tls: use process.binding('config') to detect fips mode

When the fips mode check was added sometime in v4 it caused a regression in some edge cases (see #6114) because `process.config` can be overwritten by userland modules. This switches to using the backported process.binding('config') to fix the regression. Fixes: #6114 PR-URL: #7551 Reviewed-By: Myles Borins <[email protected]>
nodejs · Jul 14, 2016 · 06327e5 · 06327e5
1 parent b9136c0
commit 06327e5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -19,7 +19,7 @@ const defaultSessionIdContext = getDefaultSessionIdContext();
 function getDefaultSessionIdContext() {
   var defaultText = process.argv.join(' ');
   /* SSL_MAX_SID_CTX_LENGTH is 128 bits */
-  if (process.config.variables.openssl_fips) {
+  if (process.binding('config').fipsMode) {
     return crypto.createHash('sha1')
       .update(defaultText)
       .digest('hex').slice(0, 32);

diff --git a/src/node_config.cc b/src/node_config.cc
@@ -28,7 +28,10 @@ using v8::ReadOnly;
 void InitConfig(Local<Object> target,
                 Local<Value> unused,
                 Local<Context> context) {
-  // Environment* env = Environment::GetCurrent(context);
+#ifdef NODE_FIPS_MODE
+  Environment* env = Environment::GetCurrent(context);
+  READONLY_BOOLEAN_PROPERTY("fipsMode");
+#endif
 }
 
 }  // namespace node