Home GnuPG

fips: Clarify what to be hashed for the integrity check.
9fa4c8946ac5Unpublished

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

fips: Clarify what to be hashed for the integrity check.

* src/fips.c (get_file_offset): Compute the maximum offset
of segments.
* src/gen-note-integrity.sh: Likewise.

Backport master commit of:
052c5ef4cea56772b7015e36f231fa0bcbf91410

The result is same (in current format of ELF program).
Semantics is more clear. It hashes:

  • From the start of shared library file,
  • fixed up the ELF header to exclude link-time information,
  • up to the last segment.
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Feb 17 2022, 3:21 AM
Parents
rCad8b67f9e219: fips: Fix gen-note-integrity.sh script not to use cmp utility.
Branches
Unknown
Tags
Unknown