Home GnuPG
Diffusion libgcrypt 974f4c7e698b

fips: Integrity check improvement, with only loadable segments.
974f4c7e698bUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

fips: Integrity check improvement, with only loadable segments.

* configure.ac (READELF): Check the tool.
* src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256.
* src/fips.c (get_file_offsets): Rename from get_file_offset.
Determine the OFFSET2 at the end of loadable segments, too.
Add fixup of the ELF header to exclude section information.
(hmac256_check): Finish scanning at the end of loadble segments.
* src/genhmac.sh: New.

Backport master commit of:
9dcf9305962b90febdf2d7cc73b49feadbf6a01f

This change fixes the build with ld.gold.

  • GnuPG-bug-id: T5835
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Feb 16 2022, 6:06 AM
Parents
rCa4966208895c: fips: Fix previous commit.
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (4)

PathSize
src/

rC974f4c7e698b

View Options

configure.ac

Loading...
View Options

src/Makefile.am

Loading...
View Options

src/fips.c

Loading...
View Options

src/genhmac.sh

Loading...