src: fix FIPS init error handling · nodejs/node@6d99ec3 · GitHub
Skip to content

Commit 6d99ec3

Browse files
tniessenaduh95
tniessen
authored and
aduh95
committed
src: fix FIPS init error handling
If `--enable-fips` or `--force-fips` fails to be applied during `ProcessFipsOptions()`, the node process might exit with `ExitCode::kNoFailure` because `ERR_GET_REASON(ERR_peek_error())` can return `0` since `ncrypto::testFipsEnabled()` does not populate the OpenSSL error queue. You can likely test this locally by running node --enable-fips && echo $? with the current `node` binary from the main branch if compiled without support for FIPS. As confirmed by the `XXX` comment here, which was added three years ago in commit b697160, even if the error queue was populated properly, the OpenSSL reason codes are not really related to the Node.js `ExitCode` enumeration. PR-URL: #58379 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
1 parent b7d7ffe commit 6d99ec3

2 files changed

Lines changed: 29 additions & 5 deletions

File tree

src/node.cc

Lines changed: 1 addition & 4 deletions

test/parallel/test-crypto-fips.js

Lines changed: 28 additions & 1 deletion

0 commit comments

Comments
 (0)