diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-18 03:09:05 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-18 03:09:05 +0300 |
commit | af9e8c5f255cc1851308b7335afd768936296ed3 (patch) | |
tree | b04a7ecfcadc149a1ecdfb616675e1fa22de3c4f /lib/gitlab/fips.rb | |
parent | 3e20234984524c3ccfb09eace7b9d170cbcc32d7 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/fips.rb')
-rw-r--r-- | lib/gitlab/fips.rb | 23 |
1 files changed, 1 insertions, 22 deletions
diff --git a/lib/gitlab/fips.rb b/lib/gitlab/fips.rb index a7106dd70e9..b2c22182d4b 100644 --- a/lib/gitlab/fips.rb +++ b/lib/gitlab/fips.rb @@ -23,28 +23,7 @@ module Gitlab # # @return [Boolean] def enabled? - # Attempt to auto-detect FIPS mode from OpenSSL - return true if OpenSSL.fips_mode - - # Otherwise allow it to be set manually via the env vars - return true if ENV["FIPS_MODE"] == "true" - - false - end - - # Swap Ruby's Digest::SHAx implementations for OpenSSL::Digest::SHAx. - def enable_fips_mode! - require 'digest' - - use_openssl_digest(:SHA2, :SHA256) - OPENSSL_DIGESTS.each { |alg| use_openssl_digest(alg, alg) } - end - - private - - def use_openssl_digest(ruby_algorithm, openssl_algorithm) - Digest.send(:remove_const, ruby_algorithm) # rubocop:disable GitlabSecurity/PublicSend - Digest.const_set(ruby_algorithm, OpenSSL::Digest.const_get(openssl_algorithm, false)) + ::Labkit::FIPS.enabled? end end end |