File openssl-fips-run_selftests_only_when_module_is_complete.patch of Package openssl-1_0_0.21013

Index: openssl-1.0.2l/crypto/fips/fips.c
===================================================================
--- openssl-1.0.2l.orig/crypto/fips/fips.c	2017-09-06 17:26:55.058055575 +0200
+++ openssl-1.0.2l/crypto/fips/fips.c	2017-09-06 17:26:55.138056721 +0200
@@ -421,15 +421,15 @@ int FIPS_module_mode_set(int onoff, cons
         }
 # endif
 
-        if (!FIPS_selftest()) {
+        if (!verify_checksums()) {
+            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
             fips_selftest_fail = 1;
             ret = 0;
             goto end;
         }
 
-        if (!verify_checksums()) {
-            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+        if (!FIPS_selftest()) {
             fips_selftest_fail = 1;
             ret = 0;
             goto end;
openSUSE Build Service is sponsored by