[gnutls-help] make check errors in system running FIPS mode

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Sep 23 13:06:45 CEST 2015

On Tue, Sep 22, 2015 at 3:51 PM, jonetsu <jonetsu at teksavvy.com> wrote:
>> From: "Nikos Mavrogiannopoulos" <nmav at gnutls.org>
>> Date: 09/22/15 02:24
>> In FIPS140-2 mode the library must have integrity tests, and if these
>> are not present it will fail to load. You may use the environment
>> variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS (set to 1), to skip these
>> tests.
> Thanks. OTOH, the interest is to have the test succeed.  I have looked into the INSTALL file and the user guide but did not find anything about running integrity tests, howto setup for them, etc.  In fips-test.c there is a mention:
> fprintf(stderr,
> "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");
> How are these integrity tests run ?  Is there documentation about them ?

They are run on the gnutls global initializer. There is no
documentation for the FIPS140 operations. It affects too few people to
make sense writing it. Unless there is someone contributing that
documentation I don't think that this will change soon.


More information about the Gnutls-help mailing list