Skip to content

Commit

Permalink
src: fix FIPS section in Sign::SignFinal
Browse files Browse the repository at this point in the history
Currently, while FIPS is not supported yet for this release there might
be an option to dynamically link against a FIPS compatible OpenSSL
version.

This commit fixes the compiler errors.

PR-URL: #25412
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
  • Loading branch information
danbev authored and addaleax committed Jan 23, 2019
1 parent 47d040d commit 03e05cb
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4478,9 +4478,14 @@ Sign::SignResult Sign::SignFinal(

#ifdef NODE_FIPS_MODE
/* Validate DSA2 parameters from FIPS 186-4 */
if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
size_t L = BN_num_bits(pkey->pkey.dsa->p);
size_t N = BN_num_bits(pkey->pkey.dsa->q);
if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(pkey.get())) {
DSA* dsa = EVP_PKEY_get0_DSA(pkey.get());
const BIGNUM* p;
DSA_get0_pqg(dsa, &p, nullptr, nullptr);
size_t L = BN_num_bits(p);
const BIGNUM* q;
DSA_get0_pqg(dsa, nullptr, &q, nullptr);
size_t N = BN_num_bits(q);
bool result = false;

if (L == 1024 && N == 160)
Expand All @@ -4493,7 +4498,7 @@ Sign::SignResult Sign::SignFinal(
result = true;

if (!result) {
return kSignPrivateKey;
return SignResult(kSignPrivateKey);
}
}
#endif // NODE_FIPS_MODE
Expand Down

0 comments on commit 03e05cb

Please sign in to comment.