From 17bcd7a60fb0b7d07718515946ebb064d33ef45b Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Wed, 18 Mar 2020 16:17:39 +0100
Subject: global: Load configuration after FIPS POST

Previously, if the loaded configuration file disabled an algorithm
tested during FIPS-140 power-on self-tests, the test would fail.  By
loading the configuration file after the test is finished, such failure
is avoided as any algorithm is allowed during the tests.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 lib/global.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/global.c b/lib/global.c
index b42fcb2632..9a65d114cc 100644
--- a/lib/global.c
+++ b/lib/global.c
@@ -368,7 +368,6 @@ static int _gnutls_global_init(unsigned constructor)
 
 	_gnutls_register_accel_crypto();
 	_gnutls_cryptodev_init();
-	_gnutls_load_system_priorities();
 
 #ifdef ENABLE_FIPS140
 	/* These self tests are performed on the overridden algorithms
@@ -385,6 +384,7 @@ static int _gnutls_global_init(unsigned constructor)
 		_gnutls_fips_mode_reset_zombie();
 	}
 #endif
+	_gnutls_load_system_priorities();
 	_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
 	ret = 0;
 
-- 
cgit v1.2.1