Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
crypto: remove OPENSSL_FIPS guard for OpenSSL 3
The OPENSSL_FIPS guard is only needed for versions of OpenSSL earlier
than 3.0.

Removing the guard for OpenSSL 3 fixes `parallel/test-crypto-fips`
when run with a FIPS enabled OpenSSL 3 configuration.

PR-URL: #48392
Refs: #48379
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
  • Loading branch information
richardlau authored and ruyadorno committed Sep 12, 2023
1 parent 9cf8fe6 commit b2bc839
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/crypto/crypto_util.cc
Expand Up @@ -254,7 +254,6 @@ void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
Mutex::ScopedLock lock(per_process::cli_options_mutex);
Mutex::ScopedLock fips_lock(fips_mutex);

#ifdef OPENSSL_FIPS
#if OPENSSL_VERSION_MAJOR >= 3
OSSL_PROVIDER* fips_provider = nullptr;
if (OSSL_PROVIDER_available(nullptr, "fips")) {
Expand All @@ -263,11 +262,12 @@ void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
const auto enabled = fips_provider == nullptr ? 0 :
OSSL_PROVIDER_self_test(fips_provider) ? 1 : 0;
#else
#ifdef OPENSSL_FIPS
const auto enabled = FIPS_selftest() ? 1 : 0;
#endif
#else // OPENSSL_FIPS
const auto enabled = 0;
#endif // OPENSSL_FIPS
#endif

args.GetReturnValue().Set(enabled);
}
Expand Down

0 comments on commit b2bc839

Please sign in to comment.