Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an
effect for FIPS-capable installations of the OpenSSL library. Trying to do so otherwise will
result in an error.
Examples
OpenSSL.fips_mode = true # turn FIPS mode on OpenSSL.fips_mode = false #
and off again
static VALUE
ossl_fips_mode_set(VALUE self, VALUE enabled)
{
#ifdef HAVE_OPENSSL_FIPS
if (RTEST(enabled)) {
int mode = FIPS_mode();
if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
ossl_raise(eOSSLError, "Turning on FIPS mode failed");
} else {
if(!FIPS_mode_set(0)) /* turning off twice is OK */
ossl_raise(eOSSLError, "Turning off FIPS mode failed");
}
return enabled;
#else
if (RTEST(enabled))
ossl_raise(eOSSLError, "This version of OpenSSL does not support FIPS mode");
return enabled;
#endif
}
