Skip to content

using --enable-fips or --force-fips with crypto.fips=1 fails #11849

New issue
New issue
Closed
Closed
using --enable-fips or --force-fips with crypto.fips=1 fails#11849
Assignees
gibfahn
Labels
cryptoIssues and PRs related to the crypto subsystem.
@stevewallin

Description

@stevewallin
stevewallin
opened on Mar 14, 2017
  • Version:6.1.0.0
  • Platform:Linux 8df1860c1f5b 4.9.12-moby deps: update openssl to 1.0.1j #1 SMP Tue Feb 28 12:11:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
  • Subsystem:crypto

When using a fips enabled build of node:

  • using only application control of fips with crypto.fips = 0 or 1 works as expected
  • --enable-fips and crypto.fips=0 - working as expected (FIPS disabled)
  • --force-fips and crypto.fips=0 - working as expected with following error
crypto.fips = 0; ^ Error: Cannot set FIPS mode, it was forced with --force-fips at startup.) with --enable-fips or --force-fips and crypto.fips = 1 the app fails ( crypto.fips = 1; ^ Error: error:2D078072:FIPS routines:FIPS_module_mode_set:fips mode already set

I'm trying to build a migration plan for adopting fips and having both crypto.fips = 1 in the application and --enable-fips or --force-fips seems like a valid use case to me ?

Metadata

Metadata

Assignees

Labels

cryptoIssues and PRs related to the crypto subsystem.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions