Skip to content

Commit

Permalink
crypto: remove OPENSSL_FIPS guard for OpenSSL 3
Browse files Browse the repository at this point in the history
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: nodejs#48392
Refs: nodejs#48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
  • Loading branch information
richardlau authored and Ceres6 committed Aug 14, 2023
1 parent 4f242d3 commit dcdf4cb
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/crypto/crypto_util.cc
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,6 @@ void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
Mutex::ScopedLock lock(per_process::cli_options_mutex);
Mutex::ScopedLock fips_lock(fips_mutex);

#ifdef OPENSSL_FIPS
#if OPENSSL_VERSION_MAJOR >= 3
OSSL_PROVIDER* fips_provider = nullptr;
if (OSSL_PROVIDER_available(nullptr, "fips")) {
Expand All @@ -262,11 +261,12 @@ void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
const auto enabled = fips_provider == nullptr ? 0 :
OSSL_PROVIDER_self_test(fips_provider) ? 1 : 0;
#else
#ifdef OPENSSL_FIPS
const auto enabled = FIPS_selftest() ? 1 : 0;
#endif
#else // OPENSSL_FIPS
const auto enabled = 0;
#endif // OPENSSL_FIPS
#endif

args.GetReturnValue().Set(enabled);
}
Expand Down

0 comments on commit dcdf4cb

Please sign in to comment.