Bug 1813384 - GnuTLS FIPS selftest fails on Fedora
Summary: GnuTLS FIPS selftest fails on Fedora
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: gnutls
Version: 31
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Anderson Sasaki
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1789609 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-13 16:22 UTC by Andreas Schneider
Modified: 2020-03-31 14:49 UTC (History)
9 users (show)

Fixed In Version: gnutls-3.6.12-2.fc31
Clone Of:
Environment:
Last Closed: 2020-03-31 02:58:29 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab gnutls gnutls issues 956 0 None None None 2020-03-18 15:59:41 UTC

Description Andreas Schneider 2020-03-13 16:22:06 UTC 
GnuTLS FIPS selftest fails on Fedora


Here is a simple reproducer:

$ GNUTLS_FORCE_FIPS_MODE=1 certtool 
Error in GnuTLS initialization: Error while performing self checks.
global_init: Error while performing self checks.


I would suggest to add it to the %check section of the spec file ...
Comment 1 Andreas Schneider 2020-03-13 16:23:21 UTC 
Even trying to skip the check doesn't work:

$ GNUTLS_FORCE_FIPS_MODE=1 GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 certtool 
Error in GnuTLS initialization: Error while performing self checks.
global_init: Error while performing self checks.
Comment 3 Anderson Sasaki 2020-03-24 14:58:11 UTC 
Upstream fix:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1216
Comment 4 Simo Sorce 2020-03-27 14:00:41 UTC 
Daiki, can we get a fix in Fedora asap ?
Comment 5 Fedora Update System 2020-03-27 14:08:39 UTC 
FEDORA-2020-894490a3f6 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-894490a3f6
Comment 6 Fedora Update System 2020-03-28 02:43:01 UTC 
FEDORA-2020-894490a3f6 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-894490a3f6`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-894490a3f6

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Anderson Sasaki 2020-03-30 09:37:23 UTC 
I've submitted the updates for Fedora 31 and 32 on Friday (2020-03-27)
Comment 8 Fedora Update System 2020-03-31 02:58:29 UTC 
FEDORA-2020-894490a3f6 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 9 Evan McClain 2020-03-31 14:49:44 UTC 
*** Bug 1789609 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.