[gnutls-devel] GnuTLS | [WIP] Consolidate FIPS .hmac files (!1562)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Mar 30 08:31:38 CEST 2022




Daiki Ueno commented:


I have been thinking about this for a while and here are a couple of observations: firstly, until now we stored the `.hmac` file as `/usr/lib64/.lib<name>.so.*.hmac` etc., where it was obvious that the `.hmac` file corresponds to `/usr/lib64/lib<name>.so.*`. Now, in the new format, this information (mapping between `.hmac` files and actual library files) is missing. I suggest either extending the format like:
```ini
[global]
...

[libgnutls.so.30]
path = ...
hmac = ...

[libnettle.so.8]
path = ...
hmac = ...

...
```
Note the section names are library SONAMEs.

Secondly, instead of determining the library paths at `configure` time, `fipshmac` could resolve them at run time. That could be done either by taking the path to `libgnutls.so.*` only or taking SONAMEs instead of file paths, something like:
```makefile
lib/fipshmac $(gnutls_so) $(nettle_so) $(hogweed_so) $(gmp_so)
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1562#note_893869026
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220330/8b5a633f/attachment.html>


More information about the Gnutls-devel mailing list