diff --git a/gnutls-3.7.3-fips-dsa-post.patch b/gnutls-3.7.3-fips-dsa-post.patch new file mode 100644 index 0000000..c889590 --- /dev/null +++ b/gnutls-3.7.3-fips-dsa-post.patch @@ -0,0 +1,30 @@ +From fcef3404733e0839cc0f8d1fcdc5bc0f8edc7e76 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 31 Mar 2022 11:20:28 +0200 +Subject: [PATCH] fips: don't run POST for DSA + +Signed-off-by: rpm-build +--- + lib/fips.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/lib/fips.c b/lib/fips.c +index 457a8c0..074e8e1 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -419,12 +419,6 @@ int _gnutls_fips_perform_self_checks2(void) + goto error; + } + +- ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA); +- if (ret < 0) { +- gnutls_assert(); +- goto error; +- } +- + ret = gnutls_pk_self_test(0, GNUTLS_PK_EC); + if (ret < 0) { + gnutls_assert(); +-- +2.34.1 + diff --git a/gnutls.spec b/gnutls.spec index 9b6ade6..fb2e685 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -29,6 +29,7 @@ Patch12: gnutls-3.7.3-libtss2-dlopen.patch # not upstreamed Patch100: gnutls-3.7.3-disable-config-reload.patch +Patch101: gnutls-3.7.3-fips-dsa-post.patch %bcond_without bootstrap %bcond_without dane @@ -345,6 +346,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null %changelog * Thu Mar 31 2022 Daiki Ueno - 3.7.3-10 - Use only the first component of VERSION from /etc/os-release (#2070249) +- Don't run power-on self-tests on DSA (#2061325) * Fri Feb 25 2022 Daiki Ueno - 3.7.3-9 - Stop using typeof keyword for tss2 function prototypes (#2057490)