src: fix FIPS section in Sign::SignFinal

Currently, while FIPS is not supported yet for this release there might be an option to dynamically link against a FIPS compatible OpenSSL version. This commit fixes the compiler errors. PR-URL: #25412 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
nodejs · Jan 17, 2019 · 228a3f8 · 228a3f8
1 parent 7e7266a
commit 228a3f8
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -4505,9 +4505,14 @@ Sign::SignResult Sign::SignFinal(
 
 #ifdef NODE_FIPS_MODE
   /* Validate DSA2 parameters from FIPS 186-4 */
-  if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
-    size_t L = BN_num_bits(pkey->pkey.dsa->p);
-    size_t N = BN_num_bits(pkey->pkey.dsa->q);
+  if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(pkey.get())) {
+    DSA* dsa = EVP_PKEY_get0_DSA(pkey.get());
+    const BIGNUM* p;
+    DSA_get0_pqg(dsa, &p, nullptr, nullptr);
+    size_t L = BN_num_bits(p);
+    const BIGNUM* q;
+    DSA_get0_pqg(dsa, nullptr, &q, nullptr);
+    size_t N = BN_num_bits(q);
     bool result = false;
 
     if (L == 1024 && N == 160)
@@ -4520,7 +4525,7 @@ Sign::SignResult Sign::SignFinal(
       result = true;
 
     if (!result) {
-      return kSignPrivateKey;
+      return SignResult(kSignPrivateKey);
     }
   }
 #endif  // NODE_FIPS_MODE