From 89cc5ca8dc58f80e8fa160391a7d67e605da4bdd Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 22 Nov 2013 17:12:39 +0100
Subject: Allow MD5 hash in zombie mode

---
 lib/crypto-api.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/crypto-api.c')

diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index b2d11a414f..aa7189ed83 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -463,8 +463,11 @@ gnutls_hash_init(gnutls_hash_hd_t * dig,
 {
 #ifdef ENABLE_FIPS140
 	/* MD5 is only allowed internally for TLS */
-	if (algorithm == GNUTLS_DIG_MD5)
-		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+	if (_gnutls_get_fips_state() != FIPS_STATE_SELFTEST && 
+		_gnutls_get_fips_state() != FIPS_STATE_ZOMBIE) {
+		if (algorithm == GNUTLS_MAC_MD5)
+			return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+	}
 #endif
 
 	*dig = gnutls_malloc(sizeof(digest_hd_st));
-- 
cgit v1.2.1