Test failures with FIPS enabled #48379
Comments
richardlau
added
crypto
This was referenced Jun 8, 2023
nodejs-github-bot
pushed a commit
that referenced
this issue
Jun 12, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier than 3.0. Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips` when run with a FIPS enabled OpenSSL 3 configuration. PR-URL: #48392 Refs: #48379 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
RafaelGSS
pushed a commit
that referenced
this issue
Jul 3, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier than 3.0. Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips` when run with a FIPS enabled OpenSSL 3 configuration. PR-URL: #48392 Refs: #48379 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Ceres6
pushed a commit
to Ceres6/node
that referenced
this issue
Aug 14, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier than 3.0. Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips` when run with a FIPS enabled OpenSSL 3 configuration. PR-URL: nodejs#48392 Refs: nodejs#48379 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Ceres6
pushed a commit
to Ceres6/node
that referenced
this issue
Aug 14, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier than 3.0. Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips` when run with a FIPS enabled OpenSSL 3 configuration. PR-URL: nodejs#48392 Refs: nodejs#48379 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
ruyadorno
pushed a commit
that referenced
this issue
Sep 8, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier than 3.0. Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips` when run with a FIPS enabled OpenSSL 3 configuration. PR-URL: #48392 Refs: #48379 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
ruyadorno
pushed a commit
that referenced
this issue
Sep 13, 2023
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier than 3.0. Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips` when run with a FIPS enabled OpenSSL 3 configuration. PR-URL: #48392 Refs: #48379 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
Previously we used to have a CI configuration for testing Node.js with FIPS enabled back when we were using OpenSSL 1.0.2. We stopped in Node.js 10.x when we moved to OpenSSL 1.1.x as there was no upstream OpenSSL support for FIPS in that version. With OpenSSL 3, FIPS is back, this time as an OpenSSL 3 provider.
I've started work on re-adding a FIPS enabled configuration to our CI. For now this is in a temporary separate job as there are test failures.
richardlau-node-test-commit-linux-containered is based on node-test-commit-linux-containered with extra configurations, one of which, ubuntu2204_sharedlibs_openssl30fips_x64, is for FIPS enablement with OpenSSL 3. I've put together a slimmed down version of the container we're using in https://github.com/richardlau/ubuntu2204_fips for replication outside of the CI.
List of failing tests with FIPS enabled
e.g. https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/14/nodes=ubuntu2204_sharedlibs_openssl30fips_x64
(on a929522)
cc @nodejs/crypto
The text was updated successfully, but these errors were encountered: