Bug 1813384

Summary: GnuTLS FIPS selftest fails on Fedora
Product: [Fedora] Fedora Reporter: Andreas Schneider <asn>
Component: gnutlsAssignee: Anderson Sasaki <ansasaki>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 31CC: aeroevan, ansasaki, asn, crypto-team, dueno, nmavrogi, pemensik, ssorce, tmraz
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gnutls-3.6.12-2.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 02:58:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andreas Schneider 2020-03-13 16:22:06 UTC 
GnuTLS FIPS selftest fails on Fedora


Here is a simple reproducer:

$ GNUTLS_FORCE_FIPS_MODE=1 certtool 
Error in GnuTLS initialization: Error while performing self checks.
global_init: Error while performing self checks.


I would suggest to add it to the %check section of the spec file ...
Comment 1 Andreas Schneider 2020-03-13 16:23:21 UTC 
Even trying to skip the check doesn't work:

$ GNUTLS_FORCE_FIPS_MODE=1 GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 certtool 
Error in GnuTLS initialization: Error while performing self checks.
global_init: Error while performing self checks.
Comment 3 Anderson Sasaki 2020-03-24 14:58:11 UTC 
Upstream fix:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1216
Comment 4 Simo Sorce 2020-03-27 14:00:41 UTC 
Daiki, can we get a fix in Fedora asap ?
Comment 5 Fedora Update System 2020-03-27 14:08:39 UTC 
FEDORA-2020-894490a3f6 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-894490a3f6
Comment 6 Fedora Update System 2020-03-28 02:43:01 UTC 
FEDORA-2020-894490a3f6 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-894490a3f6`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-894490a3f6

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Anderson Sasaki 2020-03-30 09:37:23 UTC 
I've submitted the updates for Fedora 31 and 32 on Friday (2020-03-27)
Comment 8 Fedora Update System 2020-03-31 02:58:29 UTC 
FEDORA-2020-894490a3f6 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 9 Evan McClain 2020-03-31 14:49:44 UTC 
*** Bug 1789609 has been marked as a duplicate of this bug. ***