296ae60f11
Resolves: RHEL-80811 Resolves: RHEL-57022 Resolves: RHEL-24098 Resolves: RHEL-24097 Resolves: RHEL-86865
33 lines
1.2 KiB
Diff
33 lines
1.2 KiB
Diff
From e5fa1a36fb4786a29e5e0ffcafc1198a18ef2a1c Mon Sep 17 00:00:00 2001
|
|
From: Simo Sorce <simo@redhat.com>
|
|
Date: Thu, 20 Feb 2025 15:30:32 -0500
|
|
Subject: [PATCH 21/50] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so
|
|
|
|
This script rewrites the fips.so binary to embed the hmac result into it
|
|
so that after a build it can be called to make the fips.so as modified
|
|
by Red Hat to properly pass the integrty test
|
|
|
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
---
|
|
fips-hmacify.sh | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
create mode 100755 fips-hmacify.sh
|
|
|
|
diff --git a/fips-hmacify.sh b/fips-hmacify.sh
|
|
new file mode 100755
|
|
index 0000000000..54ae60b07f
|
|
--- /dev/null
|
|
+++ b/fips-hmacify.sh
|
|
@@ -0,0 +1,8 @@
|
|
+#!/bin/bash
|
|
+
|
|
+dd if=/dev/zero bs=1 count=32 of=tmp.mac >/dev/null 2>&1
|
|
+objcopy --update-section .rodata1=tmp.mac providers/fips.so providers/fips.so.zeromac
|
|
+mv providers/fips.so.zeromac providers/fips.so
|
|
+LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
|
|
+objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
|
|
+mv providers/fips.so.mac providers/fips.so
|
|
--
|
|
2.49.0
|
|
|