diff --color -ruNp a/lib/fips.c b/lib/fips.c
--- a/lib/fips.c 2022-11-15 16:10:56.183185457 +0100
+++ b/lib/fips.c 2022-11-15 16:10:23.488530716 +0100
@@ -360,11 +360,6 @@ static int check_lib_hmac(struct hmac_en
return gnutls_assert_val(ret);
}
- if (strncmp(entry->path, path, GNUTLS_PATH_MAX)) {
- _gnutls_debug_log("Library path for %s does not match with HMAC file\n", lib);
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- }
-
_gnutls_debug_log("Loading: %s\n", path);
ret = gnutls_load_file(path, &data);
if (ret < 0) {
diff --color -ruNp a/lib/fipshmac.c b/lib/fipshmac.c
--- a/lib/fipshmac.c 2022-11-15 16:10:56.183185457 +0100
+++ b/lib/fipshmac.c 2022-11-15 16:10:23.489530737 +0100
@@ -102,20 +102,30 @@ static int get_hmac(const char *path, ch
static int print_lib_path(const char *path)
{
int ret;
+ char *real_path = NULL;
char hmac[HMAC_STR_SIZE];
- ret = get_hmac(path, hmac, sizeof(hmac));
+ real_path = canonicalize_file_name(path);
+ if (real_path == NULL) {
+ fprintf(stderr, "Could not get realpath from %s\n", path);
+ ret = GNUTLS_E_FILE_ERROR;
+ goto cleanup;
+ }
+
+ ret = get_hmac(real_path, hmac, sizeof(hmac));
if (ret < 0) {
fprintf(stderr, "Could not calculate HMAC for %s: %s\n",
- last_component(path), gnutls_strerror(ret));
- return ret;
+ last_component(real_path), gnutls_strerror(ret));
+ goto cleanup;
}
printf("[%s]\n", last_component(path));
- printf("path = %s\n", path);
+ printf("path = %s\n", real_path);
printf("hmac = %s\n", hmac);
- return 0;
+cleanup:
+ free(real_path);
+ return ret;
}
static int print_lib_dl(const char *lib, const char *sym)