From 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 12 Sep 2015 00:44:07 +0100 Subject: [PATCH] Check for FIPS mode after loading config. PR#3958 Reviewed-by: Rich Salz --- apps/pkcs12.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 4ff64495a9..e41b445a50 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -134,13 +134,6 @@ int MAIN(int argc, char **argv) apps_startup(); -# ifdef OPENSSL_FIPS - if (FIPS_mode()) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -# endif - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - enc = EVP_des_ede3_cbc(); if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -148,6 +141,13 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +# ifdef OPENSSL_FIPS + if (FIPS_mode()) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +# endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + args = argv + 1; while (*args) { -- 2.25.1