From 421baf1862e5325c1de36dcb171a8a33d44f121f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 12 Sep 2015 00:44:07 +0100 Subject: Check for FIPS mode after loading config. PR#3958 Reviewed-by: Rich Salz (cherry picked from commit 2aa5a2c76656f3873fecd0f0bcc628c1861c27a9) --- apps/pkcs12.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 4ff6449..e41b445 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -134,13 +134,6 @@ int MAIN(int argc, char **argv) apps_startup(); -# ifdef OPENSSL_FIPS - if (FIPS_mode()) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -# endif - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - enc = EVP_des_ede3_cbc(); if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -148,6 +141,13 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +# ifdef OPENSSL_FIPS + if (FIPS_mode()) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +# endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + args = argv + 1; while (*args) { -- 1.7.12.1