From 2f16be2b7023ade158bff21fdcb3c3b3ce6fd939 Mon Sep 17 00:00:00 2001 From: Stefan Budeanu Date: Mon, 9 Nov 2015 18:19:11 -0500 Subject: [PATCH] tls: Use SHA1 for sessionIdContext in FIPS mode FIPS 140-2 disallows use of MD5, which is used to derive the default sessionIdContext for tls.createServer(). PR-URL: https://github.com/nodejs/node/pull/3755 Reviewed-By: Fedor Indutny --- doc/api/tls.markdown | 3 ++- lib/_tls_wrap.js | 19 ++++++++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 60ad316ff5556f..f9d6faedf80ebf 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -842,7 +842,8 @@ automatically set as a listener for the [secureConnection][] event. The - `sessionIdContext`: A string containing an opaque identifier for session resumption. If `requestCert` is `true`, the default is MD5 hash value - generated from command-line. Otherwise, the default is not provided. + generated from command-line. (In FIPS mode a truncated SHA1 hash is + used instead.) Otherwise, the default is not provided. - `secureProtocol`: The SSL method to use, e.g. `SSLv3_method` to force SSL version 3. The possible values depend on your installation of diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 887db012e78402..150755e48d0865 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -14,6 +14,21 @@ const Timer = process.binding('timer_wrap').Timer; const tls_wrap = process.binding('tls_wrap'); const TCP = process.binding('tcp_wrap').TCP; const Pipe = process.binding('pipe_wrap').Pipe; +const defaultSessionIdContext = getDefaultSessionIdContext(); + +function getDefaultSessionIdContext() { + var defaultText = process.argv.join(' '); + /* SSL_MAX_SID_CTX_LENGTH is 128 bits */ + if (process.config.variables.openssl_fips) { + return crypto.createHash('sha1') + .update(defaultText) + .digest('hex').slice(0, 32); + } else { + return crypto.createHash('md5') + .update(defaultText) + .digest('hex'); + } +} function onhandshakestart() { debug('onhandshakestart'); @@ -893,9 +908,7 @@ Server.prototype.setOptions = function(options) { if (options.sessionIdContext) { this.sessionIdContext = options.sessionIdContext; } else { - this.sessionIdContext = crypto.createHash('md5') - .update(process.argv.join(' ')) - .digest('hex'); + this.sessionIdContext = defaultSessionIdContext; } };