Skip to content

crypto: don't assume FIPS is disabled by default #46532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

crypto: don't assume FIPS is disabled by default #46532

wants to merge 2 commits into from

Conversation

@mhdawson
Copy link
Member

@mhdawson mhdawson commented Feb 6, 2023

For binaries that use --shared-openssl FIPs may be enabled by default by the system. Allow --force-fips and --enable-fips to be specified in these cases.

Signed-off-by: Michael Dawson [email protected]

@mhdawson
crypto: don't assume FIPS is disabled by default
c20ba6f 
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <[email protected]>
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Feb 6, 2023
@mhdawson
Copy link
Member Author

mhdawson commented Feb 6, 2023

One of our teams ran into this when using FIPS with Red Hat Enterprise Linux with FIPs enabled in the system.

@mhdawson
squash: make linters happy
6ba6b09 
Signed-off-by: Michael Dawson <[email protected]>
@richardlau richardlau added the commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. label Feb 6, 2023
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2023
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/49465/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/49468/

mhdawson added a commit that referenced this pull request Feb 17, 2023
@mhdawson
crypto: don't assume FIPS is disabled by default
18651ad 
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46532
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
@mhdawson
Copy link
Member Author

Landed in 18651ad

@mhdawson mhdawson closed this Feb 17, 2023
MylesBorins pushed a commit that referenced this pull request Feb 18, 2023
@mhdawson @MylesBorins
crypto: don't assume FIPS is disabled by default
c67dcc9 
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46532
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
@MylesBorins MylesBorins mentioned this pull request Feb 19, 2023
Merged
MylesBorins pushed a commit that referenced this pull request Feb 20, 2023
@mhdawson @MylesBorins
crypto: don't assume FIPS is disabled by default
b4deb2f 
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46532
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
danielleadams pushed a commit that referenced this pull request Apr 11, 2023
@mhdawson @danielleadams
crypto: don't assume FIPS is disabled by default
effdca8 
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46532
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
@danielleadams danielleadams mentioned this pull request Apr 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@cjihrig cjihrig cjihrig approved these changes

@tniessen tniessen tniessen approved these changes

@richardlau richardlau richardlau approved these changes

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mhdawson @nodejs-github-bot @jasnell @cjihrig @tniessen @richardlau