Bug Report

1. What did you do?
   Run sync-diff-inspector on TiDB cluster running v8.5.4 with FIPS enabled:

2. What did you expect to see?
   sync-diff-inspector succeeds.

3. What did you see instead?
   sync-diff-inspector fails with:

Error 1105 (HY000): [components/tidb_query_expr/src/impl_encryption.rs:167]:
OpenSSL error: ErrorStack([Error {
    code: 50856204,
    library: "digital envelope routines",
    function: "inner_evp_generic_fetch",
    reason: "unsupported"

Preliminary RCA:
TiDB FIPS build mode was introduced in 7.6.0: Pull Request #47949: Makefile,cmd/tidb-server: add tidb-server FIPS build target.

sync-diff-inspector relies on MD5() for chunk checksumming. TiDB may push expression evaluation down to TiKV coprocessor, which uses OpenSSL for cryptographic functions (tidb_query_expr).
In FIPS configuration, md5 functions is disabled in OpenSSL library used by TiKV. Therefore, when TiKV OpenSSL inner_evp_generic_fetch() tries to load MD5 algorithm and fails with error code 50856204 (EVP_R_UNSUPPORTED)

As a result, sync-diff-inspector fails because TiDB rejects all MD5-based checksum queries due to OpenSSL security policy restrictions.

4. What version of TiDB are you using?
   v8.5.4 with ENABLE_FIPS=1

5. which tool are you using?
   sync-diff-inspector

6. what versionof tool are you using?
   sync-diff-inspector from v8.5.4 release.