FIPS and MD5
jmoellers at suse.de
Thu Feb 11 09:25:55 UTC 2021
It appears that one can enable FIPS at runtime but then needs to switch
off MD5 at compile-time.
1) would it make sense to just not populate the
dst_t_func[DST_ALG_HMACMD5] pointer when this happens?
I.e. in dst__hmacmd5_init(), rather than abort ("FIPS mode is 1: MD5 is
only supported if the value is 0.\nPlease disable either FIPS mode or
MD5."), issue a warning ("FIPS mode is 1: MD5 is only supported if the
value is 0.\nDisabling MD5 support." and set *funcp to NULL?
2) If this would be acceptable, what function should we use to alert the
user of this fact?
Thanks and stay safe!
SUSE Software Solutions Germany GmbH
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
More information about the bind-workers