum providers/fips-sources.checksums \ + > providers/fips.checksum ); \ + else \ + echo >&2 "WARNING: unifdef not in your \$$PATH, FIPS checksums not calculated"; \ + fi +{- output_on() if $disabled{fips}; "" -} + # Release targets (note: only available on Unix) ##################### tar: |