40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test.c openssl-3.0.9-new/providers/fips/self_test.c
|
|
--- openssl-3.0.9/providers/fips/self_test.c 2023-05-31 14:33:13.261114521 +0200
|
|
+++ openssl-3.0.9-new/providers/fips/self_test.c 2023-05-31 14:33:14.360114049 +0200
|
|
@@ -350,6 +350,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
if (ev == NULL)
|
|
goto end;
|
|
|
|
+ /*
|
|
+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements
|
|
+ */
|
|
+ if (kats_already_passed == 0) {
|
|
+ if (!SELF_TEST_kats(ev, st->libctx)) {
|
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
|
|
+ goto end;
|
|
+ }
|
|
+ }
|
|
+
|
|
module_checksum = fips_hmac_container;
|
|
checksum_len = sizeof(fips_hmac_container);
|
|
|
|
@@ -399,18 +409,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
kats_already_passed = 1;
|
|
}
|
|
}
|
|
-
|
|
- /*
|
|
- * Only runs the KAT's during installation OR on_demand().
|
|
- * NOTE: If the installation option 'self_test_onload' is chosen then this
|
|
- * path will always be run, since kats_already_passed will always be 0.
|
|
- */
|
|
- if (on_demand_test || kats_already_passed == 0) {
|
|
- if (!SELF_TEST_kats(ev, st->libctx)) {
|
|
- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
|
|
- goto end;
|
|
- }
|
|
- }
|
|
ok = 1;
|
|
end:
|
|
OSSL_SELF_TEST_free(ev);
|