From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 14 Jun 2011 15:25:41 +0000 (+0000)
Subject: set FIPS allow before initialising ctx
X-Git-Tag: OpenSSL_1_0_1-beta1~238
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4bea454021de916722415968c590ed02711fc986;p=openssl

set FIPS allow before initialising ctx
---

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 2b8cc5fe80..b95648fb31 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1877,10 +1877,10 @@ int ssl3_send_server_key_exchange(SSL *s)
 				j=0;
 				for (num=2; num > 0; num--)
 					{
-					EVP_DigestInit_ex(&md_ctx,(num == 2)
-						?s->ctx->md5:s->ctx->sha1, NULL);
 					EVP_MD_CTX_set_flags(&md_ctx,
 						EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+					EVP_DigestInit_ex(&md_ctx,(num == 2)
+						?s->ctx->md5:s->ctx->sha1, NULL);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(d[4]),n);