From 0d448eaab5249814c57f30bc66b09384f8a0021b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Tue, 25 Aug 2020 14:04:54 +0200 Subject: [PATCH] crypto: make FIPS related options always available There is no reason to hide FIPS functionality behind build flags. OpenSSL always provide the information about FIPS availability via `FIPS_mode()` function. This makes the user experience more consistent, because the OpenSSL library is always queried and the `crypto.getFips()` always returns OpenSSL settings. Fixes: https://github.com/nodejs/node/issues/34903 Backport-PR-URL: https://github.com/nodejs/node/pull/40241 PR-URL: https://github.com/nodejs/node/pull/36341 Reviewed-By: Anna Henningsen Reviewed-By: Michael Dawson Reviewed-By: Daniel Bevenius --- doc/api/cli.md | 8 +-- lib/crypto.js | 22 ++---- node.gypi | 3 - src/node.cc | 6 +- src/node_config.cc | 2 - src/node_crypto.cc | 44 +++++++----- src/node_options.cc | 2 - src/node_options.h | 2 - test/parallel/test-cli-node-print-help.js | 7 +- test/parallel/test-crypto-fips.js | 71 +++++++++---------- ...rocess-env-allowed-flags-are-documented.js | 21 +++--- 11 files changed, 82 insertions(+), 106 deletions(-) diff --git a/doc/api/cli.md b/doc/api/cli.md index 3f3e5e4eeb72c8..c657a0715e19b1 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -201,8 +201,8 @@ priority than `--dns-result-order`. added: v6.0.0 --> -Enable FIPS-compliant crypto at startup. (Requires Node.js to be built with -`./configure --openssl-fips`.) +Enable FIPS-compliant crypto at startup. (Requires Node.js to be built +against FIPS-compatible OpenSSL.) ### `--enable-source-maps` Load an OpenSSL configuration file on startup. Among other uses, this can be -used to enable FIPS-compliant crypto if Node.js is built with -`./configure --openssl-fips`. +used to enable FIPS-compliant crypto if Node.js is built +against FIPS-enabled OpenSSL. ### `--pending-deprecation`