Description of problem: Any gnutls utility fails during initialization when in FIPS mode. Version-Release number of selected component (if applicable): rpmquery gnutls nettle gnutls-3.7.8-11.fc38.x86_64 nettle-3.8-3.fc38.x86_64 How reproducible: Always Steps to Reproduce: 1. GNUTLS_FORCE_FIPS_MODE=1 gnutls-cli-debug Actual results: Error in GnuTLS initialization: Error while performing self checks. global state initialization error Expected results: GnuTLS debug client 3.7.8 Checking localhost:443 Could not connect to 127.0.0.1:443: Connection refused Additional info: This is very similar to bug 2099651, which was fixed by rebuilding gnutls, I think.
FEDORA-2023-4fc4c33f2b has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2023-4fc4c33f2b
FEDORA-2023-1c4a6a47ae has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-1c4a6a47ae
FEDORA-2023-5b378b82b3 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-5b378b82b3
With GNUTLS_DEBUG_LEVEL=10, it says: gnutls[2]: Calculated MAC for /lib64/libnettle.so.8 does not match gnutls[3]: ASSERT: ../../lib/fips.c[check_lib_hmac]:383 So gnutls package is rebuilt against older nettle package (3.8-2.fc37), while the latest nettle is 3.8-3.fc38. We have a gating test[1] to prevent this, though it apparently didn't help with mass-rebuild. The updates linked from the above comments should indeed fix the issue. 1. https://src.fedoraproject.org/rpms/gnutls/blob/rawhide/f/gating.yml
FEDORA-2023-4fc4c33f2b has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-4fc4c33f2b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-4fc4c33f2b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-5b378b82b3 has been pushed to the Fedora 38 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-5b378b82b3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-1c4a6a47ae has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-1c4a6a47ae` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-1c4a6a47ae See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-1c4a6a47ae has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-5b378b82b3 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-4fc4c33f2b has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.