From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 31 May 2011 16:24:19 +0000 (+0000)
Subject: set FIPS permitted flag before initalising digest
X-Git-Tag: OpenSSL-fips-2_0-rc1~356
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=8f119a03578ddc9f82d83e01ccfe48890f9dda03

set FIPS permitted flag before initalising digest
---

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index dc3101ff14..0ddfe192bc 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -614,7 +614,6 @@ int ssl3_digest_cached_records(SSL *s)
 		if ((mask & ssl_get_algorithm2(s)) && md) 
 			{
 			s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
-			EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
 #ifdef OPENSSL_FIPS
 			if (EVP_MD_nid(md) == NID_md5)
 				{
@@ -622,6 +621,7 @@ int ssl3_digest_cached_records(SSL *s)
 						EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 				}
 #endif
+			EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
 			EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
 			} 
 		else