From 0043ddb78e4b88999b3ad6dbab271b1426cbf8c3 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Mon, 17 Jun 2019 10:31:32 +0200
Subject: crypto: Fix FIPS flags for digests in HMAC

---
 lib/crypto/c_src/mac.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/crypto/c_src/mac.c b/lib/crypto/c_src/mac.c
index ed09dae8e4..cec9996afc 100644
--- a/lib/crypto/c_src/mac.c
+++ b/lib/crypto/c_src/mac.c
@@ -245,7 +245,11 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
                     return_term = EXCP_NOTSUP(env, "Unsupported digest algorithm");
                     goto err;
                 }
-
+            if (DIGEST_FORBIDDEN_IN_FIPS(digp))
+                {
+                    return_term = EXCP_NOTSUP(env, "Digest algorithm for HMAC forbidden in FIPS");
+                    goto err;
+                }
             md = digp->md.p;
 
 #ifdef HAS_EVP_PKEY_CTX
@@ -522,7 +526,11 @@ ERL_NIF_TERM mac_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
                     return_term = EXCP_NOTSUP(env, "Unsupported digest algorithm");
                     goto err;
                 }
-
+            if (DIGEST_FORBIDDEN_IN_FIPS(digp))
+                {
+                    return_term = EXCP_NOTSUP(env, "Digest algorithm for HMAC forbidden in FIPS");
+                    goto err;
+                }
             md = digp->md.p;
 
 # ifdef HAVE_PKEY_new_raw_private_key
-- 
cgit v1.2.3