[openssl-users] Handling ???OpenSSL internal error, assertion failed???

Dr. Stephen Henson steve at openssl.org
Wed Mar 11 12:25:44 UTC 2015

On Wed, Mar 11, 2015, Tejaswini wrote:

> When MD5 (or any non FIPS compliant) algorithm is used in FIPS mode, OpenSSL
> gives following error and application aborts.
> fips_md.c(146): OpenSSL internal error, assertion failed: Digest update
> previous FIPS forbidden algorithm error ignored
> Aborted (core dumped)
> In our application we want to handle this error and gracefully exit by
> logging appropriate error message. 
> For which, we are looking out for an OpenSSL API or mechanism which can say
> whether the algorithm is FIPS compliant or not.
> And would not like to have hard coded algorithm list to check if its FIPS
> compliant or not.
> Can anyone help me out on this.

You get an error code from EVP_DigestInit* if you attempt to use a non-FIPS
algorithm in FIPS mode. You only get the above condition if you ignore that
initial error.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list