Sha256: 241144503c989aa6da2768023cf18c98fc7ff32c4c097b1d27a7279c976e9cd3
Contents?: true
Size: 1.26 KB
Versions: 5
Compression:
Stored size: 1.26 KB
Contents
# frozen_string_literal: true module Labkit module Digest module SHA2 def new(*args, &block) bitlen = args.first || 256 ::OpenSSL::Digest.const_get("SHA#{bitlen}").new end end end class FIPS OPENSSL_DIGESTS = %i[SHA1 SHA256 SHA384 SHA512].freeze class << self # Returns whether we should be running in FIPS mode or not # # @return [Boolean] def enabled? # Attempt to auto-detect FIPS mode from OpenSSL return true if OpenSSL.fips_mode # Otherwise allow it to be set manually via the env vars return true if %w[1 true yes].include?(ENV["FIPS_MODE"]) false end # Swap Ruby's Digest::SHAx implementations for OpenSSL::Digest::SHAx. def enable_fips_mode! require "digest" require "digest/sha2" ::Digest::SHA2.singleton_class.prepend(Labkit::Digest::SHA2) OPENSSL_DIGESTS.each { |alg| use_openssl_digest(alg, alg) } end private def use_openssl_digest(ruby_algorithm, openssl_algorithm) ::Digest.send(:remove_const, ruby_algorithm) # rubocop:disable GitlabSecurity/PublicSend ::Digest.const_set(ruby_algorithm, OpenSSL::Digest.const_get(openssl_algorithm, false)) end end end end
Version data entries
5 entries across 5 versions & 1 rubygems