[gnutls-devel] GnuTLS | Use soname instead of file name in fipshmac sections (!1675)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Dec 9 02:07:10 CET 2022

Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1202533881

IIUC, before the change:
1. the libraries with known SONAMEs are `dlopen`'ed
2. the existence of some specific symbols in the library is checked with `dlsym`
3. HMACs are checked for the files pointed by `dli_fname` after `dladdr`

After the change:
1. the loaded libraries are enumerated with `dl_iterate_phdr`
2. for each library, check the last component of `dlpi_name` matches known any of known SONAMEs
3. if matches, HMAC is checked for the file pointed by `dlpi_name`

Afaik the first steps are equivalent (i.e., `dlopen` doesn't try to load libs if they are already loaded). The questions are:
- Can we safely omit checking of the existence of function symbols?
- Can we assume `dlpi_name` is always constructed so it points to the actual file path, ending with the SONAME?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1675#note_1202533881
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221209/d8d2a023/attachment.html>

More information about the Gnutls-devel mailing list