remove fips mode logic

Signed-off-by: Sonu Saha <ahasunos@gmail.com>
2025-02-16 14:08:36 +00:00 · 2024-11-07 17:09:21 +05:30 · 2024-11-07 17:09:21 +05:30 · 5b206957f5
commit 5b206957f5
parent 5c114243d5
1 changed files with 0 additions and 48 deletions
--- a/omnibus/omnibus-test.ps1
+++ b/omnibus/omnibus-test.ps1
@ -57,54 +57,6 @@ If ($env:OMNIBUS_FIPS_MODE -eq $true) {

 Write-Host "MSYS_OVERRIDE $env:MSYS_OVERRIDE"

-If ($env:OMNIBUS_FIPS_MODE -eq $true) {
-    $fips_errors=@()
-    Write-Host "FIPS is enabled for this environment"
-    Write-Host ":closed_lock_with_key: Validating FIPS"
-
-    Start-Process -NoNewWindow -Wait "$embedded_bin_dir\openssl.exe" -ArgumentList "md5" -RedirectStandardInput ".\LICENSE"  -PassThru
-    If ($lastexitcode -eq 0) {
-        # the md5 hash _should_ error
-        Write-Host "openssl executable still allow md5"
-
-        #Get-ChildItem $embedded_dir -Name 'openssl.cnf' -recurse | ForEach-Object {
-        #    Write-Host "[[[start dump of $embedded_dir/$_"
-        #    Get-Content $embedded_dir/$_
-        #    Write-Host "end dump of $embedded_dir/$_ ]]]"
-        #}
-    }
-
-    If ($version.Contains("OpenSSL 3")) {
-        Get-ChildItem "$embedded_dir\ssl\fipsmodule.cnf"
-    }
-
-    Write-Host "Listing openssl providers"
-    Start-Process -NoNewWindow -Wait "$embedded_bin_dir\openssl.exe" -ArgumentList "list", "-providers" -PassThru
-
-    Write-Host "Checking if FIPS is accessible via the Ruby OpenSSL bindings"
-    & $embedded_bin_dir/ruby.exe -v -e "require 'openssl'; puts OpenSSL::OPENSSL_VERSION_NUMBER.to_s(16); puts OpenSSL::OPENSSL_LIBRARY_VERSION; OpenSSL.fips_mode = 1; puts 'OpenSSL FIPS validated for ' + RUBY_VERSION"
-    If ($lastexitcode -ne 0) {
-        $fips_errors += "Ruby FIPS loading failed"
-    }
-
-    Write-Host "Checking that MD5 digest is not allowed"
-    # catch OpenSSL::Digest::MD5 and reraise, rescue anything else
-    & $embedded_bin_dir/ruby.exe -v -e "require 'openssl'; begin;OpenSSL.fips_mode=1;OpenSSL::Digest::MD5.new('hi');rescue OpenSSL::Digest::DigestError => e;puts 'MD5 through an error as expected';rescue => e;raise 'Unexpected error with MD5 digest';puts e.inspect;end"
-
-    If ($lastexitcode -ne 0) {
-        $fips_errors += "Ruby FIPS MD5 validation failed"
-    }
-
-    If ($fips_errors.length -gt 0) {
-        Write-Host "FIPS validation had $($fips_errors.length) errors:"
-        Write-Host ($fips_errors -join "`n")
-        Throw "FIPS validation had $($fips_errors.length) errors:"
-    }
-
-} else {
-    Write-Host "FIPS is disabled for this environment"
-}
-
 If ((Get-Command "openssl.exe").Source -ne "$embedded_bin_dir\openssl.exe") {
    Write-Host "The default openssl.exe is at: $((Get-Command "openssl.exe").Source),"
    Write-Host "which has version $((Get-Command "openssl.exe").FileVersionInfo.FileVersion)"