dladdr() in fips.c and --enable-hmac-binary-check and --enable-static

Burt Silverman burts at us.ibm.com
Wed Apr 6 16:33:02 CEST 2016

Thank you very much, Werner. As an aside, I noticed afterwards that even
with shared objects, one cannot do a complete build of the entire package
with --enable-hmac-binary-check as src/Makefile.am does not mention
variable DL_LIBS (in variables xxx_LDADD); needed for mpicalc.c, and
presumably also needed for any other binaries built with libgcrypt.

From:	Werner Koch <wk at gnupg.org>
To:	Burt Silverman/Raleigh/Contr/IBM at IBMUS
Cc:	gcrypt-devel at gnupg.org
Date:	04/06/2016 10:00 AM
Subject:	Re: dladdr() in fips.c and --enable-hmac-binary-check and

On Fri, 18 Mar 2016 02:09, burts at us.ibm.com said:
> One of our team members decided that he needed to create a program binary
> using static libraries, and he also decided to use the
> --enable-hmac-binary-check option. This combination of configure options
> will not work, because it exposes the dladdr() function call, and the

That option works only with glibc and shared objects - it was required
by a FIPS validated systems.  It is not portable.  I will add a source
comment to configure.ac to explain this.

> Can you eliminate the use of dladdr(), or come up with something that is
> less likely to trip up a novice? Perhaps it is ridiculous for him to be

Do not use features which are not described in README or in the manual



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160406/b94b2499/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: </pipermail/attachments/20160406/b94b2499/attachment.gif>

More information about the Gcrypt-devel mailing list