set FIPS permitted flag before initalising digest

author Dr. Stephen Henson <steve@openssl.org>

Tue, 31 May 2011 16:24:06 +0000 (16:24 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 31 May 2011 16:24:06 +0000 (16:24 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 31 May 2011 16:24:06 +0000 (16:24 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 31 May 2011 16:24:06 +0000 (16:24 +0000)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index dc3101ff14430f3cedb00df915c6472108760be9..0ddfe192bc60748e41720c528a93de2622c9bed2 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -614,7 +614,6 @@ int ssl3_digest_cached_records(SSL *s)
                 if ((mask & ssl_get_algorithm2(s)) && md) 
                         {
                         s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
-                       EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
  #ifdef OPENSSL_FIPS
                         if (EVP_MD_nid(md) == NID_md5)
                                 {
@@ -622,6 +621,7 @@ int ssl3_digest_cached_records(SSL *s)
                                                 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                 }
  #endif
+                       EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
                         EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
                         } 
                 else
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 31 May 2011 16:24:06 +0000 (16:24 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 31 May 2011 16:24:06 +0000 (16:24 +0000)