Allow MD5 hash in zombie mode

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-22 17:12:39 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-27 11:41:44 +0100
commit: 89cc5ca8dc58f80e8fa160391a7d67e605da4bdd (patch)
tree: 64962680a8c3c3fba80d44aaafa126de2caddf9b /lib/crypto-api.c
parent: f9fc12b9f64a0dfd7b2fe73c3ab9ea6a8722931a (diff)
download: gnutls-89cc5ca8dc58f80e8fa160391a7d67e605da4bdd.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index b2d11a414f..aa7189ed83 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -463,8 +463,11 @@ gnutls_hash_init(gnutls_hash_hd_t * dig,
 {
 #ifdef ENABLE_FIPS140
 	/* MD5 is only allowed internally for TLS */
-	if (algorithm == GNUTLS_DIG_MD5)
-		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+	if (_gnutls_get_fips_state() != FIPS_STATE_SELFTEST && 
+		_gnutls_get_fips_state() != FIPS_STATE_ZOMBIE) {
+		if (algorithm == GNUTLS_MAC_MD5)
+			return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+	}
 #endif
 
 	*dig = gnutls_malloc(sizeof(digest_hd_st));
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-22 17:12:39 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-27 11:41:44 +0100
commit	89cc5ca8dc58f80e8fa160391a7d67e605da4bdd (patch)
tree	64962680a8c3c3fba80d44aaafa126de2caddf9b /lib/crypto-api.c
parent	f9fc12b9f64a0dfd7b2fe73c3ab9ea6a8722931a (diff)
download	gnutls-89cc5ca8dc58f80e8fa160391a7d67e605da4bdd.tar.gz