Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-30570

Node.js crypto.setFips(false) no longer works in 18.19.1

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-8.9.0
    • nodejs-18-module
    • None
    • Yes
    • High
    • Regression
    • sst_cs_apps
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      A specific app written in Node.js, running on a FIPS mode system, needs to communicate (over TLS) with an external legacy system that doesn't support FIPS crypto.

      With nodejs 18.19.0 (nodejs-18.19.0-1.module+el8.9.0+21190+5ebd2c33), the app was able to explicitly call crypto.setFips(false) from the JS code.

      The update to 18.19.1 update yesterday removes this functionality.

      Please provide the package NVR for which bug is seen:

      nodejs-18.19.1-1.module+el8.9.0+21387+21356dec.x86_64.rpm

      How reproducible:

      Always.

      Steps to reproduce

      1. On fips mode server, start Node.js repl (node)
      2. Run require('crypto').setFips(false)

      Expected results

      No error.

      Actual results

      Error "ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED"

            jstanek@redhat.com Jan Stanek
            pe@iki.fi Pasi Eronen (Inactive)
            Jan Stanek Jan Stanek
            bot rhel-cs-apps-subsystem-qe bot rhel-cs-apps-subsystem-qe
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: