-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: Skip weak crypto tests in FIPS mode #3757
Conversation
@@ -323,7 +323,7 @@ var rfc2202_sha1 = [ | |||
} | |||
]; | |||
|
|||
for (var i = 0, l = rfc2202_md5.length; i < l; i++) { | |||
for (var i = 0, l = rfc2202_md5.length; i < l && !common.hasFipsCrypto; i++) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would rather wrap is with if
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
me too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
5e91045
to
f42f961
Compare
@stefanmb I've just updated test-tls-honorcipherorder.js so as to work on only TLS1.2 ciphers to change DES-CBC-SHA => AES256-SHA256 Please refer the whole tests at https://gist.github.com/shigeki/f523f894f6d739f59364 All the symmetric cipher is AES so it looks very hard to distinguish them at a glance but it does not matter to test and check the cipher selection. |
f8ea05f
to
e6b1468
Compare
Thank you! I've included those changes as an additional commit in this PR. |
@@ -141,6 +141,10 @@ Object.defineProperty(exports, 'hasCrypto', {get: function() { | |||
return process.versions.openssl ? true : false; | |||
}}); | |||
|
|||
Object.defineProperty(exports, 'hasFipsCrypto', {get: function() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style, please move get:
on a next line and indent everything properly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I'll change the line above it too as mine is an exact copy of the existing hasCrypto above it.
e09ee04
to
af09eb8
Compare
@indutny Style (and formatting) issues fixed. Thanks! |
@stefanmb ... ok, quite a few CI failures on multiple platforms. The failures look relevant. |
Modified tests to work in FIPS and non-FIPS mode using TLS1.2 crypto.
dd5ae5a
to
cc835ad
Compare
@jasnell Oops, there was a typo in one of the tests - I fixed it. Let's try another run. |
@jasnell I see two unrelated failures. |
LGTM |
LGTM |
Going to land CI run here: https://ci.nodejs.org/job/node-test-pull-request/787/ |
No relevant failures, a couple of centos machines had machine related issues and a failure on windows I'm pretty sure I've seen before |
+1. let's land it! |
FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests that use them, or substitute with stronger crypto where applicable. PR-URL: #3757 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Landed as e499ea8 |
FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests that use them, or substitute with stronger crypto where applicable. PR-URL: #3757 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests that use them, or substitute with stronger crypto where applicable. PR-URL: #3757 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests that use them, or substitute with stronger crypto where applicable. PR-URL: #3757 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests that use them, or substitute with stronger crypto where applicable. PR-URL: #3757 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests that use them, or substitute with stronger crypto where applicable. PR-URL: #3757 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: James Snell <jasnell@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
FIPS 140-2 does not permit the use of MD5 and RC4, skip tests that use them in FIPS mode, or substitute with stronger crypto where applicable.