1 |
|
-module(mongoose_fips). |
2 |
|
|
3 |
|
-include("mongoose.hrl"). |
4 |
|
|
5 |
|
-export([notify/0]). |
6 |
|
-export([status/0]). |
7 |
|
-export([supports_sasl_module/1]). |
8 |
|
|
9 |
|
-ignore_xref([status/0]). |
10 |
|
|
11 |
|
-ifndef(fips_mode). |
12 |
|
|
13 |
|
notify() -> ok. |
14 |
|
status() -> disabled. |
15 |
|
|
16 |
|
-spec supports_sasl_module(cyrsasl:sasl_module()) -> boolean(). |
17 |
|
supports_sasl_module(_Module) -> |
18 |
|
true. |
19 |
|
|
20 |
|
-else. |
21 |
|
|
22 |
|
notify() -> |
23 |
93 |
case application:get_env(crypto, fips_mode) of |
24 |
|
{ok, true} -> |
25 |
:-( |
do_notify(); |
26 |
|
_ -> |
27 |
93 |
ok |
28 |
|
end. |
29 |
|
|
30 |
|
do_notify() -> |
31 |
:-( |
code:ensure_loaded(crypto), |
32 |
:-( |
case erlang:function_exported(crypto, info_fips, 0) of |
33 |
|
true -> |
34 |
:-( |
case crypto:info_fips() of |
35 |
|
enabled -> |
36 |
:-( |
?LOG_NOTICE(#{what => fips_mode_enabled, |
37 |
:-( |
text => <<"FIPS mode enabled">>}); |
38 |
|
_ -> |
39 |
:-( |
?LOG_ERROR(#{what => fips_mode_disabled, |
40 |
:-( |
text => <<"FIPS mode disabled although it should be enabled">>}) |
41 |
|
end; |
42 |
|
_ -> |
43 |
:-( |
?LOG_INFO(#{what => fips_mode_not_supported, |
44 |
:-( |
text => <<"Used Erlang/OTP does not support FIPS mode">>}) |
45 |
|
end. |
46 |
|
|
47 |
|
status() -> |
48 |
:-( |
crypto:info_fips(). |
49 |
|
|
50 |
|
-spec supports_sasl_module(cyrsasl:sasl_module()) -> boolean(). |
51 |
|
supports_sasl_module(Module) -> |
52 |
146206 |
case crypto:info_fips() of |
53 |
|
enabled -> |
54 |
:-( |
Module =/= cyrsasl_digest; |
55 |
|
_ -> |
56 |
146206 |
true |
57 |
|
end. |
58 |
|
|
59 |
|
-endif. |