From 06327e5eed03e2f69c9d5d80cc16e5e2334d5c9e Mon Sep 17 00:00:00 2001 From: James M Snell Date: Tue, 5 Jul 2016 16:24:35 -0700 Subject: [PATCH] tls: use process.binding('config') to detect fips mode When the fips mode check was added sometime in v4 it caused a regression in some edge cases (see https://github.com/nodejs/node/issues/6114) because `process.config` can be overwritten by userland modules. This switches to using the backported process.binding('config') to fix the regression. Fixes: https://github.com/nodejs/node/issues/6114 PR-URL: https://github.com/nodejs/node/pull/7551 Reviewed-By: Myles Borins --- lib/_tls_wrap.js | 2 +- src/node_config.cc | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index c115555ce7a7ff..5c5370e09c19e0 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -19,7 +19,7 @@ const defaultSessionIdContext = getDefaultSessionIdContext(); function getDefaultSessionIdContext() { var defaultText = process.argv.join(' '); /* SSL_MAX_SID_CTX_LENGTH is 128 bits */ - if (process.config.variables.openssl_fips) { + if (process.binding('config').fipsMode) { return crypto.createHash('sha1') .update(defaultText) .digest('hex').slice(0, 32); diff --git a/src/node_config.cc b/src/node_config.cc index e50002bc64c202..6fe22a4f985dab 100644 --- a/src/node_config.cc +++ b/src/node_config.cc @@ -28,7 +28,10 @@ using v8::ReadOnly; void InitConfig(Local target, Local unused, Local context) { - // Environment* env = Environment::GetCurrent(context); +#ifdef NODE_FIPS_MODE + Environment* env = Environment::GetCurrent(context); + READONLY_BOOLEAN_PROPERTY("fipsMode"); +#endif } } // namespace node