File openssl-FIPS-KAT-before-integrity-tests.patch of Package openssl-1_1

Index: openssl-1.1.1l/crypto/fips/fips.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips.c
+++ openssl-1.1.1l/crypto/fips/fips.c
@@ -453,15 +453,17 @@ int FIPS_module_mode_set(int onoff)
 
         fips_post = 1;
 
-        if (!verify_checksums()) {
-            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+	/* Run the KATs before the HMAC verification for FIPS 140-3 compliance */
+        if (!FIPS_selftest()) {
             fips_selftest_fail = 1;
             ret = 0;
             goto end;
         }
 
-        if (!FIPS_selftest()) {
+	/* Run the HMAC verification after the KATs for FIPS 140-3 compliance */
+        if (!verify_checksums()) {
+            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
             fips_selftest_fail = 1;
             ret = 0;
             goto end;