diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2020-03-18 16:17:39 +0100 |
---|---|---|
committer | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2020-03-18 18:10:46 +0100 |
commit | 17bcd7a60fb0b7d07718515946ebb064d33ef45b (patch) | |
tree | dda28014373c5b597529a9b5c8160457400954b0 | |
parent | ea2a81e5bd115826d2ecd0b0ecc634c95b285a48 (diff) | |
download | gnutls-17bcd7a60fb0b7d07718515946ebb064d33ef45b.tar.gz |
global: Load configuration after FIPS POST
Previously, if the loaded configuration file disabled an algorithm
tested during FIPS-140 power-on self-tests, the test would fail. By
loading the configuration file after the test is finished, such failure
is avoided as any algorithm is allowed during the tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-rw-r--r-- | lib/global.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/global.c b/lib/global.c index b42fcb2632..9a65d114cc 100644 --- a/lib/global.c +++ b/lib/global.c @@ -368,7 +368,6 @@ static int _gnutls_global_init(unsigned constructor) _gnutls_register_accel_crypto(); _gnutls_cryptodev_init(); - _gnutls_load_system_priorities(); #ifdef ENABLE_FIPS140 /* These self tests are performed on the overridden algorithms @@ -385,6 +384,7 @@ static int _gnutls_global_init(unsigned constructor) _gnutls_fips_mode_reset_zombie(); } #endif + _gnutls_load_system_priorities(); _gnutls_switch_lib_state(LIB_STATE_OPERATIONAL); ret = 0; |