commit 7c1aa67: [Minor] Fix order when setting FIPS flags

Vsevolod Stakhov vsevolod at highsecure.ru
Tue Feb 4 12:14:07 UTC 2020


Author: Vsevolod Stakhov
Date: 2020-02-04 12:11:54 +0000
URL: https://github.com/rspamd/rspamd/commit/7c1aa67736fa1f11f5b3aaef40d3d97928a1ade8 (HEAD -> master)

[Minor] Fix order when setting FIPS flags
Related to https://github.com/openssl/openssl/issues/10031

---
 src/lua/lua_cryptobox.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
index fdb5bb5df..f5d66b96f 100644
--- a/src/lua/lua_cryptobox.c
+++ b/src/lua/lua_cryptobox.c
@@ -965,21 +965,21 @@ rspamd_lua_hash_create (const gchar *type)
 		if (g_ascii_strcasecmp (type, "md5") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;
 			h->content.c = EVP_MD_CTX_create ();
+			EVP_DigestInit (h->content.c, EVP_md5 ());
 			/* Should never ever be used for crypto/security purposes! */
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 			EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
-			EVP_DigestInit (h->content.c, EVP_md5 ());
 		}
 		else if (g_ascii_strcasecmp (type, "sha1") == 0 ||
 					g_ascii_strcasecmp (type, "sha") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;
 			h->content.c = EVP_MD_CTX_create ();
 			/* Should never ever be used for crypto/security purposes! */
+			EVP_DigestInit (h->content.c, EVP_sha1 ());
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 			EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 #endif
-			EVP_DigestInit (h->content.c, EVP_sha1 ());
 		}
 		else if (g_ascii_strcasecmp (type, "sha256") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;


More information about the Commits mailing list