Module: OpenSSL

Defined in:

lib/openssl/bn.rb,
lib/openssl.rb,
lib/openssl/ssl.rb,
lib/openssl/hmac.rb,
lib/openssl/x509.rb,
lib/openssl/pkcs5.rb,
lib/openssl/cipher.rb,
lib/openssl/digest.rb,
lib/openssl/marshal.rb,
lib/openssl/version.rb,
ext/openssl/ossl.c

Overview

–

Ruby-space definitions to add DER (de)serialization to classes

Info

‘OpenSSL for Ruby 2’ project Copyright © 2002 Michal Rokos <m.rokos@sh.cvut.cz> All rights reserved.

Licence

This program is licensed under the same licence as Ruby. (See the file ‘COPYING’.) ++

Defined Under Namespace

Modules: ASN1, Buffering, KDF, Marshal, Netscape, OCSP, PKCS5, PKey, Random, SSL, X509 Classes: BN, BNError, Cipher, Config, ConfigError, Digest, Engine, HMAC, HMACError, OpenSSLError, PKCS12, PKCS7, Provider, Timestamp

Constant Summary

VERSION =

The version string of Ruby/OpenSSL.

"4.0.0"

OPENSSL_VERSION =

OpenSSL library version string used to compile the Ruby/OpenSSL extension. This may differ from the version used at runtime.

rb_obj_freeze(rb_str_new_cstr(OPENSSL_VERSION_TEXT))

OPENSSL_LIBRARY_VERSION =

OpenSSL library version string currently used at runtime.

rb_obj_freeze(rb_str_new_cstr(OpenSSL_version(OPENSSL_VERSION)))

OPENSSL_VERSION_NUMBER =

OpenSSL 3.0.0 or later

0xMNN00PP0 (major minor 00 patch 0)

OpenSSL 1.1.1 or earlier

0xMNNFFPPS (major minor fix patch status)

LibreSSL

0x20000000 (a fixed value)

See also the man page OPENSSL_VERSION_NUMBER(3).

\OpenSSL library version number used to compile the Ruby/OpenSSL
extension. This may differ from the version used at runtime.

The version number is encoded into a single integer value. The number
follows the format

LIBRESSL_VERSION_NUMBER =

0xMNNFF00f (major minor fix 00 status).

See also the man page LIBRESSL_VERSION_NUMBER(3).

LibreSSL library version number used to compile the Ruby/OpenSSL
extension. This may differ from the version used at runtime.

This constant is only defined if the extension was compiled against
LibreSSL. The number follows the format

OPENSSL_FIPS =

/* OpenSSL 3 is FIPS-capable even when it is installed without fips option */
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
                    Qtrue
#elif defined(OPENSSL_FIPS)
                    Qtrue
#elif defined(OPENSSL_IS_AWSLC) // AWS-LC FIPS can only be enabled during compile time.
                    FIPS_mode() ? Qtrue : Qfalse
#else
                    Qfalse
#endif

Class Method Summary

• .debug ⇒ Object
• .debug= ⇒ Object
• .Digest(name) ⇒ Object

  Returns a Digest subclass by name.

• .errors ⇒ Object
• .fips_mode ⇒ Object
• .fips_mode= ⇒ Object
• .fixed_length_secure_compare ⇒ Object
• .secure_compare(a, b) ⇒ Object

  :call-seq: OpenSSL.secure_compare(string, string) -> true or false.

Class Method Details

.debug ⇒ Object

.debug= ⇒ Object

.Digest(name) ⇒ Object

Returns a Digest subclass by name

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

OpenSSL::Digest("Foo")
# => NameError: wrong constant name Foo

# File 'lib/openssl/digest.rb', line 63

def Digest(name)
  OpenSSL::Digest.const_get(name)
end

.errors ⇒ Object

.fips_mode ⇒ Object

.fips_mode= ⇒ Object

.fixed_length_secure_compare ⇒ Object

.secure_compare(a, b) ⇒ Object

:call-seq:

OpenSSL.secure_compare(string, string) -> true or false

Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns true if the strings are identical, false otherwise.

This method is expensive due to the SHA-256 hashing. In most cases, where the input lengths are known to be equal or are not sensitive, OpenSSL.fixed_length_secure_compare should be used instead.

# File 'lib/openssl.rb', line 36

def self.secure_compare(a, b)
  hashed_a = OpenSSL::Digest.digest('SHA256', a)
  hashed_b = OpenSSL::Digest.digest('SHA256', b)
  OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b
end