search

nodejs / help

:sparkles: Need help with Node.js? File an Issue here. :rocket:
1.45k stars 278 forks source link

FIPS Error #4204

Closed vineet199 closed 1 year ago

vineet199 commented 1 year ago

Details

When enabling fips mode I get a runtime error on application startup as shown below in the log. Note there are no error when Fips is disabled.

Node.js version

node v20.3.1 npm v9.6.7

Example code

The following code block is used to set Fips mode
try{
    crypto.setFips(true);
} catch(e){
   console.error("Error when enabling fips", e);
}

Log - Error: error:0308010C:digital envelope routines::unsupported at new Hmac (node:internal/crypto/hash:136:17) at Object.createHmac (node:crypto:170:10) at Object.hmac (/Users/user/myproject/node_modules/aws-sdk/lib/util.js:428:30) at Object.getSigningKey (/Users/user/myproject/node_modules/aws-sdk/lib/signers/v4_credentials.js:62:8) at V4.signature (/Users/user/myproject/node_modules/aws-sdk/lib/signers/v4.js:98:36) at V4.authorization (/Users/user/myproject/node_modules/aws-sdk/lib/signers/v4.js:93:36) at V4.addAuthorization (/Users/user/myproject/node_modules/aws-sdk/lib/signers/v4.js:35:12) at /Users/user/myproject/node_modules/aws-sdk/lib/event_listeners.js:265:18 at finish (/Users/user/myproject/node_modules/aws-sdk/lib/config.js:386:7) at /Users/user/myproject/node_modules/aws-sdk/lib/config.js:404:9 at Credentials.get (/Users/user/myproject/node_modules/aws-sdk/lib/credentials.js:127:7) at getAsyncCredentials (/Users/user/myproject/node_modules/aws-sdk/lib/config.js:398:24) at Config.getCredentials (/Users/user/myproject/node_modules/aws-sdk/lib/config.js:418:9) at Request.SIGN (/Users/user/myproject/node_modules/aws-sdk/lib/event_listeners.js:241:22) at Request.callListeners (/Users/user/myproject/node_modules/aws-sdk/lib/sequential_executor.js:102:18) at callNextListener (/Users/user/myproject/node_modules/aws-sdk/lib/sequential_executor.js:96:12) at Request.discoverEndpoint (/Users/user/myproject/node_modules/aws-sdk/lib/discover_endpoint.js:365:7) at Request.callListeners (/Users/user/myproject/node_modules/aws-sdk/lib/sequential_executor.js:102:18) at Request.emit (/Users/user/myproject/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/Users/user/myproject/node_modules/aws-sdk/lib/request.js:688:14) at Request.transition (/Users/user/myproject/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/Users/user/myproject/node_modules/aws-sdk/lib/state_machine.js:14:12) at /Users/user/myproject/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request. (/Users/user/myproject/node_modules/aws-sdk/lib/request.js:38:9) at Request. (/Users/user/myproject/node_modules/aws-sdk/lib/request.js:690:12) at Request.callListeners (/Users/user/myproject/node_modules/aws-sdk/lib/sequential_executor.js:116:18) at Request.emit (/Users/user/myproject/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/Users/user/myproject/node_modules/aws-sdk/lib/request.js:688:14) { message: 'error:0308010C:digital envelope routines::unsupported', opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ], library: 'digital envelope routines', reason: 'unsupported', code: 'ERR_OSSL_EVP_UNSUPPORTED', retryDelay: 59.11686875912312, name: 'Error', time: 2023-07-07T08:52:39.613Z }

Operating system

Tested this on various Operating systems -

  1. Mac OS Ventura 13.4.1 Darwin 22.5.0 Darwin Kernel Version 22.5.0: Thu Jun 8 22:22:22 PDT 2023; root:xnu-8796.121.3~7/RELEASE_X86_64 x86_64 openssl v3.0.2

  2. RHEL 8 openssl v1.1.1k

  3. Ubuntu openssl v3.x.x

Scope

This is a runtime issue

Module and version

Node version 20.3.1

mhdawson commented 1 year ago

I think this is telling you that your application is using an algorithm that is not FIPs approved.