From: Dr. Stephen Henson Date: Tue, 14 Jun 2011 15:25:21 +0000 (+0000) Subject: set FIPS allow before initialising ctx X-Git-Tag: OpenSSL-fips-2_0-rc1~320 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=70051b1d88497829470b8d63cbc326fff8d5c1c7;p=oweals%2Fopenssl.git set FIPS allow before initialising ctx --- diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8600d0602f..197a498924 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1921,10 +1921,10 @@ int ssl3_send_server_key_exchange(SSL *s) j=0; for (num=2; num > 0; num--) { - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(d[4]),n);