Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fips_mode_get to return fips_mode #125

Merged
merged 1 commit into from Jun 9, 2017
Merged

Add fips_mode_get to return fips_mode #125

merged 1 commit into from Jun 9, 2017

Conversation

cwjenkins
Copy link
Contributor

OpenSSL::OPENSSL_FIPS causes confusion as the doc states it returns a boolean based on if FIPS is 'enabled' which isn't true. It is dependent on whether the openssl installed was built with FOM (fips object module). If it was then it will always returns true (even when fips_mode = false), thus it is more accurate to say FIPS-capable.

Adding OpenSSL.fips_mode to return whether or not fips_mode is currently set. This allows for better handling around fips mode.

@cwjenkins cwjenkins mentioned this pull request Jun 9, 2017
Closed
rhenium
rhenium reviewed Jun 9, 2017
View reviewed changes
test/test_fips.rb Outdated
OpenSSL.fips_mode == true
OpenSSL.fips_mode = false
OpenSSL.fips_mode == false
end
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not testing. Also, the mode can not necessarily be switched at runtime. I think all we can do here is:

assert OpenSSL.fips_mode == true || OpenSSL.fips_mode == false,
       ".fips_mode returns a boolean value"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll update, but when can the mode not be changed at runtime? Tested locally with fips enabled by default.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, nevermind, my memory tricked me.

rhenium
rhenium reviewed Jun 9, 2017
View reviewed changes
test/test_fips.rb Outdated
assert OpenSSL.fips_mode == true, ".fips_mode returns true when .fips_mode=true"

OpenSSL.fips_mode = false
assert OpenSSL.fips_mode == false, ".fips_mode returns false when .fips_mode=false"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trailing spaces?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ugh, rough start of the day :)

@rhenium
Copy link
Member

rhenium commented Jun 9, 2017

Thanks, this now looks good to me. Can you squash them into one commit?

@cwjenkins
Copy link
Contributor Author

Yeppers, squashed. Thanks! Now off to bundler :)

@rhenium rhenium merged commit e52a351 into ruby:master Jun 9, 2017
@cwjenkins cwjenkins deleted the feature/add_fips_mode_get branch September 11, 2023 03:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhenium rhenium rhenium left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cwjenkins @rhenium