[Minor] Further fixes for FIPS mode

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2020-01-31 16:05:09 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2020-01-31 16:05:09 +0000
commit: d4b759871e18c863831070e97f76673044ec4ae1 (patch)
tree: d5f868eae93c37417a06a5590aee5883a7c90b07 /src
parent: e73a1c32ab257ef128a71aa5b28e7ef5c6339ebe (diff)
download: rspamd-d4b759871e18c863831070e97f76673044ec4ae1.tar.gz
rspamd-d4b759871e18c863831070e97f76673044ec4ae1.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
index 518ae9389..fdb5bb5df 100644
--- a/src/lua/lua_cryptobox.c
+++ b/src/lua/lua_cryptobox.c
@@ -965,12 +965,20 @@ rspamd_lua_hash_create (const gchar *type)
 		if (g_ascii_strcasecmp (type, "md5") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;
 			h->content.c = EVP_MD_CTX_create ();
+			/* Should never ever be used for crypto/security purposes! */
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+			EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
 			EVP_DigestInit (h->content.c, EVP_md5 ());
 		}
 		else if (g_ascii_strcasecmp (type, "sha1") == 0 ||
 					g_ascii_strcasecmp (type, "sha") == 0) {
 			h->type = LUA_CRYPTOBOX_HASH_SSL;
 			h->content.c = EVP_MD_CTX_create ();
+			/* Should never ever be used for crypto/security purposes! */
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+			EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
 			EVP_DigestInit (h->content.c, EVP_sha1 ());
 		}
 		else if (g_ascii_strcasecmp (type, "sha256") == 0) {
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2020-01-31 16:05:09 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2020-01-31 16:05:09 +0000
commit	d4b759871e18c863831070e97f76673044ec4ae1 (patch)
tree	d5f868eae93c37417a06a5590aee5883a7c90b07 /src
parent	e73a1c32ab257ef128a71aa5b28e7ef5c6339ebe (diff)
download	rspamd-d4b759871e18c863831070e97f76673044ec4ae1.tar.gz rspamd-d4b759871e18c863831070e97f76673044ec4ae1.zip