2022-01-18 13:13:32 +00:00
|
|
|
From 7e6e303e6aef019047eb6dfcdedbfe7da2a88526 Mon Sep 17 00:00:00 2001
|
2021-07-08 09:51:48 +00:00
|
|
|
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
2022-01-18 13:13:32 +00:00
|
|
|
Date: Tue, 11 Jan 2022 16:04:15 +0100
|
2021-07-08 09:51:48 +00:00
|
|
|
Subject: [PATCH] Compute HMAC from installed library
|
|
|
|
|
|
|
|
The HMAC hash was computed from the libica in the build tree, but
|
|
|
|
the runtime check is run against the installed libica and those 2
|
2022-01-18 13:13:32 +00:00
|
|
|
files may be different. E.g. if the runtime one has debuginfo stripped
|
|
|
|
(and placed into a separate file), the hashes are different.
|
|
|
|
This commit introduces a new make target: fipsinstall, which creates
|
|
|
|
the HMAC files in the install directory.
|
2021-07-08 09:51:48 +00:00
|
|
|
|
|
|
|
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
|
|
|
---
|
|
|
|
Makefile.am | 9 ++++-----
|
|
|
|
src/Makefile.am | 8 +++++++-
|
|
|
|
2 files changed, 11 insertions(+), 6 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/Makefile.am b/Makefile.am
|
2022-01-18 13:13:32 +00:00
|
|
|
index 2d8ab9e..e14abb5 100644
|
2021-07-08 09:51:48 +00:00
|
|
|
--- a/Makefile.am
|
|
|
|
+++ b/Makefile.am
|
|
|
|
@@ -17,11 +17,8 @@ coverage: check
|
|
|
|
cd ${top_builddir}/src && gcov .libs/*.gcda
|
|
|
|
|
|
|
|
if ICA_FIPS
|
|
|
|
-install-data-hook:
|
|
|
|
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir)
|
|
|
|
- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac
|
|
|
|
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir)
|
|
|
|
- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
|
|
|
|
+fipsinstall:
|
|
|
|
+ $(AM_V_GEN)$(MAKE) -C src fipsinstall
|
2022-01-18 13:13:32 +00:00
|
|
|
if ICA_OPENSSL3
|
|
|
|
test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica
|
|
|
|
test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true
|
|
|
|
@@ -38,3 +35,5 @@ if ICA_OPENSSL3
|
|
|
|
endif
|
2021-07-08 09:51:48 +00:00
|
|
|
endif
|
|
|
|
|
|
|
|
+.PHONY: fipsinstall
|
|
|
|
+
|
|
|
|
diff --git a/src/Makefile.am b/src/Makefile.am
|
2022-01-18 13:13:32 +00:00
|
|
|
index c630048..4c92c96 100644
|
2021-07-08 09:51:48 +00:00
|
|
|
--- a/src/Makefile.am
|
|
|
|
+++ b/src/Makefile.am
|
2022-01-18 13:13:32 +00:00
|
|
|
@@ -47,6 +47,12 @@ mp.S : mp.pl
|
2021-07-08 09:51:48 +00:00
|
|
|
./mp.pl mp.S
|
|
|
|
|
|
|
|
if ICA_FIPS
|
|
|
|
+fipsinstall:
|
|
|
|
+ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac
|
|
|
|
+ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
|
|
|
|
+ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION1).hmac
|
|
|
|
+ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
|
|
|
|
+
|
|
|
|
hmac-file-lnk: hmac-file
|
|
|
|
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
|
|
|
|
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
|
2022-01-18 13:13:32 +00:00
|
|
|
@@ -110,4 +116,4 @@ internal_tests_ec_internal_test_SOURCES = \
|
2021-07-08 09:51:48 +00:00
|
|
|
include/rng.h ../test/testcase.h
|
|
|
|
endif
|
|
|
|
|
|
|
|
-.PHONY: hmac-file hmac-file-lnk
|
|
|
|
+.PHONY: hmac-file hmac-file-lnk fipsinstall
|
|
|
|
--
|
2022-01-18 13:13:32 +00:00
|
|
|
2.34.1
|
2021-07-08 09:51:48 +00:00
|
|
|
|