Diffusion libgcrypt 052c5ef4cea5

fips: Clarify what to be hashed for the integrity check.
052c5ef4cea5
Actions

Tags

None

Subscribers

None

Description

fips: Clarify what to be hashed for the integrity check.

* src/fips.c (get_file_offset): Compute the maximum offset
of segments.
* src/gen-note-integrity.sh: Likewise.

The result is same (in current format of ELF program).
Semantics is more clear. It hashes:

From the start of shared library file,
fixed up the ELF header to exclude link-time information,
up to the last segment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

Authored on Feb 17 2022, 3:21 AM

Parents

rC3c8b6c4a9cad: fips: Fix gen-note-integrity.sh script not to use cmp utility.

Branches

Unknown

Tags

Unknown

Event Timeline

• gniibe committed rC052c5ef4cea5: fips: Clarify what to be hashed for the integrity check. (authored by • gniibe).Feb 17 2022, 3:21 AM

• gniibe mentioned this in T5835: libgcrypt: More robust/portable integrity check.Feb 17 2022, 3:48 AM

Changes (2)

Path

Size

src/

gen-note-integrity.sh

rC052c5ef4cea5

src/fips.c

Loading...

src/gen-note-integrity.sh

Loading...