Skip to content

[Backport] Support keystore tests on FIPS JVM#66964

Merged
ywangd merged 1 commit intoelastic:7.11from
ywangd:backport/7.11/66846-Support-keystore-tests-on
Jan 4, 2021
Merged

[Backport] Support keystore tests on FIPS JVM#66964
ywangd merged 1 commit intoelastic:7.11from
ywangd:backport/7.11/66846-Support-keystore-tests-on

Conversation

@ywangd
Copy link
Copy Markdown
Member

@ywangd ywangd commented Jan 4, 2021

As of #64024 we run FIPS CI on a true, FIPS approved only mode JVM.
This mandates that any passwords that are fed into PBKDF2 must have at
least 112 bits of entropy (that is, be 14 characters long).

This commit updates our Keystore CLI tests so that tests either:

  1. Use a 14+ character password when in FIPS mode, or
  2. Are skipped on FIPS mode (because they explicitly test empty
    passwords)

Backport of: #66846

@tvernum @ywangd
Support keystore tests on FIPS JVM (elastic#66902)
c89e4d0 
As of elastic#64024 we run FIPS CI on a true, FIPS approved only mode JVM.
This mandates that any passwords that are fed into PBKDF2 must have at
least 112 bits of entropy (that is, be 14 characters long).

This commit updates our Keystore CLI tests so that tests either:
1. Use a 14+ character password when in FIPS mode, _or_
2. Are skipped on FIPS mode (because they explicitly test empty
   passwords)

Backport of: elastic#66846
@ywangd ywangd added the backport label Jan 4, 2021
@ywangd ywangd merged commit d70e5ca into elastic:7.11 Jan 4, 2021
@ywangd ywangd mentioned this pull request Jan 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ywangd @tvernum