[TEMP] Temporary for debugging in CI with openssl 1.1.1

nodejs · Mar 6, 2025 · 066f084 · 066f084
1 parent defdb2f
commit 066f084
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 12 deletions.
diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
@@ -235,9 +235,10 @@ bool setFipsEnabled(bool enable, CryptoErrorList* errors) {
   if (isFipsEnabled() == enable) return true;
   ClearErrorOnReturn clearErrorOnReturn(errors);
 #if OPENSSL_VERSION_MAJOR >= 3
-  return EVP_default_properties_enable_fips(nullptr, enable ? 1 : 0) == 1;
+  return EVP_default_properties_enable_fips(nullptr, enable ? 1 : 0) == 1 &&
+         EVP_default_properties_is_fips_enabled(nullptr);
 #else
-  return FIPS_mode_set(enable ? 1 : 0) == 1;
+  return FIPS_mode() == 0 ? FIPS_mode_set(enable ? 1 : 0) == 1 : true;
 #endif
 }
 
@@ -248,18 +249,17 @@ bool testFipsEnabled() {
   if (OSSL_PROVIDER_available(nullptr, "fips")) {
     fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
   }
-  const auto enabled = fips_provider == nullptr                 ? 0
-                       : OSSL_PROVIDER_self_test(fips_provider) ? 1
-                                                                : 0;
+  if (fips_provider == nullptr) return false;
+  int result = OSSL_PROVIDER_self_test(fips_provider);
+  OSSL_PROVIDER_unload(fips_provider);
+  return result;
 #else
 #ifdef OPENSSL_FIPS
-  const auto enabled = FIPS_selftest() ? 1 : 0;
+  return FIPS_selftest();
 #else  // OPENSSL_FIPS
-  const auto enabled = 0;
+  return false;
 #endif  // OPENSSL_FIPS
 #endif
-
-  return enabled;
 }
 
 // ============================================================================

diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
@@ -22,8 +22,6 @@
 #include "openssl/provider.h"
 #endif
 
-#include <openssl/rand.h>
-
 namespace node {
 
 using ncrypto::BignumPointer;
@@ -85,8 +83,12 @@ bool ProcessFipsOptions() {
   /* Override FIPS settings in configuration file, if needed. */
   if (per_process::cli_options->enable_fips_crypto ||
       per_process::cli_options->force_fips_crypto) {
+#if OPENSSL_VERSION_MAJOR >= 3
     if (!ncrypto::testFipsEnabled()) return false;
-    return ncrypto::setFipsEnabled(true, nullptr) && ncrypto::isFipsEnabled();
+    return ncrypto::setFipsEnabled(true, nullptr);
+#else
+    if (FIPS_mode() == 0) return FIPS_mode_set(1);
+#endif
   }
   return true;
 }