Merge pull request #125 from cwjenkins/feature/add_fips_mode_get

Add fips_mode_get to return fips_mode
ruby · Jun 9, 2017 · e52a351 · e52a351
2 parents c24bae3 + 2958067
commit e52a351
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
@@ -409,6 +409,23 @@ ossl_debug_set(VALUE self, VALUE val)
  return val;
 }
 
+/*
+ * call-seq
+ * OpenSSL.fips_mode -> true | false
+ */
+static VALUE
+ossl_fips_mode_get(VALUE self)
+{
+
+#ifdef OPENSSL_FIPS
+ VALUE enabled;
+ enabled = FIPS_mode() ? Qtrue : Qfalse;
+ return enabled;
+#else
+ return Qfalse;
+#endif
+}
+
 /*
  * call-seq:
  * OpenSSL.fips_mode = boolean -> boolean
@@ -1139,7 +1156,7 @@ Init_openssl(void)
  rb_define_const(mOSSL, "OPENSSL_VERSION_NUMBER", INT2NUM(OPENSSL_VERSION_NUMBER));
 
  /*
- * Boolean indicating whether OpenSSL is FIPS-enabled or not
+ * Boolean indicating whether OpenSSL is FIPS-capable or not
  */
  rb_define_const(mOSSL, "OPENSSL_FIPS",
 #ifdef OPENSSL_FIPS
@@ -1149,6 +1166,7 @@ Init_openssl(void)
 #endif
  );
 
+ rb_define_module_function(mOSSL, "fips_mode", ossl_fips_mode_get, 0);
  rb_define_module_function(mOSSL, "fips_mode=", ossl_fips_mode_set, 1);
 
  /*

diff --git a/test/test_fips.rb b/test/test_fips.rb
@@ -8,4 +8,13 @@ def test_fips_mode_is_reentrant
  OpenSSL.fips_mode = false
  end
 
+ def test_fips_mode_get
+ if OpenSSL::OPENSSL_FIPS
+ OpenSSL.fips_mode = true
+ assert OpenSSL.fips_mode == true, ".fips_mode returns true when .fips_mode=true"
+
+ OpenSSL.fips_mode = false
+ assert OpenSSL.fips_mode == false, ".fips_mode returns false when .fips_mode=false"
+ end
+ end
 end