Add fips_mode_get to return fips_mode

cwjenkins · cwjenkins · commit 295806787b9a · 2017-06-09T10:43:29.000-04:00
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
@@ -409,6 +409,23 @@ ossl_debug_set(VALUE self, VALUE val)
     return val;
 }
 
+/*
+ * call-seq
+ *   OpenSSL.fips_mode -> true | false
+ */
+static VALUE
+ossl_fips_mode_get(VALUE self)
+{
+
+#ifdef OPENSSL_FIPS
+    VALUE enabled;
+    enabled = FIPS_mode() ? Qtrue : Qfalse;
+    return enabled;
+#else
+    return Qfalse;
+#endif
+}
+
 /*
  * call-seq:
  *   OpenSSL.fips_mode = boolean -> boolean
@@ -1139,7 +1156,7 @@ Init_openssl(void)
     rb_define_const(mOSSL, "OPENSSL_VERSION_NUMBER", INT2NUM(OPENSSL_VERSION_NUMBER));
 
     /*
-     * Boolean indicating whether OpenSSL is FIPS-enabled or not
+     * Boolean indicating whether OpenSSL is FIPS-capable or not
      */
     rb_define_const(mOSSL, "OPENSSL_FIPS",
 #ifdef OPENSSL_FIPS
@@ -1149,6 +1166,7 @@ Init_openssl(void)
 #endif
 		   );
 
+    rb_define_module_function(mOSSL, "fips_mode", ossl_fips_mode_get, 0);
     rb_define_module_function(mOSSL, "fips_mode=", ossl_fips_mode_set, 1);
 
     /*
diff --git a/test/test_fips.rb b/test/test_fips.rb
@@ -8,4 +8,13 @@ def test_fips_mode_is_reentrant
     OpenSSL.fips_mode = false
   end
 
+  def test_fips_mode_get
+    if OpenSSL::OPENSSL_FIPS
+      OpenSSL.fips_mode = true
+      assert OpenSSL.fips_mode == true, ".fips_mode returns true when .fips_mode=true"
+
+      OpenSSL.fips_mode = false
+      assert OpenSSL.fips_mode == false, ".fips_mode returns false when .fips_mode=false"
+    end
+  end
 end
