Module: OpenSSL

Defined in:
lib/openssl/bn.rb,
lib/openssl/ssl.rb,
lib/openssl/pkey.rb,
lib/openssl/x509.rb,
lib/openssl/cipher.rb,
lib/openssl/config.rb,
lib/openssl/digest.rb,
ext/openssl/ossl.c,
ext/openssl/ossl_bn.c,
ext/openssl/ossl_ssl.c,
ext/openssl/ossl_asn1.c,
ext/openssl/ossl_hmac.c,
ext/openssl/ossl_ocsp.c,
ext/openssl/ossl_pkey.c,
ext/openssl/ossl_rand.c,
ext/openssl/ossl_x509.c,
ext/openssl/ossl_pkcs5.c,
ext/openssl/ossl_pkcs7.c,
ext/openssl/ossl_cipher.c,
ext/openssl/ossl_config.c,
ext/openssl/ossl_digest.c,
ext/openssl/ossl_engine.c,
ext/openssl/ossl_pkcs12.c,
ext/openssl/deprecation.rb,
ext/openssl/ossl_x509crl.c,
ext/openssl/ossl_x509ext.c,
ext/openssl/ossl_x509req.c,
ext/openssl/ossl_x509attr.c,
ext/openssl/ossl_x509cert.c,
ext/openssl/ossl_x509name.c,
ext/openssl/ossl_x509store.c,
ext/openssl/ossl_ssl_session.c,
ext/openssl/ossl_x509revoked.c,
ext/openssl/ossl_ns_spki.c

Overview

Ruby-space predefined Digest subclasses

Info

‘OpenSSL for Ruby 2’ project Copyright © 2002 Michal Rokos <[email protected]> All rights reserved.

Licence

This program is licensed under the same licence as Ruby. (See the file ‘LICENCE’.) ++

Defined Under Namespace

Modules: ASN1, Buffering, ExtConfig, Netscape, OCSP, PKey, Random, SSL, X509 Classes: BN, BNError, Cipher, Config, ConfigError, Digest, Engine, HMAC, HMACError, OpenSSLError, PKCS12, PKCS5, PKCS7

Constant Summary collapse

VERSION =

OpenSSL ruby extension version

rb_str_new2(OSSL_VERSION)
OPENSSL_VERSION =

Version of OpenSSL the ruby OpenSSL extension was built with

rb_str_new2(OPENSSL_VERSION_TEXT)
OPENSSL_LIBRARY_VERSION =

Version of OpenSSL the ruby OpenSSL extension is running with

rb_str_new2(SSLeay_version(SSLEAY_VERSION))
OPENSSL_VERSION_NUMBER =

Version number of OpenSSL the ruby OpenSSL extension was built with (base 16)

INT2NUM(OPENSSL_VERSION_NUMBER)
OPENSSL_FIPS =
#ifdef OPENSSL_FIPS
		    Qtrue
#else
		    Qfalse
#endif

Class Method Summary collapse

Class Method Details

.check_func(func, header) ⇒ Object



18
19
20
# File 'ext/openssl/deprecation.rb', line 18

def self.check_func(func, header)
  have_func(func, header, deprecated_warning_flag)
end

.check_func_or_macro(func, header) ⇒ Object



22
23
24
25
# File 'ext/openssl/deprecation.rb', line 22

def self.check_func_or_macro(func, header)
  check_func(func, header) or
    have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
end

.debugObject



363
364
365
366
367
# File 'ext/openssl/ossl.c', line 363

static VALUE
ossl_debug_get(VALUE self)
{
    return dOSSL;
}

.debug=(boolean) ⇒ Boolean

Turns on or off debug mode. With debug mode, all erros added to the OpenSSL error queue will be printed to stderr.

Returns:

  • (Boolean)


376
377
378
379
380
381
382
# File 'ext/openssl/ossl.c', line 376

static VALUE
ossl_debug_set(VALUE self, VALUE val)
{
    dOSSL = RTEST(val) ? Qtrue : Qfalse;

    return val;
}

.deprecated_warning_flagObject



3
4
5
6
7
8
9
10
11
12
13
14
15
16
# File 'ext/openssl/deprecation.rb', line 3

def self.deprecated_warning_flag
  unless flag = (@deprecated_warning_flag ||= nil)
    if try_compile("", flag = "-Werror=deprecated-declarations")
      if /darwin/ =~ RUBY_PLATFORM and with_config("broken-apple-openssl")
        flag = "-Wno-deprecated-declarations"
      end
      $warnflags << " #{flag}"
    else
      flag = ""
    end
    @deprecated_warning_flag = flag
  end
  flag
end

.Digest(name) ⇒ Object

Returns a Digest subclass by name.

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

Digest("Foo")
# => NameError: wrong constant name Foo


72
73
74
# File 'lib/openssl/digest.rb', line 72

def Digest(name)
  OpenSSL::Digest.const_get(name)
end

.errorsArray

See any remaining errors held in queue.

Any errors you see here are probably due to a bug in ruby’s OpenSSL implementation.

Returns:

  • (Array)


324
325
326
327
328
329
330
331
332
333
334
335
336
# File 'ext/openssl/ossl.c', line 324

VALUE
ossl_get_errors(void)
{
    VALUE ary;
    long e;

    ary = rb_ary_new();
    while ((e = ERR_get_error()) != 0){
        rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL)));
    }

    return ary;
}

.fips_mode=(boolean) ⇒ Boolean

Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an effect for FIPS-capable installations of the OpenSSL library. Trying to do so otherwise will result in an error.

Examples

OpenSSL.fips_mode = true   # turn FIPS mode on
OpenSSL.fips_mode = false  # and off again

Returns:

  • (Boolean)


396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
# File 'ext/openssl/ossl.c', line 396

static VALUE
ossl_fips_mode_set(VALUE self, VALUE enabled)
{

#ifdef OPENSSL_FIPS
    if (RTEST(enabled)) {
	int mode = FIPS_mode();
	if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
	    ossl_raise(eOSSLError, "Turning on FIPS mode failed");
    } else {
	if(!FIPS_mode_set(0)) /* turning off twice is OK */
	    ossl_raise(eOSSLError, "Turning off FIPS mode failed");
    }
    return enabled;
#else
    if (RTEST(enabled))
	ossl_raise(eOSSLError, "This version of OpenSSL does not support FIPS mode");
    return enabled;
#endif
}

.mem_check_startnil

Calls CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON). Starts tracking memory allocations. See also OpenSSL.print_mem_leaks.

This is available only when built with a capable OpenSSL and –enable-debug configure option.

Returns:

  • (nil)


431
432
433
434
435
436
# File 'ext/openssl/ossl.c', line 431

static VALUE
mem_check_start(VALUE self)
{
	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
	return Qnil;
}

For debugging the Ruby/OpenSSL library. Calls CRYPTO_mem_leaks_fp(stderr). Prints detected memory leaks to standard error. This cleans the global state up thus you cannot use any methods of the library after calling this.

Returns true if leaks detected, false otherwise.

This is available only when built with a capable OpenSSL and –enable-debug configure option.

Example

OpenSSL.mem_check_start
NOT_GCED = OpenSSL::PKey::RSA.new(256)

END {
  GC.start
  OpenSSL.print_mem_leaks # will print the leakage
}


460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
# File 'ext/openssl/ossl.c', line 460

static VALUE
print_mem_leaks(VALUE self)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000
    int ret;
#endif

    BN_CTX_free(ossl_bn_ctx);
    ossl_bn_ctx = NULL;

#if OPENSSL_VERSION_NUMBER >= 0x10100000
    ret = CRYPTO_mem_leaks_fp(stderr);
    if (ret < 0)
	ossl_raise(eOSSLError, "CRYPTO_mem_leaks_fp");
    return ret ? Qfalse : Qtrue;
#else
    CRYPTO_mem_leaks_fp(stderr);
    return Qnil;
#endif
}