diff options
| author | Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org> | 2022-02-14 18:49:59 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-15 18:45:31 +0900 |
| commit | beb5d6df5c5785db7c32a24a5d2a351cb964bfbc (patch) | |
| tree | e4df9e17ca7790c2cf872cf9caf219ca9a7e6b50 /README | |
| parent | bff9f1b024647e18b2c87dcd769c0e449f7752e6 (diff) | |
| download | libgcrypt-beb5d6df5c5785db7c32a24a5d2a351cb964bfbc.tar.gz | |
fips: Use ELF header to find hmac file offset
* src/fips.c [ENABLE_HMAC_BINARY_CHECK] (hmac256_check): Use ELF headers
to locate the file offset for the HMAC in addition to information from
the loader
--
The previous method of locating the offset of the .rodata1 section in
the ELF file on disk used information obtained from the loader. This
computed the address of the value in memory at runtime, but the offset
in the file can be different. Specifically, the old code computed
a value relative to ElfW(Phdr).p_vaddr, but the offset in the file is
relative to ElfW(Phdr).p_offset. These values can differ, so the
computed address at runtime must be translated into a file offset
relative to p_offset.
This is largely cosmetic, since the text section that should contain the
HMAC usually has both p_vaddr and p_offset set to 0.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Diffstat (limited to 'README')
| -rw-r--r-- | README | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -157,7 +157,8 @@ --enable-hmac-binary-check Include support to check the binary at runtime against a HMAC checksum. This works only in FIPS - mode and on systems providing the dladdr function. + mode on systems providing the dladdr function and using + the ELF binary format. --with-fips-module-version=version Specify a string used as a module version for FIPS |