1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

src: fix FIPS section in Sign::SignFinal

Browse Source 
Currently, while FIPS is not supported yet for this release there might
be an option to dynamically link against a FIPS compatible OpenSSL
version.

This commit fixes the compiler errors.

PR-URL: https://github.com/nodejs/node/pull/25412
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This commit is contained in:
Daniel Bevenius 2019-01-09 11:43:41 +01:00
parent 7e7266a803
commit 228a3f840d
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/node_crypto.cc
View File

@ -4505,9 +4505,14 @@ Sign::SignResult Sign::SignFinal(
#ifdef NODE_FIPS_MODE #ifdef NODE_FIPS_MODE
/* Validate DSA2 parameters from FIPS 186-4 */ /* Validate DSA2 parameters from FIPS 186-4 */
if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) { if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(pkey.get())) {
size_t L = BN_num_bits(pkey->pkey.dsa->p); DSA* dsa = EVP_PKEY_get0_DSA(pkey.get());
size_t N = BN_num_bits(pkey->pkey.dsa->q); const BIGNUM* p;
DSA_get0_pqg(dsa, &p, nullptr, nullptr);
size_t L = BN_num_bits(p);
const BIGNUM* q;
DSA_get0_pqg(dsa, nullptr, &q, nullptr);
size_t N = BN_num_bits(q);
bool result = false; bool result = false;
if (L == 1024 && N == 160) if (L == 1024 && N == 160)
@ -4520,7 +4525,7 @@ Sign::SignResult Sign::SignFinal(
result = true; result = true;
if (!result) { if (!result) {
return kSignPrivateKey; return SignResult(kSignPrivateKey);
} }
} }
#endif // NODE_FIPS_MODE #endif // NODE_FIPS_MODE