[openssl-users] Digest MD5 forbidden in FIPS mode

Jeffrey Walton noloader at gmail.com
Tue Jan 19 01:04:01 UTC 2016

> I wrote a C code which enter in FIPS mode with fips_mod_set(1).
> But, when I call MD5 functions after setting FIPS mode, I get this error:
> md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API call
> to digest MD5 forbidden in FIPS mode! Aborted.
> Does anybody know what is wrong? How can I correct it?

Nothing is going wrong; everything is working as expected.

MD5 is essentially forbidden in US Federal except under a few
exemptions. The exemptions include the PRF in TLS. But I've never seen
a library expose MD5 even if its using it under the hood.

Also see FIPS 140-2 and http://www.nsrl.nist.gov/collision.html.


More information about the openssl-users mailing list