[openssl-users] Digest MD5 forbidden in FIPS mode
Jeffrey Walton
noloader at gmail.com
Tue Jan 19 01:04:01 UTC 2016
> I wrote a C code which enter in FIPS mode with fips_mod_set(1).
>
> But, when I call MD5 functions after setting FIPS mode, I get this error:
>
> md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API call
> to digest MD5 forbidden in FIPS mode! Aborted.
>
> Does anybody know what is wrong? How can I correct it?
Nothing is going wrong; everything is working as expected.
MD5 is essentially forbidden in US Federal except under a few
exemptions. The exemptions include the PRF in TLS. But I've never seen
a library expose MD5 even if its using it under the hood.
Also see FIPS 140-2 and http://www.nsrl.nist.gov/collision.html.
Jeff
More information about the openssl-users
mailing list