crypto: Fix FIPS flags for digests in HMAC

1 files changed, 10 insertions, 2 deletions

diff --git a/lib/crypto/c_src/mac.c b/lib/crypto/c_src/mac.c
index ed09dae8e4..cec9996afc 100644
--- a/lib/crypto/c_src/mac.c
+++ b/lib/crypto/c_src/mac.c
@@ -245,7 +245,11 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
                     return_term = EXCP_NOTSUP(env, "Unsupported digest algorithm");
                     goto err;
                 }
-
+            if (DIGEST_FORBIDDEN_IN_FIPS(digp))
+                {
+                    return_term = EXCP_NOTSUP(env, "Digest algorithm for HMAC forbidden in FIPS");
+                    goto err;
+                }
             md = digp->md.p;
 
 #ifdef HAS_EVP_PKEY_CTX
@@ -522,7 +526,11 @@ ERL_NIF_TERM mac_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
                     return_term = EXCP_NOTSUP(env, "Unsupported digest algorithm");
                     goto err;
                 }
-
+            if (DIGEST_FORBIDDEN_IN_FIPS(digp))
+                {
+                    return_term = EXCP_NOTSUP(env, "Digest algorithm for HMAC forbidden in FIPS");
+                    goto err;
+                }
             md = digp->md.p;
 
 # ifdef HAVE_PKEY_new_raw_private_key