From dcdf4cb8594cf9aee4479ba7413dfe6041b2d721 Mon Sep 17 00:00:00 2001
From: Richard Lau <rlau@redhat.com>
Date: Mon, 12 Jun 2023 19:43:22 +0000
Subject: [PATCH] crypto: remove OPENSSL_FIPS guard for OpenSSL 3

The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: https://github.com/nodejs/node/pull/48392
Refs: https://github.com/nodejs/node/issues/48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
---
 src/crypto/crypto_util.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index 9b1d7acfc46a97..577649c36f0065 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -253,7 +253,6 @@ void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
   Mutex::ScopedLock lock(per_process::cli_options_mutex);
   Mutex::ScopedLock fips_lock(fips_mutex);
 
-#ifdef OPENSSL_FIPS
 #if OPENSSL_VERSION_MAJOR >= 3
   OSSL_PROVIDER* fips_provider = nullptr;
   if (OSSL_PROVIDER_available(nullptr, "fips")) {
@@ -262,11 +261,12 @@ void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
   const auto enabled = fips_provider == nullptr ? 0 :
       OSSL_PROVIDER_self_test(fips_provider) ? 1 : 0;
 #else
+#ifdef OPENSSL_FIPS
   const auto enabled = FIPS_selftest() ? 1 : 0;
-#endif
 #else  // OPENSSL_FIPS
   const auto enabled = 0;
 #endif  // OPENSSL_FIPS
+#endif
 
   args.GetReturnValue().Set(enabled);
 }