Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: remove OPENSSL_FIPS guard for OpenSSL 3 #48392

Merged
merged 1 commit into from
Jun 12, 2023

Conversation

richardlau
Copy link
Member

The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier than 3.0.

Removing the guard for OpenSSL 3 fixes parallel/test-crypto-fips when run with a FIPS enabled OpenSSL 3 configuration.

Refs: #48379

cc @nodejs/crypto


Test failure on main (9dc2d1b)

13:27:29 not ok 640 parallel/test-crypto-fips
13:27:29   ---
13:27:29   duration_ms: 303.07300
13:27:29   severity: fail
13:27:29   exitcode: 1
13:27:29   stack: |-
13:27:29     Spawned child [pid:2304732] with cmd 'process.versions' expect "OpenSSL error when trying to enable FIPS:" with args '--enable-fips' OPENSSL_CONF="/opt/openssl-3.0.8-fips/ssl/openssl.cnf"
13:27:29     node:assert:125
13:27:29       throw new AssertionError(obj);
13:27:29       ^
13:27:29     
13:27:29     AssertionError [ERR_ASSERTION]: Expected "actual" to be strictly unequal to: 0
13:27:29         at responseHandler (/home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/parallel/test-crypto-fips.js:48:12)
13:27:29         at testHelper (/home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/parallel/test-crypto-fips.js:61:3)
13:27:29         at Object.<anonymous> (/home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/parallel/test-crypto-fips.js:65:1)
13:27:29         at Module._compile (node:internal/modules/cjs/loader:1255:14)
13:27:29         at Module._extensions..js (node:internal/modules/cjs/loader:1309:10)
13:27:29         at Module.load (node:internal/modules/cjs/loader:1113:32)
13:27:29         at Module._load (node:internal/modules/cjs/loader:960:12)
13:27:29         at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
13:27:29         at node:internal/main/run_main_module:23:47 {
13:27:29       generatedMessage: true,
13:27:29       code: 'ERR_ASSERTION',
13:27:29       actual: 0,
13:27:29       expected: 0,
13:27:29       operator: 'notStrictEqual'
13:27:29     }
13:27:29     
13:27:29     Node.js v21.0.0-pre
13:27:29   ...

Passing with this PR (84a33d6)

15:39:50 ok 638 parallel/test-crypto-fips
15:39:50   ---
15:39:50   duration_ms: 752.46200
15:39:50   ...

The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Jun 8, 2023
@richardlau richardlau added request-ci Add this label to start a Jenkins CI on a PR. and removed crypto Issues and PRs related to the crypto subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Jun 8, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jun 8, 2023
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot

This comment was marked as outdated.

@nodejs-github-bot

This comment was marked as outdated.

@nodejs-github-bot

This comment was marked as outdated.

@nodejs-github-bot
Copy link
Collaborator

@richardlau richardlau added crypto Issues and PRs related to the crypto subsystem. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels Jun 9, 2023
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@richardlau richardlau added the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 12, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 12, 2023
@nodejs-github-bot nodejs-github-bot merged commit 8d651ce into nodejs:main Jun 12, 2023
@nodejs-github-bot
Copy link
Collaborator

Landed in 8d651ce

RafaelGSS pushed a commit that referenced this pull request Jul 3, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: #48392
Refs: #48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@RafaelGSS RafaelGSS mentioned this pull request Jul 3, 2023
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: nodejs#48392
Refs: nodejs#48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: nodejs#48392
Refs: nodejs#48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
ruyadorno pushed a commit that referenced this pull request Sep 8, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: #48392
Refs: #48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@ruyadorno ruyadorno mentioned this pull request Sep 8, 2023
ruyadorno pushed a commit that referenced this pull request Sep 13, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: #48392
Refs: #48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants