-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: migrate setFipsCrypto to internal/errors #16428
Conversation
doc/api/errors.md
Outdated
<a id="ERR_CRYPTO_FIPS_FORCED"></a> | ||
### ERR_CRYPTO_FIPS_FORCED | ||
|
||
Used when an attempt to made to enable or disable FIPS mode in the `crypto` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand the meaning but as a non native speaker this sounds like alien English to me.
Is something like "Used when trying to enable or disable FIPS mode in the crypto
module and the --force-fips
command-line argument is used" equivalent?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
heh... I think I just mangled that sentence a bit ;-)
doc/api/errors.md
Outdated
<a id="ERR_CRYPTO_FIPS_UNAVAILABLE"></a> | ||
### ERR_CRYPTO_FIPS_UNAVAILABLE | ||
|
||
Used when an attempt to made to enable FIPS mode in the `crypto` module using |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is also a bit hard to grok (at least for me). Feel free to update it :)
ping @nodejs/tsc |
https://ci.nodejs.org/job/node-test-commit-linux-fips/11974/nodes=ubuntu1404-64/console
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed some errors in CI
@@ -10,7 +10,9 @@ const fixtures = require('../common/fixtures'); | |||
|
|||
const FIPS_ENABLED = 1; | |||
const FIPS_DISABLED = 0; | |||
const FIPS_ERROR_STRING = 'Error: Cannot set FIPS mode'; | |||
const FIPS_ERROR_STRING = | |||
'Error [ERR_CRYPTO_FIPS_UNAVAILABLE]: Cannot set FIPS mode in a ' + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There should be two flavors of this string, the tests below needs update
ae963ed
to
1e4c943
Compare
@joyeecheung .... PTAL |
lib/crypto.js
Outdated
@@ -182,7 +182,9 @@ function setFipsDisabled() { | |||
throw new errors.Error('ERR_CRYPTO_FIPS_UNAVAILABLE'); | |||
} | |||
|
|||
function setFipsForced() { | |||
function setFipsForced(val) { | |||
if (val && fipsForced) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the check on fipsForced
? Isn't setFipsForced
only called when fipsForced
is true
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
heh, good point ;-) this only needs to check if val
is truthy :-)
CI is good on fips now! |
0391080
to
5438770
Compare
With the exception of ThrowCryptoError, use internal/errors to report fips unavailable or forced
5438770
to
a4e0c01
Compare
ping @joyeecheung |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
With the exception of ThrowCryptoError, use internal/errors to report fips unavailable or forced PR-URL: #16428 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
Landed in ee76f31 |
With the exception of ThrowCryptoError, use internal/errors to report fips unavailable or forced PR-URL: nodejs/node#16428 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
With the exception of ThrowCryptoError, use internal/errors to report fips unavailable or forced PR-URL: nodejs/node#16428 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
With the exception of ThrowCryptoError, use internal/errors to report fips unavailable or forced PR-URL: nodejs/node#16428 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Matteo Collina <[email protected]>
With the exception of ThrowCryptoError, use internal/errors to report fips unavailable or forced
Also only exports the
setFipsCrypto
andgetFipsCrypto
methods onprocess.binding('crypto')
if FIPS mode is available.Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
crypto (fips)