From 06327e5eed03e2f69c9d5d80cc16e5e2334d5c9e Mon Sep 17 00:00:00 2001
From: James M Snell <jasnell@gmail.com>
Date: Tue, 5 Jul 2016 16:24:35 -0700
Subject: [PATCH] tls: use process.binding('config') to detect fips mode

When the fips mode check was added sometime in v4 it caused a
regression in some edge cases (see https://github.com/nodejs/node/issues/6114)
because `process.config` can be overwritten by userland modules.
This switches to using the backported process.binding('config') to
fix the regression.

Fixes: https://github.com/nodejs/node/issues/6114

PR-URL: https://github.com/nodejs/node/pull/7551
Reviewed-By: Myles Borins <myles.borins@gmail.com>
---
 lib/_tls_wrap.js   | 2 +-
 src/node_config.cc | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index c115555ce7..5c5370e09c 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -19,7 +19,7 @@ const defaultSessionIdContext = getDefaultSessionIdContext();
 function getDefaultSessionIdContext() {
   var defaultText = process.argv.join(' ');
   /* SSL_MAX_SID_CTX_LENGTH is 128 bits */
-  if (process.config.variables.openssl_fips) {
+  if (process.binding('config').fipsMode) {
     return crypto.createHash('sha1')
       .update(defaultText)
       .digest('hex').slice(0, 32);
diff --git a/src/node_config.cc b/src/node_config.cc
index e50002bc64..6fe22a4f98 100644
--- a/src/node_config.cc
+++ b/src/node_config.cc
@@ -28,7 +28,10 @@ using v8::ReadOnly;
 void InitConfig(Local<Object> target,
                 Local<Value> unused,
                 Local<Context> context) {
-  // Environment* env = Environment::GetCurrent(context);
+#ifdef NODE_FIPS_MODE
+  Environment* env = Environment::GetCurrent(context);
+  READONLY_BOOLEAN_PROPERTY("fipsMode");
+#endif
 }
 
 }  // namespace node