[gnutls-devel] GnuTLS | FIPS self-tests fail for algorithms disabled by configuration files (#956)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Mar 18 16:16:29 CET 2020

Anderson Sasaki created an issue: https://gitlab.com/gnutls/gnutls/-/issues/956

## Description of problem:
This bug was originally reported in https://bugzilla.redhat.com/show_bug.cgi?id=1813384

When an algorithm tested during FIPS power-on self-tests is disabled by the used configuration file (e.g through crypto-policies in Fedora), the FIPS self-tests fail.

The suggested way to fix this issue is to postpone the loading of the configuration file during the library initialization

## Version of gnutls used:

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora 31

## How reproducible:

Steps to Reproduce:

 * Create a configuration file which disables one of the tested algorithms. For example containing:
insecure-sig = DSA-SHA256

 * Use that configuration and run an application forcing FIPS mode:

## Actual results:
Error in GnuTLS initialization: Error while performing self checks.
global_init: Error while performing self checks.
## Expected results:
No error

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/956
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200318/304fcd40/attachment.html>

More information about the Gnutls-devel mailing list