dladdr() in fips.c and --enable-hmac-binary-check and --enable-static
Burt Silverman
burts at us.ibm.com
Wed Apr 6 16:33:02 CEST 2016
Thank you very much, Werner. As an aside, I noticed afterwards that even
with shared objects, one cannot do a complete build of the entire package
with --enable-hmac-binary-check as src/Makefile.am does not mention
variable DL_LIBS (in variables xxx_LDADD); needed for mpicalc.c, and
presumably also needed for any other binaries built with libgcrypt.
From: Werner Koch <wk at gnupg.org>
To: Burt Silverman/Raleigh/Contr/IBM at IBMUS
Cc: gcrypt-devel at gnupg.org
Date: 04/06/2016 10:00 AM
Subject: Re: dladdr() in fips.c and --enable-hmac-binary-check and
--enable-static
On Fri, 18 Mar 2016 02:09, burts at us.ibm.com said:
> One of our team members decided that he needed to create a program binary
> using static libraries, and he also decided to use the
> --enable-hmac-binary-check option. This combination of configure options
> will not work, because it exposes the dladdr() function call, and the
That option works only with glibc and shared objects - it was required
by a FIPS validated systems. It is not portable. I will add a source
comment to configure.ac to explain this.
> Can you eliminate the use of dladdr(), or come up with something that is
> less likely to trip up a novice? Perhaps it is ridiculous for him to be
Do not use features which are not described in README or in the manual
;-)
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160406/b94b2499/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: </pipermail/attachments/20160406/b94b2499/attachment.gif>
More information about the Gcrypt-devel
mailing list