Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always available FIPS options #36341

Closed
wants to merge 7 commits into from

Commits on Feb 9, 2021

  1. Make FIPS related options and functionality always awailable.

    There is no reason to hide FIPS functionality behind build flags.
    OpenSSL always provide the information about FIPS availability via
    `FIPS_mode()` function.
    
    This makes the user experience more consistent, because the OpenSSL
    library is always queried and the `crypto.getFips()` always returns
    OpenSSL settings.
    
    Fixes nodejs#34903
    voxik authored and khardix committed Feb 9, 2021
    Configuration menu
    Copy the full SHA
    e9ae606 View commit details
    Browse the repository at this point in the history
  2. Throw JavaScript exception if FIPS mode cannot be enabled

    Signed-off-by: Jan Staněk <[email protected]>
    danbev authored and khardix committed Feb 9, 2021
    Configuration menu
    Copy the full SHA
    7aefc26 View commit details
    Browse the repository at this point in the history
  3. Adjust tests for always-available FIPS options

    - The fipsMode constant (defined at compile time)
      was replaced by the new `TestFipsCrypto()`/`testFipsCrypto()` functions,
      which rely on the OpenSSL function `FIPS_selftest()`.
    
      This results in the FIPS mode being always checked on runtime
      and being informed purely by the OpenSSL implementation in use.
    khardix committed Feb 9, 2021
    Configuration menu
    Copy the full SHA
    eb4ff0b View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    e0380d9 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2021

  1. Update doc/api/cli.md

    mhdawson authored Feb 10, 2021
    Configuration menu
    Copy the full SHA
    3e1d491 View commit details
    Browse the repository at this point in the history

Commits on Feb 15, 2021

  1. Gate tests for FIPS flags behind common.hasCrypto

    When compiled `--without-ssl`,
    the `--{enable,force}-fips` flags are not present.
    
    Now they are tested only when Node id compiled `--with-ssl`.
    khardix committed Feb 15, 2021
    Configuration menu
    Copy the full SHA
    346e088 View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    a4658c3 View commit details
    Browse the repository at this point in the history