Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix test regression for OpenSSL compiled with FIPS #23871

Closed
wants to merge 1 commit into from

Conversation

@AdamMajer
Copy link
Contributor

commented Oct 25, 2018

In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
@addaleax

This comment has been minimized.

Copy link
Member

commented Oct 25, 2018

CI: https://ci.nodejs.org/job/node-test-pull-request/18142/

Collaborators, feel free to 👍 this comment to approve fast-tracking.

In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.
@AdamMajer AdamMajer force-pushed the AdamMajer:fix_fips branch from a1e653a to 7b8b723 Oct 25, 2018
@AdamMajer

This comment has been minimized.

Copy link
Contributor Author

commented Oct 25, 2018

Sorry, had to change commit message to follow guidelines

@refack
refack approved these changes Oct 25, 2018
@refack refack added the author ready label Oct 25, 2018
@refack

This comment has been minimized.

Copy link
Member

commented Oct 25, 2018

@richardlau

This comment has been minimized.

Copy link
Member

commented Oct 25, 2018

LGTM but I thought there isn't a FIPS module compatible with OpenSSL 1.1.0/1.1.1 yet and (AFAIK) Node.js doesn't compile against OpenSSL 1.0.2 since the update to 1.1.0 (#22025).

@mhdawson

This comment has been minimized.

Copy link
Member

commented Oct 25, 2018

We still build/test FIPs on earlier versions so its good to have this in case PR mentioned is backported. We also will want to compile in FIPs in the future

Copy link
Member

left a comment

LGTM

@sam-github

This comment has been minimized.

Copy link
Member

commented Oct 25, 2018

@AdamMajer thanks for this.

I don't mind fast-tracking this, its small and correct, but since master doesn't build against FIPS, its not breaking anything ATM, is it?

@AdamMajer

This comment has been minimized.

Copy link
Contributor Author

commented Oct 25, 2018

@lpinca
lpinca approved these changes Oct 25, 2018
@@ -34,7 +34,7 @@ assert(/^\d+\.\d+\.\d+(?:\.\d+)?-node\.\d+(?: \(candidate\))?$/
assert(/^\d+$/.test(process.versions.modules));

if (common.hasCrypto) {
assert(/^\d+\.\d+\.\d+[a-z]?$/.test(process.versions.openssl));
assert(/^\d+\.\d+\.\d+[a-z]?(-fips)?$/.test(process.versions.openssl));

This comment has been minimized.

Copy link
@lpinca

lpinca Oct 25, 2018

Member
Suggested change
assert(/^\d+\.\d+\.\d+[a-z]?(-fips)?$/.test(process.versions.openssl));
assert(/^\d+\.\d+\.\d+[a-z]?(?:-fips)?$/.test(process.versions.openssl));

This comment has been minimized.

Copy link
@AdamMajer

AdamMajer Oct 26, 2018

Author Contributor

Yes, could change that but I think it makes it more difficult to read and we are not really saving anything here. So I think for readability sake, I would keep this as-is.

@targos targos removed the fast-track label Oct 28, 2018
@targos

This comment has been minimized.

Copy link
Member

commented Oct 28, 2018

Landed in 0a23538

@targos targos closed this Oct 28, 2018
targos added a commit that referenced this pull request Oct 28, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos added a commit that referenced this pull request Oct 28, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@targos targos referenced this pull request Oct 28, 2018
targos added a commit that referenced this pull request Nov 1, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 26, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 26, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@codebytere codebytere referenced this pull request Nov 27, 2018
rvagg added a commit that referenced this pull request Nov 28, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
rvagg added a commit that referenced this pull request Nov 28, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
MylesBorins added a commit that referenced this pull request Nov 29, 2018
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.

PR-URL: #23871
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@codebytere codebytere referenced this pull request Nov 29, 2018
@BethGriggs BethGriggs referenced this pull request Dec 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.