Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework the FIPS mode detection #1320

Merged
merged 1 commit into from
Mar 28, 2018
Merged

Rework the FIPS mode detection #1320

merged 1 commit into from
Mar 28, 2018

Conversation

justincormack
Copy link
Contributor

The best test we currently have for whether Notary is running in a FIPS
compliant environment is whether the MD5 hash function is registered when
crypto/md5 is linked in to the program. This function is not available
in FIPS mode as it is not an allowed hash function.

Signed-off-by: Justin Cormack justin.cormack@docker.com

@HuKeping
Copy link
Contributor

The const FIPSEnvVar in the testcode fail the CI

@justincormack
Copy link
Contributor Author

Ah ok, we still have a force override, will adjust.

@justincormack
Copy link
Contributor Author

Ok fixed up the way tests work cc @cyli

@justincormack
Rework the FIPS mode detection
1710178 
The best test we currently have for whether Notary is running in a FIPS
compliant environment is whether the MD5 hash function is registered when
crypto/md5 is linked in to the program. This function is not available
in FIPS mode as it is not an allowed hash function.

Fix the tests to not use environment variables but private functions
instead. This allows parallel testing and is cleaner.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
cyli
cyli approved these changes Mar 27, 2018
View reviewed changes
Copy link
Contributor

@cyli cyli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for fixing this @justincormack

@HuKeping
Copy link
Contributor

Thanks @justincormack

LGTM!

@HuKeping HuKeping merged commit ab322b6 into notaryproject:master Mar 28, 2018
@justincormack justincormack deleted the fips-test branch March 28, 2018 16:02
@srfraser srfraser mentioned this pull request Jan 10, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cyli cyli cyli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@justincormack @HuKeping @cyli