fips140: Ignore newlines read at the end of HMAC file

This makes the integrity check to ignore newlines appended after the
HMAC value.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

diff --git a/lib/fips.c b/lib/fips.c
index fb2d596c2ac8f4caa5ead3d78ebc99219f150b83..0169ab171a8945957b13fc2856ca33e13f51f159 100644 (file)
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -250,6 +250,13 @@ static unsigned check_binary_integrity(const char* libname, const char* symbol)
        }
 
        hmac_size = hex_data_size(data.size);
+
+       /* trim eventual newlines from the end of the data read from file */
+       while ((data.size > 0) && (data.data[data.size - 1] == '\n')) {
+               data.data[data.size - 1] = 0;
+               data.size--;
+       }
+
        ret = gnutls_hex_decode(&data, hmac, &hmac_size);
        gnutls_free(data.data);