]> source.dussan.org Git - rspamd.git/commitdiff
[Minor] Fix order when setting FIPS flags
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Tue, 4 Feb 2020 12:11:54 +0000 (12:11 +0000)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Tue, 4 Feb 2020 12:11:54 +0000 (12:11 +0000)
Related to https://github.com/openssl/openssl/issues/10031

src/lua/lua_cryptobox.c

index fdb5bb5dfb1f0565707cd2bbba636777fa4fc60d..f5d66b96fc24e517d9513e7dabfef9d21e2776d6 100644 (file)
@@ -965,21 +965,21 @@ rspamd_lua_hash_create (const gchar *type)
                if (g_ascii_strcasecmp (type, "md5") == 0) {
                        h->type = LUA_CRYPTOBOX_HASH_SSL;
                        h->content.c = EVP_MD_CTX_create ();
+                       EVP_DigestInit (h->content.c, EVP_md5 ());
                        /* Should never ever be used for crypto/security purposes! */
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
                        EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
-                       EVP_DigestInit (h->content.c, EVP_md5 ());
                }
                else if (g_ascii_strcasecmp (type, "sha1") == 0 ||
                                        g_ascii_strcasecmp (type, "sha") == 0) {
                        h->type = LUA_CRYPTOBOX_HASH_SSL;
                        h->content.c = EVP_MD_CTX_create ();
                        /* Should never ever be used for crypto/security purposes! */
+                       EVP_DigestInit (h->content.c, EVP_sha1 ());
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
                        EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
-                       EVP_DigestInit (h->content.c, EVP_sha1 ());
                }
                else if (g_ascii_strcasecmp (type, "sha256") == 0) {
                        h->type = LUA_CRYPTOBOX_HASH_SSL;