Skip to content
Permalink
Browse files

test: use openssl_is_fips instead of hasFipsCrypto

Currently, when dynamically linking against a FIPS enabled OpenSSL
library test-process-env-allowed-flags-are-documented will fail with
the following error:
assert.js:89
throw new AssertionError(obj);
^

AssertionError [ERR_ASSERTION]:
The following options are not documented as allowed in NODE_OPTIONS in
/root/node/doc/api/cli.md: --enable-fips --force-fips
at Object.<anonymous>
(/test/parallel/test-process-env-allowed-flags-are-documented.js:82:8)
at Module._compile (internal/modules/cjs/loader.js:779:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:790:10)
at Module.load (internal/modules/cjs/loader.js:642:32)
at Function.Module._load (internal/modules/cjs/loader.js:555:12)
at Function.Module.runMain (internal/modules/cjs/loader.js:842:10)
at internal/main/run_main_module.js:17:11 {
generatedMessage: false,
code: 'ERR_ASSERTION',
actual: 2,
expected: 0,
operator: 'strictEqual'
}

This commit updates the test to use
process.config.variables.openssl_is_fips instead of common.hasFipsCrypto
as hasFipsCrypto only returns true if the OpenSSL library that is
shipped with node was configured with FIPS enabled.

PR-URL: #28507
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
  • Loading branch information...
danbev authored and targos committed Jul 2, 2019
1 parent 1770bc8 commit d3f51457af3e2c603657a3c6a6dcbcd22069b473
Showing with 8 additions and 1 deletion.
  1. +8 −1 test/parallel/test-process-env-allowed-flags-are-documented.js
@@ -46,7 +46,14 @@ const conditionalOpts = [
return ['--openssl-config', '--tls-cipher-list', '--use-bundled-ca',
'--use-openssl-ca' ].includes(opt);
} },
{ include: common.hasFipsCrypto,
{
// We are using openssl_is_fips from the configuration because it could be
// the case that OpenSSL is FIPS compatible but fips has not been enabled
// (starting node with --enable-fips). If we use common.hasFipsCrypto
// that would only tells us if fips has been enabled, but in this case we
// want to check options which will be available regardless of whether fips
// is enabled at runtime or not.
include: process.config.variables.openssl_is_fips,
filter: (opt) => opt.includes('-fips') },
{ include: common.hasIntl,
filter: (opt) => opt === '--icu-data-dir' },

0 comments on commit d3f5145

Please sign in to comment.
You can’t perform that action at this time.