Skip to content
This repository was archived by the owner on Apr 22, 2023. It is now read-only.

src: enable fips support#6380

Closed
arthurtsang wants to merge 1 commit intonodejs:masterfrom
arthurtsang:fips
Closed

src: enable fips support#6380
arthurtsang wants to merge 1 commit intonodejs:masterfrom
arthurtsang:fips

Conversation

@arthurtsang
Copy link
Copy Markdown

@arthurtsang arthurtsang commented Oct 20, 2013

FIPS 140-2 support for enterprise, especially government is very important. OpenSSL supported FIPS with OpenSSL FIPS Object Module. To enable NodeJS to support FIPS, all we need to do is to compile with OpenSSL shared library which built with OpenSSL FIPS Object Module and call FIPS_mode_set() to enable FIPS mode.

to test if NodeJS has turned on FIPS mode, we can use the script below. since bf is an unsupported algorithm, node will core dumped.

#!/usr/bin/env node

'use strict';

var crypto = require('crypto');

var cipher = crypto.createCipher('bf','12345');
var encrypted = cipher.update('encrypt this very long string' , 'utf8', 'base64');
encrypted = encrypted + cipher.final('base64');

var decipher = crypto.createDecipher('bf','12345');
var decrypted = decipher.update(encrypted, 'base64', 'utf8');
decrypted = decrypted + decipher.final('utf8');

console.log( 'encrypted: ' + encrypted );
console.log( 'decrypted: ' + decrypted );

configure is modified to add --shared-openssl-fips to turn on FIPS mode.

more info on OpenSSl FIPS http://www.openssl.org/docs/fips/fipsnotes.html

@Nodejs-Jenkins
Copy link
Copy Markdown

Nodejs-Jenkins commented Oct 20, 2013

Thank you for contributing this pull request! Here are a few pointers to make sure your submission will be considered for inclusion.

Commit arthurtsang/node@37a4d2d has the following error(s):

  • Commit message must indicate the subsystem this commit changes

The following commiters were not found in the CLA:

  • Arthur Tsang

You can fix all these things without opening another issue.

Please see CONTRIBUTING.md for more information

@arthurtsang
Copy link
Copy Markdown
Author

arthurtsang commented Oct 21, 2013

please note that the tests fail without my change.

@nzakas nzakas mentioned this pull request May 29, 2015
Closed
@jasnell
Copy link
Copy Markdown
Member

jasnell commented Aug 13, 2015

@joyent/node-tsc ... given that this targets master, would need to be updated, and is being revisited in #25463, I recommend closing this one. That's not to say we shouldn't land FIPS support in v0.12, but this particular PR likely wouldn't be the way we do it.

@jasnell
Copy link
Copy Markdown
Member

jasnell commented Aug 15, 2015

Closing this here. There is an ongoing discussion at nodejs/node#2242. FIPS enablement would need to happen in nodejs/node master and cherry picked back to the v0.12 or v0.10 as appropriate.

@jasnell jasnell closed this Aug 15, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

master pr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arthurtsang @Nodejs-Jenkins @jasnell