module OpenSSL

Init main module

Constants

OPENSSL_FIPS
OPENSSL_LIBRARY_VERSION: Version of OpenSSL the ruby OpenSSL extension is running with
OPENSSL_VERSION: Version of OpenSSL the ruby OpenSSL extension was built with
OPENSSL_VERSION_NUMBER: Version number of OpenSSL the ruby OpenSSL extension was built with (base 16)
VERSION: OpenSSL ruby extension version

Public Class Methods

Digest(name) click to toggle source

Returns a Digest subclass by name.

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

Digest("Foo")
# => NameError: wrong constant name Foo

# File lib/openssl_cms/digest.rb, line 81
def Digest(name)
  OpenSSL::Digest.const_get(name)
end

check_func(func, header) click to toggle source

# File ext/openssl_cms/deprecation.rb, line 17
def self.check_func(func, header)
  have_func(func, header, deprecated_warning_flag) and
    have_header(header, nil, deprecated_warning_flag)
end

debug → true | false click to toggle source

static VALUE
ossl_debug_get(VALUE self)
{
    return dOSSL;
}

debug = boolean → boolean click to toggle source

Turns on or off CRYPTO_MEM_CHECK. Also shows some debugging message on stderr.

static VALUE
ossl_debug_set(VALUE self, VALUE val)
{
    VALUE old = dOSSL;
    dOSSL = val;

    if (old != dOSSL) {
        if (dOSSL == Qtrue) {
            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
            fprintf(stderr, "OSSL_DEBUG: IS NOW ON!\n");
        } else if (old == Qtrue) {
            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
            fprintf(stderr, "OSSL_DEBUG: IS NOW OFF!\n");
        }
    }
    return val;
}

deprecated_warning_flag() click to toggle source

# File ext/openssl_cms/deprecation.rb, line 2
def self.deprecated_warning_flag
  unless flag = (@deprecated_warning_flag ||= nil)
    if try_compile("", flag = "-Werror=deprecated-declarations")
      if with_config("broken-apple-openssl")
        flag = "-Wno-deprecated-declarations"
      end
      $warnflags << " #{flag}"
    else
      flag = ""
    end
    @deprecated_warning_flag = flag
  end
  flag
end

errors → [String...] click to toggle source

See any remaining errors held in queue.

Any errors you see here are probably due to a bug in ruby's OpenSSL implementation.

VALUE
ossl_get_errors()
{
    VALUE ary;
    long e;

    ary = rb_ary_new();
    while ((e = ERR_get_error()) != 0){
        rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL)));
    }

    return ary;
}

fips_mode = boolean → boolean click to toggle source

Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an effect for FIPS-capable installations of the OpenSSL library. Trying to do so otherwise will result in an error.

Examples¶ ↑

OpenSSL.fips_mode = true # turn FIPS mode on OpenSSL.fips_mode = false # and off again

static VALUE
ossl_fips_mode_set(VALUE self, VALUE enabled)
{

#ifdef HAVE_OPENSSL_FIPS
    if (RTEST(enabled)) {
        int mode = FIPS_mode();
        if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
            ossl_raise(eOSSLError, "Turning on FIPS mode failed");
    } else {
        if(!FIPS_mode_set(0)) /* turning off twice is OK */
            ossl_raise(eOSSLError, "Turning off FIPS mode failed");
    }
    return enabled;
#else
    if (RTEST(enabled))
        ossl_raise(eOSSLError, "This version of OpenSSL does not support FIPS mode");
    return enabled;
#endif
}

Private Instance Methods

Digest(name) click to toggle source

Returns a Digest subclass by name.

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

Digest("Foo")
# => NameError: wrong constant name Foo

# File lib/openssl_cms/digest.rb, line 81
def Digest(name)
  OpenSSL::Digest.const_get(name)
end