Skip to content

build: introduce --openssl-is-fips flag #25412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
danbev wants to merge 2 commits into from
Closed

build: introduce --openssl-is-fips flag #25412

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3397f29
build: introduce --openssl-is-fips flag
danbev Jan 9, 2019
8856979
src: fix FIPS section in Sign::SignFinal
danbev Jan 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
build: introduce --openssl-is-fips flag 
This commit introduces a new configuration flag named
--openssl-is-fips which is intended to be used when linking against
an OpenSSL library that is FIPS compatible.

The motivation for this is that Red Hat Enterprise Linux 8 (RHEL8)
comes with OpenSSL 1.1.1 and includes FIPS support, and we would
like to be able to dynamically link against this version and also have
FIPS features enabled in node, like would be done when statically
linking and using the --openssl-fips flag.

The suggestion here is to introduce a new flag:
$ ./configure --help
...
--openssl-is-fips specifies that the shared OpenSSL version is FIPS
                  compatible

This flag could be used in combination with the shared-openssl flag:
$ ./configure --shared-openssl ---openssl-is-fips

This will enable FIPS support in node and the runtime flags will be
availalbe to enable FIPS (--enable-fips, --force-fips).
  • Loading branch information
@danbev
danbev committed Jan 16, 2019
commit 3397f29a37e80055b290572d661d5f0b473fe70d
6 changes: 6 additions & 0 deletions configure.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,11 @@
dest='openssl_fips',
help='Build OpenSSL using FIPS canister .o file in supplied folder')

parser.add_option('--openssl-is-fips',
action='store_true',
dest='openssl_is_fips',
help='specifies that the OpenSSL library is FIPS compatible')

parser.add_option('--openssl-use-def-ca-store',
action='store_true',
dest='use_openssl_ca_store',
Expand Down Expand Up @@ -1187,6 +1192,7 @@ def configure_openssl(o):
variables = o['variables']
variables['node_use_openssl'] = b(not options.without_ssl)
variables['node_shared_openssl'] = b(options.shared_openssl)
variables['openssl_is_fips'] = b(options.openssl_is_fips)
variables['openssl_fips'] = ''

if options.openssl_no_asm:
Expand Down
2 changes: 1 addition & 1 deletion node.gypi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,7 @@
[ 'node_use_openssl=="true"', {
'defines': [ 'HAVE_OPENSSL=1' ],
'conditions': [
['openssl_fips != ""', {
['openssl_fips != "" or openssl_is_fips=="true"', {
'defines': [ 'NODE_FIPS_MODE' ],
}],
[ 'node_shared_openssl=="false"', {
Expand Down