Don't run power-on self-tests on DSA

Resolves: #2061325 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-03-31 11:23:39 +02:00 · 2022-03-31 11:23:39 +02:00 · 8f121242f9
parent 81d601383e
commit 8f121242f9
2 changed files with 32 additions and 0 deletions
--- a/gnutls-3.7.3-fips-dsa-post.patch
+++ b/gnutls-3.7.3-fips-dsa-post.patch
@ -0,0 +1,30 @@
+From fcef3404733e0839cc0f8d1fcdc5bc0f8edc7e76 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 31 Mar 2022 11:20:28 +0200
+Subject: [PATCH] fips: don't run POST for DSA
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ lib/fips.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/lib/fips.c b/lib/fips.c
+index 457a8c0..074e8e1 100644
+--- a/lib/fips.c
+++ b/lib/fips.c
+@@ -419,12 +419,6 @@ int _gnutls_fips_perform_self_checks2(void)
+ 		goto error;
+ 	}
+ 
+-	ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA);
+-	if (ret < 0) {
+-		gnutls_assert();
+-		goto error;
+-	}
+-
+ 	ret = gnutls_pk_self_test(0, GNUTLS_PK_EC);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+-- 
+2.34.1
+
--- a/gnutls.spec
+++ b/gnutls.spec
@ -29,6 +29,7 @@ Patch12: gnutls-3.7.3-libtss2-dlopen.patch

 # not upstreamed
 Patch100: gnutls-3.7.3-disable-config-reload.patch
+Patch101: gnutls-3.7.3-fips-dsa-post.patch

 %bcond_without bootstrap
 %bcond_without dane
@ -345,6 +346,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %changelog
 * Thu Mar 31 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-10
 - Use only the first component of VERSION from /etc/os-release (#2070249)
+- Don't run power-on self-tests on DSA (#2061325)

 * Fri Feb 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-9
 - Stop using typeof keyword for tss2 function prototypes (#2057490)