Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-35857

Cannot initialize GnuTLS when FIPS mode is enabled due to broken self tests

XMLWordPrintable

    • gnutls-3.8.5-4.el10
    • None
    • None
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 26
    • 0.5
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q2
    • Unspecified Release Note Type - Unknown
    • x86_64
    • None

      What were you trying to do that didn't work?

      If the GNUTLS_FORCE_FIPS_MODE=1 environment variable is defined, then it's not possible to initialize GnuTLS due to the following error:

      Error in GnuTLS initialization: Error while performing self checks.

      This can be "fixed" by defining the environment variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1.

      This bug occurs in both c10s and RHEL 10, but does not occur in Fedora rawhide. (Didn't test Fedora 40.)

       

      Please provide the package NVR for which bug is seen:

      Probably gnutls-3.8.3-2.el10

      How reproducible: Always

      Steps to reproduce

      1. Visit this glib2 package merge request and check out the branch
      2. Run `centpkg mockbuild`

      Expected results

      Tests pass

      Actual results

      stderr:
Error in GnuTLS initialization: Error while performing self checks.
(test program exited with status code -5)

              dueno@redhat.com Daiki Ueno
              mcatanza@redhat.com Michael Catanzaro
              Daiki Ueno Daiki Ueno
              Alexander Sosedkin Alexander Sosedkin
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: