Skip to content

FIPS fixes and enhancements

Michal Nowak requested to merge mnowak/fix-fips-in-tests into main

This brings, really, the most basic fixes to compile BIND with FIPS mode cleanly, make unit tests pass, and provide support for targeted disablement of portions of system tests. More system tests need to be either disabled completely, or ported from MD5 to SHA for the suite to pass, also a truly FIPS enabled CI jobs should be added in the future to test this properly (hint: a CentOS VM needed).

Pairwise was tested here https://gitlab.isc.org/isc-projects/bind9/-/pipelines/54676.

Prerequisite: isc-projects/images!144.

Edited by Michal Nowak

Merge request reports