Skip to content

Commit

Permalink
FIPS: make it possible to specify fipshmac binary.
Browse files Browse the repository at this point in the history
Signed-off-by: Michal Suchanek <[email protected]>
  • Loading branch information
hramrach committed Jun 9, 2021
1 parent a70dfe1 commit 1b3e0bd
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
12 changes: 12 additions & 0 deletions openssl-fipshmac
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh -e

if [ "$#" -eq 0 ] ; then
echo "No library to hash specified." >&2
exit 22
fi

while [ -n "$1" ] ; do
dgst="$(openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 "$1")"
echo "$dgst" | sed -e 's/^.* //' > "$(dirname "$1")/$(basename "$1")".hmac
shift
done
4 changes: 2 additions & 2 deletions src/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@ mp.S : mp.pl
./mp.pl mp.S

if ICA_FIPS
FIPSHMAC ?= ${top_srcdir}/openssl-fipshmac
hmac-file-lnk: hmac-file
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac

hmac-file: libica.la libica-cex.la
$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 ${top_builddir}/src/.libs/libica.so.$(VERSION1) | sed -e 's/^.* //' > ${top_builddir}/src/.libs/.libica.so.$(VERSION1).hmac
$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 ${top_builddir}/src/.libs/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION1).hmac
$(AM_V_GEN) $(FIPSHMAC) ${top_builddir}/src/.libs/libica.so.$(VERSION1) ${top_builddir}/src/.libs/libica-cex.so.$(VERSION1)

hmac_files = hmac-file hmac-file-lnk

Expand Down

0 comments on commit 1b3e0bd

Please sign in to comment.