Added ability to compile for FIPS mode

2025-12-27 21:53:20 +00:00 · 2021-01-21 20:13:15 -08:00
parent 22e5693253
commit 4daedfd081
8 changed files with 54 additions and 20 deletions
--- a/microscript/ILibDuktape_Polyfills.c
+++ b/microscript/ILibDuktape_Polyfills.c
@@ -2146,6 +2146,9 @@ duk_ret_t ILibDuktape_bignum_fromBuffer(duk_context *ctx)
 	}
 	else if (strcmp(endian, "little") == 0)
 	{
+#ifdef OLDSSL
+		return(ILibDuktape_Error(ctx, "Invalid endian specified"));
+#endif
 		b = BN_lebin2bn((unsigned char*)buffer, (int)len, NULL);
 	}
 	else
--- a/microscript/ILibDuktape_SHA256.c
+++ b/microscript/ILibDuktape_SHA256.c
@@ -336,7 +336,11 @@ duk_ret_t ILibDuktape_VERIFIER_Create(duk_context *ctx)

 	duk_dup(ctx, 0); duk_put_prop_string(ctx, -2, ILibDuktape_VERIFIER_CERT);
 	data->cert = (struct util_cert*)Duktape_GetBufferProperty(ctx, 0, ILibDuktape_TLS_util_cert);
+#ifdef OLDSSL
+	EVP_PKEY *pkey = X509_get_pubkey(data->cert->x509);
+#else
 	EVP_PKEY *pkey = X509_get0_pubkey(data->cert->x509);
+#endif


 	EVP_DigestVerifyInit(data->mdctx, NULL, mdtype, NULL, pkey);
@@ -388,7 +392,11 @@ duk_ret_t ILibDuktape_RSA_Verify(duk_context *ctx)
 	char *sig = Duktape_GetBuffer(ctx, 3, &sigLen);

 	struct util_cert *cert = (struct util_cert*)Duktape_GetBufferProperty(ctx, 1, ILibDuktape_TLS_util_cert);
+#ifdef OLDSSL
+	RSA *r = EVP_PKEY_get1_RSA(X509_get_pubkey(cert->x509));
+#else
 	RSA *r = EVP_PKEY_get1_RSA(X509_get0_pubkey(cert->x509));
+#endif
 	int vstatus = RSA_verify(duk_require_int(ctx, 0), (unsigned char*)buffer, (unsigned int)bufferLen, (unsigned char*)sig, (unsigned int)sigLen, r);
 	duk_push_boolean(ctx, vstatus == 1);
 	RSA_free(r);
--- a/microscript/ILibDuktape_ScriptContainer.c
+++ b/microscript/ILibDuktape_ScriptContainer.c
@@ -2610,7 +2610,9 @@ duk_context *ILibDuktape_ScriptContainer_InitializeJavaScriptEngineEx3(duk_conte
 	// Setup the permissions on this engine. JavaScript will only be allowed to access the libraries it has access to.
 	if ((securityFlags & SCRIPT_ENGINE_NO_NETWORK_ACCESS) == 0)
 	{
+#ifndef NO_WEBRTC
 		ILibDuktape_WebRTC_Init(ctx);						// WebRTC library (browser api)
+#endif
 		ILibDuktape_net_init(ctx, chain);					// Network library (node api)
 		ILibDuktape_DGram_Init(ctx);						// Datagram Sockets
 		ILibDuktape_HttpStream_Init(ctx);					// HTTP Library (node api)
--- a/microscript/ILibDuktape_net.c
+++ b/microscript/ILibDuktape_net.c
@@ -39,6 +39,10 @@ limitations under the License.
 #include <AclAPI.h>
 #endif

+#ifdef OLDSSL
+#define TLS_method SSLv23_method
+#endif
+
 typedef struct ILibDuktape_net_socket
 {
 	duk_context *ctx;