Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

src: enable fips support #6380

Closed
wants to merge 1 commit into from
Closed

src: enable fips support #6380

wants to merge 1 commit into from

Conversation

arthurtsang
Copy link

FIPS 140-2 support for enterprise, especially government is very important. OpenSSL supported FIPS with OpenSSL FIPS Object Module. To enable NodeJS to support FIPS, all we need to do is to compile with OpenSSL shared library which built with OpenSSL FIPS Object Module and call FIPS_mode_set() to enable FIPS mode.

to test if NodeJS has turned on FIPS mode, we can use the script below. since bf is an unsupported algorithm, node will core dumped.

#!/usr/bin/env node

'use strict';

var crypto = require('crypto');

var cipher = crypto.createCipher('bf','12345');
var encrypted = cipher.update('encrypt this very long string' , 'utf8', 'base64');
encrypted = encrypted + cipher.final('base64');

var decipher = crypto.createDecipher('bf','12345');
var decrypted = decipher.update(encrypted, 'base64', 'utf8');
decrypted = decrypted + decipher.final('utf8');

console.log( 'encrypted: ' + encrypted );
console.log( 'decrypted: ' + decrypted );

configure is modified to add --shared-openssl-fips to turn on FIPS mode.

more info on OpenSSl FIPS http://www.openssl.org/docs/fips/fipsnotes.html

@Nodejs-Jenkins
Copy link

Thank you for contributing this pull request! Here are a few pointers to make sure your submission will be considered for inclusion.

Commit arthurtsang/node@37a4d2d has the following error(s):

  • Commit message must indicate the subsystem this commit changes

The following commiters were not found in the CLA:

  • Arthur Tsang

You can fix all these things without opening another issue.

Please see CONTRIBUTING.md for more information

@arthurtsang
Copy link
Author

please note that the tests fail without my change.

@nzakas nzakas mentioned this pull request May 29, 2015
Closed
@jasnell
Copy link
Member

jasnell commented Aug 13, 2015

@joyent/node-tsc ... given that this targets master, would need to be updated, and is being revisited in #25463, I recommend closing this one. That's not to say we shouldn't land FIPS support in v0.12, but this particular PR likely wouldn't be the way we do it.

@jasnell
Copy link
Member

jasnell commented Aug 15, 2015

Closing this here. There is an ongoing discussion at nodejs/node#2242. FIPS enablement would need to happen in nodejs/node master and cherry picked back to the v0.12 or v0.10 as appropriate.

@jasnell jasnell closed this Aug 15, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
master pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arthurtsang @Nodejs-Jenkins @jasnell