diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-16 14:06:02 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-16 14:06:02 +0900 |
commit | 9dcf9305962b90febdf2d7cc73b49feadbf6a01f (patch) | |
tree | 1d3c4680ed8a0fcb98b5e659072034f2947f2474 /src/Makefile.am | |
parent | b2f110f99626afce84c23c76db0ebaaadac4ee48 (diff) | |
download | libgcrypt-9dcf9305962b90febdf2d7cc73b49feadbf6a01f.tar.gz |
fips: Integrity check improvement, with only loadable segments.
* configure.ac (READELF): Check the tool.
* src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256.
* src/fips.c (get_file_offsets): Rename from get_file_offset.
Determine the OFFSET2 at the end of loadable segments, too.
Add fixup of the ELF header to exclude section information.
(hmac256_check): Finish scanning at the end of loadble segments.
* src/genhmac.sh: New.
--
This change fixes the build with ld.gold.
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src/Makefile.am')
-rw-r--r-- | src/Makefile.am | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 018d5761..72100671 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,7 +24,7 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libgcrypt.pc EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ - gcrypt.h.in libgcrypt.def libgcrypt.pc.in + gcrypt.h.in libgcrypt.def libgcrypt.pc.in genhmac.sh bin_SCRIPTS = libgcrypt-config m4datadir = $(datadir)/aclocal @@ -149,7 +149,7 @@ libgcrypt.la.done: libgcrypt.so.hmac @touch libgcrypt.la.done libgcrypt.so.hmac: hmac256 libgcrypt.la - ./hmac256 --stdkey --binary < .libs/libgcrypt.so > $@ + READELF=$(READELF) AWK=$(AWK) $(srcdir)/genhmac.sh > $@ else !USE_HMAC_BINARY_CHECK libgcrypt.la.done: libgcrypt.la @touch libgcrypt.la.done |