Skip to content

Commit

Permalink
tls: use process.binding('config') to detect fips mode
Browse files Browse the repository at this point in the history 
When the fips mode check was added sometime in v4 it caused a
regression in some edge cases (see #6114)
because `process.config` can be overwritten by userland modules.
This switches to using the backported process.binding('config') to
fix the regression.

Fixes: #6114
  • Loading branch information
@jasnell
jasnell authored and Myles Borins committed Jul 11, 2016
1 parent 6e3dd27 commit f5756d9
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/_tls_wrap.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ const defaultSessionIdContext = getDefaultSessionIdContext();
function getDefaultSessionIdContext() {
var defaultText = process.argv.join(' ');
/* SSL_MAX_SID_CTX_LENGTH is 128 bits */
if (process.config.variables.openssl_fips) {
if (process.binding('config').fipsMode) {
return crypto.createHash('sha1')
.update(defaultText)
.digest('hex').slice(0, 32);
Expand Down
5 changes: 4 additions & 1 deletion src/node_config.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@ using v8::ReadOnly;
void InitConfig(Local<Object> target,
Local<Value> unused,
Local<Context> context) {
// Environment* env = Environment::GetCurrent(context);
#ifdef NODE_FIPS_MODE
Environment* env = Environment::GetCurrent(context);
READONLY_BOOLEAN_PROPERTY("fipsMode");
#endif
}

} // namespace node
Expand Down

0 comments on commit f5756d9

Please sign in to comment.