From 826e2563b315e6d71f7543921ae9ebd38c48c7ac Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 22 Dec 2021 09:01:54 +1100
Subject: [PATCH] wildcard: Require hypothesis 4.41.2 or greater for FIPS
 compliance

hypothesis prior to 4.41.2 uses hashlib.md5 which is not FIPS
compliant causing the wildcard system test to fail.  Check if
we are running if FIPS mode and if so make the minimum version
of hypothesis we will accept to be 4.41.2.
---
 bin/tests/system/wildcard/tests_wildcard.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/bin/tests/system/wildcard/tests_wildcard.py b/bin/tests/system/wildcard/tests_wildcard.py
index 66166f2a9e..d73fd28cd6 100755
--- a/bin/tests/system/wildcard/tests_wildcard.py
+++ b/bin/tests/system/wildcard/tests_wildcard.py
@@ -39,7 +39,14 @@ import dns.rdataclass
 import dns.rdatatype
 import dns.rrset
 
-pytest.importorskip("hypothesis")
+# in FIPs mode md5 fails so we need 4.41.2 or later which does not use md5
+try:
+    import hashlib
+
+    hashlib.md5(b"1234")
+    pytest.importorskip("hypothesis")
+except ValueError:
+    pytest.importorskip("hypothesis", minversion="4.41.2")
 from hypothesis import given
 from hypothesis.strategies import binary, integers