Lines Matching +full:enable +full:- +full:fips
2 #include "async_wrap-inl.h"
5 #include "env-inl.h"
6 #include "memory_tracker-inl.h"
8 #include "node_options-inl.h"
10 #include "threadpoolwork-inl.h"
11 #include "util-inl.h"
72 length -= INT_MAX; in CSPRNG()
101 size_t len = passphrase->size(); in PasswordCallback()
103 return -1; in PasswordCallback()
104 memcpy(buf, passphrase->data(), len); in PasswordCallback()
108 return -1; in PasswordCallback()
121 /* Override FIPS settings in configuration file, if needed. */ in ProcessFipsOptions()
122 if (per_process::cli_options->enable_fips_crypto || in ProcessFipsOptions()
123 per_process::cli_options->force_fips_crypto) { in ProcessFipsOptions()
125 OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); in ProcessFipsOptions()
151 // Protect accesses to FIPS state with a mutex. This should potentially
162 // --openssl-config=... in InitCryptoOnce()
163 if (!per_process::cli_options->openssl_config.empty()) { in InitCryptoOnce()
164 const char* conf = per_process::cli_options->openssl_config.c_str(); in InitCryptoOnce()
170 // --openssl-legacy-provider in InitCryptoOnce()
171 if (per_process::cli_options->openssl_legacy_provider) { in InitCryptoOnce()
184 if (per_process::cli_options->secure_heap != 0) { in InitCryptoOnce()
186 per_process::cli_options->secure_heap, in InitCryptoOnce()
187 static_cast<int>(per_process::cli_options->secure_heap_min))) { in InitCryptoOnce()
205 // No-op with OPENSSL_NO_COMP builds of OpenSSL. in InitCryptoOnce()
230 CHECK(!per_process::cli_options->force_fips_crypto); in SetFipsCrypto()
233 // CHECK(env->owns_process_state()); in SetFipsCrypto()
234 bool enable = args[0]->BooleanValue(env->isolate()); in SetFipsCrypto() local
237 if (enable == EVP_default_properties_is_fips_enabled(nullptr)) in SetFipsCrypto()
239 if (static_cast<int>(enable) == FIPS_mode()) in SetFipsCrypto()
244 if (!EVP_default_properties_enable_fips(nullptr, enable)) { in SetFipsCrypto()
246 if (!FIPS_mode_set(enable)) { in SetFipsCrypto()
259 if (OSSL_PROVIDER_available(nullptr, "fips")) { in SetFipsCrypto()
260 fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); in SetFipsCrypto()
303 env->isolate(), in SetFipsCrypto()
317 CHECK(exception_v->IsObject()); in SetFipsCrypto()
320 if (!ToV8Value(env->context(), errors_).ToLocal(&stack) || in SetFipsCrypto()
321 exception->Set(env->context(), env->openssl_error_stack(), stack) in SetFipsCrypto()
371 return ArrayBuffer::New(env->isolate(), std::move(store)); in SetFipsCrypto()
376 return Buffer::New(env, ab, 0, ab->ByteLength()); in SetFipsCrypto()
383 ByteSource::Builder out(bptr->length); in SetFipsCrypto()
384 memcpy(out.data<void>(), bptr->data, bptr->length); in SetFipsCrypto()
394 if (StringBytes::Size(env->isolate(), key, enc).To(&length) && length > 0) { in SetFipsCrypto()
397 StringBytes::Write(env->isolate(), buf.data<char>(), length, key, enc); in SetFipsCrypto()
412 CHECK(str->IsString()); in SetFipsCrypto()
413 size_t size = str->Utf8Length(env->isolate()); in SetFipsCrypto()
418 str->WriteUtf8(env->isolate(), out.data<char>(), alloc_size, nullptr, opts); in SetFipsCrypto()
433 return value->IsString() || IsAnyByteSource(value) ? in SetFipsCrypto()
445 CHECK(handle->IsObject()); in SetFipsCrypto()
448 return Foreign(key->Data()->GetSymmetricKey(), in SetFipsCrypto()
449 key->Data()->GetSymmetricKeySize()); in SetFipsCrypto()
469 Isolate* isolate = env->isolate(); in SetFipsCrypto()
470 Local<Context> context = isolate->GetCurrentContext(); in SetFipsCrypto()
473 if (obj->Set(context, env->library_string(), in SetFipsCrypto()
479 if (obj->Set(context, env->function_string(), in SetFipsCrypto()
485 if (obj->Set(context, env->reason_string(), in SetFipsCrypto()
531 V(FIPS) \ in SetFipsCrypto()
551 // All OpenSSL reason strings fit in a single 80-column macro definition, in SetFipsCrypto()
557 if (obj->Set(env->isolate()->GetCurrentContext(), in SetFipsCrypto()
558 env->code_string(), in SetFipsCrypto()
559 OneByteString(env->isolate(), code)).IsNothing()) in SetFipsCrypto()
570 // be used to create a long-style message string. in SetFipsCrypto()
577 HandleScope scope(env->isolate()); in SetFipsCrypto()
581 if (!String::NewFromUtf8(env->isolate(), message).ToLocal(&exception_string)) in SetFipsCrypto()
586 !exception->ToObject(env->context()).ToLocal(&obj) || in SetFipsCrypto()
590 env->isolate()->ThrowException(exception); in SetFipsCrypto()
610 errors->Capture(); in SetFipsCrypto()
611 if (errors->Empty()) { in SetFipsCrypto()
612 errors->Insert(NodeCryptoError::ENGINE_NOT_FOUND, id); in SetFipsCrypto()
627 errors->Capture(); in SetFipsCrypto()
636 CHECK(args.Length() >= 2 && args[0]->IsString()); in SetFipsCrypto()
638 if (!args[1]->Uint32Value(env->context()).To(&flags)) return; in SetFipsCrypto()
640 const node::Utf8Value engine_id(env->isolate(), args[0]); in SetFipsCrypto()
654 env->isolate(), in SetFipsCrypto()
674 env->isolate()->ThrowException(error); in SetFipsCrypto()
677 return target->Set(env->context(), name, value); in SetFipsCrypto()
696 CHECK(args->IsUint32()); in SetFipsCrypto()
697 uint32_t mode = args.As<v8::Uint32>()->Value(); in SetFipsCrypto()
704 // Without --secure-heap, OpenSSL's secure heap is disabled, in SetFipsCrypto()
709 CHECK(args[0]->IsUint32()); in SetFipsCrypto()
711 uint32_t len = args[0].As<Uint32>()->Value(); in SetFipsCrypto()
726 Local<ArrayBuffer> buffer = ArrayBuffer::New(env->isolate(), store); in SetFipsCrypto()
734 BigInt::New(env->isolate(), CRYPTO_secure_used())); in SetFipsCrypto()
740 Local<Context> context = env->context(); in SetFipsCrypto()
757 registry->Register(SetEngine); in SetFipsCrypto()
760 registry->Register(GetFipsCrypto); in SetFipsCrypto()
761 registry->Register(SetFipsCrypto); in SetFipsCrypto()
762 registry->Register(TestFipsCrypto); in SetFipsCrypto()
763 registry->Register(SecureBuffer); in SetFipsCrypto()
764 registry->Register(SecureHeapUsed); in SetFipsCrypto()