nsupdate: use FIPS compatible algorithms

HMACMD5 is not permitted in FIPS mode, use HMACSHA256 instead.

bin/tests/system/nsupdate/setup.sh

@@ -76,7 +76,7 @@ $TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
 if $FEATURETEST --md5; then
 	$TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
 else
-	echo -n > ns1/md5.key
+	echo "/* MD5 NOT SUPPORTED */" > ns1/md5.key
 fi
 $TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key
 $TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key

bin/tests/system/nsupdate/tests.sh

@@ -985,7 +985,7 @@ fi
 n=$((n + 1))
 ret=0
 echo_i "check TSIG key algorithms (nsupdate -y) ($n)"
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+for alg in $ALGS; do
     secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key)
     $NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null || ret=1
 server 10.53.0.1 ${PORT}
@@ -994,7 +994,7 @@ send
 END
 done
 sleep 2
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+for alg in $ALGS; do
     $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1
 done
 if [ $ret -ne 0 ]; then