Remove library path checking from FIPS integrity check

The library path check is being dropped as checking the HMAC of
libraries should be sufficient. Checking the exact path where the
library resides showed to be failure prone. The sonames of libraries are
internally indirectly compared.

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

diff --git a/lib/fips.c b/lib/fips.c
index 54eb4a37d448ba568e97b02ba70bf508f44fea43..f708359e1aee4ff3b80498f15ffcba40180f4e01 100644 (file)
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -352,11 +352,6 @@ static int check_lib_hmac(struct hmac_entry *entry,
                return gnutls_assert_val(ret);
        }
 
-       if (strncmp(entry->path, path, GNUTLS_PATH_MAX)) {
-               _gnutls_debug_log("Library path for %s does not match with HMAC file\n", lib);
-               return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-       }
-
        _gnutls_debug_log("Loading: %s\n", path);
        ret = gnutls_load_file(path, &data);
        if (ret < 0) {