Rakefile: Print FIPS information in the rake debug.
#666
Conversation
Add FIPS information (FIPS enabled, and providers) to the `rake debug` task, and run the `rake debug` in FIPS case to check if OpenSSL is running in FIPS.
| puts <<~MESSAGE | ||
| OpenSSL::OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION} | ||
| OpenSSL::OPENSSL_LIBRARY_VERSION: #{OpenSSL::OPENSSL_LIBRARY_VERSION} | ||
| OpenSSL::OPENSSL_VERSION_NUMBER: #{openssl_version_number_str} | ||
| OpenSSL::LIBRESSL_VERSION_NUMBER: #{libressl_version_number_str} | ||
| FIPS enabled: #{OpenSSL.fips_mode} |
There was a problem hiding this comment.
Please note that the terminology "FIPS mode" was used in OpenSSL 1.0.x with the C APIs FIPS_mode() and FIPS_mode_set(). However, the terminology "FIPS mode" is not used anymore in OpenSSL 3. So, I think we need to remove some parts of the "fips mode" used in the comment. You can check openssl/openssl#21797 for details. And the "FIPS enabled" comes from the EVP_default_properties_is_fips_enabled used below.
Line 412 in bff0606
Non-FIPS caseopenssl-headhttps://github.com/ruby/openssl/actions/runs/5940938869/job/16110640631?pr=666#step:13:38 openssl-1.0.2uhttps://github.com/ruby/openssl/actions/runs/5940938869/job/16110637136?pr=666#step:13:38 FIPS caseopenssl-head fipshttps://github.com/ruby/openssl/actions/runs/5940938869/job/16110640890?pr=666#step:14:31 |
|
Thanks for reviewing! |
I would like to add FIPS information to the
rake debug. It is convenient to check if Ruby OpenSSL binding is running with the OpenSSL with a proper FIPS configuration properly. I need to install many OpenSSL versions or specific commit versions with the FIPS configuration file to debug or fix a FIPS related issue.Add FIPS information (FIPS enabled, and providers) to the
rake debugtask, and run therake debugin FIPS case to check if OpenSSL is running in FIPS.