diff options
author | Vít Ondruch <vondruch@redhat.com> | 2020-08-25 15:04:54 +0300 |
---|---|---|
committer | Michael Dawson <mdawson@devrus.com> | 2021-02-26 02:12:58 +0300 |
commit | f392ac0bbe3f3757872b9c7cdc785928034b62e9 (patch) | |
tree | 39bf31adb1c4d24b74f717e7e0272bbccc18ac5a /lib/crypto.js | |
parent | 148bc33347266a0293d52859cbf9580ade9b6cbe (diff) |
crypto: make FIPS related options always awailable
There is no reason to hide FIPS functionality behind build flags.
OpenSSL always provide the information about FIPS availability via
`FIPS_mode()` function.
This makes the user experience more consistent, because the OpenSSL
library is always queried and the `crypto.getFips()` always returns
OpenSSL settings.
Fixes #34903
PR-URL: https://github.com/nodejs/node/pull/36341
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Diffstat (limited to 'lib/crypto.js')
-rw-r--r-- | lib/crypto.js | 22 |
1 files changed, 4 insertions, 18 deletions
diff --git a/lib/crypto.js b/lib/crypto.js index 3f110bef584..e2355b0f5d5 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -37,12 +37,10 @@ assertCrypto(); const { ERR_CRYPTO_FIPS_FORCED, - ERR_CRYPTO_FIPS_UNAVAILABLE } = require('internal/errors').codes; const constants = internalBinding('constants').crypto; const { getOptionValue } = require('internal/options'); const pendingDeprecation = getOptionValue('--pending-deprecation'); -const { fipsMode } = internalBinding('config'); const fipsForced = getOptionValue('--force-fips'); const { getFipsCrypto, @@ -218,10 +216,8 @@ module.exports = { sign: signOneShot, setEngine, timingSafeEqual, - getFips: !fipsMode ? getFipsDisabled : - fipsForced ? getFipsForced : getFipsCrypto, - setFips: !fipsMode ? setFipsDisabled : - fipsForced ? setFipsForced : setFipsCrypto, + getFips: fipsForced ? getFipsForced : getFipsCrypto, + setFips: fipsForced ? setFipsForced : setFipsCrypto, verify: verifyOneShot, // Classes @@ -242,19 +238,11 @@ module.exports = { secureHeapUsed, }; -function setFipsDisabled() { - throw new ERR_CRYPTO_FIPS_UNAVAILABLE(); -} - function setFipsForced(val) { if (val) return; throw new ERR_CRYPTO_FIPS_FORCED(); } -function getFipsDisabled() { - return 0; -} - function getFipsForced() { return 1; } @@ -276,10 +264,8 @@ ObjectDefineProperties(module.exports, { }, // crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips() fips: { - get: !fipsMode ? getFipsDisabled : - fipsForced ? getFipsForced : getFipsCrypto, - set: !fipsMode ? setFipsDisabled : - fipsForced ? setFipsForced : setFipsCrypto + get: fipsForced ? getFipsForced : getFipsCrypto, + set: fipsForced ? setFipsForced : setFipsCrypto }, DEFAULT_ENCODING: { enumerable: false, |