Merge branch 'fix_fips_lib_name' into 'master'

Fix FIPS integrity self tests

See merge request gnutls/gnutls!873

2 files changed, 12 insertions, 5 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9da0e870c0..55d6386d71 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -172,8 +172,8 @@ FIPS140-2.Fedora.x86_64:
   - mkdir -p build && cd build &&
     dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --disable-non-suiteb-curves --enable-fips140-mode --disable-doc --disable-full-test-suite --disable-guile
   - make -j$(nproc)
-  - GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1 make check -j$(nproc)
-  - make check -j$(nproc)
+  - mkdir -p lib/.libs/fipscheck && fipshmac -d lib/.libs/fipscheck/ -s .hmac lib/.libs/libgnutls.so*
+  - GNUTLS_FORCE_FIPS_MODE=1 make check -j$(nproc)
   - cd ..
   tags:
   - shared
diff --git a/lib/fips.c b/lib/fips.c
index 2715af599f..0169ab171a 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -135,9 +135,9 @@ void _gnutls_fips_mode_reset_zombie(void)
 	}
 }
 
-#define GNUTLS_LIBRARY_NAME "libgnutls.so.28"
-#define NETTLE_LIBRARY_NAME "libnettle.so.4"
-#define HOGWEED_LIBRARY_NAME "libhogweed.so.2"
+#define GNUTLS_LIBRARY_NAME "libgnutls.so.30"
+#define NETTLE_LIBRARY_NAME "libnettle.so.6"
+#define HOGWEED_LIBRARY_NAME "libhogweed.so.4"
 #define GMP_LIBRARY_NAME "libgmp.so.10"
 
 #define HMAC_SUFFIX ".hmac"
@@ -250,6 +250,13 @@ static unsigned check_binary_integrity(const char* libname, const char* symbol)
 	}
 
 	hmac_size = hex_data_size(data.size);
+
+	/* trim eventual newlines from the end of the data read from file */
+	while ((data.size > 0) && (data.data[data.size - 1] == '\n')) {
+		data.data[data.size - 1] = 0;
+		data.size--;
+	}
+
 	ret = gnutls_hex_decode(&data, hmac, &hmac_size);
 	gnutls_free(data.data);