Message-ID: X-RT-Interface: Web Content-Type: text/plain; charset="utf-8" In-Reply-To: References: MIME-Version: 1.0 X-RT-Original-Encoding: utf-8 X-Mailer: MIME-tools 5.508 (Entity 5.508) Content-Disposition: inline Content-Transfer-Encoding: binary RT-Send-CC: Content-Length: 3302 I summary here recommendations for building bind9: configure flags: - --enable-openssl-hash should be on because it makes OpenSSL crypto to be used. BTW as we fixed at least a problem in the configure detection code I recommend to check in config.status and/or report it is really enabled. - --enable-crypto-rand should be on for similar reasons. As the code allows to by pass this I recommend to remove any such possibility (the idea was to keep a way to get reproducible system tests, something more than useless in production). - --with-gssapi: I have a mixed opinion about this so if you have no customers insisting to get it (mainly for compatibility with Windows directory) IMHO it is better to avoid it. - --with-ecdsa: it should be autodetected so just check it is on in the report and/or config.status - --with-gost: it is the opposite: as it uses an engine and of course is *not* FIPS-approved it should be off. - --with-eddsa: support is only in OpenSSL 1.1 so it is unlikely you get it. lib/isc/include/pk11/site.h - I'll come back about PK11_MD5_DISABLE - PK11_DSA_DISABLE should be on because DSA as it is specified in old RFCs and implemented is not secure today. Note ECDSA is the fine replacement so I can't see a reason to keep it at the exception to be compliant with a clearly obsolete RFC... - PK11_DH_DISABLE could be the same story (in worse because there are some predefined groups). It is used only for TKEY and required MD5. So at the end it will be disable statically or dynamically in FIPS mode... - PK11_PAD_HMAC_KEYS must be off as it fools the check on short keys for HMAC. - PK11_*_REPLACE and PK11_*_SKIP are really for PKCS#11 so not relevant for builds with OpenSSL. code using crypto: - OpenSSL code should use EVP. There are alternatives for old versions of OpenSSL. If you like you can get rid of them, put a #error at the first use of !USE_EVP, etc. - OpenSSL code should not use engines (this is a requirement proper to the Security Policy for Red Hat OpenSSL, i.e. the OpenSSL FIPS module allows engines to offload crypto to a HSM). There is a USE_ENGINE ifdef which disables engine code, you should try it so ENGINE_set_default() is never called. - not OpenSSL crypto code: there are a few places where not-predictable values are needed outside a crypto mechanisms so some pseudo-random generator code. We recently cleaned up and updated this code but as it is not involve into crypto operations it should not be a problem. I don't know to which version of bind last improvements were back ported... PK11_MD5_DISABLE: I think we agree what you need is the same than PK11_MD5_DISABLE but at runtime, i.e. roughly to replace #ifdef PK11_MD5_DISABLE by an "if" in the code. Even as far as I know there is no way to do it without manually editing the code the PK11_MD5_DISABLE ifdefs should cover all the places you have to add an "if" including a hidden dependency (I believe there is no other dependency but the code without MD5 was not heavily used/tested so it is possible there is still a bug somewhere...). Note that at the opposite it is very easy to check there is no hidden calls to MD5 so on the security side you can provide a high insurance.