[openssl-users] Handling ???OpenSSL internal error, assertion failed???
Dr. Stephen Henson
steve at openssl.org
Wed Mar 11 12:25:44 UTC 2015
On Wed, Mar 11, 2015, Tejaswini wrote:
> When MD5 (or any non FIPS compliant) algorithm is used in FIPS mode, OpenSSL
> gives following error and application aborts.
>
> fips_md.c(146): OpenSSL internal error, assertion failed: Digest update
> previous FIPS forbidden algorithm error ignored
> Aborted (core dumped)
>
> In our application we want to handle this error and gracefully exit by
> logging appropriate error message.
> For which, we are looking out for an OpenSSL API or mechanism which can say
> whether the algorithm is FIPS compliant or not.
> And would not like to have hard coded algorithm list to check if its FIPS
> compliant or not.
>
> Can anyone help me out on this.
>
You get an error code from EVP_DigestInit* if you attempt to use a non-FIPS
algorithm in FIPS mode. You only get the above condition if you ignore that
initial error.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list