From be22315235605ac50f735758f6c6edcb262146db Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 3 May 2019 13:12:59 +0200 Subject: FIPS module checksums: add scripts and Makefile rule This adds the following scripts: util/lang-compress.pl: Compress source code, which language is determined by the first argument. For the moment, we know 'perl' (perlasm source code), 'C' (C source code) and 'S' (Assembler with C preprocessor directives). This removes comments and empty lines, and compresses series of horizontal spaces to one single space in the languages where that's appropriate. util/fips-checksums.sh: Takes source file names as arguments, pushes them through util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates the checksum on the result. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) --- Configurations/unix-Makefile.tmpl | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'Configurations') diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index e730e1dee1..d98c42c85e 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1055,6 +1055,9 @@ uninstall_html_docs: # It's important that generate_buildinfo comes after ordinals, as ordinals # is sensitive to build.info changes. update: generate errors ordinals generate_buildinfo +{- output_off() if $disabled{fips}; "" -} +update: fips-checksums +{- output_on() if $disabled{fips}; "" -} generate: generate_apps generate_crypto_bn generate_crypto_objects \ generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids @@ -1267,6 +1270,20 @@ tags TAGS: FORCE -ctags -R . -etags `find . -name '*.[ch]' -o -name '*.pm'` +{- output_off() if $disabled{fips}; "" -} +fips-checksums: generate_fips_sources + if which unifdef > /dev/null; then \ + ( cd $(SRCDIR) \ + && cat providers/fips.module.sources \ + | xargs ./util/fips-checksums.sh \ + > providers/fips-sources.checksums \ + && sha256sum providers/fips-sources.checksums \ + > providers/fips.checksum ); \ + else \ + echo >&2 "WARNING: unifdef not in your \$$PATH, FIPS checksums not calculated"; \ + fi +{- output_on() if $disabled{fips}; "" -} + # Release targets (note: only available on Unix) ##################### tar: -- cgit v1.2.3