openssl-1_1/openssl-fips-run_selftests_only_when_module_is_complete.patch

Index: openssl-1.1.1d/crypto/fips/fips.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips.c	2020-01-23 13:45:11.368633835 +0100
+++ openssl-1.1.1d/crypto/fips/fips.c	2020-01-23 13:45:21.316692954 +0100
@@ -454,15 +454,15 @@ int FIPS_module_mode_set(int onoff)
 
         fips_post = 1;
 
-        if (!FIPS_selftest()) {
+        if (!verify_checksums()) {
+            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
             fips_selftest_fail = 1;
             ret = 0;
             goto end;
         }
 
-        if (!verify_checksums()) {
-            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+        if (!FIPS_selftest()) {
             fips_selftest_fail = 1;
             ret = 0;
             goto end;