On 09.12.22 05:16, Michael Paquier wrote:
> On Wed, Dec 07, 2022 at 03:14:09PM +0100, Peter Eisentraut wrote:
>> Here is the next step. To contain the scope, I focused on just "make check"
>> for now. This patch removes all incidental calls to md5(), replacing them
>> with sha256(), so that they'd pass with or without FIPS mode. (Two tests
>> would need alternative expected files: md5 and password. I have not
>> included those here.)
>
> Yeah, fine by me to do that step-by-step.
It occurred to me that it would be easier to maintain this in the long
run if we could enable a "fake FIPS" mode that would have the same
effect but didn't require fiddling with the OpenSSL configuration or
installation.
The attached patch shows how this could work. Thoughts?