Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: don't assume FIPS is disabled by default #46532

Closed
wants to merge 2 commits into from

Conversation

mhdawson
Copy link
Member

@mhdawson mhdawson commented Feb 6, 2023

For binaries that use --shared-openssl FIPs may be enabled by default by the system. Allow --force-fips and --enable-fips to be specified in these cases.

Signed-off-by: Michael Dawson mdawson@devrus.com

For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <mdawson@devrus.com>
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Feb 6, 2023
@mhdawson
Copy link
Member Author

mhdawson commented Feb 6, 2023

One of our teams ran into this when using FIPS with Red Hat Enterprise Linux with FIPs enabled in the system.

Signed-off-by: Michael Dawson <mdawson@devrus.com>
@richardlau richardlau added the commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. label Feb 6, 2023
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2023
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

mhdawson added a commit that referenced this pull request Feb 17, 2023
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #46532
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@mhdawson
Copy link
Member Author

Landed in 18651ad

@mhdawson mhdawson closed this Feb 17, 2023
MylesBorins pushed a commit that referenced this pull request Feb 18, 2023
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #46532
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@MylesBorins MylesBorins mentioned this pull request Feb 19, 2023
MylesBorins pushed a commit that referenced this pull request Feb 20, 2023
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #46532
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
danielleadams pushed a commit that referenced this pull request Apr 11, 2023
For binaries that use --shared-openssl FIPs may be enabled
by default by the system. Allow --force-fips and --enable-fips
to be specified in these cases.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #46532
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants