Class: Labkit::FIPS
- Inherits:
-
Object
- Object
- Labkit::FIPS
- Defined in:
- lib/labkit/fips.rb
Constant Summary collapse
- OPENSSL_DIGESTS =
%i[SHA1 SHA256 SHA384 SHA512].freeze
Class Method Summary collapse
-
.enable_fips_mode! ⇒ Object
Swap Ruby’s Digest::SHAx implementations for OpenSSL::Digest::SHAx.
-
.enabled? ⇒ Boolean
Returns whether we should be running in FIPS mode or not.
Class Method Details
.enable_fips_mode! ⇒ Object
Swap Ruby’s Digest::SHAx implementations for OpenSSL::Digest::SHAx.
34 35 36 37 38 39 40 41 |
# File 'lib/labkit/fips.rb', line 34 def enable_fips_mode! require "digest" require "digest/sha1" require "digest/sha2" ::Digest::SHA2.singleton_class.prepend(Labkit::Digest::SHA2) OPENSSL_DIGESTS.each { |alg| use_openssl_digest(alg, alg) } end |
.enabled? ⇒ Boolean
Returns whether we should be running in FIPS mode or not
20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/labkit/fips.rb', line 20 def enabled? # Check if it set manually to false return false if %w[0 false no].include?(ENV["FIPS_MODE"]) # Otherwise allow it to be set manually via the env vars return true if %w[1 true yes].include?(ENV["FIPS_MODE"]) # Otherwise, attempt to auto-detect FIPS mode from OpenSSL return true if OpenSSL.fips_mode false end |