From 7c7f5159fcc71d915dfcc5f97ab18d5f8912f1b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Tue, 25 Aug 2020 14:04:54 +0200 Subject: [PATCH] crypto: make FIPS related options always awailable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no reason to hide FIPS functionality behind build flags. OpenSSL always provide the information about FIPS availability via `FIPS_mode()` function. This makes the user experience more consistent, because the OpenSSL library is always queried and the `crypto.getFips()` always returns OpenSSL settings. Fixes #34903 PR-URL: https://github.com/nodejs/node/pull/36341 Reviewed-By: Anna Henningsen Reviewed-By: Michael Dawson Reviewed-By: Daniel Bevenius Signed-off-by: Jan Staněk Signed-off-by: rpm-build --- doc/api/cli.md | 8 +-- lib/crypto.js | 22 ++---- node.gypi | 3 - src/node.cc | 6 +- src/node_config.cc | 2 - src/node_crypto.cc | 45 +++++++----- src/node_options.cc | 2 - src/node_options.h | 2 - test/parallel/test-cli-node-print-help.js | 7 +- test/parallel/test-crypto-fips.js | 71 +++++++++---------- ...rocess-env-allowed-flags-are-documented.js | 11 +-- 11 files changed, 74 insertions(+), 105 deletions(-) diff --git a/doc/api/cli.md b/doc/api/cli.md index a8ef339..c41bd49 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -182,8 +182,8 @@ code from strings throw an exception instead. This does not affect the Node.js added: v6.0.0 --> -Enable FIPS-compliant crypto at startup. (Requires Node.js to be built with -`./configure --openssl-fips`.) +Enable FIPS-compliant crypto at startup. (Requires Node.js to be built +against FIPS-compatible OpenSSL.) ### `--enable-source-maps` Load an OpenSSL configuration file on startup. Among other uses, this can be -used to enable FIPS-compliant crypto if Node.js is built with -`./configure --openssl-fips`. +used to enable FIPS-compliant crypto if Node.js is built +against FIPS-enabled OpenSSL. ### `--pending-deprecation`