From ccf8343aedd49b1250bee761f5c1ba8465b7dadb Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 10 Jan 2019 14:04:02 +0100
Subject: [PATCH 1/2] fips140: Fix the names of files used in integrity checks

The names of the libraries haven't been updated when the soname version
were bumped.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 lib/fips.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/fips.c b/lib/fips.c
index 2715af599..fb2d596c2 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -135,9 +135,9 @@ void _gnutls_fips_mode_reset_zombie(void)
 	}
 }
 
-#define GNUTLS_LIBRARY_NAME "libgnutls.so.28"
-#define NETTLE_LIBRARY_NAME "libnettle.so.4"
-#define HOGWEED_LIBRARY_NAME "libhogweed.so.2"
+#define GNUTLS_LIBRARY_NAME "libgnutls.so.30"
+#define NETTLE_LIBRARY_NAME "libnettle.so.6"
+#define HOGWEED_LIBRARY_NAME "libhogweed.so.4"
 #define GMP_LIBRARY_NAME "libgmp.so.10"
 
 #define HMAC_SUFFIX ".hmac"
-- 
2.20.1


From 8bac499469af3fb39a5ad59f1defe9f3824d5119 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Fri, 11 Jan 2019 11:23:21 +0100
Subject: [PATCH 2/2] fips140: Ignore newlines read at the end of HMAC file

This makes the integrity check to ignore newlines appended after the
HMAC value.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 lib/fips.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/fips.c b/lib/fips.c
index fb2d596c2..0169ab171 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -250,6 +250,13 @@ static unsigned check_binary_integrity(const char* libname, const char* symbol)
 	}
 
 	hmac_size = hex_data_size(data.size);
+
+	/* trim eventual newlines from the end of the data read from file */
+	while ((data.size > 0) && (data.data[data.size - 1] == '\n')) {
+		data.data[data.size - 1] = 0;
+		data.size--;
+	}
+
 	ret = gnutls_hex_decode(&data, hmac, &hmac_size);
 	gnutls_free(data.data);
 
-- 
2.20.1