From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 11 Sep 2015 23:44:07 +0000 (+0100)
Subject: Check for FIPS mode after loading config.
X-Git-Tag: OpenSSL_1_0_1q~73
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=421baf1862e5325c1de36dcb171a8a33d44f121f

Check for FIPS mode after loading config.

PR#3958

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9)
---

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 4ff64495a9..e41b445a50 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -134,13 +134,6 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-# endif
-        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL)
         bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -148,6 +141,13 @@ int MAIN(int argc, char **argv)
     if (!load_config(bio_err, NULL))
         goto end;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    else
+# endif
+        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
     args = argv + 1;
 
     while (*args) {