fipshmac: pathname checking should resolve realpath of libraries
With the following .gnutls.hmac
file:
[global]
format-version = 1
[libgnutls.so.30]
path = /lib64/libgnutls.so.30
hmac = b94b08e69e16fe9822fce3f548ada7bff35cb501be1d29fe359df8152920897a
[libnettle.so.8]
path = /lib64/libnettle.so.8
hmac = 91d1e4123f06097a7ba0457425b16f5dbc63e8b4367ec6f34478a6581926f160
[libhogweed.so.6]
path = /lib64/libhogweed.so.6
hmac = 982e7cd42272a96080afc180dd7655d097051e1292cac8caee8f125a2988e61c
[libgmp.so.10]
path = /lib64/libgmp.so.10
hmac = c7850b25b26e8fd2a26722e6aaabfcf74327044a9fe59ebc66707741a2bb8e82
and /lib64
is actually a symlink to /usr/lib64
, the FIPS library integrity check may fail with certain LD_LIBRARY_PATH setting:
$ LD_LIBRARY_PATH=/usr/lib64 GNUTLS_FORCE_FIPS_MODE=1 gnutls-cli-debug
Error in GnuTLS initialization: Error while performing self checks.
global state initialization error