Class: Gitlab::FIPS

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/fips.rb

Constant Summary collapse

Technology =

A simple utility class for FIPS-related helpers

Gitlab::SSHPublicKey::Technology
SSH_KEY_TECHNOLOGIES =
Technology.new(:rsa, SSHData::PublicKey::RSA, [3072, 4096], %w(ssh-rsa)),
  Technology.new(:dsa, SSHData::PublicKey::DSA, [], %w(ssh-dss)),
  Technology.new(:ecdsa, SSHData::PublicKey::ECDSA, [256, 384, 521], %w(ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521)),
  Technology.new(:ed25519, SSHData::PublicKey::ED25519, [256], %w(ssh-ed25519)),
  Technology.new(:ecdsa_sk, SSHData::PublicKey::SKECDSA, [256], %w([email protected])),
  Technology.new(:ed25519_sk, SSHData::PublicKey::SKED25519, [256], %w([email protected]))
].freeze

Class Method Summary collapse

Class Method Details

.enabled?Boolean

Returns whether we should be running in FIPS mode or not

Returns:

  • (Boolean)

23
24
25
26
27
28
29
30
31
# File 'lib/gitlab/fips.rb', line 23

def enabled?
  # Attempt to auto-detect FIPS mode from OpenSSL
  return true if OpenSSL.fips_mode

  # Otherwise allow it to be set manually via the env vars
  return true if ENV["FIPS_MODE"] == "true"

  false
end