File gnutls-FIPS-Zeroize-check_binary_integrity.patch of Package gnutls.26615

Index: gnutls-3.7.3/lib/fips.c
===================================================================
--- gnutls-3.7.3.orig/lib/fips.c
+++ gnutls-3.7.3/lib/fips.c
@@ -267,10 +267,15 @@ static unsigned check_binary_integrity(c
 	if (hmac_size != sizeof(hmac) ||
 			memcmp(hmac, new_hmac, sizeof(hmac)) != 0) {
 		_gnutls_debug_log("Calculated MAC for %s does not match\n", libname);
+		zeroize_key(hmac, sizeof(hmac));
+		zeroize_key(new_hmac, sizeof(new_hmac));
 		return gnutls_assert_val(0);
 	}
 	_gnutls_debug_log("Successfully verified MAC for %s (%s)\n", mac_file, libname);
-	
+
+	zeroize_key(hmac, sizeof(hmac));
+	zeroize_key(new_hmac, sizeof(new_hmac));
+
 	return 1;
 }