crypto: only try to set FIPS mode if different · nodejs/node@4669570

crypto: only try to set FIPS mode if different · nodejs/node@4669570

2 files changed

lines changed

Original file line number	Diff line number	Diff line change
`@@ -6134,11 +6134,14 @@ void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {`
`6134`	`6134`	`void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {`
`6135`	`6135`	`Environment* env = Environment::GetCurrent(args);`
`6136`	`6136`	`#ifdef NODE_FIPS_MODE`
`6137`		`-bool mode = args[0]->BooleanValue();`
	`6137`	`+const bool enabled = FIPS_mode();`
	`6138`	`+const bool enable = args[0]->BooleanValue();`
	`6139`	`+if (enable == enabled)`
	`6140`	`+return; // No action needed.`
`6138`	`6141`	`if (force_fips_crypto) {`
`6139`	`6142`	`return env->ThrowError(`
`6140`	`6143`	`"Cannot set FIPS mode, it was forced with --force-fips at startup.");`
`6141`		`- } else if (!FIPS_mode_set(mode)) {`
	`6144`	`+ } else if (!FIPS_mode_set(enable)) {`
`6142`	`6145`	`unsigned long err = ERR_get_error(); // NOLINT(runtime/int)`
`6143`	`6146`	`return ThrowCryptoError(env, err);`
`6144`	`6147`	`}`

Original file line number	Diff line number	Diff line change
`@@ -209,6 +209,15 @@ testHelper(`
`209`	`209`	`'require("crypto").fips = false',`
`210`	`210`	`process.env);`
`211`	`211`
	`212`	`+// --force-fips makes setFipsCrypto enable a no-op (FIPS stays on)`
	`213`	`+testHelper(`
	`214`	`+compiledWithFips() ? 'stdout' : 'stderr',`
	`215`	`+['--force-fips'],`
	`216`	`+compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,`
	`217`	`+'(require("crypto").fips = true,' +`
	`218`	`+'require("crypto").fips)',`
	`219`	`+process.env);`
	`220`	`+`
`212`	`221`	`// --force-fips and --enable-fips order does not matter`
`213`	`222`	`testHelper(`
`214`	`223`	`'stderr',`