56cb0e447f
Backport upstream FIPS-140 power-on self-tests changes. This addresses the bug bz#1813384. This also includes a backport of a small fix to the gnutls-serv application to address the issue reported in rhbz#1816583. Resolves: #1813384, #1816583
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
From 17bcd7a60fb0b7d07718515946ebb064d33ef45b Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Wed, 18 Mar 2020 16:17:39 +0100
|
|
Subject: [PATCH] global: Load configuration after FIPS POST
|
|
|
|
Previously, if the loaded configuration file disabled an algorithm
|
|
tested during FIPS-140 power-on self-tests, the test would fail. By
|
|
loading the configuration file after the test is finished, such failure
|
|
is avoided as any algorithm is allowed during the tests.
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
lib/global.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/global.c b/lib/global.c
|
|
index b42fcb263..9a65d114c 100644
|
|
--- a/lib/global.c
|
|
+++ b/lib/global.c
|
|
@@ -368,7 +368,6 @@ static int _gnutls_global_init(unsigned constructor)
|
|
|
|
_gnutls_register_accel_crypto();
|
|
_gnutls_cryptodev_init();
|
|
- _gnutls_load_system_priorities();
|
|
|
|
#ifdef ENABLE_FIPS140
|
|
/* These self tests are performed on the overridden algorithms
|
|
@@ -385,6 +384,7 @@ static int _gnutls_global_init(unsigned constructor)
|
|
_gnutls_fips_mode_reset_zombie();
|
|
}
|
|
#endif
|
|
+ _gnutls_load_system_priorities();
|
|
_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
|
|
ret = 0;
|
|
|
|
--
|
|
2.24.1
|
|
|