openssl_fips_fingerprint   [plain text]

#!/bin/sh
#
# Check the library fingerprint and generate an executable fingerprint, or
# return an error

lib=$1
exe=$2
ext=${HMAC_EXT:-sha1}

# deal with the case where we're run from within the build and OpenSSL is
# not yet installed.  Also, make sure LD_LIBRARY_PATH is properly set in
# case shared libraries are built.
if [ "X$TOP" != "X" ]
then
    if test "$OSTYPE" = msdosdjgpp; then
	PATH="$TOP/apps;$TOP;$PATH"
    else
    	PATH="$TOP/apps:$TOP:$PATH"
    fi
    LD_LIBRARY_PATH=$TOP; export LD_LIBRARY_PATH
else
    LD_LIBRARY_PATH=.; export LD_LIBRARY_PATH
fi

echo "Checking library fingerprint for $lib"
openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }

[ -x $exe.exe ] && exe=$exe.exe

echo "Making fingerprint for $exe"
openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext