File gnutls-FIPS-Set-error-state-when-jent-init-failed.patch of Package gnutls.26615

---
 lib/nettle/sysrng-linux.c |    6 ++++++
 1 file changed, 6 insertions(+)

Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
===================================================================
--- gnutls-3.7.3.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.7.3/lib/nettle/sysrng-linux.c
@@ -49,11 +49,13 @@
 get_entropy_func _rnd_get_system_entropy = NULL;
 
 #if defined(__linux__)
-# ifdef ENABLE_FIPS140
+# if defined(ENABLE_FIPS140)
 #  define HAVE_JENT
 #  include <jitterentropy.h>
 static int jent_initialized = 0;
 static struct rand_data* ec = NULL;
+/* Declare function to fix a missing-prototypes compilation warning */
+void FIPS_jent_entropy_deinit(void);
 # endif
 # ifdef HAVE_GETRANDOM
 #  include <sys/random.h>
@@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si
 #  endif
 # endif
 
-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+#  if defined(HAVE_JENT)
 /* check whether the CPU Jitter entropy collector is available. */
 static unsigned FIPS_jent_entropy_init(void)
 {
@@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent(
 
 	return 0;
 }
+#  endif
 # endif
 
 static unsigned have_getrandom(void)
@@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void)
 	int urandom_fd;
 
 #if defined(__linux__)
-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+#  if defined(HAVE_JENT)
 	/* Enable jitterentropy usage if available */
 	if (FIPS_jent_entropy_init()) {
 		_rnd_get_system_entropy = _rnd_get_system_entropy_jent;
@@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void)
 		return 0;
 	} else {
 		_gnutls_debug_log("jitterentropy is not available\n");
+		/* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
+		if (_gnutls_fips_mode_enabled()) {
+			_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+			_gnutls_switch_lib_state(LIB_STATE_ERROR);
+			return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
+		}
 	}
+#  endif
 # endif
 	/* Enable getrandom() usage if available */
 	if (have_getrandom()) {
@@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void)
 {
 	/* A no-op now when we open and close /dev/urandom every time */
 #if defined(__linux__)
-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+#  if defined(HAVE_JENT)
 	FIPS_jent_entropy_deinit();
+#  endif
 # endif
 #endif
 	return;
Index: gnutls-3.7.3/tests/Makefile.am
===================================================================
--- gnutls-3.7.3.orig/tests/Makefile.am
+++ gnutls-3.7.3/tests/Makefile.am
@@ -205,7 +205,7 @@ ctests += mini-record-2 simple gnutls_hm
 	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
 	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
 	 tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
-	 set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
+	 set_x509_key_file_ocsp client-fastopen srp rng-pthread \
 	 safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
 	 safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
 	 rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \