1 files changed, 26 insertions, 1 deletions

diff --git a/workhorse/internal/upload/destination/multi_hash.go b/workhorse/internal/upload/destination/multi_hash.go
index 7d4884af3dc..8d5bf4424a8 100644
--- a/workhorse/internal/upload/destination/multi_hash.go
+++ b/workhorse/internal/upload/destination/multi_hash.go
@@ -8,6 +8,9 @@ import (
 	"encoding/hex"
 	"hash"
 	"io"
+	"os"
+
+	"gitlab.com/gitlab-org/labkit/fips"
 )
 
 var hashFactories = map[string](func() hash.Hash){
@@ -17,6 +20,28 @@ var hashFactories = map[string](func() hash.Hash){
 	"sha512": sha512.New,
 }
 
+var fipsHashFactories = map[string](func() hash.Hash){
+	"sha1":   sha1.New,
+	"sha256": sha256.New,
+	"sha512": sha512.New,
+}
+
+func factories() map[string](func() hash.Hash) {
+	if FIPSEnabled() {
+		return fipsHashFactories
+	}
+
+	return hashFactories
+}
+
+func FIPSEnabled() bool {
+	if fips.Enabled() {
+		return true
+	}
+
+	return os.Getenv("WORKHORSE_TEST_FIPS_ENABLED") == "1"
+}
+
 type multiHash struct {
 	io.Writer
 	hashes map[string]hash.Hash
@@ -27,7 +52,7 @@ func newMultiHash() (m *multiHash) {
 	m.hashes = make(map[string]hash.Hash)
 
 	var writers []io.Writer
-	for hash, hashFactory := range hashFactories {
+	for hash, hashFactory := range factories() {
 		writer := hashFactory()
 
 		m.hashes[hash] = writer