[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Dr. Stephen Henson steve at openssl.org
Sat Sep 12 01:42:59 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  2aa5a2c76656f3873fecd0f0bcc628c1861c27a9 (commit)
      from  eac2b837d63fbac8acb3a9d1f65a2d8379edfc93 (commit)


- Log -----------------------------------------------------------------
commit 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sat Sep 12 00:44:07 2015 +0100

    Check for FIPS mode after loading config.
    
    PR#3958
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/pkcs12.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 4ff6449..e41b445 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -134,13 +134,6 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-# endif
-        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL)
         bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -148,6 +141,13 @@ int MAIN(int argc, char **argv)
     if (!load_config(bio_err, NULL))
         goto end;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    else
+# endif
+        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
     args = argv + 1;
 
     while (*args) {


More information about the openssl-commits mailing list