Disable FIPS for NodeJS build

Question

I am running into the following problem when building NodeJS app on a FIPS-enabled RHEL8 server. The command is CI=false npm run build

Error: error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS
at new Hash (node:internal/crypto/hash:69:19)
at createHash (node:crypto:136:10)

Same application builds fine on another FIPS-enabled RHEL8 server.

Here is the set up on the server where I get the error:

OS Version: Red Hat Enterprise Linux release 8.10 (Ootpa)
OpenSSL Version: OpenSSL 1.1.1k FIPS 25 Mar 2021
Node Version: v18.20.4
Running fips-mode-setup --check gives "FIPS mode is enabled"
Running node -p 'crypto.getFips()' gives "1".

And here is the set up on the server where it builds fine:

OS Version: Red Hat Enterprise Linux release 8.10 (Ootpa)
OpenSSL Version: OpenSSL 1.1.1k FIPS 25 Mar 2021
Node Version: v18.20.3
Running fips-mode-setup --check gives "FIPS mode is enabled"
Running node -p 'crypto.getFips()' gives "0".

It looks like the server where I get the error has FIPS enabled on both the OS and NodeJS levels. And the server where it builds fine also has FIPS enabled on the OS level but NodeJS FIPS is disabled.

My question is how can I disable FIPS on the NodeJS level and keep FIPS enabled on the OS level? I can't change FIPS on the OS level but I have control over NodeJS installation. And I am not sure how Node was installed in the server where the build runs fine. I have no control over that.

I tried running node -p 'crypto.setFips(0)' but I am getting the following error: Error $$ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED$$: Cannot set FIPS mode. FIPS should be enabled/disabled at system level.

Thank you.

Disable FIPS for NodeJS build

Answers (1)

Related Questions