fips: Integrity check improvement, with only loadable segments.

* configure.ac (READELF): Check the tool.
* src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256.
* src/fips.c (get_file_offsets): Rename from get_file_offset.
Determine the OFFSET2 at the end of loadable segments, too.
Add fixup of the ELF header to exclude section information.
(hmac256_check): Finish scanning at the end of loadble segments.
* src/genhmac.sh: New.

--

This change fixes the build with ld.gold.

GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 018d5761..72100671 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -24,7 +24,7 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libgcrypt.pc
 
 EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
-             gcrypt.h.in libgcrypt.def libgcrypt.pc.in
+             gcrypt.h.in libgcrypt.def libgcrypt.pc.in genhmac.sh
 
 bin_SCRIPTS = libgcrypt-config
 m4datadir = $(datadir)/aclocal
@@ -149,7 +149,7 @@ libgcrypt.la.done: libgcrypt.so.hmac
 	@touch libgcrypt.la.done
 
 libgcrypt.so.hmac: hmac256 libgcrypt.la
-	./hmac256 --stdkey --binary  < .libs/libgcrypt.so > $@
+	READELF=$(READELF) AWK=$(AWK) $(srcdir)/genhmac.sh > $@
 else !USE_HMAC_BINARY_CHECK
 libgcrypt.la.done: libgcrypt.la
 	@touch libgcrypt.la.done