MD5 algorithm is not FIPS compliant, has known weakness and should not be used for cryptographic functions, especially in FIPS mode. At the same time, MD5 is routinely used in lieu of a hash function, which is permissible.

We need to make two copies of MD5 implementation: one as hash function, another as cryptographic. Copy/paste acceptable, but preferable mode for MD5-as-crypto function is to use OpenSSL of system-provided function, so that it could be disabled by system policy.

Disabling MD5 for crypto purposes should not affect using MD5 as hash. Therefore we should rename MD5 as hash to make it clear that this is not cryptographic function.