Check for FIPS mode after loading config.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 11 Sep 2015 23:44:07 +0000 (00:44 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 12 Sep 2015 01:43:36 +0000 (02:43 +0100)
PR#3958

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9)

apps/pkcs12.c

index 4ff6449..e41b445 100644 (file)
@@ -134,13 +134,6 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-# endif
-        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL)
         bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -148,6 +141,13 @@ int MAIN(int argc, char **argv)
     if (!load_config(bio_err, NULL))
         goto end;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    else
+# endif
+        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
     args = argv + 1;
 
     while (*args) {