commit d4b7598: [Minor] Further fixes for FIPS mode
Vsevolod Stakhov
vsevolod at highsecure.ru
Fri Jan 31 16:07:06 UTC 2020
Author: Vsevolod Stakhov
Date: 2020-01-31 16:05:09 +0000
URL: https://github.com/rspamd/rspamd/commit/d4b759871e18c863831070e97f76673044ec4ae1 (HEAD -> master)
[Minor] Further fixes for FIPS mode
---
src/lua/lua_cryptobox.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
index 518ae9389..fdb5bb5df 100644
--- a/src/lua/lua_cryptobox.c
+++ b/src/lua/lua_cryptobox.c
@@ -965,12 +965,20 @@ rspamd_lua_hash_create (const gchar *type)
if (g_ascii_strcasecmp (type, "md5") == 0) {
h->type = LUA_CRYPTOBOX_HASH_SSL;
h->content.c = EVP_MD_CTX_create ();
+ /* Should never ever be used for crypto/security purposes! */
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+ EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
EVP_DigestInit (h->content.c, EVP_md5 ());
}
else if (g_ascii_strcasecmp (type, "sha1") == 0 ||
g_ascii_strcasecmp (type, "sha") == 0) {
h->type = LUA_CRYPTOBOX_HASH_SSL;
h->content.c = EVP_MD_CTX_create ();
+ /* Should never ever be used for crypto/security purposes! */
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+ EVP_MD_CTX_set_flags (h->content.c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
EVP_DigestInit (h->content.c, EVP_sha1 ());
}
else if (g_ascii_strcasecmp (type, "sha256") == 0) {
More information about the Commits
mailing list