fips: More portable integrity check.
* src/Makefile.am (EXTRA_DIST): Change the name of the script. (libgcrypt.la.done): Invoce OBJCOPY with --add-section. (libgcrypt.so.hmac): Specify ECHO_N. * src/fips.c (get_file_offset): Rename from get_file_offsets. Find the note section and return the value in HMAC. (hmac256_check): Simplify by HMAC from the note section, not loaded. (check_binary_integrity): Use dladdr instead of dladdr1. * src/gen-note-integrity.sh: Rename from genhmac.sh. Generate ElfN_Nhdr, and then the hmac.
The idea of use of .note is by Daiki Ueno.
https://gitlab.com/dueno/integrity-notes
Further, instead of NOTE segment loaded onto memory, use noload
section in the file.
Thanks to Clemens Lang for initiating this direction of improvement.
The namespace "FDO" would need to be changed.
- GnuPG-bug-id: T5835
- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>