Module: OpenSSL

Defined in:

lib/openssl/bn.rb,
deprecation.rb,
lib/openssl/ssl.rb,
lib/openssl/x509.rb,
lib/openssl/config.rb,
lib/openssl/digest.rb,
lib/openssl/cipher.rb,
ossl.c,
ossl_bn.c,
ossl_ssl.c,
ossl_asn1.c,
ossl_rand.c,
ossl_pkey.c,
ossl_hmac.c,
ossl_pkcs5.c,
ossl_digest.c,
ossl_cipher.c,
ossl_pkey_ec.c,
ossl_pkey_dh.c,
ossl_pkey_dsa.c,
ossl_x509cert.c,
ossl_pkey_rsa.c,
ossl_x509store.c,
ossl_ssl_session.c,
ossl_ns_spki.c

Overview

–

$RCSfile$

Ruby-space predefined Cipher subclasses

Info

‘OpenSSL for Ruby 2’ project Copyright © 2002 Michal Rokos <m.rokos@sh.cvut.cz> All rights reserved.

Licence

This program is licenced under the same licence as Ruby. (See the file ‘LICENCE’.)

Version

$Id: cipher.rb 36895 2012-09-04 00:57:31Z nobu $

++

Defined Under Namespace

Modules: ASN1, Buffering, Netscape, OCSP, PKCS5, PKey, Random, SSL, X509 Classes: BN, BNError, Cipher, Config, ConfigError, Digest, Engine, HMAC, HMACError, OpenSSLError, PKCS12, PKCS7

Constant Summary

VERSION =

OpenSSL ruby extension version

rb_str_new2(OSSL_VERSION)

OPENSSL_VERSION =

Version of OpenSSL the ruby OpenSSL extension was built with

rb_str_new2(OPENSSL_VERSION_TEXT)

OPENSSL_LIBRARY_VERSION =

Version of OpenSSL the ruby OpenSSL extension is running with

rb_str_new2(SSLeay_version(SSLEAY_VERSION))

OPENSSL_VERSION_NUMBER =

Version number of OpenSSL the ruby OpenSSL extension was built with (base 16)

INT2NUM(OPENSSL_VERSION_NUMBER)

OPENSSL_FIPS =

Qfalse

Class Method Summary

• .check_func(func, header) ⇒ Object
• .debug ⇒ Object
• .debug=(boolean) ⇒ Boolean

  Turns on or off CRYPTO_MEM_CHECK.

• .deprecated_warning_flag ⇒ Object
• .Digest(name) ⇒ Object

  Returns a Digest subclass by name.

• .errors ⇒ Array

  See any remaining errors held in queue.

• .fips_mode=(boolean) ⇒ Boolean

  Turns FIPS mode on or off.

Class Method Details

.check_func(func, header) ⇒ Object

# File 'deprecation.rb', line 17

def self.check_func(func, header)
  have_func(func, header, deprecated_warning_flag) and
    have_header(header, nil, deprecated_warning_flag)
end

.debug ⇒ Object

# File 'ossl.c', line 402

static VALUE
ossl_debug_get(VALUE self)
{
    return dOSSL;
}

.debug=(boolean) ⇒ Boolean

Turns on or off CRYPTO_MEM_CHECK. Also shows some debugging message on stderr.

Returns:

• (Boolean)

# File 'ossl.c', line 415

static VALUE
ossl_debug_set(VALUE self, VALUE val)
{
    VALUE old = dOSSL;
    dOSSL = val;

    if (old != dOSSL) {
	if (dOSSL == Qtrue) {
	    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
	    fprintf(stderr, "OSSL_DEBUG: IS NOW ON!\n");
	} else if (old == Qtrue) {
	    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
	    fprintf(stderr, "OSSL_DEBUG: IS NOW OFF!\n");
	}
    }
    return val;
}

.deprecated_warning_flag ⇒ Object

# File 'deprecation.rb', line 2

def self.deprecated_warning_flag
  unless flag = (@deprecated_warning_flag ||= nil)
    if try_compile("", flag = "-Werror=deprecated-declarations")
      if with_config("broken-apple-openssl")
        flag = "-Wno-deprecated-declarations"
      end
      $warnflags << " #{flag}"
    else
      flag = ""
    end
    @deprecated_warning_flag = flag
  end
  flag
end

.Digest(name) ⇒ Object

Returns a Digest subclass by name.

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

Digest("Foo")
# => NameError: wrong constant name Foo

# File 'lib/openssl/digest.rb', line 81

def Digest(name)
  OpenSSL::Digest.const_get(name)
end

.errors ⇒ Array

See any remaining errors held in queue.

Any errors you see here are probably due to a bug in ruby’s OpenSSL implementation.

Returns:

• (Array)

# File 'ossl.c', line 363

VALUE
ossl_get_errors(void)
{
    VALUE ary;
    long e;

    ary = rb_ary_new();
    while ((e = ERR_get_error()) != 0){
        rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL)));
    }

    return ary;
}

.fips_mode=(boolean) ⇒ Boolean

Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an effect for FIPS-capable installations of the OpenSSL library. Trying to do so otherwise will result in an error.

Examples

OpenSSL.fips_mode = true # turn FIPS mode on OpenSSL.fips_mode = false # and off again

Returns:

• (Boolean)

# File 'ossl.c', line 446

static VALUE
ossl_fips_mode_set(VALUE self, VALUE enabled)
{

#ifdef HAVE_OPENSSL_FIPS
    if (RTEST(enabled)) {
	int mode = FIPS_mode();
	if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
	    ossl_raise(eOSSLError, "Turning on FIPS mode failed");
    } else {
	if(!FIPS_mode_set(0)) /* turning off twice is OK */
	    ossl_raise(eOSSLError, "Turning off FIPS mode failed");
    }
    return enabled;
#else
    if (RTEST(enabled))
	ossl_raise(eOSSLError, "This version of OpenSSL does not support FIPS mode");
    return enabled;
#endif
}