diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c
index fdc0edc6c..fc2d6b3ba 100644
--- a/libfreerdp/core/license.c
+++ b/libfreerdp/core/license.c
@@ -427,7 +427,7 @@ BOOL license_generate_hwid(rdpLicense* license)
 	/* Allow FIPS override for use of MD5 here, really this does not have to be MD5 as we are just taking a MD5 hash of the 6 bytes of 0's(macAddress) */
 	/* and filling in the Data1-Data4 fields of the CLIENT_HARDWARE_ID structure(from MS-RDPELE section 2.2.2.3.1). This is for RDP licensing packets */
 	/* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */
-	if (!winpr_Digest_MD5_Allow_FIPS(macAddress, sizeof(macAddress), &license->HardwareId[HWID_PLATFORM_ID_LENGTH], WINPR_MD5_DIGEST_LENGTH))
+	if (!winpr_Digest_Allow_FIPS(WINPR_MD_MD5, macAddress, sizeof(macAddress), &license->HardwareId[HWID_PLATFORM_ID_LENGTH], WINPR_MD5_DIGEST_LENGTH))
 		return FALSE;
 
 	return TRUE;
diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c
index cfd3863aa..e51898c24 100644
--- a/libfreerdp/core/security.c
+++ b/libfreerdp/core/security.c
@@ -156,7 +156,7 @@ static BOOL security_salted_hash(const BYTE* salt, const BYTE* input, int length
 	/* Allow FIPS override for use of MD5 here, this is used for creating hashes of the premaster_secret and master_secret */
 	/* used for RDP licensing as described in MS-RDPELE. This is for RDP licensing packets */
 	/* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */
-	if (!winpr_Digest_Init_MD5_Allow_FIPS(md5))
+	if (!winpr_Digest_Init_Allow_FIPS(md5, WINPR_MD_MD5))
 		goto out;
 	if (!winpr_Digest_Update(md5, salt, 48)) /* Salt (48 bytes) */
 		goto out;
@@ -242,7 +242,7 @@ BOOL security_md5_16_32_32_Allow_FIPS(const BYTE* in0, const BYTE* in1, const BY
 
         if (!(md5 = winpr_Digest_New()))
                 return FALSE;
-        if (!winpr_Digest_Init_MD5_Allow_FIPS(md5))
+        if (!winpr_Digest_Init_Allow_FIPS(md5, WINPR_MD_MD5))
                 goto out;
         if (!winpr_Digest_Update(md5, in0, 16))
                 goto out;
@@ -312,7 +312,7 @@ BOOL security_mac_data(const BYTE* mac_salt_key, const BYTE* data, UINT32 length
 	/* Allow FIPS override for use of MD5 here, this is only used for creating the MACData field of the */
 	/* Client Platform Challenge Response packet (from MS-RDPELE section 2.2.2.5). This is for RDP licensing packets */
 	/* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */
-	if (!winpr_Digest_Init_MD5_Allow_FIPS(md5))
+	if (!winpr_Digest_Init_Allow_FIPS(md5, WINPR_MD_MD5))
 		goto out;
 	if (!winpr_Digest_Update(md5, mac_salt_key, 16)) /* MacSaltKey */
 		goto out;
diff --git a/winpr/include/winpr/crypto.h b/winpr/include/winpr/crypto.h
index c848abc80..e56aa2b33 100644
--- a/winpr/include/winpr/crypto.h
+++ b/winpr/include/winpr/crypto.h
@@ -665,12 +665,12 @@ extern "C" {
 #endif
 
 WINPR_API WINPR_DIGEST_CTX* winpr_Digest_New(void);
-WINPR_API BOOL winpr_Digest_Init_MD5_Allow_FIPS(WINPR_DIGEST_CTX* ctx);
+WINPR_API BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
 WINPR_API BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
 WINPR_API BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen);
 WINPR_API BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t ilen);
 WINPR_API void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx);
-WINPR_API BOOL winpr_Digest_MD5_Allow_FIPS(const BYTE* input, size_t ilen, BYTE* output, size_t olen);
+WINPR_API BOOL winpr_Digest_Allow_FIPS(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen);
 WINPR_API BOOL winpr_Digest(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen);
 
 #ifdef __cplusplus
diff --git a/winpr/libwinpr/crypto/hash.c b/winpr/libwinpr/crypto/hash.c
index cd277a6bc..c0e4003cd 100644
--- a/winpr/libwinpr/crypto/hash.c
+++ b/winpr/libwinpr/crypto/hash.c
@@ -374,15 +374,22 @@ BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 }
 #endif
 
-BOOL winpr_Digest_Init_MD5_Allow_FIPS(WINPR_DIGEST_CTX* ctx)
+BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
 {
 #if defined(WITH_OPENSSL)
 	EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
-	const EVP_MD* evp = EVP_md5();
+	const EVP_MD* evp = winpr_openssl_get_evp_md(md);
+
+	/* Only MD5 is supported for FIPS allow override */
+	if (md != WINPR_MD_MD5)
+		return FALSE;
 	EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	return winpr_Digest_Init_Internal(ctx, WINPR_MD_MD5, evp);
+	return winpr_Digest_Init_Internal(ctx, md, evp);
 #elif defined(WITH_MBEDTLS)
-	return winpr_Digest_Init_Internal(ctx, WINPR_MD_MD5);
+	/* Only MD5 is supported for FIPS allow override */
+	if (md != WINPR_MD_MD5)
+                return FALSE;
+	return winpr_Digest_Init_Internal(ctx, md);
 #endif
 }
 
@@ -449,7 +456,7 @@ void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx)
 #endif
 }
 
-BOOL winpr_Digest_MD5_Allow_FIPS(const BYTE* input, size_t ilen, BYTE* output, size_t olen)
+BOOL winpr_Digest_Allow_FIPS(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen)
 {
 	BOOL result = FALSE;
 	WINPR_DIGEST_CTX *ctx = winpr_Digest_New();
@@ -457,7 +464,7 @@ BOOL winpr_Digest_MD5_Allow_FIPS(const BYTE* input, size_t ilen, BYTE* output, s
 	if (!ctx)
 		return FALSE;
 
-	if (!winpr_Digest_Init_MD5_Allow_FIPS(ctx))
+	if (!winpr_Digest_Init_Allow_FIPS(ctx, md))
 		goto out;
 	if (!winpr_Digest_Update(ctx, input, ilen))
 		goto out;