From b853d7a86e1648c00386790e91cefcfd701bd17b Mon Sep 17 00:00:00 2001
From: Marc <34656315+MarcT512@users.noreply.github.com>
Date: Mon, 3 May 2021 22:49:02 +0100
Subject: [PATCH] openssl.c: Avoid OpenSSL latent error in FIPS mode (#528)

File:
openssl.c

Notes:
Avoid initing MD5 digest, which is not permitted in OpenSSL FIPS certified cryptography mode.

Credit:
Marc
---
 src/openssl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/openssl.c b/src/openssl.c
index c286bc61..4d0f53cf 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -2221,6 +2221,13 @@ _libssh2_sha512(const unsigned char *message, unsigned long len,
 int
 _libssh2_md5_init(libssh2_md5_ctx *ctx)
 {
+    /* MD5 digest is not supported in OpenSSL FIPS mode
+     * Trying to init it will result in a latent OpenSSL error:
+     * "digital envelope routines:FIPS_DIGESTINIT:disabled for fips"
+     * So, just return 0 in FIPS mode
+     */
+     if(FIPS_mode() != 0)
+         return 0;
 #ifdef HAVE_OPAQUE_STRUCTS
     *ctx = EVP_MD_CTX_new();