| 1 |
|
-module(mongoose_fips). |
| 2 |
|
|
| 3 |
|
-include("mongoose.hrl"). |
| 4 |
|
|
| 5 |
|
-export([notify/0]). |
| 6 |
|
-export([status/0]). |
| 7 |
|
-export([supports_sasl_module/1]). |
| 8 |
|
|
| 9 |
|
-ignore_xref([status/0]). |
| 10 |
|
|
| 11 |
|
-ifndef(fips_mode). |
| 12 |
|
|
| 13 |
|
notify() -> ok. |
| 14 |
|
status() -> disabled. |
| 15 |
|
|
| 16 |
|
-spec supports_sasl_module(cyrsasl:sasl_module()) -> boolean(). |
| 17 |
|
supports_sasl_module(_Module) -> |
| 18 |
|
true. |
| 19 |
|
|
| 20 |
|
-else. |
| 21 |
|
|
| 22 |
|
notify() -> |
| 23 |
104 |
case application:get_env(crypto, fips_mode) of |
| 24 |
|
{ok, true} -> |
| 25 |
:-( |
do_notify(); |
| 26 |
|
_ -> |
| 27 |
104 |
ok |
| 28 |
|
end. |
| 29 |
|
|
| 30 |
|
do_notify() -> |
| 31 |
:-( |
code:ensure_loaded(crypto), |
| 32 |
:-( |
case erlang:function_exported(crypto, info_fips, 0) of |
| 33 |
|
true -> |
| 34 |
:-( |
case crypto:info_fips() of |
| 35 |
|
enabled -> |
| 36 |
:-( |
?LOG_NOTICE(#{what => fips_mode_enabled, |
| 37 |
:-( |
text => <<"FIPS mode enabled">>}); |
| 38 |
|
_ -> |
| 39 |
:-( |
?LOG_ERROR(#{what => fips_mode_disabled, |
| 40 |
:-( |
text => <<"FIPS mode disabled although it should be enabled">>}) |
| 41 |
|
end; |
| 42 |
|
_ -> |
| 43 |
:-( |
?LOG_INFO(#{what => fips_mode_not_supported, |
| 44 |
:-( |
text => <<"Used Erlang/OTP does not support FIPS mode">>}) |
| 45 |
|
end. |
| 46 |
|
|
| 47 |
|
status() -> |
| 48 |
:-( |
crypto:info_fips(). |
| 49 |
|
|
| 50 |
|
-spec supports_sasl_module(cyrsasl:sasl_module()) -> boolean(). |
| 51 |
|
supports_sasl_module(Module) -> |
| 52 |
169006 |
case crypto:info_fips() of |
| 53 |
|
enabled -> |
| 54 |
:-( |
Module =/= cyrsasl_digest; |
| 55 |
|
_ -> |
| 56 |
169006 |
true |
| 57 |
|
end. |
| 58 |
|
|
| 59 |
|
-endif. |