From d3f51457af3e2c603657a3c6a6dcbcd22069b473 Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Tue, 2 Jul 2019 09:46:43 +0200 Subject: [PATCH] test: use openssl_is_fips instead of hasFipsCrypto Currently, when dynamically linking against a FIPS enabled OpenSSL library test-process-env-allowed-flags-are-documented will fail with the following error: assert.js:89 throw new AssertionError(obj); ^ AssertionError [ERR_ASSERTION]: The following options are not documented as allowed in NODE_OPTIONS in /root/node/doc/api/cli.md: --enable-fips --force-fips at Object. (/test/parallel/test-process-env-allowed-flags-are-documented.js:82:8) at Module._compile (internal/modules/cjs/loader.js:779:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:790:10) at Module.load (internal/modules/cjs/loader.js:642:32) at Function.Module._load (internal/modules/cjs/loader.js:555:12) at Function.Module.runMain (internal/modules/cjs/loader.js:842:10) at internal/main/run_main_module.js:17:11 { generatedMessage: false, code: 'ERR_ASSERTION', actual: 2, expected: 0, operator: 'strictEqual' } This commit updates the test to use process.config.variables.openssl_is_fips instead of common.hasFipsCrypto as hasFipsCrypto only returns true if the OpenSSL library that is shipped with node was configured with FIPS enabled. PR-URL: https://github.com/nodejs/node/pull/28507 Reviewed-By: Ben Noordhuis Reviewed-By: Rich Trott Reviewed-By: Richard Lau Reviewed-By: Ruben Bridgewater --- .../test-process-env-allowed-flags-are-documented.js | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js index 0a6034f746784d..a60f6bbecf69cf 100644 --- a/test/parallel/test-process-env-allowed-flags-are-documented.js +++ b/test/parallel/test-process-env-allowed-flags-are-documented.js @@ -46,7 +46,14 @@ const conditionalOpts = [ return ['--openssl-config', '--tls-cipher-list', '--use-bundled-ca', '--use-openssl-ca' ].includes(opt); } }, - { include: common.hasFipsCrypto, + { + // We are using openssl_is_fips from the configuration because it could be + // the case that OpenSSL is FIPS compatible but fips has not been enabled + // (starting node with --enable-fips). If we use common.hasFipsCrypto + // that would only tells us if fips has been enabled, but in this case we + // want to check options which will be available regardless of whether fips + // is enabled at runtime or not. + include: process.config.variables.openssl_is_fips, filter: (opt) => opt.includes('-fips') }, { include: common.hasIntl, filter: (opt) => opt === '--icu-data-dir' },