From 03e05cb4fbb4cee1670ce9264cb910b2d9bce1be Mon Sep 17 00:00:00 2001
From: Daniel Bevenius <daniel.bevenius@gmail.com>
Date: Wed, 9 Jan 2019 11:43:41 +0100
Subject: [PATCH] src: fix FIPS section in Sign::SignFinal

Currently, while FIPS is not supported yet for this release there might
be an option to dynamically link against a FIPS compatible OpenSSL
version.

This commit fixes the compiler errors.

PR-URL: https://github.com/nodejs/node/pull/25412
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
---
 src/node_crypto.cc | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 71eb3880100ea0..f2b118978d2d1f 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -4478,9 +4478,14 @@ Sign::SignResult Sign::SignFinal(
 
 #ifdef NODE_FIPS_MODE
   /* Validate DSA2 parameters from FIPS 186-4 */
-  if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) {
-    size_t L = BN_num_bits(pkey->pkey.dsa->p);
-    size_t N = BN_num_bits(pkey->pkey.dsa->q);
+  if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(pkey.get())) {
+    DSA* dsa = EVP_PKEY_get0_DSA(pkey.get());
+    const BIGNUM* p;
+    DSA_get0_pqg(dsa, &p, nullptr, nullptr);
+    size_t L = BN_num_bits(p);
+    const BIGNUM* q;
+    DSA_get0_pqg(dsa, nullptr, &q, nullptr);
+    size_t N = BN_num_bits(q);
     bool result = false;
 
     if (L == 1024 && N == 160)
@@ -4493,7 +4498,7 @@ Sign::SignResult Sign::SignFinal(
       result = true;
 
     if (!result) {
-      return kSignPrivateKey;
+      return SignResult(kSignPrivateKey);
     }
   }
 #endif  // NODE_FIPS_MODE