diff --git a/SOURCES/fipscheck-1.4.1-empty-hmac.patch b/SOURCES/fipscheck-1.4.1-empty-hmac.patch
new file mode 100644
index 0000000..c240e2a
--- /dev/null
+++ b/SOURCES/fipscheck-1.4.1-empty-hmac.patch
@@ -0,0 +1,50 @@
+diff -up fipscheck-1.4.1/src/fipscheck.c.empty-hmac fipscheck-1.4.1/src/fipscheck.c
+--- fipscheck-1.4.1/src/fipscheck.c.empty-hmac	2013-09-10 10:54:30.000000000 +0200
++++ fipscheck-1.4.1/src/fipscheck.c	2017-02-21 14:30:27.616371594 +0100
+@@ -34,13 +34,15 @@
+ #include "filehmac.h"
+ #include "fipscheck.h"
+ 
++#define MAX_HMAC_LEN 1024
++
+ static int
+ verify_hmac(const char *path, const char *hmac_suffix)
+ {
+ 	FILE *hf = NULL;
+ 	char *hmacpath, *p;
+-	int rv = 0;
+-	char *hmac = NULL;
++	int rv = 1;
++	char hmac[MAX_HMAC_LEN];
+ 	size_t n;
+ 	const char *hmacdir = PATH_HMACDIR;
+ 
+@@ -62,7 +64,7 @@ verify_hmac(const char *path, const char
+ 		hmacdir = NULL;
+ 	} while (hf == NULL);
+ 
+-	if (getline(&hmac, &n, hf) > 0) {
++	if (fgets(hmac, sizeof(hmac), hf) != NULL) {
+ 		void *buf;
+ 		size_t hmaclen;
+ 		char *hex;
+@@ -84,14 +86,17 @@ verify_hmac(const char *path, const char
+ 
+ 		if (strcmp(hex, hmac) != 0) {
+ 			debug_log("Hmac mismatch on file '%s'", path);
+-			rv = 1;
++		} else {
++			/* checksum matched */
++			rv = 0;
+ 		}
+ 		free(buf);
+ 		free(hex);
++	} else {
++		debug_log("Empty or broken hmac on file '%s'", path);
+ 	}
+ 
+ end:
+-	free(hmac);
+ 	fclose(hf);
+ 	return rv;
+ }
diff --git a/SPECS/fipscheck.spec b/SPECS/fipscheck.spec
index 89a0865..05713c3 100644
--- a/SPECS/fipscheck.spec
+++ b/SPECS/fipscheck.spec
@@ -1,7 +1,7 @@
 Summary:	A library for integrity verification of FIPS validated modules
 Name:		fipscheck
 Version:	1.4.1
-Release:	5%{?dist}
+Release:	6%{?dist}
 License:	BSD
 Group:		System Environment/Libraries
 # This is a Red Hat maintained package which is specific to
@@ -10,6 +10,7 @@ URL:		http://fedorahosted.org/fipscheck/
 Source0:	http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2
 # Prelink blacklist
 Source1:	fipscheck.conf
+Patch1:		fipscheck-1.4.1-empty-hmac.patch
 
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -42,6 +43,7 @@ This package contains development files for %{name}.
 
 %prep
 %setup -q
+%patch1 -p1 -b .empty-hmac
 
 %build
 %configure --disable-static
@@ -101,6 +103,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/*
 
 %changelog
+* Tue Feb 21 2017 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-6
+- handle empty hmac file as checksum mismatch
+
 * Mon Feb 10 2014 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-5
 - fix the library path in prelink blacklist