FIPS tests changes for RHEL

Include MD5 feature detection in featuretest tool and use it in some
places. When RHEL distribution or Fedora ELN is in FIPS mode, then MD5
algorithm is unavailable completely and even hmac-md5 algorithm usage
will always fail. Work that around by checking MD5 works and if not,
skipping its usage.

Those changes were dragged as downstream patch bind-9.11-fips-tests.patch
in Fedora and RHEL.

bin/tests/system/nsupdate/setup.sh

@@ -73,7 +73,11 @@ EOF
 
 $TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
 
-$TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
+if $FEATURETEST --md5; then
+	$TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
+else
+	echo -n > ns1/md5.key
+fi
 $TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key
 $TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
 $TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key

bin/tests/system/nsupdate/tests.sh

@@ -959,7 +959,14 @@ fi
 n=$((n + 1))
 ret=0
 echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+if $FEATURETEST --md5
+then
+	ALGS="md5 sha1 sha224 sha256 sha384 sha512"
+else
+	ALGS="sha1 sha224 sha256 sha384 sha512"
+	echo_i "skipping disabled md5 algorithm"
+fi
+for alg in $ALGS; do
     $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
 server 10.53.0.1 ${PORT}
 update add ${alg}.keytests.nil. 600 A 10.10.10.3
@@ -967,7 +974,7 @@ send
 END
 done
 sleep 2
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+for alg in $ALGS; do
     $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
 done
 if [ $ret -ne 0 ]; then