diff options
| author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-01-11 11:23:21 +0100 |
|---|---|---|
| committer | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-03-04 13:22:07 +0100 |
| commit | abd54456e67dcf7e4ff97c5db367261a0c17e3b4 (patch) | |
| tree | 2477ed0af297df0b0e5bfe093f069c8ca2c9414e | |
| parent | 6138a0c83dfff9d0d493259546d0806ae13b4a3d (diff) | |
| download | gnutls-abd54456e67dcf7e4ff97c5db367261a0c17e3b4.tar.gz | |
fips140: Ignore newlines read at the end of HMAC file
This makes the integrity check to ignore newlines appended after the
HMAC value.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
| -rw-r--r-- | lib/fips.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/fips.c b/lib/fips.c index fb2d596c2a..0169ab171a 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -250,6 +250,13 @@ static unsigned check_binary_integrity(const char* libname, const char* symbol) } hmac_size = hex_data_size(data.size); + + /* trim eventual newlines from the end of the data read from file */ + while ((data.size > 0) && (data.data[data.size - 1] == '\n')) { + data.data[data.size - 1] = 0; + data.size--; + } + ret = gnutls_hex_decode(&data, hmac, &hmac_size); gnutls_free(data.data); |