Module: OpenSSL

Defined in:

lib/openssl/bn.rb,
lib/openssl.rb,
lib/openssl/ssl.rb,
lib/openssl/asn1.rb,
lib/openssl/hmac.rb,
lib/openssl/x509.rb,
lib/openssl/pkcs5.rb,
lib/openssl/cipher.rb,
lib/openssl/digest.rb,
lib/openssl/marshal.rb,
lib/openssl/version.rb,
ossl.c,
ossl_bn.c,
ossl_ts.c,
ossl_kdf.c,
ossl_ssl.c,
ossl_asn1.c,
ossl_hmac.c,
ossl_ocsp.c,
ossl_rand.c,
ossl_x509.c,
ossl_pkcs7.c,
ossl_cipher.c,
ossl_config.c,
ossl_digest.c,
ossl_engine.c,
ossl_pkcs12.c,
ossl_x509crl.c,
ossl_x509ext.c,
ossl_x509req.c,
ossl_provider.c,
ossl_x509attr.c,
ossl_x509cert.c,
ossl_x509name.c,
ossl_x509store.c,
ossl_ssl_session.c,
ossl_x509revoked.c,
ossl_ns_spki.c

Overview

–

Ruby-space definitions to add DER (de)serialization to classes

Info

‘OpenSSL for Ruby 2’ project Copyright © 2002 Michal Rokos <m.rokos@sh.cvut.cz> All rights reserved.

Licence

This program is licensed under the same licence as Ruby. (See the file ‘COPYING’.) ++

Defined Under Namespace

Modules: ASN1, Buffering, KDF, Marshal, Netscape, OCSP, PKCS5, PKey, Random, SSL, X509 Classes: BN, BNError, Cipher, Config, ConfigError, Digest, Engine, HMAC, HMACError, OpenSSLError, PKCS12, PKCS7, Provider, Timestamp

Constant Summary

VERSION =

"3.3.0"

OPENSSL_VERSION =

Version of OpenSSL the ruby OpenSSL extension was built with

rb_str_new2(OPENSSL_VERSION_TEXT)

OPENSSL_LIBRARY_VERSION =

rb_str_new2(SSLeay_version(SSLEAY_VERSION))

OPENSSL_VERSION_NUMBER =

Version number of OpenSSL the ruby OpenSSL extension was built with (base 16). The formats are below.

OpenSSL 3

0xMNN00PP0 (major minor 00 patch 0)

OpenSSL before 3

0xMNNFFPPS (major minor fix patch status)

LibreSSL

0x20000000 (fixed value)

See also the man page OPENSSL_VERSION_NUMBER(3).

INT2NUM(OPENSSL_VERSION_NUMBER)

LIBRESSL_VERSION_NUMBER =

Version number of LibreSSL the ruby OpenSSL extension was built with (base 16). The format is 0xMNNFF00f (major minor fix 00 status). This constant is only defined in LibreSSL cases.

See also the man page LIBRESSL_VERSION_NUMBER(3).

INT2NUM(LIBRESSL_VERSION_NUMBER)

OPENSSL_FIPS =

/* OpenSSL 3 is FIPS-capable even when it is installed without fips option */
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
                    Qtrue
#elif defined(OPENSSL_FIPS)
		    Qtrue
#else
		    Qfalse
#endif

Class Method Summary

• .debug ⇒ Object
• .debug= ⇒ Object
• .Digest(name) ⇒ Object

  Returns a Digest subclass by name.

• .errors ⇒ Object
• .fips_mode ⇒ Object
• .fips_mode= ⇒ Object
• .fixed_length_secure_compare ⇒ Object
• .secure_compare(a, b) ⇒ Object

  call-seq: OpenSSL.secure_compare(string, string) -> boolean.

Class Method Details

.debug ⇒ Object

.debug= ⇒ Object

.Digest(name) ⇒ Object

Returns a Digest subclass by name

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

Digest("Foo")
# => NameError: wrong constant name Foo

# File 'lib/openssl/digest.rb', line 63

def Digest(name)
  OpenSSL::Digest.const_get(name)
end

.errors ⇒ Object

.fips_mode ⇒ Object

.fips_mode= ⇒ Object

.fixed_length_secure_compare ⇒ Object

.secure_compare(a, b) ⇒ Object

call-seq:

OpenSSL.secure_compare(string, string) -> boolean

Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns true if the strings are identical, false otherwise.

# File 'lib/openssl.rb', line 33

def self.secure_compare(a, b)
  hashed_a = OpenSSL::Digest.digest('SHA256', a)
  hashed_b = OpenSSL::Digest.digest('SHA256', b)
  OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b
end