#include <isc/buffer.h>
#include <isc/dir.h>
#include <isc/file.h>
+#include <isc/fips.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/once.h>
UNUSED(engine);
memset(dst_t_func, 0, sizeof(dst_t_func));
- RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
+ RETERR(dst__openssl_init(engine)); /* Sets FIPS mode. */
+ if (!isc_fips_mode()) {
+ RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
+ }
RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
- RETERR(dst__openssl_init(engine));
+ /* RSASHA1 (NSEC3RSASHA1) is verify only in FIPS mode. */
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
DST_ALG_RSASHA1));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],