Skip to content

[Backport] Support keystore tests on FIPS JVM#66902

Merged
ywangd merged 1 commit intoelastic:7.xfrom
tvernum:backport/7.x/66846-Support-keystore-tests-on
Jan 4, 2021
Merged

[Backport] Support keystore tests on FIPS JVM#66902
ywangd merged 1 commit intoelastic:7.xfrom
tvernum:backport/7.x/66846-Support-keystore-tests-on

Conversation

@tvernum
Copy link
Copy Markdown
Contributor

@tvernum tvernum commented Dec 31, 2020

As of #64024 we run FIPS CI on a true, FIPS approved only mode JVM.
This mandates that any passwords that are fed into PBKDF2 must have at
least 112 bits of entropy (that is, be 14 characters long).

This commit updates our Keystore CLI tests so that tests either:

  1. Use a 14+ character password when in FIPS mode, or
  2. Are skipped on FIPS mode (because they explicitly test empty
    passwords)

Backport of: #66846

@tvernum
Support keystore tests on FIPS JVM
8c28158 
As of elastic#64024 we run FIPS CI on a true, FIPS approved only mode JVM.
This mandates that any passwords that are fed into PBKDF2 must have at
least 112 bits of entropy (that is, be 14 characters long).

This commit updates our Keystore CLI tests so that tests either:
1. Use a 14+ character password when in FIPS mode, _or_
2. Are skipped on FIPS mode (because they explicitly test empty
   passwords)

Backport of: elastic#66846
@tvernum
Copy link
Copy Markdown
Contributor Author

tvernum commented Dec 31, 2020

@elasticmachine run elasticsearch-ci/bwc please & thank you!

17:05:40 Caused: java.io.IOException: Remote call on JNLP4-connect connection from elasticsearch-ci-immutable-ubuntu-1604-1609394643403852903.c.elastic-ci-prod.internal/10.224.0.168:37454 failed

@tvernum tvernum force-pushed the backport/7.x/66846-Support-keystore-tests-on branch from 20555b6 to 8c28158 Compare December 31, 2020 06:28
@tvernum
Copy link
Copy Markdown
Contributor Author

tvernum commented Dec 31, 2020

@elasticmachine run elasticsearch-ci/2 please

Failure was: #66903

@ywangd
Copy link
Copy Markdown
Member

ywangd commented Jan 4, 2021

@tvernum I am going to merge this since the main PR #66846 does it job of fixing a bunch of failure. I hope you don't mind. Will also backport this to 7.11.

@ywangd ywangd merged commit 46eeefb into elastic:7.x Jan 4, 2021
ywangd pushed a commit to ywangd/elasticsearch that referenced this pull request Jan 4, 2021
@tvernum @ywangd
Support keystore tests on FIPS JVM (elastic#66902)
c89e4d0 
As of elastic#64024 we run FIPS CI on a true, FIPS approved only mode JVM.
This mandates that any passwords that are fed into PBKDF2 must have at
least 112 bits of entropy (that is, be 14 characters long).

This commit updates our Keystore CLI tests so that tests either:
1. Use a 14+ character password when in FIPS mode, _or_
2. Are skipped on FIPS mode (because they explicitly test empty
   passwords)

Backport of: elastic#66846
ywangd added a commit that referenced this pull request Jan 4, 2021
@ywangd @tvernum
Support keystore tests on FIPS JVM (#66902) (#66964)
d70e5ca 
As of #64024 we run FIPS CI on a true, FIPS approved only mode JVM.
This mandates that any passwords that are fed into PBKDF2 must have at
least 112 bits of entropy (that is, be 14 characters long).

This commit updates our Keystore CLI tests so that tests either:
1. Use a 14+ character password when in FIPS mode, _or_
2. Are skipped on FIPS mode (because they explicitly test empty
   passwords)

Backport of: #66846

Co-authored-by: Tim Vernum <tim.vernum@elastic.co>
@ywangd ywangd mentioned this pull request Jan 4, 2021
Closed
@williamrandolph williamrandolph mentioned this pull request Mar 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tvernum @ywangd