FIPS and MD5
Josef Moellers
jmoellers at suse.de
Thu Feb 11 09:25:55 UTC 2021
Hi,
It appears that one can enable FIPS at runtime but then needs to switch
off MD5 at compile-time.
1) would it make sense to just not populate the
dst_t_func[DST_ALG_HMACMD5] pointer when this happens?
I.e. in dst__hmacmd5_init(), rather than abort ("FIPS mode is 1: MD5 is
only supported if the value is 0.\nPlease disable either FIPS mode or
MD5."), issue a warning ("FIPS mode is 1: MD5 is only supported if the
value is 0.\nDisabling MD5 support." and set *funcp to NULL?
2) If this would be acceptable, what function should we use to alert the
user of this fact?
Thanks and stay safe!
Josef
--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
More information about the bind-workers
mailing list