diff options
| -rw-r--r-- | ext/openssl/ossl.c | 20 | ||||
| -rw-r--r-- | test/test_fips.rb | 9 |
2 files changed, 28 insertions, 1 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index f2984e6c..542f1422 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -410,6 +410,23 @@ ossl_debug_set(VALUE self, VALUE val) } /* + * call-seq + * OpenSSL.fips_mode -> true | false + */ +static VALUE +ossl_fips_mode_get(VALUE self) +{ + +#ifdef OPENSSL_FIPS + VALUE enabled; + enabled = FIPS_mode() ? Qtrue : Qfalse; + return enabled; +#else + return Qfalse; +#endif +} + +/* * call-seq: * OpenSSL.fips_mode = boolean -> boolean * @@ -1139,7 +1156,7 @@ Init_openssl(void) rb_define_const(mOSSL, "OPENSSL_VERSION_NUMBER", INT2NUM(OPENSSL_VERSION_NUMBER)); /* - * Boolean indicating whether OpenSSL is FIPS-enabled or not + * Boolean indicating whether OpenSSL is FIPS-capable or not */ rb_define_const(mOSSL, "OPENSSL_FIPS", #ifdef OPENSSL_FIPS @@ -1149,6 +1166,7 @@ Init_openssl(void) #endif ); + rb_define_module_function(mOSSL, "fips_mode", ossl_fips_mode_get, 0); rb_define_module_function(mOSSL, "fips_mode=", ossl_fips_mode_set, 1); /* diff --git a/test/test_fips.rb b/test/test_fips.rb index 9ba352cb..e96c5c07 100644 --- a/test/test_fips.rb +++ b/test/test_fips.rb @@ -8,4 +8,13 @@ class OpenSSL::TestFIPS < OpenSSL::TestCase OpenSSL.fips_mode = false end + def test_fips_mode_get + if OpenSSL::OPENSSL_FIPS + OpenSSL.fips_mode = true + assert OpenSSL.fips_mode == true, ".fips_mode returns true when .fips_mode=true" + + OpenSSL.fips_mode = false + assert OpenSSL.fips_mode == false, ".fips_mode returns false when .fips_mode=false" + end + end end |