fips: Integrity check improvement, with only loadable segments.

* configure.ac (READELF): Check the tool. * src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256. * src/fips.c (get_file_offsets): Rename from get_file_offset. Determine the OFFSET2 at the end of loadable segments, too. Add fixup of the ELF header to exclude section information. (hmac256_check): Finish scanning at the end of loadble segments. * src/genhmac.sh: New. -- This change fixes the build with ld.gold. GnuPG-bug-id: 5835 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2022-02-16 14:06:02 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2022-02-16 14:06:02 +0900
commit: 9dcf9305962b90febdf2d7cc73b49feadbf6a01f (patch)
tree: 1d3c4680ed8a0fcb98b5e659072034f2947f2474 /configure.ac
parent: b2f110f99626afce84c23c76db0ebaaadac4ee48 (diff)
download: libgcrypt-9dcf9305962b90febdf2d7cc73b49feadbf6a01f.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index f0f1637f..ea01f5a6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -579,6 +579,7 @@ else
     AC_DEFINE(ENABLE_HMAC_BINARY_CHECK,1,
               [Define to support an HMAC based integrity check])
     AC_CHECK_TOOL(OBJCOPY, [objcopy])
+    AC_CHECK_TOOL(READELF, [readelf])
     if test "$use_hmac_binary_check" != yes ; then
         DEF_HMAC_BINARY_CHECK=-DKEY_FOR_BINARY_CHECK="'\"$use_hmac_binary_check\"'"
     fi
author	NIIBE Yutaka <gniibe@fsij.org>	2022-02-16 14:06:02 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2022-02-16 14:06:02 +0900
commit	9dcf9305962b90febdf2d7cc73b49feadbf6a01f (patch)
tree	1d3c4680ed8a0fcb98b5e659072034f2947f2474 /configure.ac
parent	b2f110f99626afce84c23c76db0ebaaadac4ee48 (diff)
download	libgcrypt-9dcf9305962b90febdf2d7cc73b49feadbf6a01f.tar.gz