[TEMP] Temporary for debugging in CI with openssl 1.1.1

Author: jasnell

deps/ncrypto/ncrypto.cc

@@ -235,9 +235,10 @@ bool setFipsEnabled(bool enable, CryptoErrorList* errors) {
  if (isFipsEnabled() == enable) return true;
  ClearErrorOnReturn clearErrorOnReturn(errors);
 #if OPENSSL_VERSION_MAJOR >= 3
- return EVP_default_properties_enable_fips(nullptr, enable ? 1 : 0) == 1;
+ return EVP_default_properties_enable_fips(nullptr, enable ? 1 : 0) == 1 &&
+ EVP_default_properties_is_fips_enabled(nullptr);
 #else
- return FIPS_mode_set(enable ? 1 : 0) == 1;
+ return FIPS_mode() == 0 ? FIPS_mode_set(enable ? 1 : 0) == 1 : true;
 #endif
 }
 
@@ -248,18 +249,17 @@ bool testFipsEnabled() {
  if (OSSL_PROVIDER_available(nullptr, "fips")) {
  fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
  }
- const auto enabled = fips_provider == nullptr ? 0
- : OSSL_PROVIDER_self_test(fips_provider) ? 1
- : 0;
+ if (fips_provider == nullptr) return false;
+ int result = OSSL_PROVIDER_self_test(fips_provider);
+ OSSL_PROVIDER_unload(fips_provider);
+ return result;
 #else
 #ifdef OPENSSL_FIPS
- const auto enabled = FIPS_selftest() ? 1 : 0;
+ return FIPS_selftest();
 #else // OPENSSL_FIPS
- const auto enabled = 0;
+ return false;
 #endif // OPENSSL_FIPS
 #endif
-
- return enabled;
 }
 
 // ============================================================================

src/crypto/crypto_util.cc

@@ -22,8 +22,6 @@
 #include "openssl/provider.h"
 #endif
 
-#include <openssl/rand.h>
-
 namespace node {
 
 using ncrypto::BignumPointer;
@@ -85,8 +83,12 @@ bool ProcessFipsOptions() {
  /* Override FIPS settings in configuration file, if needed. */
  if (per_process::cli_options->enable_fips_crypto ||
  per_process::cli_options->force_fips_crypto) {
+#if OPENSSL_VERSION_MAJOR >= 3
  if (!ncrypto::testFipsEnabled()) return false;
- return ncrypto::setFipsEnabled(true, nullptr) && ncrypto::isFipsEnabled();
+ return ncrypto::setFipsEnabled(true, nullptr);
+#else
+ if (FIPS_mode() == 0) return FIPS_mode_set(1);
+#endif
  }
  return true;
 }