Diffusion libgcrypt 9dcf9305962b

fips: Integrity check improvement, with only loadable segments.
9dcf9305962b
Actions

Tags

None

Subscribers

None

Description

fips: Integrity check improvement, with only loadable segments.

* configure.ac (READELF): Check the tool.
* src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256.
* src/fips.c (get_file_offsets): Rename from get_file_offset.
Determine the OFFSET2 at the end of loadable segments, too.
Add fixup of the ELF header to exclude section information.
(hmac256_check): Finish scanning at the end of loadble segments.
* src/genhmac.sh: New.

This change fixes the build with ld.gold.

GnuPG-bug-id: T5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

Authored on Feb 16 2022, 6:06 AM

Parents

rCb2f110f99626: build: Clean up acinclude.m4.

Branches

Unknown

Tags

Unknown

Tasks

T5835: libgcrypt: More robust/portable integrity check

Event Timeline

• gniibe committed rC9dcf9305962b: fips: Integrity check improvement, with only loadable segments. (authored by • gniibe).Feb 16 2022, 6:06 AM

• gniibe added a task: T5835: libgcrypt: More robust/portable integrity check.Feb 16 2022, 6:16 AM

• gniibe mentioned this in T5835: libgcrypt: More robust/portable integrity check.Feb 16 2022, 6:29 AM

Changes (4)

Path

Size

src/

rC9dcf9305962b

configure.ac

Loading...

src/Makefile.am

Loading...

src/fips.c

Loading...

src/genhmac.sh

Loading...