From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 4 Feb 2020 12:11:54 +0000 (+0000)
Subject: [Minor] Fix order when setting FIPS flags
X-Git-Tag: 2.3~2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7c1aa67736fa1f11f5b3aaef40d3d97928a1ade8;p=rspamd.git

[Minor] Fix order when setting FIPS flags

Related to https://github.com/openssl/openssl/issues/10031
---

diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
index fdb5bb5df..f5d66b96f 100644
--- a/src/lua/lua_cryptobox.c
+++ b/src/lua/lua_cryptobox.c
@@ -965,21 +965,21 @@ rspamd_lua_hash_create (const gchar *type)
 		if (g_ascii_strcasecmp (type, "md5") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;
 			h->content.c = EVP_MD_CTX_create ();
+			EVP_DigestInit (h->content.c, EVP_md5 ());
 			/* Should never ever be used for crypto/security purposes! */
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 			EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
-			EVP_DigestInit (h->content.c, EVP_md5 ());
 		}
 		else if (g_ascii_strcasecmp (type, "sha1") == 0 ||
 					g_ascii_strcasecmp (type, "sha") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;
 			h->content.c = EVP_MD_CTX_create ();
 			/* Should never ever be used for crypto/security purposes! */
+			EVP_DigestInit (h->content.c, EVP_sha1 ());
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 			EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
-			EVP_DigestInit (h->content.c, EVP_sha1 ());
 		}
 		else if (g_ascii_strcasecmp (type, "sha256") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;