diff options
46 files changed, 2836 insertions, 1944 deletions
diff --git a/CONTRIBUTING_md.html b/CONTRIBUTING_md.html index 117a1418..5edccad5 100644 --- a/CONTRIBUTING_md.html +++ b/CONTRIBUTING_md.html @@ -62,7 +62,7 @@ <li><a href="#label-Bugs+and+feature+requests">Bugs and feature requests</a> <li><a href="#label-Submitting+patches">Submitting patches</a> <li><a href="#label-Testing">Testing</a> - <li><a href="#label-Docker">Docker</a> + <li><a href="#label-With+different+versions+of+OpenSSL">With different versions of OpenSSL</a> <li><a href="#label-Relation+with+Ruby+source+tree">Relation with Ruby source tree</a> <li><a href="#label-Release+policy">Release policy</a> <li><a href="#label-Security">Security</a> @@ -99,9 +99,18 @@ <p>If you think you found a bug, file a ticket on GitHub. Please DO NOT report security issues here, there is a separate procedure which is described on <a href="https://www.ruby-lang.org/en/security/">“Security at ruby-lang.org”</a>.</p> -<p>When reporting a bug, please make sure you include: * Ruby version * <a href="OpenSSL.html"><code>OpenSSL</code></a> gem version * <a href="OpenSSL.html"><code>OpenSSL</code></a> library version * A sample file that illustrates the problem or link to the repository or gem that is associated with the bug.</p> +<p>When reporting a bug, please make sure you include:</p> +<ul><li> +<p>Ruby version (<code>ruby -v</code>)</p> +</li><li> +<p><code>openssl</code> gem version (<code>gem list openssl</code> and <code>OpenSSL::VERSION</code>)</p> +</li><li> +<p><a href="OpenSSL.html"><code>OpenSSL</code></a> library version (<code>OpenSSL::OPENSSL_VERSION</code>)</p> +</li><li> +<p>A sample file that illustrates the problem or link to the repository or gem that is associated with the bug.</p> +</li></ul> -<p>There are a number of unresolved issues and feature requests for openssl that need review. Before submitting a new ticket, it is recommended to check <a href="https://github.com/ruby/openssl/issues">known issues</a> and <a href="https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=">bugs.ruby-lang.org</a>, the previous issue tracker.</p> +<p>There are a number of unresolved issues and feature requests for openssl that need review. Before submitting a new ticket, it is recommended to check <a href="https://github.com/ruby/openssl/issues">known issues</a>.</p> <h2 id="label-Submitting+patches">Submitting patches<span><a href="#label-Submitting+patches">¶</a> <a href="#top">↑</a></span></h2> @@ -116,45 +125,39 @@ <p>Follow Ruby’s coding style (<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto">DeveloperHowTo</a>)</p> </li><li> <p>Pass the test suite successfully (see “Testing”)</p> -</li><li> -<p>Add an entry to <a href="https://github.com/ruby/openssl/tree/master/History.md">History.md</a> if necessary</p> </li></ul> <h2 id="label-Testing">Testing<span><a href="#label-Testing">¶</a> <a href="#top">↑</a></span></h2> <p>We have a test suite!</p> -<p>Test cases are located under the {<code>test/</code><a href="https://github.com/ruby/openssl/tree/master/test">}</a> directory.</p> +<p>Test cases are located under the {<code>test/openssl</code><a href="https://github.com/ruby/openssl/tree/master/test/openssl">}</a> directory.</p> <p>You can run it with the following three commands:</p> -<pre>$ rake install_dependencies # installs rake-compiler, test-unit, ... -$ rake compile -$ rake test</pre> - -<h3 id="label-Docker">Docker<span><a href="#label-Docker">¶</a> <a href="#top">↑</a></span></h3> - -<p>You can also use Docker Compose to run tests. It can be used to check that your changes work correctly with various supported versions of Ruby and <a href="OpenSSL.html"><code>OpenSSL</code></a>.</p> - -<p>First, you need to install <a href="https://www.docker.com/products/docker">Docker</a> and <a href="https://www.docker.com/products/docker-compose">Docker Compose</a> on your computer.</p> - -<p>If you’re on MacOS or Windows, we recommended to use the official <a href="https://www.docker.com/products/docker-toolbox">Docker Toolbox</a>. On Linux, follow the instructions for your package manager. For further information, please check the <a href="https://docs.docker.com/">official documentation</a>.</p> +<pre>$ bundle install # installs rake-compiler, test-unit, ... +$ bundle exec rake compile +$ bundle exec rake test</pre> -<p>Once you have Docker and Docker Compose, running the following commands will build the container and execute the openssl tests. In this example, we will use Ruby version 2.3 with <a href="OpenSSL.html"><code>OpenSSL</code></a> version 1.0.2.</p> +<h3 id="label-With+different+versions+of+OpenSSL">With different versions of <a href="OpenSSL.html"><code>OpenSSL</code></a><span><a href="#label-With+different+versions+of+OpenSSL">¶</a> <a href="#top">↑</a></span></h3> -<pre>$ docker-compose build -$ export RUBY_VERSION=ruby-2.3 -$ export OPENSSL_VERSION=openssl-1.0.2 -$ docker-compose run test +<p>Ruby <a href="OpenSSL.html"><code>OpenSSL</code></a> supports various versions of <a href="OpenSSL.html"><code>OpenSSL</code></a> library. The test suite needs to pass on all supported combinations.</p> -# You may want an interactive shell for dubugging -$ docker-compose run debug</pre> +<p>Similarly to when installing <code>openssl</code> gem via the <code>gem</code> command, you can pass a <code>--with-openssl-dir</code> argument to <code>rake compile</code> to specify the <a href="OpenSSL.html"><code>OpenSSL</code></a> library to build against.</p> -<p>All possible values for <code>RUBY_VERSION</code> and <code>OPENSSL_VERSION</code> can be found in {<code>test.yml</code><a href="https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml">}</a>.</p> +<pre>$ ( curl -OL https://ftp.openssl.org/source/openssl-3.0.1.tar.gz && + tar xf openssl-3.0.1.tar.gz && + cd openssl-3.0.1 && + ./config --prefix=$HOME/.openssl/openssl-3.0.1 --libdir=lib && + make -j4 && + make install ) -<p><strong>NOTE</strong>: these commands must be run from the openssl repository root, in order to use the {<code>docker-compose.yml</code><a href="https://github.com/ruby/openssl/blob/master/docker-compose.yml">}</a> file we have provided.</p> +$ # in Ruby/OpenSSL's source directory +$ bundle exec rake clean +$ bundle exec rake compile -- --with-openssl-dir=$HOME/.openssl/openssl-3.0.1 +$ bundle exec rake test</pre> -<p>This Docker image is built using the <a href="https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker">Dockerfile</a> provided in the repository.</p> +<p>The GitHub Actions workflow file {<code>test.yml</code><a href="https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml">}</a> contains useful information for building OpenSSL/LibreSSL and testing against them.</p> <h2 id="label-Relation+with+Ruby+source+tree">Relation with Ruby source tree<span><a href="#label-Relation+with+Ruby+source+tree">¶</a> <a href="#top">↑</a></span></h2> diff --git a/History_md.html b/History_md.html index 6e165f75..a2854819 100644 --- a/History_md.html +++ b/History_md.html @@ -58,6 +58,9 @@ <h3>Table of Contents</h3> <ul class="link-list" role="directory"> + <li><a href="#label-Version+3.0.0">Version 3.0.0</a> + <li><a href="#label-Compatibility+notes">Compatibility notes</a> + <li><a href="#label-Notable+changes">Notable changes</a> <li><a href="#label-Version+2.2.1">Version 2.2.1</a> <li><a href="#label-Bug+fixes">Bug fixes</a> <li><a href="#label-Version+2.2.0">Version 2.2.0</a> @@ -115,6 +118,69 @@ <main role="main" aria-label="Page History.md"> +<h1 id="label-Version+3.0.0">Version 3.0.0<span><a href="#label-Version+3.0.0">¶</a> <a href="#top">↑</a></span></h1> + +<h2 id="label-Compatibility+notes">Compatibility notes<span><a href="#label-Compatibility+notes">¶</a> <a href="#top">↑</a></span></h2> +<ul><li> +<p><a href="OpenSSL.html"><code>OpenSSL</code></a> 1.0.1 and Ruby 2.3-2.5 are no longer supported. <a href="https://github.com/ruby/openssl/pull/396">[GitHub #396]</a> <a href="https://github.com/ruby/openssl/pull/466">[GitHub #466]</a></p> +</li><li> +<p><a href="OpenSSL.html"><code>OpenSSL</code></a> 3.0 support is added. It is the first major version bump from <a href="OpenSSL.html"><code>OpenSSL</code></a> 1.1 and contains incompatible changes that affect Ruby/OpenSSL. Note that <a href="OpenSSL.html"><code>OpenSSL</code></a> 3.0 support is preliminary and not all features are currently available: <a href="https://github.com/ruby/openssl/issues/369">[GitHub #369]</a></p> +</li><li> +<p>Deprecate the ability to modify <code>OpenSSL::PKey::PKey</code> instances. <a href="OpenSSL.html"><code>OpenSSL</code></a> 3.0 made EVP_PKEY structure immutable, and hence the following methods are not available when Ruby/OpenSSL is linked against <a href="OpenSSL.html"><code>OpenSSL</code></a> 3.0. <a href="https://github.com/ruby/openssl/pull/480">[GitHub #480]</a></p> +<ul><li> +<p><code>OpenSSL::PKey::RSA#set_key</code>, <code>#set_factors</code>, <code>#set_crt_params</code></p> +</li><li> +<p><code>OpenSSL::PKey::DSA#set_pqg</code>, <code>#set_key</code></p> +</li><li> +<p><code>OpenSSL::PKey::DH#set_pqg</code>, <code>#set_key</code>, <code>#generate_key!</code></p> +</li><li> +<p><code>OpenSSL::PKey::EC#private_key=</code>, <code>#public_key=</code>, <code>#group=</code>, <code>#generate_key!</code></p> +</li></ul> +</li><li> +<p>Deprecate <code>OpenSSL::Engine</code>. The ENGINE API has been deprecated in <a href="OpenSSL.html"><code>OpenSSL</code></a> 3.0 in favor of the new "provider" concept and will be removed in a future version. <a href="https://github.com/ruby/openssl/pull/481">[GitHub #481]</a></p> +</li><li> +<p><code>OpenSSL::SSL::SSLContext#tmp_ecdh_callback</code> has been removed. It has been deprecated since v2.0.0 because it is incompatible with modern <a href="OpenSSL.html"><code>OpenSSL</code></a> versions. <a href="https://github.com/ruby/openssl/pull/394">[GitHub #394]</a></p> +</li><li> +<p><code>OpenSSL::SSL::SSLSocket#read</code> and <code>#write</code> now raise <code>OpenSSL::SSL::SSLError</code> if called before a TLS connection is established. Historically, they read/wrote unencrypted data to the underlying socket directly in that case. <a href="https://github.com/ruby/openssl/issues/9">[GitHub #9]</a> <a href="https://github.com/ruby/openssl/pull/469">[GitHub #469]</a></p> +</li></ul> + +<h2 id="label-Notable+changes">Notable changes<span><a href="#label-Notable+changes">¶</a> <a href="#top">↑</a></span></h2> +<ul><li> +<p>Enhance <a href="OpenSSL/PKey.html"><code>OpenSSL::PKey</code></a>'s common interface. <a href="https://github.com/ruby/openssl/issues/370">[GitHub #370]</a></p> +</li><li> +<p>Key deserialization: Enhance <code>OpenSSL::PKey.read</code> to handle PEM encoding of DH parameters, which used to be only deserialized by <code>OpenSSL::PKey::DH.new</code>. <a href="https://github.com/ruby/openssl/issues/328">[GitHub #328]</a></p> +</li><li> +<p>Key generation: Add <code>OpenSSL::PKey.generate_parameters</code> and <code>OpenSSL::PKey.generate_key</code>. <a href="https://github.com/ruby/openssl/issues/329">[GitHub #329]</a></p> +</li><li> +<p>Public key signing: Enhance <code>OpenSSL::PKey::PKey#sign</code> and <code>#verify</code> to use the new EVP_DigestSign() family to enable PureEdDSA support on <a href="OpenSSL.html"><code>OpenSSL</code></a> 1.1.1 or later. They also now take optional algorithm-specific parameters for more control. <a href="https://github.com/ruby/openssl/issues/329">[GitHub #329]</a></p> +</li><li> +<p>Low-level public key signing and verification: Add <code>OpenSSL::PKey::PKey#sign_raw</code>, <code>#verify_raw</code>, and <code>#verify_recover</code>. <a href="https://github.com/ruby/openssl/issues/382">[GitHub #382]</a></p> +</li><li> +<p>Public key encryption: Add <code>OpenSSL::PKey::PKey#encrypt</code> and <code>#decrypt</code>. <a href="https://github.com/ruby/openssl/issues/382">[GitHub #382]</a></p> +</li><li> +<p>Key agreement: Add <code>OpenSSL::PKey::PKey#derive</code>. <a href="https://github.com/ruby/openssl/issues/329">[GitHub #329]</a></p> +</li><li> +<p>Key comparison: Add <code>OpenSSL::PKey::PKey#compare?</code> to conveniently check that two keys have common parameters and a public key. <a href="https://github.com/ruby/openssl/issues/383">[GitHub #383]</a></p> +</li><li> +<p>Add <code>OpenSSL::BN#set_flags</code> and <code>#get_flags</code>. This can be used in combination with <code>OpenSSL::BN::CONSTTIME</code> to force constant-time computation. <a href="https://github.com/ruby/openssl/issues/417">[GitHub #417]</a></p> +</li><li> +<p>Add <code>OpenSSL::BN#abs</code> to get the absolute value of the BIGNUM. <a href="https://github.com/ruby/openssl/issues/430">[GitHub #430]</a></p> +</li><li> +<p>Add <code>OpenSSL::SSL::SSLSocket#getbyte</code>. <a href="https://github.com/ruby/openssl/issues/438">[GitHub #438]</a></p> +</li><li> +<p>Add <code>OpenSSL::SSL::SSLContext#tmp_dh=</code>. <a href="https://github.com/ruby/openssl/pull/459">[GitHub #459]</a></p> +</li><li> +<p>Add <code>OpenSSL::X509::Certificate.load</code> to load a PEM-encoded and concatenated list of X.509 certificates at once. <a href="https://github.com/ruby/openssl/pull/441">[GitHub #441]</a></p> +</li><li> +<p>Change <code>OpenSSL::X509::Certificate.new</code> to attempt to deserialize the given string first as DER encoding first and then as PEM encoding to ensure the round-trip consistency. <a href="https://github.com/ruby/openssl/pull/442">[GitHub #442]</a></p> +</li><li> +<p>Update various part of the code base to use the modern API. No breaking changes are intended with this. This includes:</p> +</li><li> +<p><code>OpenSSL::HMAC</code> uses the EVP API. <a href="https://github.com/ruby/openssl/issues/371">[GitHub #371]</a></p> +</li><li> +<p><code>OpenSSL::Config</code> uses native <a href="OpenSSL.html"><code>OpenSSL</code></a> API to parse config files. <a href="https://github.com/ruby/openssl/issues/342">[GitHub #342]</a></p> +</li></ul> + <h1 id="label-Version+2.2.1">Version 2.2.1<span><a href="#label-Version+2.2.1">¶</a> <a href="#top">↑</a></span></h1> <p>Merged changes in 2.1.3. Additionally, the following issues are fixed by this release.</p> @@ -186,7 +252,7 @@ <ul><li> <p>Fix deprecation warnings on Ruby 3.0.</p> </li><li> -<p>Add “.include” directive support in <code>OpenSSL::Config</code>. <a href="https://github.com/ruby/openssl/pull/216">[GitHub #216]</a></p> +<p>Add ".include" directive support in <code>OpenSSL::Config</code>. <a href="https://github.com/ruby/openssl/pull/216">[GitHub #216]</a></p> </li><li> <p>Fix handling of IPv6 address SANs. <a href="https://github.com/ruby/openssl/pull/185">[GitHub #185]</a></p> </li><li> @@ -198,7 +264,7 @@ </li><li> <p>Fix misuse of input record separator in <code>OpenSSL::Buffering</code> where it was for output.</p> </li><li> -<p>Fix wrong interger casting in <code>OpenSSL::PKey::EC#dsa_verify_asn1</code>. <a href="https://github.com/ruby/openssl/pull/460">[GitHub #460]</a></p> +<p>Fix wrong integer casting in <code>OpenSSL::PKey::EC#dsa_verify_asn1</code>. <a href="https://github.com/ruby/openssl/pull/460">[GitHub #460]</a></p> </li><li> <p><code>extconf.rb</code> explicitly checks that OpenSSL’s version number is 1.0.1 or newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support <a href="OpenSSL.html"><code>OpenSSL</code></a> 3.0 API. <a href="https://github.com/ruby/openssl/pull/458">[GitHub #458]</a></p> </li><li> @@ -239,7 +305,7 @@ </li><li> <p><a href="OpenSSL/X509/Name.html#method-i-to_utf8"><code>OpenSSL::X509::Name#to_utf8</code></a> is added. <a href="https://github.com/ruby/openssl/issues/26">[GitHub #26]</a> <a href="https://github.com/ruby/openssl/pull/143">[GitHub #143]</a></p> </li><li> -<p>OpenSSL::X509::<a href="https://github.com/ruby/openssl/pull/161">Extension,Attribute,Certificate,CRL,Revoked,Request} can be compared with == operator. {[GitHub #161]</a></p> +<p><a href="OpenSSL/X509.html"><code>OpenSSL::X509</code></a>::<a href="https://github.com/ruby/openssl/pull/161">Extension,Attribute,Certificate,CRL,Revoked,Request} can be compared with == operator. {[GitHub #161]</a></p> </li><li> <p>TLS Fallback Signaling Cipher Suite Value (SCSV) support is added. <a href="https://github.com/ruby/openssl/pull/165">[GitHub #165]</a></p> </li><li> @@ -258,7 +324,7 @@ <h2 id="label-Security+fixes">Security fixes<span><a href="#label-Security+fixes">¶</a> <a href="#top">↑</a></span></h2> <ul><li> -<p>OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal objects. CVE-2018-16395 is assigned for this issue. <a href="https://hackerone.com/reports/387250">hackerone.com/reports/387250</a></p> +<p><a href="OpenSSL/X509/Name.html"><code>OpenSSL::X509::Name</code></a>#<=> could incorrectly return 0 (= equal) for non-equal objects. CVE-2018-16395 is assigned for this issue. <a href="https://hackerone.com/reports/387250">hackerone.com/reports/387250</a></p> </li></ul> <h2 id="label-Bug+fixes">Bug fixes<span><a href="#label-Bug+fixes">¶</a> <a href="#top">↑</a></span></h2> @@ -398,7 +464,7 @@ </li><li> <p><a href="OpenSSL/PKey/EC.html"><code>OpenSSL::PKey::EC</code></a> follows the general PKey interface. <a href="https://bugs.ruby-lang.org/issues/6567">[Bug #6567]</a></p> </li><li> -<p><a href="OpenSSL/PKey.html#method-c-read"><code>OpenSSL::PKey.read</code></a> raises <a href="OpenSSL/PKey/PKeyError.html"><code>OpenSSL::PKey::PKeyError</code></a> instead of ArgumentError for consistency with OpenSSL::PKey::<a href="https://bugs.ruby-lang.org/issues/11774">DH,DSA,RSA,EC}#new. {[Bug #11774]</a>, <a href="https://github.com/ruby/openssl/pull/55">[GH ruby/openssl#55]</a></p> +<p><a href="OpenSSL/PKey.html#method-c-read"><code>OpenSSL::PKey.read</code></a> raises <a href="OpenSSL/PKey/PKeyError.html"><code>OpenSSL::PKey::PKeyError</code></a> instead of ArgumentError for consistency with <a href="OpenSSL/PKey.html"><code>OpenSSL::PKey</code></a>::<a href="https://bugs.ruby-lang.org/issues/11774">DH,DSA,RSA,EC}#new. {[Bug #11774]</a>, <a href="https://github.com/ruby/openssl/pull/55">[GH ruby/openssl#55]</a></p> </li><li> <p><a href="OpenSSL/PKey/EC/Group.html"><code>OpenSSL::PKey::EC::Group</code></a> retrieved by <a href="OpenSSL/PKey/EC.html#method-i-group"><code>OpenSSL::PKey::EC#group</code></a> is no longer linked with the EC key. Modifications to the EC::Group have no effect on the key. <a href="https://github.com/ruby/openssl/pull/71">[GH ruby/openssl#71]</a></p> </li><li> @@ -440,7 +506,7 @@ </li><li> <p><a href="OpenSSL/SSL.html"><code>OpenSSL::SSL</code></a></p> </li><li> -<p><a href="OpenSSL/SSL/SSLContext.html#attribute-i-tmp_ecdh_callback"><code>OpenSSL::SSL::SSLContext#tmp_ecdh_callback</code></a> is deprecated, as the underlying API SSL_CTX_set_tmp_ecdh_callback() is removed in <a href="OpenSSL.html"><code>OpenSSL</code></a> 1.1.0. It was first added in Ruby 2.3.0. To specify the curve to be used in ephemeral ECDH, use <a href="OpenSSL/SSL/SSLContext.html#method-i-ecdh_curves-3D"><code>OpenSSL::SSL::SSLContext#ecdh_curves=</code></a>. The automatic curve selection is also now enabled by default when built with a capable <a href="OpenSSL.html"><code>OpenSSL</code></a>.</p> +<p>OpenSSL::SSL::SSLContext#tmp_ecdh_callback is deprecated, as the underlying API SSL_CTX_set_tmp_ecdh_callback() is removed in <a href="OpenSSL.html"><code>OpenSSL</code></a> 1.1.0. It was first added in Ruby 2.3.0. To specify the curve to be used in ephemeral ECDH, use <a href="OpenSSL/SSL/SSLContext.html#method-i-ecdh_curves-3D"><code>OpenSSL::SSL::SSLContext#ecdh_curves=</code></a>. The automatic curve selection is also now enabled by default when built with a capable <a href="OpenSSL.html"><code>OpenSSL</code></a>.</p> </li></ul> </main> diff --git a/OpenSSL.html b/OpenSSL.html index 106a6203..8c1ad22e 100644 --- a/OpenSSL.html +++ b/OpenSSL.html @@ -153,7 +153,7 @@ <p>Keys saved to disk without encryption are not secure as anyone who gets ahold of the key may use it unless it is encrypted. In order to securely export a key you may export it with a pass phrase.</p> -<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'AES-256-CBC'</span> +<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'aes-256-cbc'</span> <span class="ruby-identifier">pass_phrase</span> = <span class="ruby-string">'my secure pass phrase goes here'</span> <span class="ruby-identifier">key_secure</span> = <span class="ruby-identifier">key</span>.<span class="ruby-identifier">export</span> <span class="ruby-identifier">cipher</span>, <span class="ruby-identifier">pass_phrase</span> @@ -169,14 +169,14 @@ <p>A key can also be loaded from a file.</p> -<pre class="ruby"><span class="ruby-identifier">key2</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">'private_key.pem'</span> +<pre class="ruby"><span class="ruby-identifier">key2</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">'private_key.pem'</span> <span class="ruby-identifier">key2</span>.<span class="ruby-identifier">public?</span> <span class="ruby-comment"># => true</span> <span class="ruby-identifier">key2</span>.<span class="ruby-identifier">private?</span> <span class="ruby-comment"># => true</span> </pre> <p>or</p> -<pre class="ruby"><span class="ruby-identifier">key3</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">'public_key.pem'</span> +<pre class="ruby"><span class="ruby-identifier">key3</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">'public_key.pem'</span> <span class="ruby-identifier">key3</span>.<span class="ruby-identifier">public?</span> <span class="ruby-comment"># => true</span> <span class="ruby-identifier">key3</span>.<span class="ruby-identifier">private?</span> <span class="ruby-comment"># => false</span> </pre> @@ -187,7 +187,7 @@ <pre class="ruby"><span class="ruby-identifier">key4_pem</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">'private.secure.pem'</span> <span class="ruby-identifier">pass_phrase</span> = <span class="ruby-string">'my secure pass phrase goes here'</span> -<span class="ruby-identifier">key4</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-identifier">key4_pem</span>, <span class="ruby-identifier">pass_phrase</span> +<span class="ruby-identifier">key4</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span> <span class="ruby-identifier">key4_pem</span>, <span class="ruby-identifier">pass_phrase</span> </pre> <h2 id="module-OpenSSL-label-RSA+Encryption">RSA Encryption<span><a href="#module-OpenSSL-label-RSA+Encryption">¶</a> <a href="#top">↑</a></span></h2> @@ -236,7 +236,7 @@ <p>The strategy is to first instantiate a <a href="OpenSSL/Cipher.html"><code>Cipher</code></a> for encryption, and then to generate a random IV plus a key derived from the password using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt, the number of iterations largely depends on the hardware being used.</p> -<pre>cipher = OpenSSL::Cipher.new 'AES-256-CBC' +<pre>cipher = OpenSSL::Cipher.new 'aes-256-cbc' cipher.encrypt iv = cipher.random_iv @@ -258,7 +258,7 @@ encrypted << cipher.final</pre> <p>Use the same steps as before to derive the symmetric AES key, this time setting the <a href="OpenSSL/Cipher.html"><code>Cipher</code></a> up for decryption.</p> -<pre>cipher = OpenSSL::Cipher.new 'AES-256-CBC' +<pre>cipher = OpenSSL::Cipher.new 'aes-256-cbc' cipher.decrypt cipher.iv = iv # the one generated with #random_iv @@ -290,7 +290,7 @@ decrypted << cipher.final</pre> <p>First set up the cipher for encryption</p> -<pre class="ruby"><span class="ruby-identifier">encryptor</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'AES-256-CBC'</span> +<pre class="ruby"><span class="ruby-identifier">encryptor</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'aes-256-cbc'</span> <span class="ruby-identifier">encryptor</span>.<span class="ruby-identifier">encrypt</span> <span class="ruby-identifier">encryptor</span>.<span class="ruby-identifier">pkcs5_keyivgen</span> <span class="ruby-identifier">pass_phrase</span>, <span class="ruby-identifier">salt</span> </pre> @@ -305,7 +305,7 @@ decrypted << cipher.final</pre> <p>Use a new <a href="OpenSSL/Cipher.html"><code>Cipher</code></a> instance set up for decryption</p> -<pre class="ruby"><span class="ruby-identifier">decryptor</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'AES-256-CBC'</span> +<pre class="ruby"><span class="ruby-identifier">decryptor</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'aes-256-cbc'</span> <span class="ruby-identifier">decryptor</span>.<span class="ruby-identifier">decrypt</span> <span class="ruby-identifier">decryptor</span>.<span class="ruby-identifier">pkcs5_keyivgen</span> <span class="ruby-identifier">pass_phrase</span>, <span class="ruby-identifier">salt</span> </pre> @@ -389,7 +389,7 @@ decrypted << cipher.final</pre> <pre class="ruby"><span class="ruby-identifier">ca_key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-value">2048</span> <span class="ruby-identifier">pass_phrase</span> = <span class="ruby-string">'my secure pass phrase goes here'</span> -<span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'AES-256-CBC'</span> +<span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span> <span class="ruby-string">'aes-256-cbc'</span> <span class="ruby-identifier">open</span> <span class="ruby-string">'ca_key.pem'</span>, <span class="ruby-string">'w'</span>, <span class="ruby-value">0400</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">io</span><span class="ruby-operator">|</span> <span class="ruby-identifier">io</span>.<span class="ruby-identifier">write</span> <span class="ruby-identifier">ca_key</span>.<span class="ruby-identifier">export</span>(<span class="ruby-identifier">cipher</span>, <span class="ruby-identifier">pass_phrase</span>) @@ -530,13 +530,13 @@ decrypted << cipher.final</pre> <span class="ruby-identifier">loop</span> <span class="ruby-keyword">do</span> <span class="ruby-identifier">ssl_connection</span> = <span class="ruby-identifier">ssl_server</span>.<span class="ruby-identifier">accept</span> - <span class="ruby-identifier">data</span> = <span class="ruby-identifier">connection</span>.<span class="ruby-identifier">gets</span> + <span class="ruby-identifier">data</span> = <span class="ruby-identifier">ssl_connection</span>.<span class="ruby-identifier">gets</span> <span class="ruby-identifier">response</span> = <span class="ruby-node">"I got #{data.dump}"</span> <span class="ruby-identifier">puts</span> <span class="ruby-identifier">response</span> - <span class="ruby-identifier">connection</span>.<span class="ruby-identifier">puts</span> <span class="ruby-node">"I got #{data.dump}"</span> - <span class="ruby-identifier">connection</span>.<span class="ruby-identifier">close</span> + <span class="ruby-identifier">ssl_connection</span>.<span class="ruby-identifier">puts</span> <span class="ruby-node">"I got #{data.dump}"</span> + <span class="ruby-identifier">ssl_connection</span>.<span class="ruby-identifier">close</span> <span class="ruby-keyword">end</span> </pre> @@ -672,7 +672,7 @@ ossl_debug_get(VALUE self) </div> <div class="method-description"> - <p>Turns on or off debug mode. With debug mode, all erros added to the <a href="OpenSSL.html"><code>OpenSSL</code></a> error queue will be printed to stderr.</p> + <p>Turns on or off debug mode. With debug mode, all errors added to the <a href="OpenSSL.html"><code>OpenSSL</code></a> error queue will be printed to stderr.</p> <div class="method-source-code" id="debug-3D-source"> <pre>static VALUE @@ -926,7 +926,7 @@ print_mem_leaks(VALUE self) <p>Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns <code>true</code> if the strings are identical, <code>false</code> otherwise.</p> <div class="method-source-code" id="secure_compare-source"> - <pre><span class="ruby-comment"># File lib/openssl.rb, line 33</span> + <pre><span class="ruby-comment"># File lib/openssl.rb, line 32</span> <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier ruby-title">secure_compare</span>(<span class="ruby-identifier">a</span>, <span class="ruby-identifier">b</span>) <span class="ruby-identifier">hashed_a</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">'SHA256'</span>, <span class="ruby-identifier">a</span>) <span class="ruby-identifier">hashed_b</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">'SHA256'</span>, <span class="ruby-identifier">b</span>) diff --git a/OpenSSL/ASN1.html b/OpenSSL/ASN1.html index a66417e7..1f254b39 100644 --- a/OpenSSL/ASN1.html +++ b/OpenSSL/ASN1.html @@ -188,7 +188,7 @@ <h2 id="module-OpenSSL::ASN1-label-UNIVERSAL_TAG_NAME+constant"><a href="ASN1.html#UNIVERSAL_TAG_NAME"><code>UNIVERSAL_TAG_NAME</code></a> constant<span><a href="#module-OpenSSL::ASN1-label-UNIVERSAL_TAG_NAME+constant">¶</a> <a href="#top">↑</a></span></h2> -<p>An Array that stores the name of a given tag number. These names are the same as the name of the tag constant that is additionally defined, e.g. <a href="2">UNIVERSAL_TAG_NAME</a> = “INTEGER” and OpenSSL::ASN1::INTEGER = 2.</p> +<p>An Array that stores the name of a given tag number. These names are the same as the name of the tag constant that is additionally defined, e.g. +<a href="2">UNIVERSAL_TAG_NAME</a> = “INTEGER”+ and +OpenSSL::ASN1::INTEGER = 2+.</p> <h2 id="module-OpenSSL::ASN1-label-Example+usage">Example usage<span><a href="#module-OpenSSL::ASN1-label-Example+usage">¶</a> <a href="#top">↑</a></span></h2> diff --git a/OpenSSL/ASN1/ASN1Data.html b/OpenSSL/ASN1/ASN1Data.html index 879e7ba8..21aa900f 100644 --- a/OpenSSL/ASN1/ASN1Data.html +++ b/OpenSSL/ASN1/ASN1Data.html @@ -126,7 +126,7 @@ </li><li> <p><em>tag_class</em> equal to <code>:CONTEXT_SPECIFIC</code></p> </li><li> -<p><em>value</em> equal to an Array with one single element, an instance of OpenSSL::ASN1::Integer, i.e. the inner element is the non-tagged primitive value, and the tagging is represented in the outer <a href="ASN1Data.html"><code>ASN1Data</code></a></p> +<p><em>value</em> equal to an Array with one single element, an instance of <a href="../../Integer.html"><code>OpenSSL::ASN1::Integer</code></a>, i.e. the inner element is the non-tagged primitive value, and the tagging is represented in the outer <a href="ASN1Data.html"><code>ASN1Data</code></a></p> </li></ul> <h2 id="class-OpenSSL::ASN1::ASN1Data-label-Example+-+Decoding+an+implicitly+tagged+INTEGER">Example - Decoding an implicitly tagged INTEGER<span><a href="#class-OpenSSL::ASN1::ASN1Data-label-Example+-+Decoding+an+implicitly+tagged+INTEGER">¶</a> <a href="#top">↑</a></span></h2> diff --git a/OpenSSL/ASN1/Primitive.html b/OpenSSL/ASN1/Primitive.html index 81108229..62dd1e33 100644 --- a/OpenSSL/ASN1/Primitive.html +++ b/OpenSSL/ASN1/Primitive.html @@ -110,7 +110,7 @@ </li><li> <p>OpenSSL::ASN1::Boolean <=> <em>value</em> is <code>true</code> or <code>false</code></p> </li><li> -<p>OpenSSL::ASN1::Integer <=> <em>value</em> is an <a href="../BN.html"><code>OpenSSL::BN</code></a></p> +<p><a href="../../Integer.html"><code>OpenSSL::ASN1::Integer</code></a> <=> <em>value</em> is an <a href="../BN.html"><code>OpenSSL::BN</code></a></p> </li><li> <p>OpenSSL::ASN1::BitString <=> <em>value</em> is a String</p> </li><li> diff --git a/OpenSSL/BN.html b/OpenSSL/BN.html index d865d64d..1366be02 100644 --- a/OpenSSL/BN.html +++ b/OpenSSL/BN.html @@ -82,6 +82,8 @@ <ul class="link-list" role="directory"> <li ><a href="#method-c-generate_prime">::generate_prime</a> <li ><a href="#method-c-new">::new</a> + <li ><a href="#method-c-rand">::rand</a> + <li ><a href="#method-c-rand_range">::rand_range</a> <li ><a href="#method-i-25">#%</a> <li ><a href="#method-i-2A">#*</a> <li ><a href="#method-i-2A-2A">#**</a> @@ -95,6 +97,7 @@ <li ><a href="#method-i-3D-3D">#==</a> <li ><a href="#method-i-3D-3D-3D">#===</a> <li ><a href="#method-i-3E-3E">#>></a> + <li ><a href="#method-i-abs">#abs</a> <li ><a href="#method-i-bit_set-3F">#bit_set?</a> <li ><a href="#method-i-clear_bit-21">#clear_bit!</a> <li ><a href="#method-i-cmp">#cmp</a> @@ -102,6 +105,7 @@ <li ><a href="#method-i-copy">#copy</a> <li ><a href="#method-i-eql-3F">#eql?</a> <li ><a href="#method-i-gcd">#gcd</a> + <li ><a href="#method-i-get_flags">#get_flags</a> <li ><a href="#method-i-hash">#hash</a> <li ><a href="#method-i-initialize_copy">#initialize_copy</a> <li ><a href="#method-i-lshift-21">#lshift!</a> @@ -121,6 +125,7 @@ <li ><a href="#method-i-prime_fasttest-3F">#prime_fasttest?</a> <li ><a href="#method-i-rshift-21">#rshift!</a> <li ><a href="#method-i-set_bit-21">#set_bit!</a> + <li ><a href="#method-i-set_flags">#set_flags</a> <li ><a href="#method-i-sqr">#sqr</a> <li ><a href="#method-i-to_bn">#to_bn</a> <li ><a href="#method-i-to_i">#to_i</a> @@ -146,6 +151,19 @@ <section id="5Buntitled-5D" class="documentation-section"> + <section class="constants-list"> + <header> + <h3>Constants</h3> + </header> + <dl> + <dt id="CONSTTIME">CONSTTIME + <dd> + <dt id="MALLOCED">MALLOCED + <dd> + <dt id="STATIC_DATA">STATIC_DATA + <dd> + </dl> + </section> @@ -227,17 +245,32 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) </div> <div class="method-heading"> <span class="method-callseq"> - OpenSSL::BN.new(string) → aBN - </span> - </div> - <div class="method-heading"> - <span class="method-callseq"> - OpenSSL::BN.new(string, 0 | 2 | 10 | 16) → aBN + OpenSSL::BN.new(string, base = 10) → aBN </span> </div> <div class="method-description"> - <p>Construct a new <a href="../OpenSSL.html"><code>OpenSSL</code></a> BIGNUM object.</p> + <p>Construct a new OpenSSL BIGNUM object.</p> + +<p>If <code>bn</code> is an <a href="../Integer.html"><code>Integer</code></a> or <a href="BN.html"><code>OpenSSL::BN</code></a>, a new instance of <a href="BN.html"><code>OpenSSL::BN</code></a> representing the same value is returned. See also <a href="../Integer.html#method-i-to_bn"><code>Integer#to_bn</code></a> for the short-hand.</p> + +<p>If a String is given, the content will be parsed according to <code>base</code>.</p> +<dl class="rdoc-list note-list"><dt><code>string</code> +<dd> +<p>The string to be parsed.</p> +</dd><dt><code>base</code> +<dd> +<p>The format. Must be one of the following:</p> +<ul><li> +<p><code>0</code> - MPI format. See the man page BN_mpi2bn(3) for details.</p> +</li><li> +<p><code>2</code> - Variable-length and big-endian binary encoding of a positive number.</p> +</li><li> +<p><code>10</code> - Decimal number representation, with a leading ‘-’ for a negative number.</p> +</li><li> +<p><code>16</code> - Hexadeciaml number representation, with a leading ‘-’ for a negative number.</p> +</li></ul> +</dd></dl> <div class="method-source-code" id="new-source"> <pre>static VALUE @@ -309,6 +342,86 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) </div> + <div id="method-c-rand" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + rand(bits [, fill [, odd]]) → aBN + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Generates a cryptographically strong pseudo-random number of <code>bits</code>.</p> + +<p>See also the man page BN_rand(3).</p> + + <div class="method-source-code" id="rand-source"> + <pre>static VALUE +ossl_bn_s_rand(int argc, VALUE *argv, VALUE klass) +{ + BIGNUM *result; + int bottom = 0, top = 0, b; + VALUE bits, fill, odd, obj; + + switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) { + case 3: + bottom = (odd == Qtrue) ? 1 : 0; + /* FALLTHROUGH */ + case 2: + top = NUM2INT(fill); + } + b = NUM2INT(bits); + obj = NewBN(klass); + if (!(result = BN_new())) { + ossl_raise(eBNError, "BN_new"); + } + if (BN_rand(result, b, top, bottom) <= 0) { + BN_free(result); + ossl_raise(eBNError, "BN_rand"); + } + SetBN(obj, result); + return obj; +}</pre> + </div> + </div> + + + </div> + + <div id="method-c-rand_range" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + rand_range(range) → aBN + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Generates a cryptographically strong pseudo-random number in the range 0…<code>range</code>.</p> + +<p>See also the man page BN_rand_range(3).</p> + + <div class="method-source-code" id="rand_range-source"> + <pre>static VALUE +ossl_bn_s_rand_range(VALUE klass, VALUE range) +{ + BIGNUM *bn = GetBNPtr(range), *result; + VALUE obj = NewBN(klass); + if (!(result = BN_new())) + ossl_raise(eBNError, "BN_new"); + if (BN_rand_range(result, bn) <= 0) { + BN_free(result); + ossl_raise(eBNError, "BN_rand_range"); + } + SetBN(obj, result); + return obj; +}</pre> + </div> + </div> + + + </div> + </section> <section id="public-instance-5Buntitled-5D-method-details" class="method-section"> @@ -391,7 +504,17 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) <pre>static VALUE ossl_bn_uplus(VALUE self) { - return self; + VALUE obj; + BIGNUM *bn1, *bn2; + + GetBN(self, bn1); + obj = NewBN(cBN); + bn2 = BN_dup(bn1); + if (!bn2) + ossl_raise(eBNError, "BN_dup"); + SetBN(obj, bn2); + + return obj; }</pre> </div> </div> @@ -595,6 +718,37 @@ ossl_bn_eq(VALUE self, VALUE other) </div> + <div id="method-i-abs" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + abs → aBN + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + + + <div class="method-source-code" id="abs-source"> + <pre>static VALUE +ossl_bn_abs(VALUE self) +{ + BIGNUM *bn1; + + GetBN(self, bn1); + if (BN_is_negative(bn1)) { + return ossl_bn_uminus(self); + } + else { + return ossl_bn_uplus(self); + } +}</pre> + </div> + </div> + + + </div> + <div id="method-i-bit_set-3F" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -756,6 +910,37 @@ ossl_bn_eql(VALUE self, VALUE other) </div> + <div id="method-i-get_flags" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + get_flags(flags) → flags + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Returns the flags on the <a href="BN.html"><code>BN</code></a> object. The argument is used as a bit mask.</p> + +<h3 id="method-i-get_flags-label-Parameters">Parameters<span><a href="#method-i-get_flags-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> +<ul><li> +<p><em>flags</em> - integer</p> +</li></ul> + + <div class="method-source-code" id="get_flags-source"> + <pre>static VALUE +ossl_bn_get_flags(VALUE self, VALUE arg) +{ + BIGNUM *bn; + GetBN(self, bn); + + return INT2NUM(BN_get_flags(bn, NUM2INT(arg))); +}</pre> + </div> + </div> + + + </div> + <div id="method-i-hash" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -1080,35 +1265,30 @@ ossl_bn_is_negative(VALUE self) </div> <div class="method-description"> - <p>Performs a Miller-Rabin probabilistic primality test with <em>checks</em> iterations. If <em>checks</em> is not specified, a number of iterations is used that yields a false positive rate of at most 2^-80 for random input.</p> + <p>Performs a Miller-Rabin probabilistic primality test for <code>bn</code>.</p> -<h3 id="method-i-prime-3F-label-Parameters">Parameters<span><a href="#method-i-prime-3F-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>checks</em> - integer</p> -</li></ul> +<p><strong><code>checks</code> parameter is deprecated in version 3.0.</strong> It has no effect.</p> <div class="method-source-code" id="prime-3F-source"> <pre>static VALUE ossl_bn_is_prime(int argc, VALUE *argv, VALUE self) { BIGNUM *bn; - VALUE vchecks; - int checks = BN_prime_checks; + int ret; - if (rb_scan_args(argc, argv, "01", &vchecks) == 1) { - checks = NUM2INT(vchecks); - } + rb_check_arity(argc, 0, 1); GetBN(self, bn); - switch (BN_is_prime_ex(bn, checks, ossl_bn_ctx, NULL)) { - case 1: - return Qtrue; - case 0: - return Qfalse; - default: - ossl_raise(eBNError, NULL); - } - /* not reachable */ - return Qnil; + +#ifdef HAVE_BN_CHECK_PRIME + ret = BN_check_prime(bn, ossl_bn_ctx, NULL); + if (ret < 0) + ossl_raise(eBNError, "BN_check_prime"); +#else + ret = BN_is_prime_fasttest_ex(bn, BN_prime_checks, ossl_bn_ctx, 1, NULL); + if (ret < 0) + ossl_raise(eBNError, "BN_is_prime_fasttest_ex"); +#endif + return ret ? Qtrue : Qfalse; }</pre> </div> </div> @@ -1135,43 +1315,18 @@ ossl_bn_is_prime(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - <p>Performs a Miller-Rabin primality test. This is same as <a href="BN.html#method-i-prime-3F"><code>prime?</code></a> except this first attempts trial divisions with some small primes.</p> + <p>Performs a Miller-Rabin probabilistic primality test for <code>bn</code>.</p> -<h3 id="method-i-prime_fasttest-3F-label-Parameters">Parameters<span><a href="#method-i-prime_fasttest-3F-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>checks</em> - integer</p> -</li><li> -<p><em>trial_div</em> - boolean</p> -</li></ul> +<p><strong>Deprecated in version 3.0.</strong> Use <a href="BN.html#method-i-prime-3F"><code>prime?</code></a> instead.</p> + +<p><code>checks</code> and <code>trial_div</code> parameters no longer have any effect.</p> <div class="method-source-code" id="prime_fasttest-3F-source"> <pre>static VALUE ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) { - BIGNUM *bn; - VALUE vchecks, vtrivdiv; - int checks = BN_prime_checks, do_trial_division = 1; - - rb_scan_args(argc, argv, "02", &vchecks, &vtrivdiv); - - if (!NIL_P(vchecks)) { - checks = NUM2INT(vchecks); - } - GetBN(self, bn); - /* handle true/false */ - if (vtrivdiv == Qfalse) { - do_trial_division = 0; - } - switch (BN_is_prime_fasttest_ex(bn, checks, ossl_bn_ctx, do_trial_division, NULL)) { - case 1: - return Qtrue; - case 0: - return Qfalse; - default: - ossl_raise(eBNError, NULL); - } - /* not reachable */ - return Qnil; + rb_check_arity(argc, 0, 2); + return ossl_bn_is_prime(0, argv, self); }</pre> </div> </div> @@ -1209,6 +1364,33 @@ ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) </div> + <div id="method-i-set_flags" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + set_flags(flags) → nil + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Enables the flags on the <a href="BN.html"><code>BN</code></a> object. Currently, the flags argument can contain zero of <a href="BN.html#CONSTTIME"><code>OpenSSL::BN::CONSTTIME</code></a>.</p> + + <div class="method-source-code" id="set_flags-source"> + <pre>static VALUE +ossl_bn_set_flags(VALUE self, VALUE arg) +{ + BIGNUM *bn; + GetBN(self, bn); + + BN_set_flags(bn, NUM2INT(arg)); + return Qnil; +}</pre> + </div> + </div> + + + </div> + <div id="method-i-sqr" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -1304,30 +1486,28 @@ ossl_bn_to_i(VALUE self) <div id="method-i-to_s" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - to_s → string + to_s(base = 10) → string </span> <span class="method-click-advice">click to toggle source</span> </div> - <div class="method-heading"> - <span class="method-callseq"> - to_s(base) → string - </span> - </div> <div class="method-description"> - <h3 id="method-i-to_s-label-Parameters">Parameters<span><a href="#method-i-to_s-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>base</em> - <a href="../Integer.html"><code>Integer</code></a> Valid values:</p> + <p>Returns the string representation of the bignum.</p> + +<p><a href="BN.html#method-c-new"><code>BN.new</code></a> can parse the encoded string to convert back into an <a href="BN.html"><code>OpenSSL::BN</code></a>.</p> +<dl class="rdoc-list note-list"><dt><code>base</code> +<dd> +<p>The format. Must be one of the following:</p> <ul><li> -<p>0 - MPI</p> +<p><code>0</code> - MPI format. See the man page BN_bn2mpi(3) for details.</p> </li><li> -<p>2 - binary</p> +<p><code>2</code> - Variable-length and big-endian binary encoding. The sign of the bignum is ignored.</p> </li><li> -<p>10 - the default</p> +<p><code>10</code> - Decimal number representation, with a leading ‘-’ for a negative bignum.</p> </li><li> -<p>16 - hex</p> -</li></ul> +<p><code>16</code> - Hexadeciaml number representation, with a leading ‘-’ for a negative bignum.</p> </li></ul> +</dd></dl> <div class="method-source-code" id="to_s-source"> <pre>static VALUE diff --git a/OpenSSL/Buffering.html b/OpenSSL/Buffering.html index abaa0cfa..8aa3de5d 100644 --- a/OpenSSL/Buffering.html +++ b/OpenSSL/Buffering.html @@ -83,6 +83,7 @@ <li ><a href="#method-i-eof">#eof</a> <li ><a href="#method-i-eof-3F">#eof?</a> <li ><a href="#method-i-flush">#flush</a> + <li ><a href="#method-i-getbyte">#getbyte</a> <li ><a href="#method-i-getc">#getc</a> <li ><a href="#method-i-gets">#gets</a> <li ><a href="#method-i-print">#print</a> @@ -202,7 +203,7 @@ <p>Writes <em>s</em> to the stream. <em>s</em> will be converted to a String using <code>.to_s</code> method.</p> <div class="method-source-code" id="3C-3C-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 413</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 422</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title"><<</span>(<span class="ruby-identifier">s</span>) <span class="ruby-identifier">do_write</span>(<span class="ruby-identifier">s</span>) <span class="ruby-keyword">self</span> @@ -224,7 +225,7 @@ <p>Closes the SSLSocket and flushes any unwritten data.</p> <div class="method-source-code" id="close-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 474</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 483</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">close</span> <span class="ruby-identifier">flush</span> <span class="ruby-keyword">rescue</span> <span class="ruby-keyword">nil</span> <span class="ruby-identifier">sysclose</span> @@ -248,7 +249,7 @@ <p>See also <a href="Buffering.html#method-i-gets"><code>gets</code></a></p> <div class="method-source-code" id="each-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 250</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 259</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">each</span>(<span class="ruby-identifier">eol</span>=<span class="ruby-identifier">$/</span>) <span class="ruby-keyword">while</span> <span class="ruby-identifier">line</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">gets</span>(<span class="ruby-identifier">eol</span>) <span class="ruby-keyword">yield</span> <span class="ruby-identifier">line</span> @@ -274,7 +275,7 @@ <p>Calls the given block once for each byte in the stream.</p> <div class="method-source-code" id="each_byte-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 291</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 300</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">each_byte</span> <span class="ruby-comment"># :yields: byte</span> <span class="ruby-keyword">while</span> <span class="ruby-identifier">c</span> = <span class="ruby-identifier">getc</span> <span class="ruby-keyword">yield</span>(<span class="ruby-identifier">c</span>.<span class="ruby-identifier">ord</span>) @@ -331,7 +332,7 @@ <p>Returns true if the stream is at file which means there is no more data to be read.</p> <div class="method-source-code" id="eof-3F-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 322</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 331</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">eof?</span> <span class="ruby-identifier">fill_rbuff</span> <span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-ivar">@eof</span> <span class="ruby-operator">&&</span> <span class="ruby-ivar">@rbuffer</span>.<span class="ruby-identifier">empty?</span> <span class="ruby-ivar">@eof</span> <span class="ruby-operator">&&</span> <span class="ruby-ivar">@rbuffer</span>.<span class="ruby-identifier">empty?</span> @@ -356,7 +357,7 @@ <p>Flushes buffered data to the SSLSocket.</p> <div class="method-source-code" id="flush-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 462</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 471</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">flush</span> <span class="ruby-identifier">osync</span> = <span class="ruby-ivar">@sync</span> <span class="ruby-ivar">@sync</span> = <span class="ruby-keyword">true</span> @@ -371,6 +372,29 @@ </div> + <div id="method-i-getbyte" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + getbyte → 81 + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Get the next 8bit byte from ‘ssl`. Returns `nil` on EOF</p> + + <div class="method-source-code" id="getbyte-source"> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 108</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">getbyte</span> + <span class="ruby-identifier">byte</span> = <span class="ruby-identifier">read</span>(<span class="ruby-value">1</span>) + <span class="ruby-identifier">byte</span> <span class="ruby-operator">&&</span> <span class="ruby-identifier">byte</span>.<span class="ruby-identifier">unpack1</span>(<span class="ruby-string">"C"</span>) +<span class="ruby-keyword">end</span></pre> + </div> + </div> + + + </div> + <div id="method-i-getc" class="method-detail "> <div class="method-heading"> <span class="method-name">getc</span><span @@ -382,7 +406,7 @@ <p>Reads one character from the stream. Returns nil if called at end of file.</p> <div class="method-source-code" id="getc-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 284</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 293</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">getc</span> <span class="ruby-identifier">read</span>(<span class="ruby-value">1</span>) <span class="ruby-keyword">end</span></pre> @@ -409,7 +433,7 @@ <p>Unlike IO#gets the separator must be provided if a limit is provided.</p> <div class="method-source-code" id="gets-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 226</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 235</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">gets</span>(<span class="ruby-identifier">eol</span>=<span class="ruby-identifier">$/</span>, <span class="ruby-identifier">limit</span>=<span class="ruby-keyword">nil</span>) <span class="ruby-identifier">idx</span> = <span class="ruby-ivar">@rbuffer</span>.<span class="ruby-identifier">index</span>(<span class="ruby-identifier">eol</span>) <span class="ruby-keyword">until</span> <span class="ruby-ivar">@eof</span> @@ -446,7 +470,7 @@ <p>See IO#print for full details.</p> <div class="method-source-code" id="print-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 441</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 450</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">print</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">args</span>) <span class="ruby-identifier">s</span> = <span class="ruby-constant">Buffer</span>.<span class="ruby-identifier">new</span> <span class="ruby-identifier">args</span>.<span class="ruby-identifier">each</span>{ <span class="ruby-operator">|</span><span class="ruby-identifier">arg</span><span class="ruby-operator">|</span> <span class="ruby-identifier">s</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">arg</span>.<span class="ruby-identifier">to_s</span> } @@ -472,7 +496,7 @@ <p>See Kernel#sprintf for format string details.</p> <div class="method-source-code" id="printf-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 454</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 463</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">printf</span>(<span class="ruby-identifier">s</span>, <span class="ruby-operator">*</span><span class="ruby-identifier">args</span>) <span class="ruby-identifier">do_write</span>(<span class="ruby-identifier">s</span> <span class="ruby-operator">%</span> <span class="ruby-identifier">args</span>) <span class="ruby-keyword">nil</span> @@ -496,7 +520,7 @@ <p>See IO#puts for full details.</p> <div class="method-source-code" id="puts-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 423</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 432</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">puts</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">args</span>) <span class="ruby-identifier">s</span> = <span class="ruby-constant">Buffer</span>.<span class="ruby-identifier">new</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">args</span>.<span class="ruby-identifier">empty?</span> @@ -528,7 +552,7 @@ <p>See IO#read for full details.</p> <div class="method-source-code" id="read-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 110</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 119</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">read</span>(<span class="ruby-identifier">size</span>=<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">buf</span>=<span class="ruby-keyword">nil</span>) <span class="ruby-keyword">if</span> <span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">buf</span> @@ -590,7 +614,7 @@ <p>By specifying a keyword argument <em>exception</em> to <code>false</code>, you can indicate that <a href="Buffering.html#method-i-read_nonblock"><code>read_nonblock</code></a> should not raise an IO::Wait*able exception, but return the symbol <code>:wait_writable</code> or <code>:wait_readable</code> instead. At EOF, it will return <code>nil</code> instead of raising EOFError.</p> <div class="method-source-code" id="read_nonblock-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 195</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 204</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">read_nonblock</span>(<span class="ruby-identifier">maxlen</span>, <span class="ruby-identifier">buf</span>=<span class="ruby-keyword">nil</span>, <span class="ruby-value">exception:</span> <span class="ruby-keyword">true</span>) <span class="ruby-keyword">if</span> <span class="ruby-identifier">maxlen</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">buf</span> @@ -627,7 +651,7 @@ <p>Reads a one-character string from the stream. Raises an EOFError at end of file.</p> <div class="method-source-code" id="readchar-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 301</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 310</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">readchar</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">EOFError</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">eof?</span> <span class="ruby-identifier">getc</span> @@ -651,7 +675,7 @@ <p>Raises EOFError if at end of file.</p> <div class="method-source-code" id="readline-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 275</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 284</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">readline</span>(<span class="ruby-identifier">eol</span>=<span class="ruby-identifier">$/</span>) <span class="ruby-identifier">raise</span> <span class="ruby-constant">EOFError</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">eof?</span> <span class="ruby-identifier">gets</span>(<span class="ruby-identifier">eol</span>) @@ -675,7 +699,7 @@ <p>See also <a href="Buffering.html#method-i-gets"><code>gets</code></a></p> <div class="method-source-code" id="readlines-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 262</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 271</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">readlines</span>(<span class="ruby-identifier">eol</span>=<span class="ruby-identifier">$/</span>) <span class="ruby-identifier">ary</span> = [] <span class="ruby-keyword">while</span> <span class="ruby-identifier">line</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">gets</span>(<span class="ruby-identifier">eol</span>) @@ -702,7 +726,7 @@ <p>See IO#readpartial for full details.</p> <div class="method-source-code" id="readpartial-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 137</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 146</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">readpartial</span>(<span class="ruby-identifier">maxlen</span>, <span class="ruby-identifier">buf</span>=<span class="ruby-keyword">nil</span>) <span class="ruby-keyword">if</span> <span class="ruby-identifier">maxlen</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">buf</span> @@ -747,7 +771,7 @@ <p>Has no effect on unbuffered reads (such as sysread).</p> <div class="method-source-code" id="ungetc-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 314</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 323</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">ungetc</span>(<span class="ruby-identifier">c</span>) <span class="ruby-ivar">@rbuffer</span>[<span class="ruby-value">0</span>,<span class="ruby-value">0</span>] = <span class="ruby-identifier">c</span>.<span class="ruby-identifier">chr</span> <span class="ruby-keyword">end</span></pre> @@ -768,7 +792,7 @@ <p>Writes <em>s</em> to the stream. If the argument is not a String it will be converted using <code>.to_s</code> method. Returns the number of bytes written.</p> <div class="method-source-code" id="write-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 360</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 369</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">write</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">s</span>) <span class="ruby-identifier">s</span>.<span class="ruby-identifier">inject</span>(<span class="ruby-value">0</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">written</span>, <span class="ruby-identifier">str</span><span class="ruby-operator">|</span> <span class="ruby-identifier">do_write</span>(<span class="ruby-identifier">str</span>) @@ -820,7 +844,7 @@ <p>By specifying a keyword argument <em>exception</em> to <code>false</code>, you can indicate that <a href="Buffering.html#method-i-write_nonblock"><code>write_nonblock</code></a> should not raise an IO::Wait*able exception, but return the symbol <code>:wait_writable</code> or <code>:wait_readable</code> instead.</p> <div class="method-source-code" id="write_nonblock-source"> - <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 404</span> + <pre><span class="ruby-comment"># File lib/openssl/buffering.rb, line 413</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">write_nonblock</span>(<span class="ruby-identifier">s</span>, <span class="ruby-value">exception:</span> <span class="ruby-keyword">true</span>) <span class="ruby-identifier">flush</span> <span class="ruby-identifier">syswrite_nonblock</span>(<span class="ruby-identifier">s</span>, <span class="ruby-value">exception:</span> <span class="ruby-identifier">exception</span>) diff --git a/OpenSSL/Cipher.html b/OpenSSL/Cipher.html index 4e5b36ef..8ce2c060 100644 --- a/OpenSSL/Cipher.html +++ b/OpenSSL/Cipher.html @@ -144,7 +144,7 @@ <p>That is, a string consisting of the hyphenated concatenation of the individual components name, key length and mode. Either all uppercase or all lowercase strings may be used, for example:</p> -<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'AES-128-CBC'</span>) +<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'aes-128-cbc'</span>) </pre> <h3 id="class-OpenSSL::Cipher-label-Choosing+either+encryption+or+decryption+mode">Choosing either encryption or decryption mode<span><a href="#class-OpenSSL::Cipher-label-Choosing+either+encryption+or+decryption+mode">¶</a> <a href="#top">↑</a></span></h3> @@ -165,7 +165,7 @@ <p>Symmetric encryption requires a key that is the same for the encrypting and for the decrypting party and after initial key establishment should be kept as private information. There are a lot of ways to create insecure keys, the most notable is to simply take a password as the key without processing the password further. A simple and secure way to create a key for a particular <a href="Cipher/Cipher.html"><code>Cipher</code></a> is</p> -<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'AES-256-CFB'</span>) +<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'aes-256-cfb'</span>) <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">encrypt</span> <span class="ruby-identifier">key</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">random_key</span> <span class="ruby-comment"># also sets the generated key on the Cipher</span> </pre> @@ -204,14 +204,14 @@ <pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">"Very, very confidential data"</span> -<span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'AES-128-CBC'</span>) +<span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'aes-128-cbc'</span>) <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">encrypt</span> <span class="ruby-identifier">key</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">random_key</span> <span class="ruby-identifier">iv</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">random_iv</span> <span class="ruby-identifier">encrypted</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">data</span>) <span class="ruby-operator">+</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">final</span> <span class="ruby-operator">...</span> -<span class="ruby-identifier">decipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'AES-128-CBC'</span>) +<span class="ruby-identifier">decipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'aes-128-cbc'</span>) <span class="ruby-identifier">decipher</span>.<span class="ruby-identifier">decrypt</span> <span class="ruby-identifier">decipher</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">key</span> <span class="ruby-identifier">decipher</span>.<span class="ruby-identifier">iv</span> = <span class="ruby-identifier">iv</span> @@ -231,7 +231,7 @@ <p>An example using the GCM (Galois/Counter Mode). You have 16 bytes <em>key</em>, 12 bytes (96 bits) <em>nonce</em> and the associated data <em>auth_data</em>. Be sure not to reuse the <em>key</em> and <em>nonce</em> pair. Reusing an nonce ruins the security guarantees of GCM mode.</p> -<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'AES-128-GCM'</span>).<span class="ruby-identifier">encrypt</span> +<pre class="ruby"><span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'aes-128-gcm'</span>).<span class="ruby-identifier">encrypt</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">key</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">iv</span> = <span class="ruby-identifier">nonce</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">auth_data</span> = <span class="ruby-identifier">auth_data</span> @@ -243,7 +243,7 @@ <p>Now you are the receiver. You know the <em>key</em> and have received <em>nonce</em>, <em>auth_data</em>, <em>encrypted</em> and <em>tag</em> through an untrusted network. Note that GCM accepts an arbitrary length tag between 1 and 16 bytes. You may additionally need to check that the received tag has the correct length, or you allow attackers to forge a valid single byte tag for the tampered ciphertext with a probability of 1/256.</p> <pre class="ruby"><span class="ruby-identifier">raise</span> <span class="ruby-string">"tag is truncated!"</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">tag</span>.<span class="ruby-identifier">bytesize</span> <span class="ruby-operator">==</span> <span class="ruby-value">16</span> -<span class="ruby-identifier">decipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'AES-128-GCM'</span>).<span class="ruby-identifier">decrypt</span> +<span class="ruby-identifier">decipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'aes-128-gcm'</span>).<span class="ruby-identifier">decrypt</span> <span class="ruby-identifier">decipher</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">key</span> <span class="ruby-identifier">decipher</span>.<span class="ruby-identifier">iv</span> = <span class="ruby-identifier">nonce</span> <span class="ruby-identifier">decipher</span>.<span class="ruby-identifier">auth_tag</span> = <span class="ruby-identifier">tag</span> @@ -286,7 +286,7 @@ ossl_s_ciphers(VALUE self) ary = rb_ary_new(); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - (void(*)(const OBJ_NAME*,void*))add_cipher_name_to_ary, + add_cipher_name_to_ary, (void*)ary); return ary; @@ -306,7 +306,7 @@ ossl_s_ciphers(VALUE self) </div> <div class="method-description"> - <p>The string must contain a valid cipher name like “AES-256-CBC”.</p> + <p>The string must contain a valid cipher name like “aes-256-cbc”.</p> <p>A list of cipher names is available by calling <a href="Cipher.html#method-c-ciphers"><code>OpenSSL::Cipher.ciphers</code></a>.</p> diff --git a/OpenSSL/Config.html b/OpenSSL/Config.html index 482dc11f..214c6ebf 100644 --- a/OpenSSL/Config.html +++ b/OpenSSL/Config.html @@ -84,10 +84,9 @@ <li ><a href="#method-c-parse">::parse</a> <li ><a href="#method-c-parse_config">::parse_config</a> <li ><a href="#method-i-5B-5D">#[]</a> - <li ><a href="#method-i-5B-5D-3D">#[]=</a> - <li ><a href="#method-i-add_value">#add_value</a> <li ><a href="#method-i-each">#each</a> <li ><a href="#method-i-get_value">#get_value</a> + <li ><a href="#method-i-initialize_copy">#initialize_copy</a> <li ><a href="#method-i-inspect">#inspect</a> <li ><a href="#method-i-sections">#sections</a> <li ><a href="#method-i-to_s">#to_s</a> @@ -104,8 +103,6 @@ <section class="description"> -<h1 id="class-OpenSSL::Config-label-OpenSSL-3A-3AConfig"><a href="Config.html"><code>OpenSSL::Config</code></a><span><a href="#class-OpenSSL::Config-label-OpenSSL-3A-3AConfig">¶</a> <a href="#top">↑</a></span></h1> - <p>Configuration for the openssl library.</p> <p>Many system’s installation of openssl library will depend on your system configuration. See the value of <a href="Config.html#DEFAULT_CONFIG_FILE"><code>OpenSSL::Config::DEFAULT_CONFIG_FILE</code></a> for the location of the file for your host.</p> @@ -123,13 +120,7 @@ </header> <dl> <dt id="DEFAULT_CONFIG_FILE">DEFAULT_CONFIG_FILE - <dd><p>The default system configuration file for openssl</p> - <dt id="ESCAPE_MAP">ESCAPE_MAP - <dd><p>escaped char map</p> - <dt id="QUOTE_REGEXP_DQ">QUOTE_REGEXP_DQ - <dd><p>escape with backslash and doubled dq</p> - <dt id="QUOTE_REGEXP_SQ">QUOTE_REGEXP_SQ - <dd><p>escape with backslash</p> + <dd><p>The default system configuration file for <a href="../OpenSSL.html"><code>OpenSSL</code></a>.</p> </dl> </section> @@ -142,32 +133,37 @@ <div id="method-c-new" class="method-detail "> <div class="method-heading"> - <span class="method-name">new</span><span - class="method-args">(filename = nil)</span> + <span class="method-callseq"> + new(filename) → OpenSSL::Config + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Creates an instance of OpenSSL’s configuration class.</p> + <p>Creates an instance of <a href="Config.html"><code>OpenSSL::Config</code></a> from the content of the file specified by <em>filename</em>.</p> <p>This can be used in contexts like <a href="X509/ExtensionFactory.html#attribute-i-config"><code>OpenSSL::X509::ExtensionFactory.config=</code></a></p> -<p>If the optional <em>filename</em> parameter is provided, then it is read in and parsed via parse_config.</p> - <p>This can raise <a href="../IO.html"><code>IO</code></a> exceptions based on the access, or availability of the file. A <a href="ConfigError.html"><code>ConfigError</code></a> exception may be raised depending on the validity of the data being configured.</p> <div class="method-source-code" id="new-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 264</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(<span class="ruby-identifier">filename</span> = <span class="ruby-keyword">nil</span>) - <span class="ruby-ivar">@data</span> = {} - <span class="ruby-keyword">if</span> <span class="ruby-identifier">filename</span> - <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">filename</span>.<span class="ruby-identifier">to_s</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span> - <span class="ruby-constant">Config</span>.<span class="ruby-identifier">parse_config</span>(<span class="ruby-identifier">file</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">section</span>, <span class="ruby-identifier">hash</span><span class="ruby-operator">|</span> - <span class="ruby-identifier">set_section</span>(<span class="ruby-identifier">section</span>, <span class="ruby-identifier">hash</span>) - <span class="ruby-keyword">end</span> - <span class="ruby-keyword">end</span> - <span class="ruby-keyword">end</span> -<span class="ruby-keyword">end</span></pre> + <pre>static VALUE +config_initialize(int argc, VALUE *argv, VALUE self) +{ + CONF *conf = GetConfig(self); + VALUE filename; + + /* 0-arguments call has no use-case, but is kept for compatibility */ + rb_scan_args(argc, argv, "01", &filename); + rb_check_frozen(self); + if (!NIL_P(filename)) { + BIO *bio = BIO_new_file(StringValueCStr(filename), "rb"); + if (!bio) + ossl_raise(eConfigError, "BIO_new_file"); + config_load_bio(conf, bio); /* Consumes BIO */ + } + return self; +}</pre> </div> </div> @@ -176,25 +172,27 @@ <div id="method-c-parse" class="method-detail "> <div class="method-heading"> - <span class="method-name">parse</span><span - class="method-args">(string)</span> + <span class="method-callseq"> + parse(string) → OpenSSL::Config + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> <p>Parses a given <em>string</em> as a blob that contains configuration for <a href="../OpenSSL.html"><code>OpenSSL</code></a>.</p> -<p>If the source of the <a href="../IO.html"><code>IO</code></a> is a file, then consider using parse_config.</p> - <div class="method-source-code" id="parse-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 37</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">parse</span>(<span class="ruby-identifier">string</span>) - <span class="ruby-identifier">c</span> = <span class="ruby-identifier">new</span>() - <span class="ruby-identifier">parse_config</span>(<span class="ruby-constant">StringIO</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">string</span>)).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">section</span>, <span class="ruby-identifier">hash</span><span class="ruby-operator">|</span> - <span class="ruby-identifier">c</span>.<span class="ruby-identifier">set_section</span>(<span class="ruby-identifier">section</span>, <span class="ruby-identifier">hash</span>) - <span class="ruby-keyword">end</span> - <span class="ruby-identifier">c</span> -<span class="ruby-keyword">end</span></pre> + <pre>static VALUE +config_s_parse(VALUE klass, VALUE str) +{ + VALUE obj = config_s_alloc(klass); + CONF *conf = GetConfig(obj); + BIO *bio; + + bio = ossl_obj2bio(&str); + config_load_bio(conf, bio); /* Consumes BIO */ + return obj; +}</pre> </div> </div> @@ -203,25 +201,31 @@ <div id="method-c-parse_config" class="method-detail "> <div class="method-heading"> - <span class="method-name">parse_config</span><span - class="method-args">(io)</span> + <span class="method-callseq"> + parse_config(io) → hash + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Parses the configuration data read from <em>io</em>, see also parse.</p> - -<p>Raises a <a href="ConfigError.html"><code>ConfigError</code></a> on invalid configuration data.</p> + <p>Parses the configuration data read from <em>io</em> and returns the whole content as a Hash.</p> <div class="method-source-code" id="parse_config-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 53</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">parse_config</span>(<span class="ruby-identifier">io</span>) - <span class="ruby-keyword">begin</span> - <span class="ruby-identifier">parse_config_lines</span>(<span class="ruby-identifier">io</span>) - <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">error</span> - <span class="ruby-identifier">raise</span> <span class="ruby-constant">ConfigError</span>, <span class="ruby-node">"error in line #{io.lineno}: "</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">error</span>.<span class="ruby-identifier">message</span> - <span class="ruby-keyword">end</span> -<span class="ruby-keyword">end</span></pre> + <pre>static VALUE +config_s_parse_config(VALUE klass, VALUE io) +{ + VALUE obj, sections, ret; + long i; + + obj = config_s_parse(klass, io); + sections = config_get_sections(obj); + ret = rb_hash_new(); + for (i = 0; i < RARRAY_LEN(sections); i++) { + VALUE section = rb_ary_entry(sections, i); + rb_hash_aset(ret, section, config_get_section(obj, section)); + } + return ret; +}</pre> </div> </div> @@ -237,13 +241,14 @@ <div id="method-i-5B-5D" class="method-detail "> <div class="method-heading"> - <span class="method-name">[]</span><span - class="method-args">(section)</span> + <span class="method-callseq"> + config[section] → hash + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Get a specific <em>section</em> from the current configuration</p> + <p>Gets all key-value pairs in a specific <em>section</em> from the current configuration.</p> <p>Given the following configurating file being loaded:</p> @@ -261,73 +266,78 @@ </pre> <div class="method-source-code" id="5B-5D-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 360</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">[]</span>(<span class="ruby-identifier">section</span>) - <span class="ruby-ivar">@data</span>[<span class="ruby-identifier">section</span>] <span class="ruby-operator">||</span> {} -<span class="ruby-keyword">end</span></pre> + <pre>static VALUE +config_get_section(VALUE self, VALUE section) +{ + CONF *conf = GetConfig(self); + STACK_OF(CONF_VALUE) *sk; + int i, entries; + VALUE hash; + + hash = rb_hash_new(); + StringValueCStr(section); + if (!(sk = NCONF_get_section(conf, RSTRING_PTR(section)))) { + ossl_clear_error(); + return hash; + } + entries = sk_CONF_VALUE_num(sk); + for (i = 0; i < entries; i++) { + CONF_VALUE *entry = sk_CONF_VALUE_value(sk, i); + rb_hash_aset(hash, rb_str_new_cstr(entry->name), + rb_str_new_cstr(entry->value)); + } + return hash; +}</pre> </div> </div> </div> - <div id="method-i-5B-5D-3D" class="method-detail "> + <div id="method-i-each" class="method-detail "> <div class="method-heading"> - <span class="method-name">[]=</span><span - class="method-args">(section, pairs)</span> + <span class="method-callseq"> + each { |section, key, value| } + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>*Deprecated in v2.2.0*. This method will be removed in a future release.</p> + <p>Retrieves the section and its pairs for the current configuration.</p> -<p>Sets a specific <em>section</em> name with a Hash <em>pairs</em>.</p> - -<p>Given the following configuration being created:</p> - -<pre class="ruby"><span class="ruby-identifier">config</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Config</span>.<span class="ruby-identifier">new</span> - <span class="ruby-comment">#=> #<OpenSSL::Config sections=[]></span> -<span class="ruby-identifier">config</span>[<span class="ruby-string">'default'</span>] = {<span class="ruby-string">"foo"</span><span class="ruby-operator">=></span><span class="ruby-string">"bar"</span>,<span class="ruby-string">"baz"</span><span class="ruby-operator">=></span><span class="ruby-string">"buz"</span>} - <span class="ruby-comment">#=> {"foo"=>"bar", "baz"=>"buz"}</span> -<span class="ruby-identifier">puts</span> <span class="ruby-identifier">config</span>.<span class="ruby-identifier">to_s</span> - <span class="ruby-comment">#=> [ default ]</span> - <span class="ruby-comment"># foo=bar</span> - <span class="ruby-comment"># baz=buz</span> +<pre class="ruby"><span class="ruby-identifier">config</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">section</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">value</span><span class="ruby-operator">|</span> + <span class="ruby-comment"># ...</span> +<span class="ruby-keyword">end</span> </pre> -<p>It’s important to note that this will essentially merge any of the keys in <em>pairs</em> with the existing <em>section</em>. For example:</p> + <div class="method-source-code" id="each-source"> + <pre>static VALUE +config_each(VALUE self) +{ + CONF *conf = GetConfig(self); -<pre class="ruby"><span class="ruby-identifier">config</span>[<span class="ruby-string">'default'</span>] - <span class="ruby-comment">#=> {"foo"=>"bar", "baz"=>"buz"}</span> -<span class="ruby-identifier">config</span>[<span class="ruby-string">'default'</span>] = {<span class="ruby-string">"foo"</span> <span class="ruby-operator">=></span> <span class="ruby-string">"changed"</span>} - <span class="ruby-comment">#=> {"foo"=>"changed"}</span> -<span class="ruby-identifier">config</span>[<span class="ruby-string">'default'</span>] - <span class="ruby-comment">#=> {"foo"=>"changed", "baz"=>"buz"}</span> -</pre> + RETURN_ENUMERATOR(self, 0, 0); - <div class="method-source-code" id="5B-5D-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 399</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">[]=</span>(<span class="ruby-identifier">section</span>, <span class="ruby-identifier">pairs</span>) - <span class="ruby-identifier">check_modify</span> - <span class="ruby-identifier">set_section</span>(<span class="ruby-identifier">section</span>, <span class="ruby-identifier">pairs</span>) -<span class="ruby-keyword">end</span></pre> + lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(each_conf_value), + NULL); + return self; +}</pre> </div> </div> </div> - <div id="method-i-add_value" class="method-detail "> + <div id="method-i-get_value" class="method-detail "> <div class="method-heading"> - <span class="method-name">add_value</span><span - class="method-args">(section, key, value)</span> + <span class="method-callseq"> + get_value(section, key) → string + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>*Deprecated in v2.2.0*. This method will be removed in a future release.</p> - -<p>Set the target <em>key</em> with a given <em>value</em> under a specific <em>section</em>.</p> + <p>Gets the value of <em>key</em> from the given <em>section</em>.</p> <p>Given the following configurating file being loaded:</p> @@ -338,93 +348,60 @@ <span class="ruby-comment"># foo=bar</span> </pre> -<p>You can set the value of <em>foo</em> under the <em>default</em> section to a new value:</p> - -<pre class="ruby"><span class="ruby-identifier">config</span>.<span class="ruby-identifier">add_value</span>(<span class="ruby-string">'default'</span>, <span class="ruby-string">'foo'</span>, <span class="ruby-string">'buzz'</span>) - <span class="ruby-comment">#=> "buzz"</span> -<span class="ruby-identifier">puts</span> <span class="ruby-identifier">config</span>.<span class="ruby-identifier">to_s</span> - <span class="ruby-comment">#=> [ default ]</span> - <span class="ruby-comment"># foo=buzz</span> -</pre> - - <div class="method-source-code" id="add_value-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 339</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">add_value</span>(<span class="ruby-identifier">section</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">value</span>) - <span class="ruby-identifier">check_modify</span> - (<span class="ruby-ivar">@data</span>[<span class="ruby-identifier">section</span>] <span class="ruby-operator">||=</span> {})[<span class="ruby-identifier">key</span>] = <span class="ruby-identifier">value</span> -<span class="ruby-keyword">end</span></pre> - </div> - </div> - - - </div> - - <div id="method-i-each" class="method-detail "> - <div class="method-heading"> - <span class="method-name">each</span><span - class="method-args">() { |section, key, value| ... }</span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - <p>For a block.</p> - -<p>Receive the section and its pairs for the current configuration.</p> +<p>You can get a specific value from the config if you know the <em>section</em> and <em>key</em> like so:</p> -<pre class="ruby"><span class="ruby-identifier">config</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">section</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">value</span><span class="ruby-operator">|</span> - <span class="ruby-comment"># ...</span> -<span class="ruby-keyword">end</span> +<pre class="ruby"><span class="ruby-identifier">config</span>.<span class="ruby-identifier">get_value</span>(<span class="ruby-string">'default'</span>,<span class="ruby-string">'foo'</span>) + <span class="ruby-comment">#=> "bar"</span> </pre> - <div class="method-source-code" id="each-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 464</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">each</span> - <span class="ruby-ivar">@data</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">section</span>, <span class="ruby-identifier">hash</span><span class="ruby-operator">|</span> - <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">key</span>, <span class="ruby-identifier">value</span><span class="ruby-operator">|</span> - <span class="ruby-keyword">yield</span> [<span class="ruby-identifier">section</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">value</span>] - <span class="ruby-keyword">end</span> - <span class="ruby-keyword">end</span> -<span class="ruby-keyword">end</span></pre> + <div class="method-source-code" id="get_value-source"> + <pre>static VALUE +config_get_value(VALUE self, VALUE section, VALUE key) +{ + CONF *conf = GetConfig(self); + const char *str, *sectionp; + + StringValueCStr(section); + StringValueCStr(key); + /* For compatibility; NULL means "default". */ + sectionp = RSTRING_LEN(section) ? RSTRING_PTR(section) : NULL; + str = NCONF_get_string(conf, sectionp, RSTRING_PTR(key)); + if (!str) { + ossl_clear_error(); + return Qnil; + } + return rb_str_new_cstr(str); +}</pre> </div> </div> </div> - <div id="method-i-get_value" class="method-detail "> + <div id="method-i-initialize_copy" class="method-detail "> <div class="method-heading"> - <span class="method-name">get_value</span><span - class="method-args">(section, key)</span> + <span class="method-name">initialize_copy</span><span + class="method-args">(p1)</span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Gets the value of <em>key</em> from the given <em>section</em></p> - -<p>Given the following configurating file being loaded:</p> - -<pre class="ruby"><span class="ruby-identifier">config</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Config</span>.<span class="ruby-identifier">load</span>(<span class="ruby-string">'foo.cnf'</span>) - <span class="ruby-comment">#=> #<OpenSSL::Config sections=["default"]></span> -<span class="ruby-identifier">puts</span> <span class="ruby-identifier">config</span>.<span class="ruby-identifier">to_s</span> - <span class="ruby-comment">#=> [ default ]</span> - <span class="ruby-comment"># foo=bar</span> -</pre> - -<p>You can get a specific value from the config if you know the <em>section</em> and <em>key</em> like so:</p> - -<pre class="ruby"><span class="ruby-identifier">config</span>.<span class="ruby-identifier">get_value</span>(<span class="ruby-string">'default'</span>,<span class="ruby-string">'foo'</span>) - <span class="ruby-comment">#=> "bar"</span> -</pre> - - <div class="method-source-code" id="get_value-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 292</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">get_value</span>(<span class="ruby-identifier">section</span>, <span class="ruby-identifier">key</span>) - <span class="ruby-keyword">if</span> <span class="ruby-identifier">section</span>.<span class="ruby-identifier">nil?</span> - <span class="ruby-identifier">raise</span> <span class="ruby-constant">TypeError</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'nil not allowed'</span>) - <span class="ruby-keyword">end</span> - <span class="ruby-identifier">section</span> = <span class="ruby-string">'default'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">section</span>.<span class="ruby-identifier">empty?</span> - <span class="ruby-identifier">get_key_string</span>(<span class="ruby-identifier">section</span>, <span class="ruby-identifier">key</span>) -<span class="ruby-keyword">end</span></pre> + + + <div class="method-source-code" id="initialize_copy-source"> + <pre>static VALUE +config_initialize_copy(VALUE self, VALUE other) +{ + CONF *conf = GetConfig(self); + VALUE str; + BIO *bio; + + str = rb_funcall(other, rb_intern("to_s"), 0); + rb_check_frozen(self); + bio = ossl_obj2bio(&str); + config_load_bio(conf, bio); /* Consumes BIO */ + return self; +}</pre> </div> </div> @@ -433,8 +410,9 @@ <div id="method-i-inspect" class="method-detail "> <div class="method-heading"> - <span class="method-name">inspect</span><span - class="method-args">()</span> + <span class="method-callseq"> + inspect → string + </span> <span class="method-click-advice">click to toggle source</span> </div> @@ -442,10 +420,20 @@ <p>String representation of this configuration object, including the class name and its sections.</p> <div class="method-source-code" id="inspect-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 475</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">inspect</span> - <span class="ruby-node">"#<#{self.class.name} sections=#{sections.inspect}>"</span> -<span class="ruby-keyword">end</span></pre> + <pre>static VALUE +config_inspect(VALUE self) +{ + VALUE str, ary = config_get_sections(self); + const char *cname = rb_class2name(rb_obj_class(self)); + + str = rb_str_new_cstr("#<"); + rb_str_cat_cstr(str, cname); + rb_str_cat_cstr(str, " sections="); + rb_str_append(str, rb_inspect(ary)); + rb_str_cat_cstr(str, ">"); + + return str; +}</pre> </div> </div> @@ -454,19 +442,27 @@ <div id="method-i-sections" class="method-detail "> <div class="method-heading"> - <span class="method-name">sections</span><span - class="method-args">()</span> + <span class="method-callseq"> + sections → array of string + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Get the names of all sections in the current configuration</p> + <p>Get the names of all sections in the current configuration.</p> <div class="method-source-code" id="sections-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 413</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">sections</span> - <span class="ruby-ivar">@data</span>.<span class="ruby-identifier">keys</span> -<span class="ruby-keyword">end</span></pre> + <pre>static VALUE +config_get_sections(VALUE self) +{ + CONF *conf = GetConfig(self); + VALUE ary; + + ary = rb_ary_new(); + lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(get_conf_section), + &ary); + return ary; +}</pre> </div> </div> @@ -475,13 +471,14 @@ <div id="method-i-to_s" class="method-detail "> <div class="method-heading"> - <span class="method-name">to_s</span><span - class="method-args">()</span> + <span class="method-callseq"> + to_s → string + </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Get the parsable form of the current configuration</p> + <p>Gets the parsable form of the current configuration.</p> <p>Given the following configuration being created:</p> @@ -508,18 +505,17 @@ </pre> <div class="method-source-code" id="to_s-source"> - <pre><span class="ruby-comment"># File lib/openssl/config.rb, line 443</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">to_s</span> - <span class="ruby-identifier">ary</span> = [] - <span class="ruby-ivar">@data</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">sort</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">section</span><span class="ruby-operator">|</span> - <span class="ruby-identifier">ary</span> <span class="ruby-operator"><<</span> <span class="ruby-node">"[ #{section} ]\n"</span> - <span class="ruby-ivar">@data</span>[<span class="ruby-identifier">section</span>].<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">key</span><span class="ruby-operator">|</span> - <span class="ruby-identifier">ary</span> <span class="ruby-operator"><<</span> <span class="ruby-node">"#{key}=#{@data[section][key]}\n"</span> - <span class="ruby-keyword">end</span> - <span class="ruby-identifier">ary</span> <span class="ruby-operator"><<</span> <span class="ruby-string">"\n"</span> - <span class="ruby-keyword">end</span> - <span class="ruby-identifier">ary</span>.<span class="ruby-identifier">join</span> -<span class="ruby-keyword">end</span></pre> + <pre>static VALUE +config_to_s(VALUE self) +{ + CONF *conf = GetConfig(self); + VALUE str; + + str = rb_str_new(NULL, 0); + lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(dump_conf_value), + &str); + return str; +}</pre> </div> </div> diff --git a/OpenSSL/Digest.html b/OpenSSL/Digest.html index 27256700..f5abc344 100644 --- a/OpenSSL/Digest.html +++ b/OpenSSL/Digest.html @@ -135,16 +135,16 @@ <h3 id="class-OpenSSL::Digest-label-Hashing+a+file">Hashing a file<span><a href="#class-OpenSSL::Digest-label-Hashing+a+file">¶</a> <a href="#top">↑</a></span></h3> -<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'document'</span>) +<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'document'</span>) <span class="ruby-identifier">sha256</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA256'</span>) <span class="ruby-identifier">digest</span> = <span class="ruby-identifier">sha256</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-identifier">data</span>) </pre> <h3 id="class-OpenSSL::Digest-label-Hashing+several+pieces+of+data+at+once">Hashing several pieces of data at once<span><a href="#class-OpenSSL::Digest-label-Hashing+several+pieces+of+data+at+once">¶</a> <a href="#top">↑</a></span></h3> -<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'file1'</span>) -<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'file2'</span>) -<span class="ruby-identifier">data3</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'file3'</span>) +<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'file1'</span>) +<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'file2'</span>) +<span class="ruby-identifier">data3</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'file3'</span>) <span class="ruby-identifier">sha256</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA256'</span>) <span class="ruby-identifier">sha256</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data1</span> <span class="ruby-identifier">sha256</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data2</span> @@ -154,11 +154,11 @@ <h3 id="class-OpenSSL::Digest-label-Reuse+a+Digest+instance">Reuse a <a href="Digest.html"><code>Digest</code></a> instance<span><a href="#class-OpenSSL::Digest-label-Reuse+a+Digest+instance">¶</a> <a href="#top">↑</a></span></h3> -<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'file1'</span>) +<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'file1'</span>) <span class="ruby-identifier">sha256</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA256'</span>) <span class="ruby-identifier">digest1</span> = <span class="ruby-identifier">sha256</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-identifier">data1</span>) -<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'file2'</span>) +<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'file2'</span>) <span class="ruby-identifier">sha256</span>.<span class="ruby-identifier">reset</span> <span class="ruby-identifier">digest2</span> = <span class="ruby-identifier">sha256</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-identifier">data2</span>) </pre> @@ -425,7 +425,7 @@ ossl_digest_name(VALUE self) GetDigest(self, ctx); - return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx))); + return rb_str_new_cstr(EVP_MD_name(EVP_MD_CTX_get0_md(ctx))); }</pre> </div> </div> @@ -451,7 +451,7 @@ ossl_digest_reset(VALUE self) EVP_MD_CTX *ctx; GetDigest(self, ctx); - if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL) != 1) { + if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) { ossl_raise(eDigestError, "Digest initialization failed."); } diff --git a/OpenSSL/Engine.html b/OpenSSL/Engine.html index 58662cff..0a526de7 100644 --- a/OpenSSL/Engine.html +++ b/OpenSSL/Engine.html @@ -249,48 +249,48 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass) return Qtrue; } StringValueCStr(name); -#if HAVE_ENGINE_LOAD_DYNAMIC +#ifdef HAVE_ENGINE_LOAD_DYNAMIC OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC); #endif #ifndef OPENSSL_NO_STATIC_ENGINE -#if HAVE_ENGINE_LOAD_4758CCA +#ifdef HAVE_ENGINE_LOAD_4758CCA OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA); #endif -#if HAVE_ENGINE_LOAD_AEP +#ifdef HAVE_ENGINE_LOAD_AEP OSSL_ENGINE_LOAD_IF_MATCH(aep, AEP); #endif -#if HAVE_ENGINE_LOAD_ATALLA +#ifdef HAVE_ENGINE_LOAD_ATALLA OSSL_ENGINE_LOAD_IF_MATCH(atalla, ATALLA); #endif -#if HAVE_ENGINE_LOAD_CHIL +#ifdef HAVE_ENGINE_LOAD_CHIL OSSL_ENGINE_LOAD_IF_MATCH(chil, CHIL); #endif -#if HAVE_ENGINE_LOAD_CSWIFT +#ifdef HAVE_ENGINE_LOAD_CSWIFT OSSL_ENGINE_LOAD_IF_MATCH(cswift, CSWIFT); #endif -#if HAVE_ENGINE_LOAD_NURON +#ifdef HAVE_ENGINE_LOAD_NURON OSSL_ENGINE_LOAD_IF_MATCH(nuron, NURON); #endif -#if HAVE_ENGINE_LOAD_SUREWARE +#ifdef HAVE_ENGINE_LOAD_SUREWARE OSSL_ENGINE_LOAD_IF_MATCH(sureware, SUREWARE); #endif -#if HAVE_ENGINE_LOAD_UBSEC +#ifdef HAVE_ENGINE_LOAD_UBSEC OSSL_ENGINE_LOAD_IF_MATCH(ubsec, UBSEC); #endif -#if HAVE_ENGINE_LOAD_PADLOCK +#ifdef HAVE_ENGINE_LOAD_PADLOCK OSSL_ENGINE_LOAD_IF_MATCH(padlock, PADLOCK); #endif -#if HAVE_ENGINE_LOAD_CAPI +#ifdef HAVE_ENGINE_LOAD_CAPI OSSL_ENGINE_LOAD_IF_MATCH(capi, CAPI); #endif -#if HAVE_ENGINE_LOAD_GMP +#ifdef HAVE_ENGINE_LOAD_GMP OSSL_ENGINE_LOAD_IF_MATCH(gmp, GMP); #endif -#if HAVE_ENGINE_LOAD_GOST +#ifdef HAVE_ENGINE_LOAD_GOST OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST); #endif #endif -#if HAVE_ENGINE_LOAD_CRYPTODEV +#ifdef HAVE_ENGINE_LOAD_CRYPTODEV OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV); #endif OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL); diff --git a/OpenSSL/HMAC.html b/OpenSSL/HMAC.html index 555dfc35..ee547071 100644 --- a/OpenSSL/HMAC.html +++ b/OpenSSL/HMAC.html @@ -81,11 +81,13 @@ <h3>Methods</h3> <ul class="link-list" role="directory"> + <li ><a href="#method-c-base64digest">::base64digest</a> <li ><a href="#method-c-digest">::digest</a> <li ><a href="#method-c-hexdigest">::hexdigest</a> <li ><a href="#method-c-new">::new</a> <li ><a href="#method-i-3C-3C">#<<</a> <li ><a href="#method-i-3D-3D">#==</a> + <li ><a href="#method-i-base64digest">#base64digest</a> <li ><a href="#method-i-digest">#digest</a> <li ><a href="#method-i-hexdigest">#hexdigest</a> <li ><a href="#method-i-initialize_copy">#initialize_copy</a> @@ -120,11 +122,10 @@ <h3 id="class-OpenSSL::HMAC-label-HMAC-SHA256+using+incremental+interface">HMAC-SHA256 using incremental interface<span><a href="#class-OpenSSL::HMAC-label-HMAC-SHA256+using+incremental+interface">¶</a> <a href="#top">↑</a></span></h3> -<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file1"</span>) -<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file2"</span>) +<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">"file1"</span>) +<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">"file2"</span>) <span class="ruby-identifier">key</span> = <span class="ruby-string">"key"</span> -<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA256'</span>) -<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">digest</span>) +<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-string">'SHA256'</span>) <span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data1</span> <span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data2</span> <span class="ruby-identifier">mac</span> = <span class="ruby-identifier">hmac</span>.<span class="ruby-identifier">digest</span> @@ -143,6 +144,37 @@ <h3>Public Class Methods</h3> </header> + <div id="method-c-base64digest" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + base64digest(digest, key, data) → aString + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Returns the authentication code as a Base64-encoded string. The <em>digest</em> parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of <a href="Digest.html"><code>OpenSSL::Digest</code></a>.</p> + +<h3 id="method-c-base64digest-label-Example">Example<span><a href="#method-c-base64digest-label-Example">¶</a> <a href="#top">↑</a></span></h3> + +<pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">'key'</span> +<span class="ruby-identifier">data</span> = <span class="ruby-string">'The quick brown fox jumps over the lazy dog'</span> + +<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">base64digest</span>(<span class="ruby-string">'SHA1'</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-comment">#=> "3nybhbi3iqa8ino29wqQcBydtNk="</span> +</pre> + + <div class="method-source-code" id="base64digest-source"> + <pre><span class="ruby-comment"># File lib/openssl/hmac.rb, line 73</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">base64digest</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) + [<span class="ruby-identifier">digest</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>)].<span class="ruby-identifier">pack</span>(<span class="ruby-string">"m0"</span>) +<span class="ruby-keyword">end</span></pre> + </div> + </div> + + + </div> + <div id="method-c-digest" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -159,25 +191,17 @@ <pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">'key'</span> <span class="ruby-identifier">data</span> = <span class="ruby-string">'The quick brown fox jumps over the lazy dog'</span> -<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">'sha1'</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">'SHA1'</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) <span class="ruby-comment">#=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"</span> </pre> <div class="method-source-code" id="digest-source"> - <pre>static VALUE -ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data) -{ - unsigned char *buf; - unsigned int buf_len; - - StringValue(key); - StringValue(data); - buf = HMAC(ossl_evp_get_digestbyname(digest), RSTRING_PTR(key), - RSTRING_LENINT(key), (unsigned char *)RSTRING_PTR(data), - RSTRING_LEN(data), NULL, &buf_len); - - return rb_str_new((const char *)buf, buf_len); -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/hmac.rb, line 35</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">digest</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) + <span class="ruby-identifier">hmac</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">digest</span>) + <span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data</span> + <span class="ruby-identifier">hmac</span>.<span class="ruby-identifier">digest</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -200,31 +224,17 @@ ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data) <pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">'key'</span> <span class="ruby-identifier">data</span> = <span class="ruby-string">'The quick brown fox jumps over the lazy dog'</span> -<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-string">'sha1'</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-string">'SHA1'</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) <span class="ruby-comment">#=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"</span> </pre> <div class="method-source-code" id="hexdigest-source"> - <pre>static VALUE -ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data) -{ - unsigned char buf[EVP_MAX_MD_SIZE]; - unsigned int buf_len; - VALUE ret; - - StringValue(key); - StringValue(data); - - if (!HMAC(ossl_evp_get_digestbyname(digest), RSTRING_PTR(key), - RSTRING_LENINT(key), (unsigned char *)RSTRING_PTR(data), - RSTRING_LEN(data), buf, &buf_len)) - ossl_raise(eHMACError, "HMAC"); - - ret = rb_str_new(NULL, buf_len * 2); - ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len); - - return ret; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/hmac.rb, line 54</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">hexdigest</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) + <span class="ruby-identifier">hmac</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">digest</span>) + <span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data</span> + <span class="ruby-identifier">hmac</span>.<span class="ruby-identifier">hexdigest</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -245,8 +255,7 @@ ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data) <h3 id="method-c-new-label-Example">Example<span><a href="#method-c-new-label-Example">¶</a> <a href="#top">↑</a></span></h3> <pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">'key'</span> -<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'sha1'</span>) -<span class="ruby-identifier">instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">digest</span>) +<span class="ruby-identifier">instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-string">'SHA1'</span>) <span class="ruby-comment">#=> f42bb0eeb018ebbd4597ae7213711ec60760843f</span> <span class="ruby-identifier">instance</span>.<span class="ruby-identifier">class</span> <span class="ruby-comment">#=> OpenSSL::HMAC</span> @@ -256,7 +265,7 @@ ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data) <p>Two instances can be securely compared with <a href="HMAC.html#method-i-3D-3D"><code>==</code></a> in constant time:</p> -<pre class="ruby"> <span class="ruby-identifier">other_instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'key'</span>, <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'sha1'</span>)) +<pre class="ruby"> <span class="ruby-identifier">other_instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'key'</span>, <span class="ruby-string">'SHA1'</span>) <span class="ruby-comment">#=> f42bb0eeb018ebbd4597ae7213711ec60760843f</span> <span class="ruby-identifier">instance</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">other_instance</span> <span class="ruby-comment">#=> true</span> @@ -266,12 +275,23 @@ ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data) <pre>static VALUE ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) { - HMAC_CTX *ctx; + EVP_MD_CTX *ctx; + EVP_PKEY *pkey; - StringValue(key); GetHMAC(self, ctx); - HMAC_Init_ex(ctx, RSTRING_PTR(key), RSTRING_LENINT(key), - ossl_evp_get_digestbyname(digest), NULL); + StringValue(key); + pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + (unsigned char *)RSTRING_PTR(key), + RSTRING_LENINT(key)); + if (!pkey) + ossl_raise(eHMACError, "EVP_PKEY_new_mac_key"); + if (EVP_DigestSignInit(ctx, NULL, ossl_evp_get_digestbyname(digest), + NULL, pkey) != 1) { + EVP_PKEY_free(pkey); + ossl_raise(eHMACError, "EVP_DigestSignInit"); + } + /* Decrement reference counter; EVP_MD_CTX still keeps it */ + EVP_PKEY_free(pkey); return self; }</pre> @@ -340,6 +360,28 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) </div> + <div id="method-i-base64digest" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + base64digest → string + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Returns the authentication code an a Base64-encoded string.</p> + + <div class="method-source-code" id="base64digest-source"> + <pre><span class="ruby-comment"># File lib/openssl/hmac.rb, line 17</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">base64digest</span> + [<span class="ruby-identifier">digest</span>].<span class="ruby-identifier">pack</span>(<span class="ruby-string">"m0"</span>) +<span class="ruby-keyword">end</span></pre> + </div> + </div> + + + </div> + <div id="method-i-digest" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -353,7 +395,7 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) <h3 id="method-i-digest-label-Example">Example<span><a href="#method-i-digest-label-Example">¶</a> <a href="#top">↑</a></span></h3> -<pre class="ruby"><span class="ruby-identifier">instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'key'</span>, <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'sha1'</span>)) +<pre class="ruby"><span class="ruby-identifier">instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'key'</span>, <span class="ruby-string">'SHA1'</span>) <span class="ruby-comment">#=> f42bb0eeb018ebbd4597ae7213711ec60760843f</span> <span class="ruby-identifier">instance</span>.<span class="ruby-identifier">digest</span> <span class="ruby-comment">#=> "\xF4+\xB0\xEE\xB0\x18\xEB\xBDE\x97\xAEr\x13q\x1E\xC6\a`\x84?"</span> @@ -363,15 +405,16 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) <pre>static VALUE ossl_hmac_digest(VALUE self) { - HMAC_CTX *ctx; - unsigned int buf_len; + EVP_MD_CTX *ctx; + size_t buf_len = EVP_MAX_MD_SIZE; VALUE ret; GetHMAC(self, ctx); ret = rb_str_new(NULL, EVP_MAX_MD_SIZE); - hmac_final(ctx, (unsigned char *)RSTRING_PTR(ret), &buf_len); - assert(buf_len <= EVP_MAX_MD_SIZE); - rb_str_set_len(ret, buf_len); + if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(ret), + &buf_len) != 1) + ossl_raise(eHMACError, "EVP_DigestSignFinal"); + rb_str_set_len(ret, (long)buf_len); return ret; }</pre> @@ -396,13 +439,14 @@ ossl_hmac_digest(VALUE self) <pre>static VALUE ossl_hmac_hexdigest(VALUE self) { - HMAC_CTX *ctx; + EVP_MD_CTX *ctx; unsigned char buf[EVP_MAX_MD_SIZE]; - unsigned int buf_len; + size_t buf_len = EVP_MAX_MD_SIZE; VALUE ret; GetHMAC(self, ctx); - hmac_final(ctx, buf, &buf_len); + if (EVP_DigestSignFinal(ctx, buf, &buf_len) != 1) + ossl_raise(eHMACError, "EVP_DigestSignFinal"); ret = rb_str_new(NULL, buf_len * 2); ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len); @@ -431,16 +475,15 @@ ossl_hmac_hexdigest(VALUE self) <pre>static VALUE ossl_hmac_copy(VALUE self, VALUE other) { - HMAC_CTX *ctx1, *ctx2; + EVP_MD_CTX *ctx1, *ctx2; rb_check_frozen(self); if (self == other) return self; GetHMAC(self, ctx1); GetHMAC(other, ctx2); - - if (!HMAC_CTX_copy(ctx1, ctx2)) - ossl_raise(eHMACError, "HMAC_CTX_copy"); + if (EVP_MD_CTX_copy(ctx1, ctx2) != 1) + ossl_raise(eHMACError, "EVP_MD_CTX_copy"); return self; }</pre> </div> @@ -456,16 +499,7 @@ ossl_hmac_copy(VALUE self, VALUE other) </div> <div class="method-description"> - <p>Returns the authentication code as a hex-encoded string. The <em>digest</em> parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of <a href="Digest.html"><code>OpenSSL::Digest</code></a>.</p> - -<h3 id="method-i-inspect-label-Example">Example<span><a href="#method-i-inspect-label-Example">¶</a> <a href="#top">↑</a></span></h3> - -<pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">'key'</span> -<span class="ruby-identifier">data</span> = <span class="ruby-string">'The quick brown fox jumps over the lazy dog'</span> - -<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-string">'sha1'</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) -<span class="ruby-comment">#=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"</span> -</pre> + <p>Returns the authentication code an instance represents as a hex-encoded string.</p> </div> @@ -489,7 +523,7 @@ ossl_hmac_copy(VALUE self, VALUE other) <h3 id="method-i-reset-label-Example">Example<span><a href="#method-i-reset-label-Example">¶</a> <a href="#top">↑</a></span></h3> <pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">"The quick brown fox jumps over the lazy dog"</span> -<span class="ruby-identifier">instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'key'</span>, <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'sha1'</span>)) +<span class="ruby-identifier">instance</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'key'</span>, <span class="ruby-string">'SHA1'</span>) <span class="ruby-comment">#=> f42bb0eeb018ebbd4597ae7213711ec60760843f</span> <span class="ruby-identifier">instance</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">data</span>) @@ -502,10 +536,13 @@ ossl_hmac_copy(VALUE self, VALUE other) <pre>static VALUE ossl_hmac_reset(VALUE self) { - HMAC_CTX *ctx; + EVP_MD_CTX *ctx; + EVP_PKEY *pkey; GetHMAC(self, ctx); - HMAC_Init_ex(ctx, NULL, 0, NULL, NULL); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); + if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1) + ossl_raise(eHMACError, "EVP_DigestSignInit"); return self; }</pre> @@ -522,16 +559,7 @@ ossl_hmac_reset(VALUE self) </div> <div class="method-description"> - <p>Returns the authentication code as a hex-encoded string. The <em>digest</em> parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of <a href="Digest.html"><code>OpenSSL::Digest</code></a>.</p> - -<h3 id="method-i-to_s-label-Example">Example<span><a href="#method-i-to_s-label-Example">¶</a> <a href="#top">↑</a></span></h3> - -<pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">'key'</span> -<span class="ruby-identifier">data</span> = <span class="ruby-string">'The quick brown fox jumps over the lazy dog'</span> - -<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-string">'sha1'</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) -<span class="ruby-comment">#=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"</span> -</pre> + <p>Returns the authentication code an instance represents as a hex-encoded string.</p> </div> @@ -567,11 +595,12 @@ ossl_hmac_reset(VALUE self) <pre>static VALUE ossl_hmac_update(VALUE self, VALUE data) { - HMAC_CTX *ctx; + EVP_MD_CTX *ctx; StringValue(data); GetHMAC(self, ctx); - HMAC_Update(ctx, (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data)); + if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) != 1) + ossl_raise(eHMACError, "EVP_DigestSignUpdate"); return self; }</pre> diff --git a/OpenSSL/HMACError.html b/OpenSSL/HMACError.html index d19bc6e2..279ae108 100644 --- a/OpenSSL/HMACError.html +++ b/OpenSSL/HMACError.html @@ -102,11 +102,10 @@ <h3 id="class-OpenSSL::HMACError-label-HMAC-SHA256+using+incremental+interface">HMAC-SHA256 using incremental interface<span><a href="#class-OpenSSL::HMACError-label-HMAC-SHA256+using+incremental+interface">¶</a> <a href="#top">↑</a></span></h3> -<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file1"</span>) -<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file2"</span>) +<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">"file1"</span>) +<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">"file2"</span>) <span class="ruby-identifier">key</span> = <span class="ruby-string">"key"</span> -<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA256'</span>) -<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">digest</span>) +<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-string">'SHA256'</span>) <span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data1</span> <span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data2</span> <span class="ruby-identifier">mac</span> = <span class="ruby-identifier">hmac</span>.<span class="ruby-identifier">digest</span> diff --git a/OpenSSL/KDF.html b/OpenSSL/KDF.html index 0df19309..03c095fd 100644 --- a/OpenSSL/KDF.html +++ b/OpenSSL/KDF.html @@ -179,6 +179,16 @@ <p>The hash function.</p> </dd></dl> +<h3 id="method-c-hkdf-label-Example">Example<span><a href="#method-c-hkdf-label-Example">¶</a> <a href="#top">↑</a></span></h3> + +<pre class="ruby"><span class="ruby-comment"># The values from https://datatracker.ietf.org/doc/html/rfc5869#appendix-A.1</span> +<span class="ruby-identifier">ikm</span> = [<span class="ruby-string">"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"</span>].<span class="ruby-identifier">pack</span>(<span class="ruby-string">"H*"</span>) +<span class="ruby-identifier">salt</span> = [<span class="ruby-string">"000102030405060708090a0b0c"</span>].<span class="ruby-identifier">pack</span>(<span class="ruby-string">"H*"</span>) +<span class="ruby-identifier">info</span> = [<span class="ruby-string">"f0f1f2f3f4f5f6f7f8f9"</span>].<span class="ruby-identifier">pack</span>(<span class="ruby-string">"H*"</span>) +<span class="ruby-identifier">p</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">KDF</span>.<span class="ruby-identifier">hkdf</span>(<span class="ruby-identifier">ikm</span>, <span class="ruby-value">salt:</span> <span class="ruby-identifier">salt</span>, <span class="ruby-value">info:</span> <span class="ruby-identifier">info</span>, <span class="ruby-value">length:</span> <span class="ruby-value">42</span>, <span class="ruby-value">hash:</span> <span class="ruby-string">"SHA256"</span>).<span class="ruby-identifier">unpack1</span>(<span class="ruby-string">"H*"</span>) +<span class="ruby-comment"># => "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"</span> +</pre> + <div class="method-source-code" id="hkdf-source"> <pre>static VALUE kdf_hkdf(int argc, VALUE *argv, VALUE self) diff --git a/OpenSSL/OCSP.html b/OpenSSL/OCSP.html index 3d3a40e9..c6a029ee 100644 --- a/OpenSSL/OCSP.html +++ b/OpenSSL/OCSP.html @@ -145,7 +145,7 @@ <pre class="ruby"><span class="ruby-identifier">single_response</span> = <span class="ruby-identifier">basic_response</span>.<span class="ruby-identifier">find_response</span>(<span class="ruby-identifier">certificate_id</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">single_response</span> - <span class="ruby-identifier">raise</span> <span class="ruby-string">'basic_response does not have the status for the certificiate'</span> + <span class="ruby-identifier">raise</span> <span class="ruby-string">'basic_response does not have the status for the certificate'</span> <span class="ruby-keyword">end</span> </pre> diff --git a/OpenSSL/OCSP/BasicResponse.html b/OpenSSL/OCSP/BasicResponse.html index 64237430..4c3aac19 100644 --- a/OpenSSL/OCSP/BasicResponse.html +++ b/OpenSSL/OCSP/BasicResponse.html @@ -217,7 +217,7 @@ ossl_ocspbres_add_nonce(int argc, VALUE *argv, VALUE self) <p><em>reason</em> and <em>revocation_time</em> can be given only when <em>status</em> is OpenSSL::OCSP::V_CERTSTATUS_REVOKED. <em>reason</em> describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. <em>revocation_time</em> is the time when the certificate is revoked.</p> -<p><em>this_update</em> and <em>next_update</em> indicate the time at which ths status is verified to be correct and the time at or before which newer information will be available, respectively. <em>next_update</em> is optional.</p> +<p><em>this_update</em> and <em>next_update</em> indicate the time at which the status is verified to be correct and the time at or before which newer information will be available, respectively. <em>next_update</em> is optional.</p> <p><em>extensions</em> is an Array of <a href="../X509/Extension.html"><code>OpenSSL::X509::Extension</code></a> to be included in the <a href="SingleResponse.html"><code>SingleResponse</code></a>. This is also optional.</p> @@ -632,55 +632,7 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self) x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : NUM2INT(flags); x509s = ossl_x509_ary2sk(certs); -#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || defined(LIBRESSL_VERSION_NUMBER) - /* - * OpenSSL had a bug that it doesn't use the certificates in x509s for - * verifying the chain. This can be a problem when the response is signed by - * a certificate issued by an intermediate CA. - * - * root_ca - * | - * intermediate_ca - * |-------------| - * end_entity ocsp_signer - * - * When the certificate hierarchy is like this, and the response contains - * only ocsp_signer certificate, the following code wrongly fails. - * - * store = OpenSSL::X509::Store.new; store.add_cert(root_ca) - * basic_response.verify([intermediate_ca], store) - * - * So add the certificates in x509s to the embedded certificates list first. - * - * This is fixed in OpenSSL 0.9.8zg, 1.0.0s, 1.0.1n, 1.0.2b. But it still - * exists in LibreSSL 2.1.10, 2.2.9, 2.3.6, 2.4.1. - */ - if (!(flg & (OCSP_NOCHAIN | OCSP_NOVERIFY)) && - sk_X509_num(x509s) && sk_X509_num(bs->certs)) { - int i; - - bs = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs); - if (!bs) { - sk_X509_pop_free(x509s, X509_free); - ossl_raise(eOCSPError, "ASN1_item_dup"); - } - - for (i = 0; i < sk_X509_num(x509s); i++) { - if (!OCSP_basic_add1_cert(bs, sk_X509_value(x509s, i))) { - sk_X509_pop_free(x509s, X509_free); - OCSP_BASICRESP_free(bs); - ossl_raise(eOCSPError, "OCSP_basic_add1_cert"); - } - } - result = OCSP_basic_verify(bs, x509s, x509st, flg); - OCSP_BASICRESP_free(bs); - } - else { - result = OCSP_basic_verify(bs, x509s, x509st, flg); - } -#else result = OCSP_basic_verify(bs, x509s, x509st, flg); -#endif sk_X509_pop_free(x509s, X509_free); if (result <= 0) ossl_clear_error(); diff --git a/OpenSSL/PKCS12.html b/OpenSSL/PKCS12.html index efa7c490..42df932b 100644 --- a/OpenSSL/PKCS12.html +++ b/OpenSSL/PKCS12.html @@ -164,7 +164,7 @@ <p>The not_before and not_after fields must be filled in.</p> </li></ul> </li><li> -<p><em>ca</em> - An optional array of X509::Certificate’s.</p> +<p><em>ca</em> - An optional array of <a href="X509/Certificate.html"><code>X509::Certificate</code></a>‘s.</p> </li><li> <p><em>key_pbe</em> - string</p> </li><li> @@ -289,15 +289,15 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self) ossl_raise(ePKCS12Error, "PKCS12_parse"); ERR_pop_to_mark(); if (key) { - pkey = rb_protect((VALUE (*)(VALUE))ossl_pkey_new, (VALUE)key, &st); + pkey = rb_protect(ossl_pkey_new_i, (VALUE)key, &st); if (st) goto err; } if (x509) { - cert = rb_protect((VALUE (*)(VALUE))ossl_x509_new, (VALUE)x509, &st); + cert = rb_protect(ossl_x509_new_i, (VALUE)x509, &st); if (st) goto err; } if (x509s) { - ca = rb_protect((VALUE (*)(VALUE))ossl_x509_sk2ary, (VALUE)x509s, &st); + ca = rb_protect(ossl_x509_sk2ary_i, (VALUE)x509s, &st); if (st) goto err; } diff --git a/OpenSSL/PKCS7.html b/OpenSSL/PKCS7.html index fd87f715..fdfc26c5 100644 --- a/OpenSSL/PKCS7.html +++ b/OpenSSL/PKCS7.html @@ -247,7 +247,7 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass) <pre>static VALUE ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self) { - PKCS7 *p7, *pkcs = DATA_PTR(self); + PKCS7 *p7, *p7_orig = RTYPEDDATA_DATA(self); BIO *in; VALUE arg; @@ -255,19 +255,17 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self) return self; arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(&arg); - p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL); + p7 = d2i_PKCS7_bio(in, NULL); if (!p7) { OSSL_BIO_reset(in); - p7 = d2i_PKCS7_bio(in, &pkcs); - if (!p7) { - BIO_free(in); - PKCS7_free(pkcs); - DATA_PTR(self) = NULL; - ossl_raise(rb_eArgError, "Could not parse the PKCS7"); - } + p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); } - DATA_PTR(self) = pkcs; BIO_free(in); + if (!p7) + ossl_raise(rb_eArgError, "Could not parse the PKCS7"); + + RTYPEDDATA_DATA(self) = p7; + PKCS7_free(p7_orig); ossl_pkcs7_set_data(self, Qnil); ossl_pkcs7_set_err_string(self, Qnil); @@ -559,13 +557,18 @@ ossl_pkcs7_add_data(VALUE self, VALUE data) ossl_pkcs7_add_recipient(VALUE self, VALUE recip) { PKCS7 *pkcs7; - PKCS7_RECIP_INFO *ri; + PKCS7_RECIP_INFO *ri, *ri_new; - ri = DupPKCS7RecipientPtr(recip); /* NEED TO DUP */ GetPKCS7(self, pkcs7); - if (!PKCS7_add_recipient_info(pkcs7, ri)) { - PKCS7_RECIP_INFO_free(ri); - ossl_raise(ePKCS7Error, "Could not add recipient."); + GetPKCS7ri(recip, ri); + + ri_new = ossl_PKCS7_RECIP_INFO_dup(ri); + if (!ri_new) + ossl_raise(ePKCS7Error, "PKCS7_RECIP_INFO_dup"); + + if (PKCS7_add_recipient_info(pkcs7, ri_new) != 1) { + PKCS7_RECIP_INFO_free(ri_new); + ossl_raise(ePKCS7Error, "PKCS7_add_recipient_info"); } return self; @@ -591,17 +594,18 @@ ossl_pkcs7_add_recipient(VALUE self, VALUE recip) ossl_pkcs7_add_signer(VALUE self, VALUE signer) { PKCS7 *pkcs7; - PKCS7_SIGNER_INFO *p7si; + PKCS7_SIGNER_INFO *si, *si_new; - p7si = DupPKCS7SignerPtr(signer); /* NEED TO DUP */ GetPKCS7(self, pkcs7); - if (!PKCS7_add_signer(pkcs7, p7si)) { - PKCS7_SIGNER_INFO_free(p7si); - ossl_raise(ePKCS7Error, "Could not add signer."); - } - if (PKCS7_type_is_signed(pkcs7)){ - PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType, - V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); + GetPKCS7si(signer, si); + + si_new = ossl_PKCS7_SIGNER_INFO_dup(si); + if (!si_new) + ossl_raise(ePKCS7Error, "PKCS7_SIGNER_INFO_dup"); + + if (PKCS7_add_signer(pkcs7, si_new) != 1) { + PKCS7_SIGNER_INFO_free(si_new); + ossl_raise(ePKCS7Error, "PKCS7_add_signer"); } return self; diff --git a/OpenSSL/PKey.html b/OpenSSL/PKey.html index 8f37129d..ca0bb523 100644 --- a/OpenSSL/PKey.html +++ b/OpenSSL/PKey.html @@ -75,6 +75,8 @@ <h3>Methods</h3> <ul class="link-list" role="directory"> + <li ><a href="#method-c-generate_key">::generate_key</a> + <li ><a href="#method-c-generate_parameters">::generate_parameters</a> <li ><a href="#method-c-read">::read</a> </ul> </div> @@ -125,6 +127,79 @@ <h3>Public Class Methods</h3> </header> + <div id="method-c-generate_key" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + OpenSSL::PKey.generate_key(algo_name [, options]) → pkey + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + <div class="method-heading"> + <span class="method-callseq"> + OpenSSL::PKey.generate_key(pkey [, options]) → pkey + </span> + </div> + + <div class="method-description"> + <p>Generates a new key (pair).</p> + +<p>If a String is given as the first argument, it generates a new random key for the algorithm specified by the name just as <a href="PKey.html#method-c-generate_parameters"><code>::generate_parameters</code></a> does. If an <a href="PKey/PKey.html"><code>OpenSSL::PKey::PKey</code></a> is given instead, it generates a new random key for the same algorithm as the key, using the parameters the key contains.</p> + +<p>See <a href="PKey.html#method-c-generate_parameters"><code>::generate_parameters</code></a> for the details of <em>options</em> and the given block.</p> + +<h2 id="method-c-generate_key-label-Example">Example<span><a href="#method-c-generate_key-label-Example">¶</a> <a href="#top">↑</a></span></h2> + +<pre class="ruby"><span class="ruby-identifier">pkey_params</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_parameters</span>(<span class="ruby-string">"DSA"</span>, <span class="ruby-string">"dsa_paramgen_bits"</span> <span class="ruby-operator">=></span> <span class="ruby-value">2048</span>) +<span class="ruby-identifier">pkey_params</span>.<span class="ruby-identifier">priv_key</span> <span class="ruby-comment">#=> nil</span> +<span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-identifier">pkey_params</span>) +<span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">priv_key</span> <span class="ruby-comment">#=> #<OpenSSL::BN 6277...</span> +</pre> + + <div class="method-source-code" id="generate_key-source"> + <pre>static VALUE +ossl_pkey_s_generate_key(int argc, VALUE *argv, VALUE self) +{ + return pkey_generate(argc, argv, self, 0); +}</pre> + </div> + </div> + + + </div> + + <div id="method-c-generate_parameters" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + OpenSSL::PKey.generate_parameters(algo_name [, options]) → pkey + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Generates new parameters for the algorithm. <em>algo_name</em> is a String that represents the algorithm. The optional argument <em>options</em> is a Hash that specifies the options specific to the algorithm. The order of the options can be important.</p> + +<p>A block can be passed optionally. The meaning of the arguments passed to the block varies depending on the implementation of the algorithm. The block may be called once or multiple times, or may not even be called.</p> + +<p>For the supported options, see the documentation for the ‘openssl genpkey’ utility command.</p> + +<h2 id="method-c-generate_parameters-label-Example">Example<span><a href="#method-c-generate_parameters-label-Example">¶</a> <a href="#top">↑</a></span></h2> + +<pre class="ruby"><span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_parameters</span>(<span class="ruby-string">"DSA"</span>, <span class="ruby-string">"dsa_paramgen_bits"</span> <span class="ruby-operator">=></span> <span class="ruby-value">2048</span>) +<span class="ruby-identifier">p</span> <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">p</span>.<span class="ruby-identifier">num_bits</span> <span class="ruby-comment">#=> 2048</span> +</pre> + + <div class="method-source-code" id="generate_parameters-source"> + <pre>static VALUE +ossl_pkey_s_generate_parameters(int argc, VALUE *argv, VALUE self) +{ + return pkey_generate(argc, argv, self, 1); +}</pre> + </div> + </div> + + + </div> + <div id="method-c-read" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -143,7 +218,7 @@ <h3 id="method-c-read-label-Parameters">Parameters<span><a href="#method-c-read-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> <ul><li> -<p>_string+ is a DER- or PEM-encoded string containing an arbitrary private or public key.</p> +<p><em>string</em> is a DER- or PEM-encoded string containing an arbitrary private or public key.</p> </li><li> <p><em>io</em> is an instance of <a href="../IO.html"><code>IO</code></a> containing a DER- or PEM-encoded arbitrary private or public key.</p> </li><li> @@ -159,30 +234,11 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self) VALUE data, pass; rb_scan_args(argc, argv, "11", &data, &pass); - pass = ossl_pem_passwd_value(pass); - bio = ossl_obj2bio(&data); - if ((pkey = d2i_PrivateKey_bio(bio, NULL))) - goto ok; - OSSL_BIO_reset(bio); - if ((pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, ossl_pem_passwd_cb, (void *)pass))) - goto ok; - OSSL_BIO_reset(bio); - if ((pkey = d2i_PUBKEY_bio(bio, NULL))) - goto ok; - OSSL_BIO_reset(bio); - /* PEM_read_bio_PrivateKey() also parses PKCS #8 formats */ - if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, (void *)pass))) - goto ok; - OSSL_BIO_reset(bio); - if ((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))) - goto ok; - - BIO_free(bio); - ossl_raise(ePKeyError, "Could not parse PKey"); - -ok: + pkey = ossl_pkey_read_generic(bio, ossl_pem_passwd_value(pass)); BIO_free(bio); + if (!pkey) + ossl_raise(ePKeyError, "Could not parse PKey"); return ossl_pkey_new(pkey); }</pre> </div> diff --git a/OpenSSL/PKey/DH.html b/OpenSSL/PKey/DH.html index fac868df..1a52a07b 100644 --- a/OpenSSL/PKey/DH.html +++ b/OpenSSL/PKey/DH.html @@ -105,7 +105,6 @@ <li ><a href="#method-i-to_der">#to_der</a> <li ><a href="#method-i-to_pem">#to_pem</a> <li ><a href="#method-i-to_s">#to_s</a> - <li ><a href="#method-i-to_text">#to_text</a> </ul> </div> @@ -138,13 +137,19 @@ <h3 id="class-OpenSSL::PKey::DH-label-Example+of+a+key+exchange">Example of a key exchange<span><a href="#class-OpenSSL::PKey::DH-label-Example+of+a+key+exchange">¶</a> <a href="#top">↑</a></span></h3> -<pre class="ruby"><span class="ruby-identifier">dh1</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) -<span class="ruby-identifier">der</span> = <span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">public_key</span>.<span class="ruby-identifier">to_der</span> <span class="ruby-comment">#you may send this publicly to the participating party</span> -<span class="ruby-identifier">dh2</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">der</span>) -<span class="ruby-identifier">dh2</span>.<span class="ruby-identifier">generate_key!</span> <span class="ruby-comment">#generate the per-session key pair</span> -<span class="ruby-identifier">symm_key1</span> = <span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">compute_key</span>(<span class="ruby-identifier">dh2</span>.<span class="ruby-identifier">pub_key</span>) -<span class="ruby-identifier">symm_key2</span> = <span class="ruby-identifier">dh2</span>.<span class="ruby-identifier">compute_key</span>(<span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">pub_key</span>) +<pre class="ruby"><span class="ruby-comment"># you may send the parameters (der) and own public key (pub1) publicly</span> +<span class="ruby-comment"># to the participating party</span> +<span class="ruby-identifier">dh1</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) +<span class="ruby-identifier">der</span> = <span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">to_der</span> +<span class="ruby-identifier">pub1</span> = <span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">pub_key</span> +<span class="ruby-comment"># the other party generates its per-session key pair</span> +<span class="ruby-identifier">dhparams</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">der</span>) +<span class="ruby-identifier">dh2</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-identifier">dhparams</span>) +<span class="ruby-identifier">pub2</span> = <span class="ruby-identifier">dh2</span>.<span class="ruby-identifier">pub_key</span> + +<span class="ruby-identifier">symm_key1</span> = <span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">compute_key</span>(<span class="ruby-identifier">pub2</span>) +<span class="ruby-identifier">symm_key2</span> = <span class="ruby-identifier">dh2</span>.<span class="ruby-identifier">compute_key</span>(<span class="ruby-identifier">pub1</span>) <span class="ruby-identifier">puts</span> <span class="ruby-identifier">symm_key1</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">symm_key2</span> <span class="ruby-comment"># => true</span> </pre> @@ -164,41 +169,32 @@ <div id="method-c-generate" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - generate(size [, generator]) → dh + generate(size, generator = 2) → dh </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Creates a new <a href="DH.html"><code>DH</code></a> instance from scratch by generating the private and public components alike.</p> + <p>Creates a new <a href="DH.html"><code>DH</code></a> instance from scratch by generating random parameters and a key pair.</p> -<h3 id="method-c-generate-label-Parameters">Parameters<span><a href="#method-c-generate-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>size</em> is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.</p> -</li><li> -<p><em>generator</em> is a small number > 1, typically 2 or 5.</p> -</li></ul> +<p>See also <a href="../PKey.html#method-c-generate_parameters"><code>OpenSSL::PKey.generate_parameters</code></a> and <a href="../PKey.html#method-c-generate_key"><code>OpenSSL::PKey.generate_key</code></a>.</p> +<dl class="rdoc-list note-list"><dt><code>size</code> +<dd> +<p>The desired key size in bits.</p> +</dd><dt><code>generator</code> +<dd> +<p>The generator.</p> +</dd></dl> <div class="method-source-code" id="generate-source"> - <pre>static VALUE -ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) -{ - DH *dh ; - int g = 2; - VALUE size, gen, obj; - - if (rb_scan_args(argc, argv, "11", &size, &gen) == 2) { - g = NUM2INT(gen); - } - dh = dh_generate(NUM2INT(size), g); - obj = dh_instance(klass, dh); - if (obj == Qfalse) { - DH_free(dh); - ossl_raise(eDHError, NULL); - } - - return obj; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 118</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">generate</span>(<span class="ruby-identifier">size</span>, <span class="ruby-identifier">generator</span> = <span class="ruby-value">2</span>, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) + <span class="ruby-identifier">dhparams</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_parameters</span>(<span class="ruby-string">"DH"</span>, { + <span class="ruby-string">"dh_paramgen_prime_len"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">size</span>, + <span class="ruby-string">"dh_paramgen_generator"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">generator</span>, + }, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-identifier">dhparams</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -224,25 +220,37 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) </div> <div class="method-description"> - <p>Either generates a <a href="DH.html"><code>DH</code></a> instance from scratch or by reading already existing <a href="DH.html"><code>DH</code></a> parameters from <em>string</em>. Note that when reading a <a href="DH.html"><code>DH</code></a> instance from data that was encoded from a <a href="DH.html"><code>DH</code></a> instance by using <a href="DH.html#method-i-to_pem"><code>DH#to_pem</code></a> or <a href="DH.html#method-i-to_der"><code>DH#to_der</code></a> the result will <strong>not</strong> contain a public/private key pair yet. This needs to be generated using <a href="DH.html#method-i-generate_key-21"><code>DH#generate_key!</code></a> first.</p> + <p>Creates a new instance of <a href="DH.html"><code>OpenSSL::PKey::DH</code></a>.</p> -<h3 id="method-c-new-label-Parameters">Parameters<span><a href="#method-c-new-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>size</em> is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.</p> -</li><li> -<p><em>generator</em> is a small number > 1, typically 2 or 5.</p> -</li><li> -<p><em>string</em> contains the DER or PEM encoded key.</p> -</li></ul> +<p>If called without arguments, an empty instance without any parameter or key components is created. Use <a href="DH.html#method-i-set_pqg"><code>set_pqg</code></a> to manually set the parameters afterwards (and optionally <a href="DH.html#method-i-set_key"><code>set_key</code></a> to set private and public key components).</p> + +<p>If a String is given, tries to parse it as a DER- or PEM- encoded parameters. See also <a href="../PKey.html#method-c-read"><code>OpenSSL::PKey.read</code></a> which can parse keys of any kinds.</p> + +<p>The <a href="DH.html#method-c-new"><code>DH.new</code></a>(size [, generator]) form is an alias of <a href="DH.html#method-c-generate"><code>DH.generate</code></a>.</p> +<dl class="rdoc-list note-list"><dt><code>string</code> +<dd> +<p>A String that contains the DER or PEM encoded key.</p> +</dd><dt><code>size</code> +<dd> +<p>See <a href="DH.html#method-c-generate"><code>DH.generate</code></a>.</p> +</dd><dt><code>generator</code> +<dd> +<p>See <a href="DH.html#method-c-generate"><code>DH.generate</code></a>.</p> +</dd></dl> + +<p>Examples:</p> -<h3 id="method-c-new-label-Examples">Examples<span><a href="#method-c-new-label-Examples">¶</a> <a href="#top">↑</a></span></h3> +<pre class="ruby"><span class="ruby-comment"># Creating an instance from scratch</span> +<span class="ruby-comment"># Note that this is deprecated and will not work on OpenSSL 3.0 or later.</span> +<span class="ruby-identifier">dh</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span> +<span class="ruby-identifier">dh</span>.<span class="ruby-identifier">set_pqg</span>(<span class="ruby-identifier">bn_p</span>, <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">bn_g</span>) -<pre class="ruby"><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span> <span class="ruby-comment"># -> dh</span> -<span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">1024</span>) <span class="ruby-comment"># -> dh</span> -<span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">1024</span>, <span class="ruby-value">5</span>) <span class="ruby-comment"># -> dh</span> -<span class="ruby-comment">#Reading DH parameters</span> -<span class="ruby-identifier">dh</span> = <span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'parameters.pem'</span>)) <span class="ruby-comment"># -> dh, but no public/private key yet</span> -<span class="ruby-identifier">dh</span>.<span class="ruby-identifier">generate_key!</span> <span class="ruby-comment"># -> dh with public and private key</span> +<span class="ruby-comment"># Generating a parameters and a key pair</span> +<span class="ruby-identifier">dh</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) <span class="ruby-comment"># An alias of OpenSSL::PKey::DH.generate(2048)</span> + +<span class="ruby-comment"># Reading DH parameters</span> +<span class="ruby-identifier">dh_params</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'parameters.pem'</span>)) <span class="ruby-comment"># loads parameters only</span> +<span class="ruby-identifier">dh</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-identifier">dh_params</span>) <span class="ruby-comment"># generates a key pair</span> </pre> <div class="method-source-code" id="new-source"> @@ -250,40 +258,57 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) ossl_dh_initialize(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; + int type; DH *dh; - int g = 2; - BIO *in; - VALUE arg, gen; - - GetPKey(self, pkey); - if(rb_scan_args(argc, argv, "02", &arg, &gen) == 0) { - dh = DH_new(); + BIO *in = NULL; + VALUE arg; + + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); + + /* The DH.new(size, generator) form is handled by lib/openssl/pkey.rb */ + if (rb_scan_args(argc, argv, "01", &arg) == 0) { + dh = DH_new(); + if (!dh) + ossl_raise(eDHError, "DH_new"); + goto legacy; } - else if (RB_INTEGER_TYPE_P(arg)) { - if (!NIL_P(gen)) { - g = NUM2INT(gen); - } - if (!(dh = dh_generate(NUM2INT(arg), g))) { - ossl_raise(eDHError, NULL); - } - } - else { - arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(&arg); - dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); - if (!dh){ - OSSL_BIO_reset(in); - dh = d2i_DHparams_bio(in, NULL); - } - BIO_free(in); - if (!dh) { - ossl_raise(eDHError, NULL); - } + + arg = ossl_to_der_if_possible(arg); + in = ossl_obj2bio(&arg); + + /* + * On OpenSSL <= 1.1.1 and current versions of LibreSSL, the generic + * routine does not support DER-encoded parameters + */ + dh = d2i_DHparams_bio(in, NULL); + if (dh) + goto legacy; + OSSL_BIO_reset(in); + + pkey = ossl_pkey_read_generic(in, Qnil); + BIO_free(in); + if (!pkey) + ossl_raise(eDHError, "could not parse pkey"); + + type = EVP_PKEY_base_id(pkey); + if (type != EVP_PKEY_DH) { + EVP_PKEY_free(pkey); + rb_raise(eDHError, "incorrect pkey type: %s", OBJ_nid2sn(type)); } - if (!EVP_PKEY_assign_DH(pkey, dh)) { + RTYPEDDATA_DATA(self) = pkey; + return self; + + legacy: + BIO_free(in); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) { + EVP_PKEY_free(pkey); DH_free(dh); - ossl_raise(eDHError, NULL); + ossl_raise(eDHError, "EVP_PKEY_assign_DH"); } + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> </div> @@ -302,13 +327,15 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self) <div id="method-i-compute_key" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - compute_key(pub_bn) → aString + compute_key(pub_bn) → string </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Returns a String containing a shared secret computed from the other party’s public value. See DH_compute_key() for further information.</p> + <p>Returns a String containing a shared secret computed from the other party’s public value.</p> + +<p>This method is provided for backwards compatibility, and calls <a href="PKey.html#method-i-derive"><code>derive</code></a> internally.</p> <h3 id="method-i-compute_key-label-Parameters">Parameters<span><a href="#method-i-compute_key-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> <ul><li> @@ -316,28 +343,22 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self) </li></ul> <div class="method-source-code" id="compute_key-source"> - <pre>static VALUE -ossl_dh_compute_key(VALUE self, VALUE pub) -{ - DH *dh; - const BIGNUM *pub_key, *dh_p; - VALUE str; - int len; - - GetDH(self, dh); - DH_get0_pqg(dh, &dh_p, NULL, NULL); - if (!dh_p) - ossl_raise(eDHError, "incomplete DH"); - pub_key = GetBNPtr(pub); - len = DH_size(dh); - str = rb_str_new(0, len); - if ((len = DH_compute_key((unsigned char *)RSTRING_PTR(str), pub_key, dh)) < 0) { - ossl_raise(eDHError, NULL); - } - rb_str_set_len(str, len); - - return str; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 49</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">compute_key</span>(<span class="ruby-identifier">pub_bn</span>) + <span class="ruby-comment"># FIXME: This is constructing an X.509 SubjectPublicKeyInfo and is very</span> + <span class="ruby-comment"># inefficient</span> + <span class="ruby-identifier">obj</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Sequence</span>([ + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Sequence</span>([ + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">ObjectId</span>(<span class="ruby-string">"dhKeyAgreement"</span>), + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Sequence</span>([ + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Integer</span>(<span class="ruby-identifier">p</span>), + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Integer</span>(<span class="ruby-identifier">g</span>), + ]), + ]), + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">BitString</span>(<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Integer</span>(<span class="ruby-identifier">pub_bn</span>).<span class="ruby-identifier">to_der</span>), + ]) + <span class="ruby-identifier">derive</span>(<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">obj</span>.<span class="ruby-identifier">to_der</span>)) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -393,27 +414,41 @@ ossl_dh_export(VALUE self) </div> <div class="method-description"> - <p>Generates a private and public key unless a private key already exists. If this <a href="DH.html"><code>DH</code></a> instance was generated from public <a href="DH.html"><code>DH</code></a> parameters (e.g. by encoding the result of <a href="DH.html#method-i-public_key"><code>DH#public_key</code></a>), then this method needs to be called first in order to generate the per-session keys before performing the actual key exchange.</p> + <p>Generates a private and public key unless a private key already exists. If this <a href="DH.html"><code>DH</code></a> instance was generated from public DH parameters (e.g. by encoding the result of <a href="DH.html#method-i-public_key"><code>DH#public_key</code></a>), then this method needs to be called first in order to generate the per-session keys before performing the actual key exchange.</p> -<h3 id="method-i-generate_key-21-label-Example">Example<span><a href="#method-i-generate_key-21-label-Example">¶</a> <a href="#top">↑</a></span></h3> +<p><strong>Deprecated in version 3.0</strong>. This method is incompatible with <a href="../../OpenSSL.html"><code>OpenSSL</code></a> 3.0.0 or later.</p> -<pre class="ruby"><span class="ruby-identifier">dh</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) -<span class="ruby-identifier">public_key</span> = <span class="ruby-identifier">dh</span>.<span class="ruby-identifier">public_key</span> <span class="ruby-comment">#contains no private/public key yet</span> -<span class="ruby-identifier">public_key</span>.<span class="ruby-identifier">generate_key!</span> -<span class="ruby-identifier">puts</span> <span class="ruby-identifier">public_key</span>.<span class="ruby-identifier">private?</span> <span class="ruby-comment"># => true</span> +<p>See also <a href="../PKey.html#method-c-generate_key"><code>OpenSSL::PKey.generate_key</code></a>.</p> + +<p>Example:</p> + +<pre class="ruby"><span class="ruby-comment"># DEPRECATED USAGE: This will not work on OpenSSL 3.0 or later</span> +<span class="ruby-identifier">dh0</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) +<span class="ruby-identifier">dh</span> = <span class="ruby-identifier">dh0</span>.<span class="ruby-identifier">public_key</span> <span class="ruby-comment"># #public_key only copies the DH parameters (contrary to the name)</span> +<span class="ruby-identifier">dh</span>.<span class="ruby-identifier">generate_key!</span> +<span class="ruby-identifier">puts</span> <span class="ruby-identifier">dh</span>.<span class="ruby-identifier">private?</span> <span class="ruby-comment"># => true</span> +<span class="ruby-identifier">puts</span> <span class="ruby-identifier">dh0</span>.<span class="ruby-identifier">pub_key</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">dh</span>.<span class="ruby-identifier">pub_key</span> <span class="ruby-comment">#=> false</span> + +<span class="ruby-comment"># With OpenSSL::PKey.generate_key</span> +<span class="ruby-identifier">dh0</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) +<span class="ruby-identifier">dh</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-identifier">dh0</span>) +<span class="ruby-identifier">puts</span> <span class="ruby-identifier">dh0</span>.<span class="ruby-identifier">pub_key</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">dh</span>.<span class="ruby-identifier">pub_key</span> <span class="ruby-comment">#=> false</span> </pre> <div class="method-source-code" id="generate_key-21-source"> - <pre>static VALUE -ossl_dh_generate_key(VALUE self) -{ - DH *dh; - - GetDH(self, dh); - if (!DH_generate_key(dh)) - ossl_raise(eDHError, "Failed to generate key"); - return self; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 91</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">generate_key!</span> + <span class="ruby-keyword">if</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">OPENSSL_VERSION_NUMBER</span> <span class="ruby-operator">>=</span> <span class="ruby-value">0x30000000</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">DHError</span>, <span class="ruby-string">"OpenSSL::PKey::DH is immutable on OpenSSL 3.0; "</span> \ + <span class="ruby-string">"use OpenSSL::PKey.generate_key instead"</span> + <span class="ruby-keyword">end</span> + + <span class="ruby-keyword">unless</span> <span class="ruby-identifier">priv_key</span> + <span class="ruby-identifier">tmp</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-keyword">self</span>) + <span class="ruby-identifier">set_key</span>(<span class="ruby-identifier">tmp</span>.<span class="ruby-identifier">pub_key</span>, <span class="ruby-identifier">tmp</span>.<span class="ruby-identifier">priv_key</span>) + <span class="ruby-keyword">end</span> + <span class="ruby-keyword">self</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -438,15 +473,14 @@ ossl_dh_initialize_copy(VALUE self, VALUE other) DH *dh, *dh_other; const BIGNUM *pub, *priv; - GetPKey(self, pkey); - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) - ossl_raise(eDHError, "DH already initialized"); + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); GetDH(other, dh_other); dh = DHparams_dup(dh_other); if (!dh) ossl_raise(eDHError, "DHparams_dup"); - EVP_PKEY_assign_DH(pkey, dh); DH_get0_key(dh_other, &pub, &priv); if (pub) { @@ -461,6 +495,13 @@ ossl_dh_initialize_copy(VALUE self, VALUE other) DH_set0_key(dh, pub2, priv2); } + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) { + EVP_PKEY_free(pkey); + DH_free(dh); + ossl_raise(eDHError, "EVP_PKEY_assign_DH"); + } + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> </div> @@ -518,19 +559,38 @@ ossl_dh_get_params(VALUE self) <div class="method-description"> <p>Validates the Diffie-Hellman parameters associated with this instance. It checks whether a safe prime and a suitable generator are used. If this is not the case, <code>false</code> is returned.</p> +<p>See also the man page EVP_PKEY_param_check(3).</p> + <div class="method-source-code" id="params_ok-3F-source"> <pre>static VALUE ossl_dh_check_params(VALUE self) { + int ret; +#ifdef HAVE_EVP_PKEY_CHECK + EVP_PKEY *pkey; + EVP_PKEY_CTX *pctx; + + GetPKey(self, pkey); + pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!pctx) + ossl_raise(eDHError, "EVP_PKEY_CTX_new"); + ret = EVP_PKEY_param_check(pctx); + EVP_PKEY_CTX_free(pctx); +#else DH *dh; int codes; GetDH(self, dh); - if (!DH_check(dh, &codes)) { + ret = DH_check(dh, &codes) == 1 && codes == 0; +#endif + + if (ret == 1) + return Qtrue; + else { + /* DH_check_ex() will put error entry on failure */ + ossl_clear_error(); return Qfalse; } - - return codes == 0 ? Qtrue : Qfalse; }</pre> </div> </div> @@ -603,38 +663,34 @@ ossl_dh_is_public(VALUE self) <div id="method-i-public_key" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - public_key → aDH + public_key → dhnew </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Returns a new <a href="DH.html"><code>DH</code></a> instance that carries just the public information, i.e. the prime <em>p</em> and the generator <em>g</em>, but no public/private key yet. Such a pair may be generated using <a href="DH.html#method-i-generate_key-21"><code>DH#generate_key!</code></a>. The “public key” needed for a key exchange with <a href="DH.html#method-i-compute_key"><code>DH#compute_key</code></a> is considered as per-session information and may be retrieved with DH#pub_key once a key pair has been generated. If the current instance already contains private information (and thus a valid public/private key pair), this information will no longer be present in the new instance generated by <a href="DH.html#method-i-public_key"><code>DH#public_key</code></a>. This feature is helpful for publishing the Diffie-Hellman parameters without leaking any of the private per-session information.</p> + <p>Returns a new <a href="DH.html"><code>DH</code></a> instance that carries just the DH parameters.</p> -<h3 id="method-i-public_key-label-Example">Example<span><a href="#method-i-public_key-label-Example">¶</a> <a href="#top">↑</a></span></h3> +<p>Contrary to the method name, the returned <a href="DH.html"><code>DH</code></a> object contains only parameters and not the public key.</p> -<pre class="ruby"><span class="ruby-identifier">dh</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) <span class="ruby-comment"># has public and private key set</span> -<span class="ruby-identifier">public_key</span> = <span class="ruby-identifier">dh</span>.<span class="ruby-identifier">public_key</span> <span class="ruby-comment"># contains only prime and generator</span> -<span class="ruby-identifier">parameters</span> = <span class="ruby-identifier">public_key</span>.<span class="ruby-identifier">to_der</span> <span class="ruby-comment"># it's safe to publish this</span> -</pre> +<p>This method is provided for backwards compatibility. In most cases, there is no need to call this method.</p> - <div class="method-source-code" id="public_key-source"> - <pre>static VALUE -ossl_dh_to_public_key(VALUE self) -{ - DH *orig_dh, *dh; - VALUE obj; +<p>For the purpose of re-generating the key pair while keeping the parameters, check <a href="../PKey.html#method-c-generate_key"><code>OpenSSL::PKey.generate_key</code></a>.</p> - GetDH(self, orig_dh); - dh = DHparams_dup(orig_dh); /* err check perfomed by dh_instance */ - obj = dh_instance(rb_obj_class(self), dh); - if (obj == Qfalse) { - DH_free(dh); - ossl_raise(eDHError, NULL); - } +<p>Example:</p> - return obj; -}</pre> +<pre class="ruby"><span class="ruby-comment"># OpenSSL::PKey::DH.generate by default generates a random key pair</span> +<span class="ruby-identifier">dh1</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">generate</span>(<span class="ruby-value">2048</span>) +<span class="ruby-identifier">p</span> <span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">priv_key</span> <span class="ruby-comment">#=> #<OpenSSL::BN 1288347...></span> +<span class="ruby-identifier">dhcopy</span> = <span class="ruby-identifier">dh1</span>.<span class="ruby-identifier">public_key</span> +<span class="ruby-identifier">p</span> <span class="ruby-identifier">dhcopy</span>.<span class="ruby-identifier">priv_key</span> <span class="ruby-comment">#=> nil</span> +</pre> + + <div class="method-source-code" id="public_key-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 33</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_key</span> + <span class="ruby-constant">DH</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">to_der</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -744,43 +800,6 @@ ossl_dh_to_der(VALUE self) </div> </div> - <div id="method-i-to_text" class="method-detail "> - <div class="method-heading"> - <span class="method-callseq"> - to_text → aString - </span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - <p>Prints all parameters of key to buffer INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use :-)) (I’s up to you)</p> - - <div class="method-source-code" id="to_text-source"> - <pre>static VALUE -ossl_dh_to_text(VALUE self) -{ - DH *dh; - BIO *out; - VALUE str; - - GetDH(self, dh); - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eDHError, NULL); - } - if (!DHparams_print(out, dh)) { - BIO_free(out); - ossl_raise(eDHError, NULL); - } - str = ossl_membio2str(out); - - return str; -}</pre> - </div> - </div> - - - </div> - </section> </section> diff --git a/OpenSSL/PKey/DSA.html b/OpenSSL/PKey/DSA.html index 7a64485f..c969c747 100644 --- a/OpenSSL/PKey/DSA.html +++ b/OpenSSL/PKey/DSA.html @@ -95,7 +95,6 @@ <li ><a href="#method-i-to_der">#to_der</a> <li ><a href="#method-i-to_pem">#to_pem</a> <li ><a href="#method-i-to_s">#to_s</a> - <li ><a href="#method-i-to_text">#to_text</a> </ul> </div> @@ -135,25 +134,20 @@ <div class="method-description"> <p>Creates a new <a href="DSA.html"><code>DSA</code></a> instance by generating a private/public key pair from scratch.</p> -<h3 id="method-c-generate-label-Parameters">Parameters<span><a href="#method-c-generate-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>size</em> is an integer representing the desired key size.</p> -</li></ul> +<p>See also <a href="../PKey.html#method-c-generate_parameters"><code>OpenSSL::PKey.generate_parameters</code></a> and <a href="../PKey.html#method-c-generate_key"><code>OpenSSL::PKey.generate_key</code></a>.</p> +<dl class="rdoc-list note-list"><dt><code>size</code> +<dd> +<p>The desired key size in bits.</p> +</dd></dl> <div class="method-source-code" id="generate-source"> - <pre>static VALUE -ossl_dsa_s_generate(VALUE klass, VALUE size) -{ - DSA *dsa = dsa_generate(NUM2INT(size)); /* err handled by dsa_instance */ - VALUE obj = dsa_instance(klass, dsa); - - if (obj == Qfalse) { - DSA_free(dsa); - ossl_raise(eDSAError, NULL); - } - - return obj; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 169</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">generate</span>(<span class="ruby-identifier">size</span>, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) + <span class="ruby-identifier">dsaparams</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_parameters</span>(<span class="ruby-string">"DSA"</span>, { + <span class="ruby-string">"dsa_paramgen_bits"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">size</span>, + }, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-identifier">dsaparams</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -169,33 +163,45 @@ ossl_dsa_s_generate(VALUE klass, VALUE size) </div> <div class="method-heading"> <span class="method-callseq"> - new(size) → dsa + new(string [, pass]) → dsa </span> </div> <div class="method-heading"> <span class="method-callseq"> - new(string [, pass]) → dsa + new(size) → dsa </span> </div> <div class="method-description"> <p>Creates a new <a href="DSA.html"><code>DSA</code></a> instance by reading an existing key from <em>string</em>.</p> -<h3 id="method-c-new-label-Parameters">Parameters<span><a href="#method-c-new-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>size</em> is an integer representing the desired key size.</p> -</li><li> -<p><em>string</em> contains a DER or PEM encoded key.</p> -</li><li> -<p><em>pass</em> is a string that contains an optional password.</p> -</li></ul> +<p>If called without arguments, creates a new instance with no key components set. They can be set individually by <a href="DSA.html#method-i-set_pqg"><code>set_pqg</code></a> and <a href="DSA.html#method-i-set_key"><code>set_key</code></a>.</p> + +<p>If called with a String, tries to parse as DER or PEM encoding of a DSA key. See also <a href="../PKey.html#method-c-read"><code>OpenSSL::PKey.read</code></a> which can parse keys of any kinds.</p> -<h3 id="method-c-new-label-Examples">Examples<span><a href="#method-c-new-label-Examples">¶</a> <a href="#top">↑</a></span></h3> +<p>If called with a number, generates random parameters and a key pair. This form works as an alias of <a href="DSA.html#method-c-generate"><code>DSA.generate</code></a>.</p> +<dl class="rdoc-list note-list"><dt><code>string</code> +<dd> +<p>A String that contains a DER or PEM encoded key.</p> +</dd><dt><code>pass</code> +<dd> +<p>A String that contains an optional password.</p> +</dd><dt><code>size</code> +<dd> +<p>See <a href="DSA.html#method-c-generate"><code>DSA.generate</code></a>.</p> +</dd></dl> -<pre>DSA.new -> dsa -DSA.new(1024) -> dsa -DSA.new(File.read('dsa.pem')) -> dsa -DSA.new(File.read('dsa.pem'), 'mypassword') -> dsa</pre> +<p>Examples:</p> + +<pre class="ruby"><span class="ruby-identifier">p</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">1024</span>) +<span class="ruby-comment">#=> #<OpenSSL::PKey::DSA:0x000055a8d6025bf0 oid=DSA></span> + +<span class="ruby-identifier">p</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'dsa.pem'</span>)) +<span class="ruby-comment">#=> #<OpenSSL::PKey::DSA:0x000055555d6b8110 oid=DSA></span> + +<span class="ruby-identifier">p</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">'dsa.pem'</span>), <span class="ruby-string">'mypassword'</span>) +<span class="ruby-comment">#=> #<OpenSSL::PKey::DSA:0x0000556f973c40b8 oid=DSA></span> +</pre> <div class="method-source-code" id="new-source"> <pre>static VALUE @@ -203,53 +209,57 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; DSA *dsa; - BIO *in; + BIO *in = NULL; VALUE arg, pass; + int type; + + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); - GetPKey(self, pkey); - if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) { + /* The DSA.new(size, generator) form is handled by lib/openssl/pkey.rb */ + rb_scan_args(argc, argv, "02", &arg, &pass); + if (argc == 0) { dsa = DSA_new(); + if (!dsa) + ossl_raise(eDSAError, "DSA_new"); + goto legacy; } - else if (RB_INTEGER_TYPE_P(arg)) { - if (!(dsa = dsa_generate(NUM2INT(arg)))) { - ossl_raise(eDSAError, NULL); - } - } - else { - pass = ossl_pem_passwd_value(pass); - arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(&arg); - dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); - if (!dsa) { - OSSL_BIO_reset(in); - dsa = PEM_read_bio_DSA_PUBKEY(in, NULL, NULL, NULL); - } - if (!dsa) { - OSSL_BIO_reset(in); - dsa = d2i_DSAPrivateKey_bio(in, NULL); - } - if (!dsa) { - OSSL_BIO_reset(in); - dsa = d2i_DSA_PUBKEY_bio(in, NULL); - } - if (!dsa) { - OSSL_BIO_reset(in); -#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (d2i_of_void *)d2i_DSAPublicKey, PEM_STRING_DSA_PUBLIC, (bp), (void **)(x), (cb), (u)) - dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL); -#undef PEM_read_bio_DSAPublicKey - } - BIO_free(in); - if (!dsa) { - ossl_clear_error(); - ossl_raise(eDSAError, "Neither PUB key nor PRIV key"); - } + + pass = ossl_pem_passwd_value(pass); + arg = ossl_to_der_if_possible(arg); + in = ossl_obj2bio(&arg); + + /* DER-encoded DSAPublicKey format isn't supported by the generic routine */ + dsa = (DSA *)PEM_ASN1_read_bio((d2i_of_void *)d2i_DSAPublicKey, + PEM_STRING_DSA_PUBLIC, + in, NULL, NULL, NULL); + if (dsa) + goto legacy; + OSSL_BIO_reset(in); + + pkey = ossl_pkey_read_generic(in, pass); + BIO_free(in); + if (!pkey) + ossl_raise(eDSAError, "Neither PUB key nor PRIV key"); + + type = EVP_PKEY_base_id(pkey); + if (type != EVP_PKEY_DSA) { + EVP_PKEY_free(pkey); + rb_raise(eDSAError, "incorrect pkey type: %s", OBJ_nid2sn(type)); } - if (!EVP_PKEY_assign_DSA(pkey, dsa)) { + RTYPEDDATA_DATA(self) = pkey; + return self; + + legacy: + BIO_free(in); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_DSA(pkey, dsa) != 1) { + EVP_PKEY_free(pkey); DSA_free(dsa); - ossl_raise(eDSAError, NULL); + ossl_raise(eDSAError, "EVP_PKEY_assign_DSA"); } - + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> </div> @@ -293,34 +303,12 @@ DSA.to_pem(cipher, 'mypassword') -> aString</pre> ossl_dsa_export(int argc, VALUE *argv, VALUE self) { DSA *dsa; - BIO *out; - const EVP_CIPHER *ciph = NULL; - VALUE cipher, pass, str; GetDSA(self, dsa); - rb_scan_args(argc, argv, "02", &cipher, &pass); - if (!NIL_P(cipher)) { - ciph = ossl_evp_get_cipherbyname(cipher); - pass = ossl_pem_passwd_value(pass); - } - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eDSAError, NULL); - } - if (DSA_HAS_PRIVATE(dsa)) { - if (!PEM_write_bio_DSAPrivateKey(out, dsa, ciph, NULL, 0, - ossl_pem_passwd_cb, (void *)pass)){ - BIO_free(out); - ossl_raise(eDSAError, NULL); - } - } else { - if (!PEM_write_bio_DSA_PUBKEY(out, dsa)) { - BIO_free(out); - ossl_raise(eDSAError, NULL); - } - } - str = ossl_membio2str(out); - - return str; + if (DSA_HAS_PRIVATE(dsa)) + return ossl_pkey_export_traditional(argc, argv, self, 0); + else + return ossl_pkey_export_spki(self, 0); }</pre> </div> </div> @@ -348,16 +336,24 @@ ossl_dsa_initialize_copy(VALUE self, VALUE other) EVP_PKEY *pkey; DSA *dsa, *dsa_new; - GetPKey(self, pkey); - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) - ossl_raise(eDSAError, "DSA already initialized"); + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); GetDSA(other, dsa); - dsa_new = ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, (d2i_of_void *)d2i_DSAPrivateKey, (char *)dsa); + dsa_new = (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, + (d2i_of_void *)d2i_DSAPrivateKey, + (char *)dsa); if (!dsa_new) ossl_raise(eDSAError, "ASN1_dup"); - EVP_PKEY_assign_DSA(pkey, dsa_new); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_DSA(pkey, dsa_new) != 1) { + EVP_PKEY_free(pkey); + DSA_free(dsa_new); + ossl_raise(eDSAError, "EVP_PKEY_assign_DSA"); + } + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> @@ -464,42 +460,23 @@ ossl_dsa_is_public(VALUE self) <div id="method-i-public_key" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - public_key → aDSA + public_key → dsanew </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Returns a new <a href="DSA.html"><code>DSA</code></a> instance that carries just the public key information. If the current instance has also private key information, this will no longer be present in the new instance. This feature is helpful for publishing the public key information without leaking any of the private information.</p> + <p>Returns a new <a href="DSA.html"><code>DSA</code></a> instance that carries just the DSA parameters and the public key.</p> -<h3 id="method-i-public_key-label-Example">Example<span><a href="#method-i-public_key-label-Example">¶</a> <a href="#top">↑</a></span></h3> +<p>This method is provided for backwards compatibility. In most cases, there is no need to call this method.</p> -<pre class="ruby"><span class="ruby-identifier">dsa</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) <span class="ruby-comment"># has public and private information</span> -<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">dsa</span>.<span class="ruby-identifier">public_key</span> <span class="ruby-comment"># has only the public part available</span> -<span class="ruby-identifier">pub_key_der</span> = <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">to_der</span> <span class="ruby-comment"># it's safe to publish this</span> -</pre> +<p>For the purpose of serializing the public key, to PEM or DER encoding of X.509 SubjectPublicKeyInfo format, check <a href="PKey.html#method-i-public_to_pem"><code>PKey#public_to_pem</code></a> and <a href="PKey.html#method-i-public_to_der"><code>PKey#public_to_der</code></a>.</p> <div class="method-source-code" id="public_key-source"> - <pre>static VALUE -ossl_dsa_to_public_key(VALUE self) -{ - EVP_PKEY *pkey; - DSA *dsa; - VALUE obj; - - GetPKeyDSA(self, pkey); - /* err check performed by dsa_instance */ -#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \ - (i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa)) - dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey)); -#undef DSAPublicKey_dup - obj = dsa_instance(rb_obj_class(self), dsa); - if (obj == Qfalse) { - DSA_free(dsa); - ossl_raise(eDSAError, NULL); - } - return obj; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 153</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_key</span> + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">public_to_der</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -539,53 +516,46 @@ ossl_dsa_to_public_key(VALUE self) <div id="method-i-syssign" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - syssign(string) → aString + syssign(string) → string </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Computes and returns the <a href="DSA.html"><code>DSA</code></a> signature of <em>string</em>, where <em>string</em> is expected to be an already-computed message digest of the original input data. The signature is issued using the private key of this <a href="DSA.html"><code>DSA</code></a> instance.</p> + <p>Computes and returns the DSA signature of <code>string</code>, where <code>string</code> is expected to be an already-computed message digest of the original input data. The signature is issued using the private key of this <a href="DSA.html"><code>DSA</code></a> instance.</p> -<h3 id="method-i-syssign-label-Parameters">Parameters<span><a href="#method-i-syssign-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>string</em> is a message digest of the original input data to be signed.</p> -</li></ul> +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a> instead.</p> +<dl class="rdoc-list note-list"><dt><code>string</code> +<dd> +<p>A message digest of the original input data to be signed.</p> +</dd></dl> -<h3 id="method-i-syssign-label-Example">Example<span><a href="#method-i-syssign-label-Example">¶</a> <a href="#top">↑</a></span></h3> +<p>Example:</p> <pre class="ruby"><span class="ruby-identifier">dsa</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) <span class="ruby-identifier">doc</span> = <span class="ruby-string">"Sign me"</span> <span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">'SHA1'</span>, <span class="ruby-identifier">doc</span>) + +<span class="ruby-comment"># With legacy #syssign and #sysverify:</span> <span class="ruby-identifier">sig</span> = <span class="ruby-identifier">dsa</span>.<span class="ruby-identifier">syssign</span>(<span class="ruby-identifier">digest</span>) +<span class="ruby-identifier">p</span> <span class="ruby-identifier">dsa</span>.<span class="ruby-identifier">sysverify</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">sig</span>) <span class="ruby-comment">#=> true</span> + +<span class="ruby-comment"># With #sign_raw and #verify_raw:</span> +<span class="ruby-identifier">sig</span> = <span class="ruby-identifier">dsa</span>.<span class="ruby-identifier">sign_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">digest</span>) +<span class="ruby-identifier">p</span> <span class="ruby-identifier">dsa</span>.<span class="ruby-identifier">verify_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">sig</span>, <span class="ruby-identifier">digest</span>) <span class="ruby-comment">#=> true</span> </pre> <div class="method-source-code" id="syssign-source"> - <pre>static VALUE -ossl_dsa_sign(VALUE self, VALUE data) -{ - DSA *dsa; - const BIGNUM *dsa_q; - unsigned int buf_len; - VALUE str; - - GetDSA(self, dsa); - DSA_get0_pqg(dsa, NULL, &dsa_q, NULL); - if (!dsa_q) - ossl_raise(eDSAError, "incomplete DSA"); - if (!DSA_PRIVATE(self, dsa)) - ossl_raise(eDSAError, "Private DSA key needed!"); - StringValue(data); - str = rb_str_new(0, DSA_size(dsa)); - if (!DSA_sign(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data), - (unsigned char *)RSTRING_PTR(str), - &buf_len, dsa)) { /* type is ignored (0) */ - ossl_raise(eDSAError, NULL); - } - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 212</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">syssign</span>(<span class="ruby-identifier">string</span>) + <span class="ruby-identifier">q</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSAError</span>, <span class="ruby-string">"incomplete DSA"</span> + <span class="ruby-identifier">private?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSAError</span>, <span class="ruby-string">"Private DSA key needed!"</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">sign_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">string</span>) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -601,46 +571,24 @@ ossl_dsa_sign(VALUE self, VALUE data) </div> <div class="method-description"> - <p>Verifies whether the signature is valid given the message digest input. It does so by validating <em>sig</em> using the public key of this <a href="DSA.html"><code>DSA</code></a> instance.</p> + <p>Verifies whether the signature is valid given the message digest input. It does so by validating <code>sig</code> using the public key of this <a href="DSA.html"><code>DSA</code></a> instance.</p> -<h3 id="method-i-sysverify-label-Parameters">Parameters<span><a href="#method-i-sysverify-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> -<ul><li> -<p><em>digest</em> is a message digest of the original input data to be signed</p> -</li><li> -<p><em>sig</em> is a <a href="DSA.html"><code>DSA</code></a> signature value</p> -</li></ul> - -<h3 id="method-i-sysverify-label-Example">Example<span><a href="#method-i-sysverify-label-Example">¶</a> <a href="#top">↑</a></span></h3> - -<pre class="ruby"><span class="ruby-identifier">dsa</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) -<span class="ruby-identifier">doc</span> = <span class="ruby-string">"Sign me"</span> -<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">'SHA1'</span>, <span class="ruby-identifier">doc</span>) -<span class="ruby-identifier">sig</span> = <span class="ruby-identifier">dsa</span>.<span class="ruby-identifier">syssign</span>(<span class="ruby-identifier">digest</span>) -<span class="ruby-identifier">puts</span> <span class="ruby-identifier">dsa</span>.<span class="ruby-identifier">sysverify</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">sig</span>) <span class="ruby-comment"># => true</span> -</pre> +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a> instead.</p> +<dl class="rdoc-list note-list"><dt><code>digest</code> +<dd> +<p>A message digest of the original input data to be signed.</p> +</dd><dt><code>sig</code> +<dd> +<p>A DSA signature value.</p> +</dd></dl> <div class="method-source-code" id="sysverify-source"> - <pre>static VALUE -ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) -{ - DSA *dsa; - int ret; - - GetDSA(self, dsa); - StringValue(digest); - StringValue(sig); - /* type is ignored (0) */ - ret = DSA_verify(0, (unsigned char *)RSTRING_PTR(digest), RSTRING_LENINT(digest), - (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), dsa); - if (ret < 0) { - ossl_raise(eDSAError, NULL); - } - else if (ret == 1) { - return Qtrue; - } - - return Qfalse; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 235</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">sysverify</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">sig</span>) + <span class="ruby-identifier">verify_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">sig</span>, <span class="ruby-identifier">digest</span>) +<span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">DSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -663,25 +611,12 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) ossl_dsa_to_der(VALUE self) { DSA *dsa; - int (*i2d_func)(DSA *, unsigned char **); - unsigned char *p; - long len; - VALUE str; GetDSA(self, dsa); - if(DSA_HAS_PRIVATE(dsa)) - i2d_func = (int (*)(DSA *,unsigned char **))i2d_DSAPrivateKey; + if (DSA_HAS_PRIVATE(dsa)) + return ossl_pkey_export_traditional(0, NULL, self, 1); else - i2d_func = i2d_DSA_PUBKEY; - if((len = i2d_func(dsa, NULL)) <= 0) - ossl_raise(eDSAError, NULL); - str = rb_str_new(0, len); - p = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(dsa, &p) < 0) - ossl_raise(eDSAError, NULL); - ossl_str_adjust(str, p); - - return str; + return ossl_pkey_export_spki(self, 1); }</pre> </div> </div> @@ -749,43 +684,6 @@ DSA.to_pem(cipher, 'mypassword') -> aString</pre> </div> </div> - <div id="method-i-to_text" class="method-detail "> - <div class="method-heading"> - <span class="method-callseq"> - to_text → aString - </span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - <p>Prints all parameters of key to buffer INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use :-)) (I’s up to you)</p> - - <div class="method-source-code" id="to_text-source"> - <pre>static VALUE -ossl_dsa_to_text(VALUE self) -{ - DSA *dsa; - BIO *out; - VALUE str; - - GetDSA(self, dsa); - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eDSAError, NULL); - } - if (!DSA_print(out, dsa, 0)) { /* offset = 0 */ - BIO_free(out); - ossl_raise(eDSAError, NULL); - } - str = ossl_membio2str(out); - - return str; -}</pre> - </div> - </div> - - - </div> - </section> </section> diff --git a/OpenSSL/PKey/EC.html b/OpenSSL/PKey/EC.html index 4645a2da..22612699 100644 --- a/OpenSSL/PKey/EC.html +++ b/OpenSSL/PKey/EC.html @@ -103,7 +103,6 @@ <li ><a href="#method-i-public_key-3F">#public_key?</a> <li ><a href="#method-i-to_der">#to_der</a> <li ><a href="#method-i-to_pem">#to_pem</a> - <li ><a href="#method-i-to_text">#to_text</a> </ul> </div> @@ -221,16 +220,20 @@ <pre>static VALUE ossl_ec_key_s_generate(VALUE klass, VALUE arg) { + EVP_PKEY *pkey; EC_KEY *ec; VALUE obj; - ec = ec_key_new_from_group(arg); + obj = rb_obj_alloc(klass); - obj = ec_instance(klass, ec); - if (obj == Qfalse) { + ec = ec_key_new_from_group(arg); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_EC_KEY(pkey, ec) != 1) { + EVP_PKEY_free(pkey); EC_KEY_free(ec); - ossl_raise(eECError, NULL); + ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY"); } + RTYPEDDATA_DATA(obj) = pkey; if (!EC_KEY_generate_key(ec)) ossl_raise(eECError, "EC_KEY_generate_key"); @@ -284,57 +287,53 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) { EVP_PKEY *pkey; EC_KEY *ec; + BIO *in; VALUE arg, pass; + int type; - GetPKey(self, pkey); - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) - ossl_raise(eECError, "EC_KEY already initialized"); + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); rb_scan_args(argc, argv, "02", &arg, &pass); - if (NIL_P(arg)) { if (!(ec = EC_KEY_new())) - ossl_raise(eECError, NULL); - } else if (rb_obj_is_kind_of(arg, cEC)) { - EC_KEY *other_ec = NULL; - - GetEC(arg, other_ec); - if (!(ec = EC_KEY_dup(other_ec))) - ossl_raise(eECError, NULL); - } else if (rb_obj_is_kind_of(arg, cEC_GROUP)) { + ossl_raise(eECError, "EC_KEY_new"); + goto legacy; + } + else if (rb_obj_is_kind_of(arg, cEC_GROUP)) { ec = ec_key_new_from_group(arg); - } else { - BIO *in; - - pass = ossl_pem_passwd_value(pass); - in = ossl_obj2bio(&arg); - - ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); - if (!ec) { - OSSL_BIO_reset(in); - ec = PEM_read_bio_EC_PUBKEY(in, NULL, ossl_pem_passwd_cb, (void *)pass); - } - if (!ec) { - OSSL_BIO_reset(in); - ec = d2i_ECPrivateKey_bio(in, NULL); - } - if (!ec) { - OSSL_BIO_reset(in); - ec = d2i_EC_PUBKEY_bio(in, NULL); - } - BIO_free(in); - - if (!ec) { - ossl_clear_error(); - ec = ec_key_new_from_group(arg); - } + goto legacy; } - if (!EVP_PKEY_assign_EC_KEY(pkey, ec)) { + pass = ossl_pem_passwd_value(pass); + arg = ossl_to_der_if_possible(arg); + in = ossl_obj2bio(&arg); + + pkey = ossl_pkey_read_generic(in, pass); + BIO_free(in); + if (!pkey) { + ossl_clear_error(); + ec = ec_key_new_from_group(arg); + goto legacy; + } + + type = EVP_PKEY_base_id(pkey); + if (type != EVP_PKEY_EC) { + EVP_PKEY_free(pkey); + rb_raise(eDSAError, "incorrect pkey type: %s", OBJ_nid2sn(type)); + } + RTYPEDDATA_DATA(self) = pkey; + return self; + + legacy: + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_EC_KEY(pkey, ec) != 1) { + EVP_PKEY_free(pkey); EC_KEY_free(ec); ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY"); } - + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> </div> @@ -361,16 +360,31 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div class="method-description"> <p>Raises an exception if the key is invalid.</p> -<p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for EC_KEY_check_key()</p> +<p>See also the man page EVP_PKEY_public_check(3).</p> <div class="method-source-code" id="check_key-source"> <pre>static VALUE ossl_ec_key_check_key(VALUE self) { +#ifdef HAVE_EVP_PKEY_CHECK + EVP_PKEY *pkey; + EVP_PKEY_CTX *pctx; + int ret; + + GetPKey(self, pkey); + pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!pctx) + ossl_raise(eDHError, "EVP_PKEY_CTX_new"); + ret = EVP_PKEY_public_check(pctx); + EVP_PKEY_CTX_free(pctx); + if (ret != 1) + ossl_raise(eECError, "EVP_PKEY_public_check"); +#else EC_KEY *ec; GetEC(self, ec); if (EC_KEY_check_key(ec) != 1) ossl_raise(eECError, "EC_KEY_check_key"); +#endif return Qtrue; }</pre> @@ -383,37 +397,28 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div id="method-i-dh_compute_key" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - dh_compute_key(pubkey) → String + dh_compute_key(pubkey) → string </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for ECDH_compute_key()</p> + <p>Derives a shared secret by ECDH. <em>pubkey</em> must be an instance of <a href="EC/Point.html"><code>OpenSSL::PKey::EC::Point</code></a> and must belong to the same group.</p> - <div class="method-source-code" id="dh_compute_key-source"> - <pre>static VALUE ossl_ec_key_dh_compute_key(VALUE self, VALUE pubkey) -{ - EC_KEY *ec; - EC_POINT *point; - int buf_len; - VALUE str; - - GetEC(self, ec); - GetECPoint(pubkey, point); - -/* BUG: need a way to figure out the maximum string size */ - buf_len = 1024; - str = rb_str_new(0, buf_len); -/* BUG: take KDF as a block */ - buf_len = ECDH_compute_key(RSTRING_PTR(str), buf_len, point, ec, NULL); - if (buf_len < 0) - ossl_raise(eECError, "ECDH_compute_key"); +<p>This method is provided for backwards compatibility, and calls <a href="PKey.html#method-i-derive"><code>derive</code></a> internally.</p> - rb_str_resize(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="dh_compute_key-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 276</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">dh_compute_key</span>(<span class="ruby-identifier">pubkey</span>) + <span class="ruby-identifier">obj</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Sequence</span>([ + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">Sequence</span>([ + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">ObjectId</span>(<span class="ruby-string">"id-ecPublicKey"</span>), + <span class="ruby-identifier">group</span>.<span class="ruby-identifier">to_der</span>, + ]), + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">ASN1</span>.<span class="ruby-constant">BitString</span>(<span class="ruby-identifier">pubkey</span>.<span class="ruby-identifier">to_octet_string</span>(<span class="ruby-value">:uncompressed</span>)), + ]) + <span class="ruby-identifier">derive</span>(<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">obj</span>.<span class="ruby-identifier">to_der</span>)) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -423,34 +428,21 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div id="method-i-dsa_sign_asn1" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - dsa_sign_asn1(data) → String + dsa_sign_asn1(data) → String </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for ECDSA_sign()</p> + <p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a> instead.</p> <div class="method-source-code" id="dsa_sign_asn1-source"> - <pre>static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data) -{ - EC_KEY *ec; - unsigned int buf_len; - VALUE str; - - GetEC(self, ec); - StringValue(data); - - if (EC_KEY_get0_private_key(ec) == NULL) - ossl_raise(eECError, "Private EC key needed!"); - - str = rb_str_new(0, ECDSA_size(ec)); - if (ECDSA_sign(0, (unsigned char *) RSTRING_PTR(data), RSTRING_LENINT(data), (unsigned char *) RSTRING_PTR(str), &buf_len, ec) != 1) - ossl_raise(eECError, "ECDSA_sign"); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 251</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">dsa_sign_asn1</span>(<span class="ruby-identifier">data</span>) + <span class="ruby-identifier">sign_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">ECError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -460,33 +452,21 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div id="method-i-dsa_verify_asn1" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - dsa_verify_asn1(data, sig) → true or false + dsa_verify_asn1(data, sig) → true | false </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for ECDSA_verify()</p> + <p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a> instead.</p> <div class="method-source-code" id="dsa_verify_asn1-source"> - <pre>static VALUE ossl_ec_key_dsa_verify_asn1(VALUE self, VALUE data, VALUE sig) -{ - EC_KEY *ec; - - GetEC(self, ec); - StringValue(data); - StringValue(sig); - - switch (ECDSA_verify(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data), - (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), ec)) { - case 1: - return Qtrue; - case 0: - return Qfalse; - default: - ossl_raise(eECError, "ECDSA_verify"); - } -}</pre> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 262</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">dsa_verify_asn1</span>(<span class="ruby-identifier">data</span>, <span class="ruby-identifier">sig</span>) + <span class="ruby-identifier">verify_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">sig</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">ECError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -505,11 +485,16 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <p>Outputs the <a href="EC.html"><code>EC</code></a> key in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt the key. <em>cipher</em> must be an <a href="../Cipher.html"><code>OpenSSL::Cipher</code></a> instance. Note that encryption will only be effective for a private key, public keys will always be encoded in plain text.</p> <div class="method-source-code" id="export-source"> - <pre>static VALUE ossl_ec_key_export(int argc, VALUE *argv, VALUE self) + <pre>static VALUE +ossl_ec_key_export(int argc, VALUE *argv, VALUE self) { - VALUE cipher, passwd; - rb_scan_args(argc, argv, "02", &cipher, &passwd); - return ossl_ec_key_to_string(self, cipher, passwd, EXPORT_PEM); + EC_KEY *ec; + + GetEC(self, ec); + if (EC_KEY_get0_private_key(ec)) + return ossl_pkey_export_traditional(argc, argv, self, 0); + else + return ossl_pkey_export_spki(self, 0); }</pre> </div> </div> @@ -570,6 +555,9 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div class="method-source-code" id="generate_key-21-source"> <pre>static VALUE ossl_ec_key_generate_key(VALUE self) { +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0"); +#else EC_KEY *ec; GetEC(self, ec); @@ -577,6 +565,7 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) ossl_raise(eECError, "EC_KEY_generate_key"); return self; +#endif }</pre> </div> </div> @@ -633,6 +622,9 @@ ossl_ec_key_get_group(VALUE self) <pre>static VALUE ossl_ec_key_set_group(VALUE self, VALUE group_v) { +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0"); +#else EC_KEY *ec; EC_GROUP *group; @@ -643,6 +635,7 @@ ossl_ec_key_set_group(VALUE self, VALUE group_v) ossl_raise(eECError, "EC_KEY_set_group"); return group_v; +#endif }</pre> </div> </div> @@ -667,18 +660,21 @@ ossl_ec_key_initialize_copy(VALUE self, VALUE other) EVP_PKEY *pkey; EC_KEY *ec, *ec_new; - GetPKey(self, pkey); - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) - ossl_raise(eECError, "EC already initialized"); + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); GetEC(other, ec); ec_new = EC_KEY_dup(ec); if (!ec_new) ossl_raise(eECError, "EC_KEY_dup"); - if (!EVP_PKEY_assign_EC_KEY(pkey, ec_new)) { + + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_EC_KEY(pkey, ec_new) != 1) { EC_KEY_free(ec_new); ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY"); } + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> @@ -760,6 +756,9 @@ ossl_ec_key_initialize_copy(VALUE self, VALUE other) <div class="method-source-code" id="private_key-3D-source"> <pre>static VALUE ossl_ec_key_set_private_key(VALUE self, VALUE private_key) { +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0"); +#else EC_KEY *ec; BIGNUM *bn = NULL; @@ -773,11 +772,13 @@ ossl_ec_key_initialize_copy(VALUE self, VALUE other) case 0: if (bn == NULL) break; + /* fallthrough */ default: ossl_raise(eECError, "EC_KEY_set_private_key"); } return private_key; +#endif }</pre> </div> </div> @@ -874,6 +875,9 @@ ossl_ec_key_initialize_copy(VALUE self, VALUE other) <div class="method-source-code" id="public_key-3D-source"> <pre>static VALUE ossl_ec_key_set_public_key(VALUE self, VALUE public_key) { +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0"); +#else EC_KEY *ec; EC_POINT *point = NULL; @@ -887,11 +891,13 @@ ossl_ec_key_initialize_copy(VALUE self, VALUE other) case 0: if (point == NULL) break; + /* fallthrough */ default: ossl_raise(eECError, "EC_KEY_set_public_key"); } return public_key; +#endif }</pre> </div> </div> @@ -928,9 +934,16 @@ ossl_ec_key_initialize_copy(VALUE self, VALUE other) <p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for i2d_ECPrivateKey_bio()</p> <div class="method-source-code" id="to_der-source"> - <pre>static VALUE ossl_ec_key_to_der(VALUE self) + <pre>static VALUE +ossl_ec_key_to_der(VALUE self) { - return ossl_ec_key_to_string(self, Qnil, Qnil, EXPORT_DER); + EC_KEY *ec; + + GetEC(self, ec); + if (EC_KEY_get0_private_key(ec)) + return ossl_pkey_export_traditional(0, NULL, self, 1); + else + return ossl_pkey_export_spki(self, 1); }</pre> </div> </div> @@ -956,42 +969,6 @@ ossl_ec_key_initialize_copy(VALUE self, VALUE other) </div> </div> - <div id="method-i-to_text" class="method-detail "> - <div class="method-heading"> - <span class="method-callseq"> - to_text → String - </span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - <p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for EC_KEY_print()</p> - - <div class="method-source-code" id="to_text-source"> - <pre>static VALUE ossl_ec_key_to_text(VALUE self) -{ - EC_KEY *ec; - BIO *out; - VALUE str; - - GetEC(self, ec); - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eECError, "BIO_new(BIO_s_mem())"); - } - if (!EC_KEY_print(out, ec, 0)) { - BIO_free(out); - ossl_raise(eECError, "EC_KEY_print"); - } - str = ossl_membio2str(out); - - return str; -}</pre> - </div> - </div> - - - </div> - </section> </section> diff --git a/OpenSSL/PKey/EC/Group.html b/OpenSSL/PKey/EC/Group.html index 42d18499..12b4d2a7 100644 --- a/OpenSSL/PKey/EC/Group.html +++ b/OpenSSL/PKey/EC/Group.html @@ -131,11 +131,6 @@ </div> <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(ec_method) - </span> - </div> - <div class="method-heading"> - <span class="method-callseq"> OpenSSL::PKey::EC::Group.new(:GFp, bignum_p, bignum_a, bignum_b) </span> </div> @@ -148,17 +143,6 @@ <div class="method-description"> <p>Creates a new <a href="Group.html"><code>EC::Group</code></a> object.</p> -<p><em>ec_method</em> is a symbol that represents an EC_METHOD. Currently the following are supported:</p> -<ul><li> -<p>:GFp_simple</p> -</li><li> -<p>:GFp_mont</p> -</li><li> -<p>:GFp_nist</p> -</li><li> -<p>:GF2m_simple</p> -</li></ul> - <p>If the first argument is :GFp or :GF2m, creates a new curve with given parameters.</p> <div class="method-source-code" id="new-source"> @@ -173,29 +157,7 @@ switch (rb_scan_args(argc, argv, "13", &arg1, &arg2, &arg3, &arg4)) { case 1: - if (SYMBOL_P(arg1)) { - const EC_METHOD *method = NULL; - ID id = SYM2ID(arg1); - - if (id == s_GFp_simple) { - method = EC_GFp_simple_method(); - } else if (id == s_GFp_mont) { - method = EC_GFp_mont_method(); - } else if (id == s_GFp_nist) { - method = EC_GFp_nist_method(); -#if !defined(OPENSSL_NO_EC2M) - } else if (id == s_GF2m_simple) { - method = EC_GF2m_simple_method(); -#endif - } - - if (method) { - if ((group = EC_GROUP_new(method)) == NULL) - ossl_raise(eEC_GROUP, "EC_GROUP_new"); - } else { - ossl_raise(rb_eArgError, "unknown symbol, must be :GFp_simple, :GFp_mont, :GFp_nist or :GF2m_simple"); - } - } else if (rb_obj_is_kind_of(arg1, cEC_GROUP)) { + if (rb_obj_is_kind_of(arg1, cEC_GROUP)) { const EC_GROUP *arg1_group; GetECGroup(arg1, arg1_group); @@ -259,8 +221,7 @@ ossl_raise(rb_eArgError, "wrong number of arguments"); } - if (group == NULL) - ossl_raise(eEC_GROUP, ""); + ASSUME(group); RTYPEDDATA_DATA(self) = group; return self; diff --git a/OpenSSL/PKey/EC/Point.html b/OpenSSL/PKey/EC/Point.html index 706be750..962087ce 100644 --- a/OpenSSL/PKey/EC/Point.html +++ b/OpenSSL/PKey/EC/Point.html @@ -418,7 +418,7 @@ ossl_ec_point_initialize_copy(VALUE self, VALUE other) </div> <div class="method-description"> - + <p>This method is deprecated and should not be used. This is a no-op.</p> <div class="method-source-code" id="make_affine-21-source"> <pre>static VALUE ossl_ec_point_make_affine(VALUE self) @@ -429,8 +429,11 @@ ossl_ec_point_initialize_copy(VALUE self, VALUE other) GetECPoint(self, point); GetECPointGroup(self, group); + rb_warn("OpenSSL::PKey::EC::Point#make_affine! is deprecated"); +#if !OSSL_OPENSSL_PREREQ(3, 0, 0) if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1) ossl_raise(cEC_POINT, "EC_POINT_make_affine"); +#endif return self; }</pre> @@ -485,6 +488,10 @@ ossl_ec_point_initialize_copy(VALUE self, VALUE other) if (EC_POINT_mul(group, point_result, bn_g, point_self, bn, ossl_bn_ctx) != 1) ossl_raise(eEC_POINT, NULL); } else { +#if (defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3) || defined(LIBRESSL_VERSION_NUMBER) + rb_raise(rb_eNotImpError, "calling #mul with arrays is not" \ + "supported by this OpenSSL version"); +#else /* * bignums | arg1[0] | arg1[1] | arg1[2] | ... * points | self | arg2[0] | arg2[1] | ... @@ -499,6 +506,9 @@ ossl_ec_point_initialize_copy(VALUE self, VALUE other) if (RARRAY_LEN(arg1) != RARRAY_LEN(arg2) + 1) /* arg2 must be 1 larger */ ossl_raise(rb_eArgError, "bns must be 1 longer than points; see the documentation"); + rb_warning("OpenSSL::PKey::EC::Point#mul(ary, ary) is deprecated; " \ + "use #mul(bn) form instead"); + num = RARRAY_LEN(arg1); bns_tmp = rb_ary_tmp_new(num); bignums = ALLOCV_N(const BIGNUM *, tmp_b, num); @@ -524,6 +534,7 @@ ossl_ec_point_initialize_copy(VALUE self, VALUE other) ALLOCV_END(tmp_b); ALLOCV_END(tmp_p); +#endif } return result; @@ -615,7 +626,7 @@ ossl_ec_point_initialize_copy(VALUE self, VALUE other) <p>See <a href="Point.html#method-i-to_octet_string"><code>to_octet_string</code></a> for more information.</p> <div class="method-source-code" id="to_bn-source"> - <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 33</span> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 299</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">to_bn</span>(<span class="ruby-identifier">conversion_form</span> = <span class="ruby-identifier">group</span>.<span class="ruby-identifier">point_conversion_form</span>) <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">BN</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">to_octet_string</span>(<span class="ruby-identifier">conversion_form</span>), <span class="ruby-value">2</span>) <span class="ruby-keyword">end</span></pre> diff --git a/OpenSSL/PKey/PKey.html b/OpenSSL/PKey/PKey.html index 5f981ef2..7b3cf677 100644 --- a/OpenSSL/PKey/PKey.html +++ b/OpenSSL/PKey/PKey.html @@ -73,6 +73,11 @@ <ul class="link-list" role="directory"> <li ><a href="#method-c-new">::new</a> + <li ><a href="#method-i-compare-3F">#compare?</a> + <li ><a href="#method-i-decrypt">#decrypt</a> + <li ><a href="#method-i-derive">#derive</a> + <li ><a href="#method-i-encrypt">#encrypt</a> + <li ><a href="#method-i-initialize_copy">#initialize_copy</a> <li ><a href="#method-i-inspect">#inspect</a> <li ><a href="#method-i-oid">#oid</a> <li ><a href="#method-i-private_to_der">#private_to_der</a> @@ -80,7 +85,11 @@ <li ><a href="#method-i-public_to_der">#public_to_der</a> <li ><a href="#method-i-public_to_pem">#public_to_pem</a> <li ><a href="#method-i-sign">#sign</a> + <li ><a href="#method-i-sign_raw">#sign_raw</a> + <li ><a href="#method-i-to_text">#to_text</a> <li ><a href="#method-i-verify">#verify</a> + <li ><a href="#method-i-verify_raw">#verify_raw</a> + <li ><a href="#method-i-verify_recover">#verify_recover</a> </ul> </div> @@ -149,6 +158,316 @@ ossl_pkey_initialize(VALUE self) <h3>Public Instance Methods</h3> </header> + <div id="method-i-compare-3F" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + compare?(another_pkey) → true | false + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Used primarily to check if an <a href="../X509/Certificate.html#method-i-public_key"><code>OpenSSL::X509::Certificate#public_key</code></a> compares to its private key.</p> + +<h2 id="method-i-compare-3F-label-Example">Example<span><a href="#method-i-compare-3F-label-Example">¶</a> <a href="#top">↑</a></span></h2> + +<pre class="ruby"><span class="ruby-identifier">x509</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">pem_encoded_certificate</span>) +<span class="ruby-identifier">rsa_key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">pem_encoded_private_key</span>) + +<span class="ruby-identifier">rsa_key</span>.<span class="ruby-identifier">compare?</span>(<span class="ruby-identifier">x509</span>.<span class="ruby-identifier">public_key</span>) <span class="ruby-operator">=></span> <span class="ruby-keyword">true</span> <span class="ruby-operator">|</span> <span class="ruby-keyword">false</span> +</pre> + + <div class="method-source-code" id="compare-3F-source"> + <pre>static VALUE +ossl_pkey_compare(VALUE self, VALUE other) +{ + int ret; + EVP_PKEY *selfPKey; + EVP_PKEY *otherPKey; + + GetPKey(self, selfPKey); + GetPKey(other, otherPKey); + + /* Explicitly check the key type given EVP_PKEY_ASN1_METHOD(3) + * docs param_cmp could return any negative number. + */ + if (EVP_PKEY_id(selfPKey) != EVP_PKEY_id(otherPKey)) + ossl_raise(rb_eTypeError, "cannot match different PKey types"); + + ret = EVP_PKEY_eq(selfPKey, otherPKey); + + if (ret == 0) + return Qfalse; + else if (ret == 1) + return Qtrue; + else + ossl_raise(ePKeyError, "EVP_PKEY_eq"); +}</pre> + </div> + </div> + + + </div> + + <div id="method-i-decrypt" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + decrypt(data [, options]) → string + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Performs a public key decryption operation using <code>pkey</code>.</p> + +<p>See <a href="PKey.html#method-i-encrypt"><code>encrypt</code></a> for a description of the parameters and an example.</p> + +<p>Added in version 3.0. See also the man page EVP_PKEY_decrypt(3).</p> + + <div class="method-source-code" id="decrypt-source"> + <pre>static VALUE +ossl_pkey_decrypt(int argc, VALUE *argv, VALUE self) +{ + EVP_PKEY *pkey; + EVP_PKEY_CTX *ctx; + VALUE data, options, str; + size_t outlen; + int state; + + GetPKey(self, pkey); + rb_scan_args(argc, argv, "11", &data, &options); + StringValue(data); + + ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!ctx) + ossl_raise(ePKeyError, "EVP_PKEY_CTX_new"); + if (EVP_PKEY_decrypt_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_decrypt_init"); + } + if (!NIL_P(options)) { + pkey_ctx_apply_options(ctx, options, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + } + if (EVP_PKEY_decrypt(ctx, NULL, &outlen, + (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_decrypt"); + } + if (outlen > LONG_MAX) { + EVP_PKEY_CTX_free(ctx); + rb_raise(ePKeyError, "decrypted data would be too large"); + } + str = ossl_str_new(NULL, (long)outlen, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + if (EVP_PKEY_decrypt(ctx, (unsigned char *)RSTRING_PTR(str), &outlen, + (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_decrypt"); + } + EVP_PKEY_CTX_free(ctx); + rb_str_set_len(str, outlen); + return str; +}</pre> + </div> + </div> + + + </div> + + <div id="method-i-derive" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + derive(peer_pkey) → string + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Derives a shared secret from <em>pkey</em> and <em>peer_pkey</em>. <em>pkey</em> must contain the private components, <em>peer_pkey</em> must contain the public components.</p> + + <div class="method-source-code" id="derive-source"> + <pre>static VALUE +ossl_pkey_derive(int argc, VALUE *argv, VALUE self) +{ + EVP_PKEY *pkey, *peer_pkey; + EVP_PKEY_CTX *ctx; + VALUE peer_pkey_obj, str; + size_t keylen; + int state; + + GetPKey(self, pkey); + rb_scan_args(argc, argv, "1", &peer_pkey_obj); + GetPKey(peer_pkey_obj, peer_pkey); + + ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!ctx) + ossl_raise(ePKeyError, "EVP_PKEY_CTX_new"); + if (EVP_PKEY_derive_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_derive_init"); + } + if (EVP_PKEY_derive_set_peer(ctx, peer_pkey) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_derive_set_peer"); + } + if (EVP_PKEY_derive(ctx, NULL, &keylen) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_derive"); + } + if (keylen > LONG_MAX) + rb_raise(ePKeyError, "derived key would be too large"); + str = ossl_str_new(NULL, (long)keylen, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + if (EVP_PKEY_derive(ctx, (unsigned char *)RSTRING_PTR(str), &keylen) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_derive"); + } + EVP_PKEY_CTX_free(ctx); + rb_str_set_len(str, keylen); + return str; +}</pre> + </div> + </div> + + + </div> + + <div id="method-i-encrypt" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + encrypt(data [, options]) → string + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Performs a public key encryption operation using <code>pkey</code>.</p> + +<p>See <a href="PKey.html#method-i-decrypt"><code>decrypt</code></a> for the reverse operation.</p> + +<p>Added in version 3.0. See also the man page EVP_PKEY_encrypt(3).</p> +<dl class="rdoc-list note-list"><dt><code>data</code> +<dd> +<p>A String to be encrypted.</p> +</dd><dt><code>options</code> +<dd> +<p>A Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details.</p> +</dd></dl> + +<p>Example:</p> + +<pre class="ruby"><span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">"RSA"</span>, <span class="ruby-value">rsa_keygen_bits:</span> <span class="ruby-value">2048</span>) +<span class="ruby-identifier">data</span> = <span class="ruby-string">"secret data"</span> +<span class="ruby-identifier">encrypted</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">encrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">"oaep"</span>) +<span class="ruby-identifier">decrypted</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">decrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">"oaep"</span>) +<span class="ruby-identifier">p</span> <span class="ruby-identifier">decrypted</span> <span class="ruby-comment">#=> "secret data"</span> +</pre> + + <div class="method-source-code" id="encrypt-source"> + <pre>static VALUE +ossl_pkey_encrypt(int argc, VALUE *argv, VALUE self) +{ + EVP_PKEY *pkey; + EVP_PKEY_CTX *ctx; + VALUE data, options, str; + size_t outlen; + int state; + + GetPKey(self, pkey); + rb_scan_args(argc, argv, "11", &data, &options); + StringValue(data); + + ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!ctx) + ossl_raise(ePKeyError, "EVP_PKEY_CTX_new"); + if (EVP_PKEY_encrypt_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_encrypt_init"); + } + if (!NIL_P(options)) { + pkey_ctx_apply_options(ctx, options, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + } + if (EVP_PKEY_encrypt(ctx, NULL, &outlen, + (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_encrypt"); + } + if (outlen > LONG_MAX) { + EVP_PKEY_CTX_free(ctx); + rb_raise(ePKeyError, "encrypted data would be too large"); + } + str = ossl_str_new(NULL, (long)outlen, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + if (EVP_PKEY_encrypt(ctx, (unsigned char *)RSTRING_PTR(str), &outlen, + (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_encrypt"); + } + EVP_PKEY_CTX_free(ctx); + rb_str_set_len(str, outlen); + return str; +}</pre> + </div> + </div> + + + </div> + + <div id="method-i-initialize_copy" class="method-detail "> + <div class="method-heading"> + <span class="method-name">initialize_copy</span><span + class="method-args">(p1)</span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + + + <div class="method-source-code" id="initialize_copy-source"> + <pre>static VALUE +ossl_pkey_initialize_copy(VALUE self, VALUE other) +{ + EVP_PKEY *pkey, *pkey_other; + + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + TypedData_Get_Struct(other, EVP_PKEY, &ossl_evp_pkey_type, pkey_other); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); + if (pkey_other) { + pkey = EVP_PKEY_dup(pkey_other); + if (!pkey) + ossl_raise(ePKeyError, "EVP_PKEY_dup"); + RTYPEDDATA_DATA(self) = pkey; + } + return self; +}</pre> + </div> + </div> + + + </div> + <div id="method-i-inspect" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -278,7 +597,7 @@ ossl_pkey_private_to_pem(int argc, VALUE *argv, VALUE self) <pre>static VALUE ossl_pkey_public_to_der(VALUE self) { - return do_spki_export(self, 1); + return ossl_pkey_export_spki(self, 1); }</pre> </div> </div> @@ -301,7 +620,7 @@ ossl_pkey_public_to_der(VALUE self) <pre>static VALUE ossl_pkey_public_to_pem(VALUE self) { - return do_spki_export(self, 0); + return ossl_pkey_export_spki(self, 0); }</pre> </div> </div> @@ -312,56 +631,223 @@ ossl_pkey_public_to_pem(VALUE self) <div id="method-i-sign" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - sign(digest, data) → String + sign(digest, data [, options]) → string </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>To sign the String <em>data</em>, <em>digest</em>, an instance of <a href="../Digest.html"><code>OpenSSL::Digest</code></a>, must be provided. The return value is again a String containing the signature. A <a href="PKeyError.html"><code>PKeyError</code></a> is raised should errors occur. Any previous state of the <a href="../Digest.html"><code>Digest</code></a> instance is irrelevant to the signature outcome, the digest instance is reset to its initial state during the operation.</p> - -<h2 id="method-i-sign-label-Example">Example<span><a href="#method-i-sign-label-Example">¶</a> <a href="#top">↑</a></span></h2> - -<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">'Sign me!'</span> -<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA256'</span>) -<span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) -<span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">data</span>) + <p>Hashes and signs the <code>data</code> using a message digest algorithm <code>digest</code> and a private key <code>pkey</code>.</p> + +<p>See <a href="PKey.html#method-i-verify"><code>verify</code></a> for the verification operation.</p> + +<p>See also the man page EVP_DigestSign(3).</p> +<dl class="rdoc-list note-list"><dt><code>digest</code> +<dd> +<p>A String that represents the message digest algorithm name, or <code>nil</code> if the <a href="PKey.html"><code>PKey</code></a> type requires no digest algorithm. For backwards compatibility, this can be an instance of <a href="../Digest.html"><code>OpenSSL::Digest</code></a>. Its state will not affect the signature.</p> +</dd><dt><code>data</code> +<dd> +<p>A String. The data to be hashed and signed.</p> +</dd><dt><code>options</code> +<dd> +<p>A Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details. <code>options</code> parameter was added in version 3.0.</p> +</dd></dl> + +<p>Example:</p> + +<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">"Sign me!"</span> +<span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">"RSA"</span>, <span class="ruby-value">rsa_keygen_bits:</span> <span class="ruby-value">2048</span>) +<span class="ruby-identifier">signopts</span> = { <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">"pss"</span> } +<span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">data</span>, <span class="ruby-identifier">signopts</span>) + +<span class="ruby-comment"># Creates a copy of the RSA key pkey, but without the private components</span> +<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_key</span> +<span class="ruby-identifier">puts</span> <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">verify</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">data</span>, <span class="ruby-identifier">signopts</span>) <span class="ruby-comment"># => true</span> </pre> <div class="method-source-code" id="sign-source"> <pre>static VALUE -ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) +ossl_pkey_sign(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; - const EVP_MD *md; + VALUE digest, data, options, sig; + const EVP_MD *md = NULL; EVP_MD_CTX *ctx; - unsigned int buf_len; - VALUE str; - int result; + EVP_PKEY_CTX *pctx; + size_t siglen; + int state; pkey = GetPrivPKeyPtr(self); - md = ossl_evp_get_digestbyname(digest); + rb_scan_args(argc, argv, "21", &digest, &data, &options); + if (!NIL_P(digest)) + md = ossl_evp_get_digestbyname(digest); StringValue(data); - str = rb_str_new(0, EVP_PKEY_size(pkey)); ctx = EVP_MD_CTX_new(); if (!ctx) ossl_raise(ePKeyError, "EVP_MD_CTX_new"); - if (!EVP_SignInit_ex(ctx, md, NULL)) { + if (EVP_DigestSignInit(ctx, &pctx, md, /* engine */NULL, pkey) < 1) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_DigestSignInit"); + } + if (!NIL_P(options)) { + pkey_ctx_apply_options(pctx, options, &state); + if (state) { + EVP_MD_CTX_free(ctx); + rb_jump_tag(state); + } + } +#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER) + if (EVP_DigestSign(ctx, NULL, &siglen, (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) < 1) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_DigestSign"); + } + if (siglen > LONG_MAX) { + EVP_MD_CTX_free(ctx); + rb_raise(ePKeyError, "signature would be too large"); + } + sig = ossl_str_new(NULL, (long)siglen, &state); + if (state) { + EVP_MD_CTX_free(ctx); + rb_jump_tag(state); + } + if (EVP_DigestSign(ctx, (unsigned char *)RSTRING_PTR(sig), &siglen, + (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) < 1) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_DigestSign"); + } +#else + if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) < 1) { EVP_MD_CTX_free(ctx); - ossl_raise(ePKeyError, "EVP_SignInit_ex"); + ossl_raise(ePKeyError, "EVP_DigestSignUpdate"); } - if (!EVP_SignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data))) { + if (EVP_DigestSignFinal(ctx, NULL, &siglen) < 1) { EVP_MD_CTX_free(ctx); - ossl_raise(ePKeyError, "EVP_SignUpdate"); + ossl_raise(ePKeyError, "EVP_DigestSignFinal"); } - result = EVP_SignFinal(ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey); + if (siglen > LONG_MAX) { + EVP_MD_CTX_free(ctx); + rb_raise(ePKeyError, "signature would be too large"); + } + sig = ossl_str_new(NULL, (long)siglen, &state); + if (state) { + EVP_MD_CTX_free(ctx); + rb_jump_tag(state); + } + if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(sig), + &siglen) < 1) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_DigestSignFinal"); + } +#endif EVP_MD_CTX_free(ctx); - if (!result) - ossl_raise(ePKeyError, "EVP_SignFinal"); - rb_str_set_len(str, buf_len); + rb_str_set_len(sig, siglen); + return sig; +}</pre> + </div> + </div> - return str; + + </div> + + <div id="method-i-sign_raw" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + sign_raw(digest, data [, options]) → string + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Signs <code>data</code> using a private key <code>pkey</code>. Unlike <a href="PKey.html#method-i-sign"><code>sign</code></a>, <code>data</code> will not be hashed by <code>digest</code> automatically.</p> + +<p>See <a href="PKey.html#method-i-verify_raw"><code>verify_raw</code></a> for the verification operation.</p> + +<p>Added in version 3.0. See also the man page EVP_PKEY_sign(3).</p> +<dl class="rdoc-list note-list"><dt><code>digest</code> +<dd> +<p>A String that represents the message digest algorithm name, or <code>nil</code> if the <a href="PKey.html"><code>PKey</code></a> type requires no digest algorithm. Although this method will not hash <code>data</code> with it, this parameter may still be required depending on the signature algorithm.</p> +</dd><dt><code>data</code> +<dd> +<p>A String. The data to be signed.</p> +</dd><dt><code>options</code> +<dd> +<p>A Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details.</p> +</dd></dl> + +<p>Example:</p> + +<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">"Sign me!"</span> +<span class="ruby-identifier">hash</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">"RSA"</span>, <span class="ruby-value">rsa_keygen_bits:</span> <span class="ruby-value">2048</span>) +<span class="ruby-identifier">signopts</span> = { <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">"pss"</span> } +<span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign_raw</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">hash</span>, <span class="ruby-identifier">signopts</span>) + +<span class="ruby-comment"># Creates a copy of the RSA key pkey, but without the private components</span> +<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_key</span> +<span class="ruby-identifier">puts</span> <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">verify_raw</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">hash</span>, <span class="ruby-identifier">signopts</span>) <span class="ruby-comment"># => true</span> +</pre> + + <div class="method-source-code" id="sign_raw-source"> + <pre>static VALUE +ossl_pkey_sign_raw(int argc, VALUE *argv, VALUE self) +{ + EVP_PKEY *pkey; + VALUE digest, data, options, sig; + const EVP_MD *md = NULL; + EVP_PKEY_CTX *ctx; + size_t outlen; + int state; + + GetPKey(self, pkey); + rb_scan_args(argc, argv, "21", &digest, &data, &options); + if (!NIL_P(digest)) + md = ossl_evp_get_digestbyname(digest); + StringValue(data); + + ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!ctx) + ossl_raise(ePKeyError, "EVP_PKEY_CTX_new"); + if (EVP_PKEY_sign_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_sign_init"); + } + if (md && EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_CTX_set_signature_md"); + } + if (!NIL_P(options)) { + pkey_ctx_apply_options(ctx, options, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + } + if (EVP_PKEY_sign(ctx, NULL, &outlen, (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_sign"); + } + if (outlen > LONG_MAX) { + EVP_PKEY_CTX_free(ctx); + rb_raise(ePKeyError, "signature would be too large"); + } + sig = ossl_str_new(NULL, (long)outlen, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + if (EVP_PKEY_sign(ctx, (unsigned char *)RSTRING_PTR(sig), &outlen, + (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_sign"); + } + EVP_PKEY_CTX_free(ctx); + rb_str_set_len(sig, outlen); + return sig; }</pre> </div> </div> @@ -369,65 +855,298 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) </div> - <div id="method-i-verify" class="method-detail "> + <div id="method-i-to_text" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - verify(digest, signature, data) → String + to_text → string </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>To verify the String <em>signature</em>, <em>digest</em>, an instance of <a href="../Digest.html"><code>OpenSSL::Digest</code></a>, must be provided to re-compute the message digest of the original <em>data</em>, also a String. The return value is <code>true</code> if the signature is valid, <code>false</code> otherwise. A <a href="PKeyError.html"><code>PKeyError</code></a> is raised should errors occur. Any previous state of the <a href="../Digest.html"><code>Digest</code></a> instance is irrelevant to the validation outcome, the digest instance is reset to its initial state during the operation.</p> + <p>Dumps key parameters, public key, and private key components contained in the key into a human-readable text.</p> -<h2 id="method-i-verify-label-Example">Example<span><a href="#method-i-verify-label-Example">¶</a> <a href="#top">↑</a></span></h2> +<p>This is intended for debugging purpose.</p> -<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">'Sign me!'</span> -<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA256'</span>) -<span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) -<span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">data</span>) -<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_key</span> -<span class="ruby-identifier">puts</span> <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">verify</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">data</span>) <span class="ruby-comment"># => true</span> -</pre> +<p>See also the man page EVP_PKEY_print_private(3).</p> + + <div class="method-source-code" id="to_text-source"> + <pre>static VALUE +ossl_pkey_to_text(VALUE self) +{ + EVP_PKEY *pkey; + BIO *bio; + + GetPKey(self, pkey); + if (!(bio = BIO_new(BIO_s_mem()))) + ossl_raise(ePKeyError, "BIO_new"); + + if (EVP_PKEY_print_private(bio, pkey, 0, NULL) == 1) + goto out; + OSSL_BIO_reset(bio); + if (EVP_PKEY_print_public(bio, pkey, 0, NULL) == 1) + goto out; + OSSL_BIO_reset(bio); + if (EVP_PKEY_print_params(bio, pkey, 0, NULL) == 1) + goto out; + + BIO_free(bio); + ossl_raise(ePKeyError, "EVP_PKEY_print_params"); + + out: + return ossl_membio2str(bio); +}</pre> + </div> + </div> + + + </div> + + <div id="method-i-verify" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + verify(digest, signature, data [, options]) → true or false + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Verifies the <code>signature</code> for the <code>data</code> using a message digest algorithm <code>digest</code> and a public key <code>pkey</code>.</p> + +<p>Returns <code>true</code> if the signature is successfully verified, <code>false</code> otherwise. The caller must check the return value.</p> + +<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a> for the signing operation and an example.</p> + +<p>See also the man page EVP_DigestVerify(3).</p> +<dl class="rdoc-list note-list"><dt><code>digest</code> +<dd> +<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a>.</p> +</dd><dt><code>signature</code> +<dd> +<p>A String containing the signature to be verified.</p> +</dd><dt><code>data</code> +<dd> +<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a>.</p> +</dd><dt><code>options</code> +<dd> +<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a>. <code>options</code> parameter was added in version 3.0.</p> +</dd></dl> <div class="method-source-code" id="verify-source"> <pre>static VALUE -ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) +ossl_pkey_verify(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; - const EVP_MD *md; + VALUE digest, sig, data, options; + const EVP_MD *md = NULL; EVP_MD_CTX *ctx; - int siglen, result; + EVP_PKEY_CTX *pctx; + int state, ret; GetPKey(self, pkey); + rb_scan_args(argc, argv, "31", &digest, &sig, &data, &options); ossl_pkey_check_public_key(pkey); - md = ossl_evp_get_digestbyname(digest); + if (!NIL_P(digest)) + md = ossl_evp_get_digestbyname(digest); StringValue(sig); - siglen = RSTRING_LENINT(sig); StringValue(data); ctx = EVP_MD_CTX_new(); if (!ctx) ossl_raise(ePKeyError, "EVP_MD_CTX_new"); - if (!EVP_VerifyInit_ex(ctx, md, NULL)) { + if (EVP_DigestVerifyInit(ctx, &pctx, md, /* engine */NULL, pkey) < 1) { EVP_MD_CTX_free(ctx); - ossl_raise(ePKeyError, "EVP_VerifyInit_ex"); + ossl_raise(ePKeyError, "EVP_DigestVerifyInit"); + } + if (!NIL_P(options)) { + pkey_ctx_apply_options(pctx, options, &state); + if (state) { + EVP_MD_CTX_free(ctx); + rb_jump_tag(state); + } } - if (!EVP_VerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data))) { +#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER) + ret = EVP_DigestVerify(ctx, (unsigned char *)RSTRING_PTR(sig), + RSTRING_LEN(sig), (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)); + EVP_MD_CTX_free(ctx); + if (ret < 0) + ossl_raise(ePKeyError, "EVP_DigestVerify"); +#else + if (EVP_DigestVerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) < 1) { EVP_MD_CTX_free(ctx); - ossl_raise(ePKeyError, "EVP_VerifyUpdate"); + ossl_raise(ePKeyError, "EVP_DigestVerifyUpdate"); } - result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), siglen, pkey); + ret = EVP_DigestVerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), + RSTRING_LEN(sig)); EVP_MD_CTX_free(ctx); - switch (result) { - case 0: + if (ret < 0) + ossl_raise(ePKeyError, "EVP_DigestVerifyFinal"); +#endif + if (ret) + return Qtrue; + else { ossl_clear_error(); return Qfalse; - case 1: + } +}</pre> + </div> + </div> + + + </div> + + <div id="method-i-verify_raw" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + verify_raw(digest, signature, data [, options]) → true or false + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Verifies the <code>signature</code> for the <code>data</code> using a public key <code>pkey</code>. Unlike <a href="PKey.html#method-i-verify"><code>verify</code></a>, this method will not hash <code>data</code> with <code>digest</code> automatically.</p> + +<p>Returns <code>true</code> if the signature is successfully verified, <code>false</code> otherwise. The caller must check the return value.</p> + +<p>See <a href="PKey.html#method-i-sign_raw"><code>sign_raw</code></a> for the signing operation and an example code.</p> + +<p>Added in version 3.0. See also the man page EVP_PKEY_verify(3).</p> +<dl class="rdoc-list note-list"><dt><code>signature</code> +<dd> +<p>A String containing the signature to be verified.</p> +</dd></dl> + + <div class="method-source-code" id="verify_raw-source"> + <pre>static VALUE +ossl_pkey_verify_raw(int argc, VALUE *argv, VALUE self) +{ + EVP_PKEY *pkey; + VALUE digest, sig, data, options; + const EVP_MD *md = NULL; + EVP_PKEY_CTX *ctx; + int state, ret; + + GetPKey(self, pkey); + rb_scan_args(argc, argv, "31", &digest, &sig, &data, &options); + ossl_pkey_check_public_key(pkey); + if (!NIL_P(digest)) + md = ossl_evp_get_digestbyname(digest); + StringValue(sig); + StringValue(data); + + ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!ctx) + ossl_raise(ePKeyError, "EVP_PKEY_CTX_new"); + if (EVP_PKEY_verify_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_verify_init"); + } + if (md && EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_CTX_set_signature_md"); + } + if (!NIL_P(options)) { + pkey_ctx_apply_options(ctx, options, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + } + ret = EVP_PKEY_verify(ctx, (unsigned char *)RSTRING_PTR(sig), + RSTRING_LEN(sig), + (unsigned char *)RSTRING_PTR(data), + RSTRING_LEN(data)); + EVP_PKEY_CTX_free(ctx); + if (ret < 0) + ossl_raise(ePKeyError, "EVP_PKEY_verify"); + + if (ret) return Qtrue; - default: - ossl_raise(ePKeyError, "EVP_VerifyFinal"); + else { + ossl_clear_error(); + return Qfalse; + } +}</pre> + </div> + </div> + + + </div> + + <div id="method-i-verify_recover" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + verify_recover(digest, signature [, options]) → string + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Recovers the signed data from <code>signature</code> using a public key <code>pkey</code>. Not all signature algorithms support this operation.</p> + +<p>Added in version 3.0. See also the man page EVP_PKEY_verify_recover(3).</p> +<dl class="rdoc-list note-list"><dt><code>signature</code> +<dd> +<p>A String containing the signature to be verified.</p> +</dd></dl> + + <div class="method-source-code" id="verify_recover-source"> + <pre>static VALUE +ossl_pkey_verify_recover(int argc, VALUE *argv, VALUE self) +{ + EVP_PKEY *pkey; + VALUE digest, sig, options, out; + const EVP_MD *md = NULL; + EVP_PKEY_CTX *ctx; + int state; + size_t outlen; + + GetPKey(self, pkey); + rb_scan_args(argc, argv, "21", &digest, &sig, &options); + ossl_pkey_check_public_key(pkey); + if (!NIL_P(digest)) + md = ossl_evp_get_digestbyname(digest); + StringValue(sig); + + ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); + if (!ctx) + ossl_raise(ePKeyError, "EVP_PKEY_CTX_new"); + if (EVP_PKEY_verify_recover_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_verify_recover_init"); + } + if (md && EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_CTX_set_signature_md"); + } + if (!NIL_P(options)) { + pkey_ctx_apply_options(ctx, options, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + } + if (EVP_PKEY_verify_recover(ctx, NULL, &outlen, + (unsigned char *)RSTRING_PTR(sig), + RSTRING_LEN(sig)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_verify_recover"); + } + out = ossl_str_new(NULL, (long)outlen, &state); + if (state) { + EVP_PKEY_CTX_free(ctx); + rb_jump_tag(state); + } + if (EVP_PKEY_verify_recover(ctx, (unsigned char *)RSTRING_PTR(out), &outlen, + (unsigned char *)RSTRING_PTR(sig), + RSTRING_LEN(sig)) <= 0) { + EVP_PKEY_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_PKEY_verify_recover"); } + EVP_PKEY_CTX_free(ctx); + rb_str_set_len(out, outlen); + return out; }</pre> </div> </div> diff --git a/OpenSSL/PKey/RSA.html b/OpenSSL/PKey/RSA.html index b9e47a43..9ef3024a 100644 --- a/OpenSSL/PKey/RSA.html +++ b/OpenSSL/PKey/RSA.html @@ -82,8 +82,6 @@ <ul class="link-list" role="directory"> <li ><a href="#method-c-generate">::generate</a> <li ><a href="#method-c-new">::new</a> - <li ><a href="#method-i-blinding_off-21">#blinding_off!</a> - <li ><a href="#method-i-blinding_on-21">#blinding_on!</a> <li ><a href="#method-i-export">#export</a> <li ><a href="#method-i-initialize_copy">#initialize_copy</a> <li ><a href="#method-i-params">#params</a> @@ -101,7 +99,6 @@ <li ><a href="#method-i-to_der">#to_der</a> <li ><a href="#method-i-to_pem">#to_pem</a> <li ><a href="#method-i-to_s">#to_s</a> - <li ><a href="#method-i-to_text">#to_text</a> <li ><a href="#method-i-verify_pss">#verify_pss</a> </ul> </div> @@ -123,6 +120,21 @@ <section id="5Buntitled-5D" class="documentation-section"> + <section class="constants-list"> + <header> + <h3>Constants</h3> + </header> + <dl> + <dt id="NO_PADDING">NO_PADDING + <dd> + <dt id="PKCS1_OAEP_PADDING">PKCS1_OAEP_PADDING + <dd> + <dt id="PKCS1_PADDING">PKCS1_PADDING + <dd> + <dt id="SSLV23_PADDING">SSLV23_PADDING + <dd> + </dl> + </section> @@ -134,40 +146,31 @@ <div id="method-c-generate" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - generate(size) → RSA instance + generate(size, exponent = 65537) → RSA </span> <span class="method-click-advice">click to toggle source</span> </div> - <div class="method-heading"> - <span class="method-callseq"> - generate(size, exponent) → RSA instance - </span> - </div> <div class="method-description"> - <p>Generates an <a href="RSA.html"><code>RSA</code></a> keypair. <em>size</em> is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure. <em>exponent</em> is an odd number normally 3, 17, or 65537.</p> - - <div class="method-source-code" id="generate-source"> - <pre>static VALUE -ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass) -{ -/* why does this method exist? why can't initialize take an optional exponent? */ - RSA *rsa; - VALUE size, exp; - VALUE obj; - - rb_scan_args(argc, argv, "11", &size, &exp); + <p>Generates an RSA keypair.</p> - rsa = rsa_generate(NUM2INT(size), NIL_P(exp) ? RSA_F4 : NUM2ULONG(exp)); /* err handled by rsa_instance */ - obj = rsa_instance(klass, rsa); - - if (obj == Qfalse) { - RSA_free(rsa); - ossl_raise(eRSAError, NULL); - } +<p>See also <a href="../PKey.html#method-c-generate_key"><code>OpenSSL::PKey.generate_key</code></a>.</p> +<dl class="rdoc-list note-list"><dt><code>size</code> +<dd> +<p>The desired key size in bits.</p> +</dd><dt><code>exponent</code> +<dd> +<p>An odd <a href="../../Integer.html"><code>Integer</code></a>, normally 3, 17, or 65537.</p> +</dd></dl> - return obj; -}</pre> + <div class="method-source-code" id="generate-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 335</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">generate</span>(<span class="ruby-identifier">size</span>, <span class="ruby-identifier">exp</span> = <span class="ruby-value">0x10001</span>, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">"RSA"</span>, { + <span class="ruby-string">"rsa_keygen_bits"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">size</span>, + <span class="ruby-string">"rsa_keygen_pubexp"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">exp</span>, + }, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -177,27 +180,36 @@ ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass) <div id="method-c-new" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - new(key_size) → RSA instance + new → rsa </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-heading"> <span class="method-callseq"> - new(encoded_key) → RSA instance + new(encoded_key [, passphrase]) → rsa </span> </div> <div class="method-heading"> <span class="method-callseq"> - new(encoded_key, pass_phrase) → RSA instance + new(encoded_key) { passphrase } → rsa + </span> + </div> + <div class="method-heading"> + <span class="method-callseq"> + new(size [, exponent]) → rsa </span> </div> <div class="method-description"> - <p>Generates or loads an <a href="RSA.html"><code>RSA</code></a> keypair. If an integer <em>key_size</em> is given it represents the desired key size. Keys less than 1024 bits should be considered insecure.</p> + <p>Generates or loads an RSA keypair.</p> + +<p>If called without arguments, creates a new instance with no key components set. They can be set individually by <a href="RSA.html#method-i-set_key"><code>set_key</code></a>, <a href="RSA.html#method-i-set_factors"><code>set_factors</code></a>, and <a href="RSA.html#method-i-set_crt_params"><code>set_crt_params</code></a>.</p> -<p>A key can instead be loaded from an <em>encoded_key</em> which must be PEM or DER encoded. A <em>pass_phrase</em> can be used to decrypt the key. If none is given <a href="../../OpenSSL.html"><code>OpenSSL</code></a> will prompt for the pass phrase.</p> +<p>If called with a String, tries to parse as DER or PEM encoding of an RSA key. Note that, if <em>passphrase</em> is not specified but the key is encrypted with a passphrase, OpenSSL will prompt for it. See also <a href="../PKey.html#method-c-read"><code>OpenSSL::PKey.read</code></a> which can parse keys of any kinds.</p> -<h1 id="method-c-new-label-Examples">Examples<span><a href="#method-c-new-label-Examples">¶</a> <a href="#top">↑</a></span></h1> +<p>If called with a number, generates a new key pair. This form works as an alias of <a href="RSA.html#method-c-generate"><code>RSA.generate</code></a>.</p> + +<p>Examples:</p> <pre class="ruby"><span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-value">2048</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">'rsa.pem'</span> @@ -210,52 +222,60 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; RSA *rsa; - BIO *in; + BIO *in = NULL; VALUE arg, pass; + int type; - GetPKey(self, pkey); - if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) { + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); + + /* The RSA.new(size, generator) form is handled by lib/openssl/pkey.rb */ + rb_scan_args(argc, argv, "02", &arg, &pass); + if (argc == 0) { rsa = RSA_new(); + if (!rsa) + ossl_raise(eRSAError, "RSA_new"); + goto legacy; } - else if (RB_INTEGER_TYPE_P(arg)) { - rsa = rsa_generate(NUM2INT(arg), NIL_P(pass) ? RSA_F4 : NUM2ULONG(pass)); - if (!rsa) ossl_raise(eRSAError, NULL); - } - else { - pass = ossl_pem_passwd_value(pass); - arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(&arg); - rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); - if (!rsa) { - OSSL_BIO_reset(in); - rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = d2i_RSA_PUBKEY_bio(in, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = d2i_RSAPublicKey_bio(in, NULL); - } - BIO_free(in); - if (!rsa) { - ossl_raise(eRSAError, "Neither PUB key nor PRIV key"); - } + + pass = ossl_pem_passwd_value(pass); + arg = ossl_to_der_if_possible(arg); + in = ossl_obj2bio(&arg); + + /* First try RSAPublicKey format */ + rsa = d2i_RSAPublicKey_bio(in, NULL); + if (rsa) + goto legacy; + OSSL_BIO_reset(in); + rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); + if (rsa) + goto legacy; + OSSL_BIO_reset(in); + + /* Use the generic routine */ + pkey = ossl_pkey_read_generic(in, pass); + BIO_free(in); + if (!pkey) + ossl_raise(eRSAError, "Neither PUB key nor PRIV key"); + + type = EVP_PKEY_base_id(pkey); + if (type != EVP_PKEY_RSA) { + EVP_PKEY_free(pkey); + rb_raise(eRSAError, "incorrect pkey type: %s", OBJ_nid2sn(type)); } - if (!EVP_PKEY_assign_RSA(pkey, rsa)) { + RTYPEDDATA_DATA(self) = pkey; + return self; + + legacy: + BIO_free(in); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa) != 1) { + EVP_PKEY_free(pkey); RSA_free(rsa); - ossl_raise(eRSAError, NULL); + ossl_raise(eRSAError, "EVP_PKEY_assign_RSA"); } - + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> </div> @@ -271,62 +291,6 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self) <h3>Public Instance Methods</h3> </header> - <div id="method-i-blinding_off-21" class="method-detail "> - <div class="method-heading"> - <span class="method-name">blinding_off!</span><span - class="method-args">()</span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - - - <div class="method-source-code" id="blinding_off-21-source"> - <pre>static VALUE -ossl_rsa_blinding_off(VALUE self) -{ - RSA *rsa; - - GetRSA(self, rsa); - RSA_blinding_off(rsa); - - return self; -}</pre> - </div> - </div> - - - </div> - - <div id="method-i-blinding_on-21" class="method-detail "> - <div class="method-heading"> - <span class="method-name">blinding_on!</span><span - class="method-args">()</span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - - - <div class="method-source-code" id="blinding_on-21-source"> - <pre>static VALUE -ossl_rsa_blinding_on(VALUE self) -{ - RSA *rsa; - - GetRSA(self, rsa); - - if (RSA_blinding_on(rsa, ossl_bn_ctx) != 1) { - ossl_raise(eRSAError, NULL); - } - return self; -}</pre> - </div> - </div> - - - </div> - <div id="method-i-export" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -342,41 +306,10 @@ ossl_rsa_blinding_on(VALUE self) <pre>static VALUE ossl_rsa_export(int argc, VALUE *argv, VALUE self) { - RSA *rsa; - const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; - BIO *out; - const EVP_CIPHER *ciph = NULL; - VALUE cipher, pass, str; - - GetRSA(self, rsa); - - rb_scan_args(argc, argv, "02", &cipher, &pass); - - if (!NIL_P(cipher)) { - ciph = ossl_evp_get_cipherbyname(cipher); - pass = ossl_pem_passwd_value(pass); - } - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eRSAError, NULL); - } - RSA_get0_key(rsa, &n, &e, &d); - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); - if (n && e && d && p && q && dmp1 && dmq1 && iqmp) { - if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0, - ossl_pem_passwd_cb, (void *)pass)) { - BIO_free(out); - ossl_raise(eRSAError, NULL); - } - } else { - if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) { - BIO_free(out); - ossl_raise(eRSAError, NULL); - } - } - str = ossl_membio2str(out); - - return str; + if (can_export_rsaprivatekey(self)) + return ossl_pkey_export_traditional(argc, argv, self, 0); + else + return ossl_pkey_export_spki(self, 0); }</pre> </div> </div> @@ -404,16 +337,23 @@ ossl_rsa_initialize_copy(VALUE self, VALUE other) EVP_PKEY *pkey; RSA *rsa, *rsa_new; - GetPKey(self, pkey); - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) - ossl_raise(eRSAError, "RSA already initialized"); + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); GetRSA(other, rsa); - rsa_new = ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey, (d2i_of_void *)d2i_RSAPrivateKey, (char *)rsa); + rsa_new = (RSA *)ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey, + (d2i_of_void *)d2i_RSAPrivateKey, + (char *)rsa); if (!rsa_new) ossl_raise(eRSAError, "ASN1_dup"); - EVP_PKEY_assign_RSA(pkey, rsa_new); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa_new) != 1) { + RSA_free(rsa_new); + ossl_raise(eRSAError, "EVP_PKEY_assign_RSA"); + } + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> @@ -510,34 +450,23 @@ ossl_rsa_is_private(VALUE self) </div> <div class="method-description"> - <p>Decrypt <em>string</em>, which has been encrypted with the public key, with the private key. <em>padding</em> defaults to PKCS1_PADDING.</p> + <p>Decrypt <code>string</code>, which has been encrypted with the public key, with the private key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>.</p> - <div class="method-source-code" id="private_decrypt-source"> - <pre>static VALUE -ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-encrypt"><code>PKey::PKey#encrypt</code></a> and <a href="PKey.html#method-i-decrypt"><code>PKey::PKey#decrypt</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - if (!RSA_PRIVATE(self, rsa)) - ossl_raise(eRSAError, "private key needed."); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="private_decrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 427</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">private_decrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-identifier">private?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"private key needed."</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">decrypt</span>(<span class="ruby-identifier">data</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -558,34 +487,23 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - <p>Encrypt <em>string</em> with the private key. <em>padding</em> defaults to PKCS1_PADDING. The encrypted string output can be decrypted using <a href="RSA.html#method-i-public_decrypt"><code>public_decrypt</code></a>.</p> + <p>Encrypt <code>string</code> with the private key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>. The encrypted string output can be decrypted using <a href="RSA.html#method-i-public_decrypt"><code>public_decrypt</code></a>.</p> - <div class="method-source-code" id="private_encrypt-source"> - <pre>static VALUE -ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a>, and <a href="PKey.html#method-i-verify_recover"><code>PKey::PKey#verify_recover</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - if (!RSA_PRIVATE(self, rsa)) - ossl_raise(eRSAError, "private key needed."); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="private_encrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 364</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">private_encrypt</span>(<span class="ruby-identifier">string</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-identifier">private?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"private key needed."</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">sign_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">string</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -636,32 +554,22 @@ ossl_rsa_is_public(VALUE self) </div> <div class="method-description"> - <p>Decrypt <em>string</em>, which has been encrypted with the private key, with the public key. <em>padding</em> defaults to PKCS1_PADDING.</p> + <p>Decrypt <code>string</code>, which has been encrypted with the private key, with the public key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>.</p> - <div class="method-source-code" id="public_decrypt-source"> - <pre>static VALUE -ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a>, and <a href="PKey.html#method-i-verify_recover"><code>PKey::PKey#verify_recover</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="public_decrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 386</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_decrypt</span>(<span class="ruby-identifier">string</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">verify_recover</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">string</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -682,32 +590,22 @@ ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - <p>Encrypt <em>string</em> with the public key. <em>padding</em> defaults to PKCS1_PADDING. The encrypted string output can be decrypted using <a href="RSA.html#method-i-private_decrypt"><code>private_decrypt</code></a>.</p> + <p>Encrypt <code>string</code> with the public key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>. The encrypted string output can be decrypted using <a href="RSA.html#method-i-private_decrypt"><code>private_decrypt</code></a>.</p> - <div class="method-source-code" id="public_encrypt-source"> - <pre>static VALUE -ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-encrypt"><code>PKey::PKey#encrypt</code></a> and <a href="PKey.html#method-i-decrypt"><code>PKey::PKey#decrypt</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="public_encrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 407</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_encrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">encrypt</span>(<span class="ruby-identifier">data</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -717,32 +615,23 @@ ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self) <div id="method-i-public_key" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - public_key → RSA + public_key → rsanew </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Makes new <a href="RSA.html"><code>RSA</code></a> instance containing the public key from the private key.</p> + <p>Returns a new <a href="RSA.html"><code>RSA</code></a> instance that carries just the public key components.</p> - <div class="method-source-code" id="public_key-source"> - <pre>static VALUE -ossl_rsa_to_public_key(VALUE self) -{ - EVP_PKEY *pkey; - RSA *rsa; - VALUE obj; +<p>This method is provided for backwards compatibility. In most cases, there is no need to call this method.</p> - GetPKeyRSA(self, pkey); - /* err check performed by rsa_instance */ - rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey)); - obj = rsa_instance(rb_obj_class(self), rsa); - if (obj == Qfalse) { - RSA_free(rsa); - ossl_raise(eRSAError, NULL); - } - return obj; -}</pre> +<p>For the purpose of serializing the public key, to PEM or DER encoding of X.509 SubjectPublicKeyInfo format, check <a href="PKey.html#method-i-public_to_pem"><code>PKey#public_to_pem</code></a> and <a href="PKey.html#method-i-public_to_der"><code>PKey#public_to_der</code></a>.</p> + + <div class="method-source-code" id="public_key-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 319</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_key</span> + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">public_to_der</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -829,7 +718,7 @@ ossl_rsa_to_public_key(VALUE self) <pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">"Sign me!"</span> <span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) <span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign_pss</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">data</span>, <span class="ruby-value">salt_length:</span> <span class="ruby-value">:max</span>, <span class="ruby-value">mgf1_hash:</span> <span class="ruby-string">"SHA256"</span>) -<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_key</span> +<span class="ruby-identifier">pub_key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_to_der</span>) <span class="ruby-identifier">puts</span> <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">verify_pss</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">data</span>, <span class="ruby-value">salt_length:</span> <span class="ruby-value">:auto</span>, <span class="ruby-value">mgf1_hash:</span> <span class="ruby-string">"SHA256"</span>) <span class="ruby-comment"># => true</span> </pre> @@ -919,30 +808,10 @@ ossl_rsa_sign_pss(int argc, VALUE *argv, VALUE self) <pre>static VALUE ossl_rsa_to_der(VALUE self) { - RSA *rsa; - const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; - int (*i2d_func)(const RSA *, unsigned char **); - unsigned char *ptr; - long len; - VALUE str; - - GetRSA(self, rsa); - RSA_get0_key(rsa, &n, &e, &d); - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); - if (n && e && d && p && q && dmp1 && dmq1 && iqmp) - i2d_func = i2d_RSAPrivateKey; + if (can_export_rsaprivatekey(self)) + return ossl_pkey_export_traditional(0, NULL, self, 1); else - i2d_func = (int (*)(const RSA *, unsigned char **))i2d_RSA_PUBKEY; - if((len = i2d_func(rsa, NULL)) <= 0) - ossl_raise(eRSAError, NULL); - str = rb_str_new(0, len); - ptr = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(rsa, &ptr) < 0) - ossl_raise(eRSAError, NULL); - ossl_str_adjust(str, ptr); - - return str; + return ossl_pkey_export_spki(self, 1); }</pre> </div> </div> @@ -986,47 +855,6 @@ ossl_rsa_to_der(VALUE self) </div> </div> - <div id="method-i-to_text" class="method-detail "> - <div class="method-heading"> - <span class="method-callseq"> - to_text → String - </span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - <p>THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!</p> - -<p>Dumps all parameters of a keypair to a String</p> - -<p>Don’t use :-)) (It’s up to you)</p> - - <div class="method-source-code" id="to_text-source"> - <pre>static VALUE -ossl_rsa_to_text(VALUE self) -{ - RSA *rsa; - BIO *out; - VALUE str; - - GetRSA(self, rsa); - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eRSAError, NULL); - } - if (!RSA_print(out, rsa, 0)) { /* offset = 0 */ - BIO_free(out); - ossl_raise(eRSAError, NULL); - } - str = ossl_membio2str(out); - - return str; -}</pre> - </div> - </div> - - - </div> - <div id="method-i-verify_pss" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> diff --git a/OpenSSL/SSL.html b/OpenSSL/SSL.html index 0482e0ee..f33fccea 100644 --- a/OpenSSL/SSL.html +++ b/OpenSSL/SSL.html @@ -94,6 +94,8 @@ <dl> <dt id="OP_ALL">OP_ALL <dd> + <dt id="OP_ALLOW_CLIENT_RENEGOTIATION">OP_ALLOW_CLIENT_RENEGOTIATION + <dd> <dt id="OP_ALLOW_NO_DHE_KEX">OP_ALLOW_NO_DHE_KEX <dd> <dt id="OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION">OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION @@ -102,14 +104,24 @@ <dd> <dt id="OP_CISCO_ANYCONNECT">OP_CISCO_ANYCONNECT <dd> + <dt id="OP_CLEANSE_PLAINTEXT">OP_CLEANSE_PLAINTEXT + <dd> <dt id="OP_COOKIE_EXCHANGE">OP_COOKIE_EXCHANGE <dd> <dt id="OP_CRYPTOPRO_TLSEXT_BUG">OP_CRYPTOPRO_TLSEXT_BUG <dd> + <dt id="OP_DISABLE_TLSEXT_CA_NAMES">OP_DISABLE_TLSEXT_CA_NAMES + <dd> <dt id="OP_DONT_INSERT_EMPTY_FRAGMENTS">OP_DONT_INSERT_EMPTY_FRAGMENTS <dd> + <dt id="OP_ENABLE_KTLS">OP_ENABLE_KTLS + <dd> + <dt id="OP_ENABLE_MIDDLEBOX_COMPAT">OP_ENABLE_MIDDLEBOX_COMPAT + <dd> <dt id="OP_EPHEMERAL_RSA">OP_EPHEMERAL_RSA <dd><p>Deprecated in <a href="../OpenSSL.html"><code>OpenSSL</code></a> 1.0.1k and 1.0.2.</p> + <dt id="OP_IGNORE_UNEXPECTED_EOF">OP_IGNORE_UNEXPECTED_EOF + <dd> <dt id="OP_LEGACY_SERVER_CONNECT">OP_LEGACY_SERVER_CONNECT <dd> <dt id="OP_MICROSOFT_BIG_SSLV3_BUFFER">OP_MICROSOFT_BIG_SSLV3_BUFFER @@ -126,6 +138,8 @@ <dd><p>Deprecated in <a href="../OpenSSL.html"><code>OpenSSL</code></a> 1.1.0.</p> <dt id="OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG">OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG <dd><p>Deprecated in <a href="../OpenSSL.html"><code>OpenSSL</code></a> 0.9.8q and 1.0.0c.</p> + <dt id="OP_NO_ANTI_REPLAY">OP_NO_ANTI_REPLAY + <dd> <dt id="OP_NO_COMPRESSION">OP_NO_COMPRESSION <dd> <dt id="OP_NO_ENCRYPT_THEN_MAC">OP_NO_ENCRYPT_THEN_MAC @@ -154,6 +168,8 @@ <dd><p>Deprecated in <a href="../OpenSSL.html"><code>OpenSSL</code></a> 1.0.1.</p> <dt id="OP_PKCS1_CHECK_2">OP_PKCS1_CHECK_2 <dd><p>Deprecated in <a href="../OpenSSL.html"><code>OpenSSL</code></a> 1.0.1.</p> + <dt id="OP_PRIORITIZE_CHACHA">OP_PRIORITIZE_CHACHA + <dd> <dt id="OP_SAFARI_ECDHE_ECDSA_BUG">OP_SAFARI_ECDHE_ECDSA_BUG <dd> <dt id="OP_SINGLE_DH_USE">OP_SINGLE_DH_USE @@ -213,7 +229,7 @@ <div class="method-source-code" id="verify_certificate_identity-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 269</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 273</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">verify_certificate_identity</span>(<span class="ruby-identifier">cert</span>, <span class="ruby-identifier">hostname</span>) <span class="ruby-identifier">should_verify_common_name</span> = <span class="ruby-keyword">true</span> <span class="ruby-identifier">cert</span>.<span class="ruby-identifier">extensions</span>.<span class="ruby-identifier">each</span>{<span class="ruby-operator">|</span><span class="ruby-identifier">ext</span><span class="ruby-operator">|</span> diff --git a/OpenSSL/SSL/SSLContext.html b/OpenSSL/SSL/SSLContext.html index c80edeca..255b65f1 100644 --- a/OpenSSL/SSL/SSLContext.html +++ b/OpenSSL/SSL/SSLContext.html @@ -96,6 +96,7 @@ <li ><a href="#method-i-set_params">#set_params</a> <li ><a href="#method-i-setup">#setup</a> <li ><a href="#method-i-ssl_version-3D">#ssl_version=</a> + <li ><a href="#method-i-tmp_dh-3D">#tmp_dh=</a> </ul> </div> @@ -417,25 +418,13 @@ </div> <div class="method-description"> - <p>A callback invoked when DH parameters are required.</p> + <p>A callback invoked when DH parameters are required for ephemeral DH key exchange.</p> -<p>The callback is invoked with the <a href="Session.html"><code>Session</code></a> for the key exchange, an flag indicating the use of an export cipher and the keylength required.</p> +<p>The callback is invoked with the <a href="SSLSocket.html"><code>SSLSocket</code></a>, a flag indicating the use of an export cipher and the keylength required.</p> <p>The callback must return an <a href="../PKey/DH.html"><code>OpenSSL::PKey::DH</code></a> instance of the correct key length.</p> - </div> - </div> - <div id="attribute-i-tmp_ecdh_callback" class="method-detail"> - <div class="method-heading attribute-method-heading"> - <span class="method-name">tmp_ecdh_callback</span><span - class="attribute-access-type">[RW]</span> - </div> - - <div class="method-description"> - <p>A callback invoked when ECDH parameters are required.</p> - -<p>The callback is invoked with the <a href="Session.html"><code>Session</code></a> for the key exchange, an flag indicating the use of an export cipher and the keylength required.</p> -<p>The callback is deprecated. This does not work with recent versions of <a href="../../OpenSSL.html"><code>OpenSSL</code></a>. Use <a href="SSLContext.html#method-i-ecdh_curves-3D"><code>OpenSSL::SSL::SSLContext#ecdh_curves=</code></a> instead.</p> +<p><strong>Deprecated in version 3.0.</strong> Use <a href="SSLContext.html#method-i-tmp_dh-3D"><code>tmp_dh=</code></a> instead.</p> </div> </div> <div id="attribute-i-verify_callback" class="method-detail"> @@ -522,10 +511,12 @@ <p>If an argument is given, <a href="SSLContext.html#method-i-ssl_version-3D"><code>ssl_version=</code></a> is called with the value. Note that this form is deprecated. New applications should use <a href="SSLContext.html#method-i-min_version-3D"><code>min_version=</code></a> and <a href="SSLContext.html#method-i-max_version-3D"><code>max_version=</code></a> as necessary.</p> <div class="method-source-code" id="new-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 122</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 124</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(<span class="ruby-identifier">version</span> = <span class="ruby-keyword">nil</span>) <span class="ruby-keyword">self</span>.<span class="ruby-identifier">options</span> <span class="ruby-operator">|=</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">OP_ALL</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">ssl_version</span> = <span class="ruby-identifier">version</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">version</span> + <span class="ruby-keyword">self</span>.<span class="ruby-identifier">verify_mode</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">VERIFY_NONE</span> + <span class="ruby-keyword">self</span>.<span class="ruby-identifier">verify_hostname</span> = <span class="ruby-keyword">false</span> <span class="ruby-keyword">end</span></pre> </div> </div> @@ -543,7 +534,7 @@ <div id="method-i-add_certificate" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - add_certificate(certiticate, pkey [, extra_certs]) → self + add_certificate(certificate, pkey [, extra_certs]) → self </span> <span class="method-click-advice">click to toggle source</span> </div> @@ -579,10 +570,6 @@ ecdsa_pkey = ... another_ca_cert = ... ctx.add_certificate(ecdsa_cert, ecdsa_pkey, [another_ca_cert])</pre> -<h3 id="method-i-add_certificate-label-Note">Note<span><a href="#method-i-add_certificate-label-Note">¶</a> <a href="#top">↑</a></span></h3> - -<p><a href="../../OpenSSL.html"><code>OpenSSL</code></a> before the version 1.0.2 could handle only one extra chain across all key types. Calling this method discards the chain set previously.</p> - <div class="method-source-code" id="add_certificate-source"> <pre>static VALUE ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) @@ -607,7 +594,7 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) EVP_PKEY_free(pub_pkey); if (!pub_pkey) rb_raise(rb_eArgError, "certificate does not contain public key"); - if (EVP_PKEY_cmp(pub_pkey, pkey) != 1) + if (EVP_PKEY_eq(pub_pkey, pkey) != 1) rb_raise(rb_eArgError, "public key mismatch"); if (argc >= 3) @@ -621,34 +608,9 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) sk_X509_pop_free(extra_chain, X509_free); ossl_raise(eSSLError, "SSL_CTX_use_PrivateKey"); } - - if (extra_chain) { -#if OPENSSL_VERSION_NUMBER >= 0x10002000 && !defined(LIBRESSL_VERSION_NUMBER) - if (!SSL_CTX_set0_chain(ctx, extra_chain)) { - sk_X509_pop_free(extra_chain, X509_free); - ossl_raise(eSSLError, "SSL_CTX_set0_chain"); - } -#else - STACK_OF(X509) *orig_extra_chain; - X509 *x509_tmp; - - /* First, clear the existing chain */ - SSL_CTX_get_extra_chain_certs(ctx, &orig_extra_chain); - if (orig_extra_chain && sk_X509_num(orig_extra_chain)) { - rb_warning("SSL_CTX_set0_chain() is not available; " \ - "clearing previously set certificate chain"); - SSL_CTX_clear_extra_chain_certs(ctx); - } - while ((x509_tmp = sk_X509_shift(extra_chain))) { - /* Transfers ownership */ - if (!SSL_CTX_add_extra_chain_cert(ctx, x509_tmp)) { - X509_free(x509_tmp); - sk_X509_pop_free(extra_chain, X509_free); - ossl_raise(eSSLError, "SSL_CTX_add_extra_chain_cert"); - } - } - sk_X509_free(extra_chain); -#endif + if (extra_chain && !SSL_CTX_set0_chain(ctx, extra_chain)) { + sk_X509_pop_free(extra_chain, X509_free); + ossl_raise(eSSLError, "SSL_CTX_set0_chain"); } return self; }</pre> @@ -770,8 +732,6 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v) <p>For a TLS client, the list is directly used in the Supported Elliptic Curves Extension. For a server, the list is used by <a href="../../OpenSSL.html"><code>OpenSSL</code></a> to determine the set of shared curves. <a href="../../OpenSSL.html"><code>OpenSSL</code></a> will pick the most appropriate one from it.</p> -<p>Note that this works differently with old <a href="../../OpenSSL.html"><code>OpenSSL</code></a> (<= 1.0.1). Only one curve can be set, and this has no effect for TLS clients.</p> - <h3 id="method-i-ecdh_curves-3D-label-Example">Example<span><a href="#method-i-ecdh_curves-3D-label-Example">¶</a> <a href="#top">↑</a></span></h3> <pre class="ruby"><span class="ruby-identifier">ctx1</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSLContext</span>.<span class="ruby-identifier">new</span> @@ -798,48 +758,8 @@ ossl_sslctx_set_ecdh_curves(VALUE self, VALUE arg) GetSSLCTX(self, ctx); StringValueCStr(arg); -#if defined(HAVE_SSL_CTX_SET1_CURVES_LIST) if (!SSL_CTX_set1_curves_list(ctx, RSTRING_PTR(arg))) ossl_raise(eSSLError, NULL); -#else - /* OpenSSL does not have SSL_CTX_set1_curves_list()... Fallback to - * SSL_CTX_set_tmp_ecdh(). So only the first curve is used. */ - { - VALUE curve, splitted; - EC_KEY *ec; - int nid; - - splitted = rb_str_split(arg, ":"); - if (!RARRAY_LEN(splitted)) - ossl_raise(eSSLError, "invalid input format"); - curve = RARRAY_AREF(splitted, 0); - StringValueCStr(curve); - - /* SSL_CTX_set1_curves_list() accepts NIST names */ - nid = EC_curve_nist2nid(RSTRING_PTR(curve)); - if (nid == NID_undef) - nid = OBJ_txt2nid(RSTRING_PTR(curve)); - if (nid == NID_undef) - ossl_raise(eSSLError, "unknown curve name"); - - ec = EC_KEY_new_by_curve_name(nid); - if (!ec) - ossl_raise(eSSLError, NULL); - EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); - if (!SSL_CTX_set_tmp_ecdh(ctx, ec)) { - EC_KEY_free(ec); - ossl_raise(eSSLError, "SSL_CTX_set_tmp_ecdh"); - } - EC_KEY_free(ec); -# if defined(HAVE_SSL_CTX_SET_ECDH_AUTO) - /* tmp_ecdh and ecdh_auto conflict. tmp_ecdh is ignored when ecdh_auto - * is enabled. So disable ecdh_auto. */ - if (!SSL_CTX_set_ecdh_auto(ctx, 0)) - ossl_raise(eSSLError, "SSL_CTX_set_ecdh_auto"); -# endif - } -#endif - return arg; }</pre> </div> @@ -956,7 +876,7 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self) <p>Sets the upper bound of the supported SSL/TLS protocol version. See <a href="SSLContext.html#method-i-min_version-3D"><code>min_version=</code></a> for the possible values.</p> <div class="method-source-code" id="max_version-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 183</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 187</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">max_version=</span>(<span class="ruby-identifier">version</span>) <span class="ruby-identifier">set_minmax_proto_version</span>(<span class="ruby-ivar">@min_proto_version</span> <span class="ruby-operator">||=</span> <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">version</span>) <span class="ruby-ivar">@max_proto_version</span> = <span class="ruby-identifier">version</span> @@ -1001,7 +921,7 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self) </pre> <div class="method-source-code" id="min_version-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 171</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 175</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">min_version=</span>(<span class="ruby-identifier">version</span>) <span class="ruby-identifier">set_minmax_proto_version</span>(<span class="ruby-identifier">version</span>, <span class="ruby-ivar">@max_proto_version</span> <span class="ruby-operator">||=</span> <span class="ruby-keyword">nil</span>) <span class="ruby-ivar">@min_proto_version</span> = <span class="ruby-identifier">version</span> @@ -1417,7 +1337,7 @@ ossl_sslctx_session_remove(VALUE self, VALUE arg) <p>If the <a href="SSLContext.html#attribute-i-verify_mode"><code>verify_mode</code></a> is not VERIFY_NONE and <a href="SSLContext.html#attribute-i-ca_file"><code>ca_file</code></a>, <a href="SSLContext.html#attribute-i-ca_path"><code>ca_path</code></a> and <a href="SSLContext.html#attribute-i-cert_store"><code>cert_store</code></a> are not set then the system default certificate store is used.</p> <div class="method-source-code" id="set_params-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 139</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 143</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">set_params</span>(<span class="ruby-identifier">params</span>={}) <span class="ruby-identifier">params</span> = <span class="ruby-constant">DEFAULT_PARAMS</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">params</span>) <span class="ruby-keyword">self</span>.<span class="ruby-identifier">options</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-value">:options</span>) <span class="ruby-comment"># set before min_version/max_version</span> @@ -1470,26 +1390,6 @@ ossl_sslctx_setup(VALUE self) SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback); #endif -#if !defined(OPENSSL_NO_EC) - /* We added SSLContext#tmp_ecdh_callback= in Ruby 2.3.0, - * but SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0. */ - if (RTEST(rb_attr_get(self, id_i_tmp_ecdh_callback))) { -# if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) - rb_warn("#tmp_ecdh_callback= is deprecated; use #ecdh_curves= instead"); - SSL_CTX_set_tmp_ecdh_callback(ctx, ossl_tmp_ecdh_callback); -# if defined(HAVE_SSL_CTX_SET_ECDH_AUTO) - /* tmp_ecdh_callback and ecdh_auto conflict; OpenSSL ignores - * tmp_ecdh_callback. So disable ecdh_auto. */ - if (!SSL_CTX_set_ecdh_auto(ctx, 0)) - ossl_raise(eSSLError, "SSL_CTX_set_ecdh_auto"); -# endif -# else - ossl_raise(eSSLError, "OpenSSL does not support tmp_ecdh_callback; " - "use #ecdh_curves= instead"); -# endif - } -#endif /* OPENSSL_NO_EC */ - #ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH SSL_CTX_set_post_handshake_auth(ctx, 1); #endif @@ -1498,17 +1398,7 @@ ossl_sslctx_setup(VALUE self) if (!NIL_P(val)) { X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */ SSL_CTX_set_cert_store(ctx, store); -#if !defined(HAVE_X509_STORE_UP_REF) - /* - * WORKAROUND: - * X509_STORE can count references, but - * X509_STORE_free() doesn't care it. - * So we won't increment it but mark it by ex_data. - */ - SSL_CTX_set_ex_data(ctx, ossl_sslctx_ex_store_p, ctx); -#else /* Fixed in OpenSSL 1.0.2; bff9ce4db38b (master), 5b4b9ce976fc (1.0.2) */ X509_STORE_up_ref(store); -#endif } val = rb_attr_get(self, id_i_extra_chain_cert); @@ -1559,10 +1449,17 @@ ossl_sslctx_setup(VALUE self) ca_file = NIL_P(val) ? NULL : StringValueCStr(val); val = rb_attr_get(self, id_i_ca_path); ca_path = NIL_P(val) ? NULL : StringValueCStr(val); +#ifdef HAVE_SSL_CTX_LOAD_VERIFY_FILE + if (ca_file && !SSL_CTX_load_verify_file(ctx, ca_file)) + ossl_raise(eSSLError, "SSL_CTX_load_verify_file"); + if (ca_path && !SSL_CTX_load_verify_dir(ctx, ca_path)) + ossl_raise(eSSLError, "SSL_CTX_load_verify_dir"); +#else if(ca_file || ca_path){ if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path)) rb_warning("can't set verify locations"); } +#endif val = rb_attr_get(self, id_i_verify_mode); verify_mode = NIL_P(val) ? SSL_VERIFY_NONE : NUM2INT(val); @@ -1590,7 +1487,6 @@ ossl_sslctx_setup(VALUE self) } #endif -#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB val = rb_attr_get(self, id_i_alpn_protocols); if (!NIL_P(val)) { VALUE rprotos = ssl_encode_npn_protocols(val); @@ -1605,7 +1501,6 @@ ossl_sslctx_setup(VALUE self) SSL_CTX_set_alpn_select_cb(ctx, ssl_alpn_select_cb, (void *) self); OSSL_Debug("SSL ALPN select callback added"); } -#endif rb_obj_freeze(self); @@ -1669,7 +1564,7 @@ ossl_sslctx_setup(VALUE self) <p>As the name hints, this used to call the SSL_CTX_set_ssl_version() function which sets the <a href="../SSL.html"><code>SSL</code></a> method used for connections created from the context. As of Ruby/OpenSSL 2.1, this accessor method is implemented to call <a href="SSLContext.html#method-i-min_version-3D"><code>min_version=</code></a> and <a href="SSLContext.html#method-i-max_version-3D"><code>max_version=</code></a> instead.</p> <div class="method-source-code" id="ssl_version-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 202</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 206</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">ssl_version=</span>(<span class="ruby-identifier">meth</span>) <span class="ruby-identifier">meth</span> = <span class="ruby-identifier">meth</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">meth</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Symbol</span>) <span class="ruby-keyword">if</span> <span class="ruby-regexp">/(?<type>_client|_server)\z/</span> <span class="ruby-operator">=~</span> <span class="ruby-identifier">meth</span> @@ -1689,6 +1584,60 @@ ossl_sslctx_setup(VALUE self) </div> + <div id="method-i-tmp_dh-3D" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + tmp_dh = pkey + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + <p>Sets DH parameters used for ephemeral DH key exchange. This is relevant for servers only.</p> + +<p><code>pkey</code> is an instance of <a href="../PKey/DH.html"><code>OpenSSL::PKey::DH</code></a>. Note that key components contained in the key object, if any, are ignored. The server will always generate a new key pair for each handshake.</p> + +<p>Added in version 3.0. See also the man page SSL_set0_tmp_dh_pkey(3).</p> + +<p>Example:</p> + +<pre class="ruby"><span class="ruby-identifier">ctx</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSLContext</span>.<span class="ruby-identifier">new</span> +<span class="ruby-identifier">ctx</span>.<span class="ruby-identifier">tmp_dh</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">DH</span>.<span class="ruby-identifier">generate</span>(<span class="ruby-value">2048</span>) +<span class="ruby-identifier">svr</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSLServer</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">tcp_svr</span>, <span class="ruby-identifier">ctx</span>) +<span class="ruby-constant">Thread</span>.<span class="ruby-identifier">new</span> { <span class="ruby-identifier">svr</span>.<span class="ruby-identifier">accept</span> } +</pre> + + <div class="method-source-code" id="tmp_dh-3D-source"> + <pre>static VALUE +ossl_sslctx_set_tmp_dh(VALUE self, VALUE arg) +{ + SSL_CTX *ctx; + EVP_PKEY *pkey; + + rb_check_frozen(self); + GetSSLCTX(self, ctx); + pkey = GetPKeyPtr(arg); + + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) + rb_raise(eSSLError, "invalid pkey type %s (expected DH)", + OBJ_nid2sn(EVP_PKEY_base_id(pkey))); +#ifdef HAVE_SSL_SET0_TMP_DH_PKEY + if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkey)) + ossl_raise(eSSLError, "SSL_CTX_set0_tmp_dh_pkey"); + EVP_PKEY_up_ref(pkey); +#else + if (!SSL_CTX_set_tmp_dh(ctx, EVP_PKEY_get0_DH(pkey))) + ossl_raise(eSSLError, "SSL_CTX_set_tmp_dh"); +#endif + + return arg; +}</pre> + </div> + </div> + + + </div> + </section> </section> diff --git a/OpenSSL/SSL/SSLSocket.html b/OpenSSL/SSL/SSLSocket.html index 99610994..2f297e4f 100644 --- a/OpenSSL/SSL/SSLSocket.html +++ b/OpenSSL/SSL/SSLSocket.html @@ -233,6 +233,7 @@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self) if (rb_respond_to(io, rb_intern("nonblock="))) rb_funcall(io, rb_intern("nonblock="), 1, Qtrue); + Check_Type(io, T_FILE); rb_ivar_set(self, id_i_io, io); ssl = SSL_new(ctx); @@ -271,7 +272,7 @@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - <p>Waits for a SSL/TLS client to initiate a handshake. The handshake may be started after unencrypted data has been sent over the socket.</p> + <p>Waits for a SSL/TLS client to initiate a handshake.</p> <div class="method-source-code" id="accept-source"> <pre>static VALUE @@ -467,7 +468,7 @@ ossl_ssl_get_client_ca_list(VALUE self) </div> <div class="method-description"> - <p>Initiates an SSL/TLS handshake with a server. The handshake may be started after unencrypted data has been sent over the socket.</p> + <p>Initiates an SSL/TLS handshake with a server.</p> <div class="method-source-code" id="connect-source"> <pre>static VALUE @@ -783,7 +784,7 @@ ossl_ssl_pending(VALUE self) <p>This method MUST be called after calling <a href="SSLSocket.html#method-i-connect"><code>connect</code></a> to ensure that the hostname of a remote peer has been verified.</p> <div class="method-source-code" id="post_connection_check-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 390</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 394</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">post_connection_check</span>(<span class="ruby-identifier">hostname</span>) <span class="ruby-keyword">if</span> <span class="ruby-identifier">peer_cert</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-identifier">msg</span> = <span class="ruby-string">"Peer verification enabled, but no certificate received."</span> @@ -817,7 +818,7 @@ ossl_ssl_pending(VALUE self) <p>Returns the SSLSession object currently used, or nil if the session is not established.</p> <div class="method-source-code" id="session-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 411</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 415</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">session</span> <span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Session</span>.<span class="ruby-identifier">new</span>(<span class="ruby-keyword">self</span>) <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Session</span><span class="ruby-operator">::</span><span class="ruby-constant">SessionError</span> @@ -962,7 +963,7 @@ ossl_ssl_get_state(VALUE self) <p>If <a href="SSLSocket.html#attribute-i-sync_close"><code>sync_close</code></a> is set to <code>true</code>, the underlying <a href="../../IO.html"><code>IO</code></a> is also closed.</p> <div class="method-source-code" id="sysclose-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 377</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 381</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">sysclose</span> <span class="ruby-keyword">return</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">closed?</span> <span class="ruby-identifier">stop</span> diff --git a/OpenSSL/SSL/Session.html b/OpenSSL/SSL/Session.html index b593fe5b..c4770f1d 100644 --- a/OpenSSL/SSL/Session.html +++ b/OpenSSL/SSL/Session.html @@ -126,43 +126,38 @@ <p>Creates a new <a href="Session.html"><code>Session</code></a> object from an instance of <a href="SSLSocket.html"><code>SSLSocket</code></a> or DER/PEM encoded String.</p> <div class="method-source-code" id="new-source"> - <pre>static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1) + <pre>static VALUE +ossl_ssl_session_initialize(VALUE self, VALUE arg1) { - SSL_SESSION *ctx = NULL; - - if (RDATA(self)->data) - ossl_raise(eSSLSession, "SSL Session already initialized"); - - if (rb_obj_is_instance_of(arg1, cSSLSocket)) { - SSL *ssl; - - GetSSL(arg1, ssl); + SSL_SESSION *ctx; - if ((ctx = SSL_get1_session(ssl)) == NULL) - ossl_raise(eSSLSession, "no session available"); - } else { - BIO *in = ossl_obj2bio(&arg1); + if (RTYPEDDATA_DATA(self)) + ossl_raise(eSSLSession, "SSL Session already initialized"); - ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); + if (rb_obj_is_instance_of(arg1, cSSLSocket)) { + SSL *ssl; - if (!ctx) { - OSSL_BIO_reset(in); - ctx = d2i_SSL_SESSION_bio(in, NULL); - } + GetSSL(arg1, ssl); - BIO_free(in); + if ((ctx = SSL_get1_session(ssl)) == NULL) + ossl_raise(eSSLSession, "no session available"); + } + else { + BIO *in = ossl_obj2bio(&arg1); - if (!ctx) - ossl_raise(rb_eArgError, "unknown type"); + ctx = d2i_SSL_SESSION_bio(in, NULL); + if (!ctx) { + OSSL_BIO_reset(in); + ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); } + BIO_free(in); + if (!ctx) + ossl_raise(rb_eArgError, "unknown type"); + } - /* should not happen */ - if (ctx == NULL) - ossl_raise(eSSLSession, "ctx not set - internal error"); - - RDATA(self)->data = ctx; + RTYPEDDATA_DATA(self) = ctx; - return self; + return self; }</pre> </div> </div> diff --git a/OpenSSL/SSL/SocketForwarder.html b/OpenSSL/SSL/SocketForwarder.html index 1ae9719e..560dd917 100644 --- a/OpenSSL/SSL/SocketForwarder.html +++ b/OpenSSL/SSL/SocketForwarder.html @@ -111,7 +111,7 @@ <div class="method-source-code" id="addr-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 240</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 244</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">addr</span> <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">addr</span> <span class="ruby-keyword">end</span></pre> @@ -132,7 +132,7 @@ <div class="method-source-code" id="closed-3F-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 260</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 264</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">closed?</span> <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">closed?</span> <span class="ruby-keyword">end</span></pre> @@ -153,7 +153,7 @@ <div class="method-source-code" id="do_not_reverse_lookup-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 264</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 268</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">do_not_reverse_lookup=</span>(<span class="ruby-identifier">flag</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">do_not_reverse_lookup</span> = <span class="ruby-identifier">flag</span> <span class="ruby-keyword">end</span></pre> @@ -174,7 +174,7 @@ <div class="method-source-code" id="fcntl-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 256</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 260</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">fcntl</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">args</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">fcntl</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">args</span>) <span class="ruby-keyword">end</span></pre> @@ -195,7 +195,7 @@ <p>The file descriptor for the socket.</p> <div class="method-source-code" id="fileno-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 236</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 240</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">fileno</span> <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">fileno</span> <span class="ruby-keyword">end</span></pre> @@ -216,7 +216,7 @@ <div class="method-source-code" id="getsockopt-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 252</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 256</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">getsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">getsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>) <span class="ruby-keyword">end</span></pre> @@ -237,7 +237,7 @@ <div class="method-source-code" id="peeraddr-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 244</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 248</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">peeraddr</span> <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">peeraddr</span> <span class="ruby-keyword">end</span></pre> @@ -258,7 +258,7 @@ <div class="method-source-code" id="setsockopt-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 248</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 252</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">setsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>, <span class="ruby-identifier">optval</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">setsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>, <span class="ruby-identifier">optval</span>) <span class="ruby-keyword">end</span></pre> diff --git a/OpenSSL/Timestamp.html b/OpenSSL/Timestamp.html index 0d7815f4..7dfb7817 100644 --- a/OpenSSL/Timestamp.html +++ b/OpenSSL/Timestamp.html @@ -88,7 +88,7 @@ <pre class="ruby"><span class="ruby-comment">#Assumes ts.p12 is a PKCS#12-compatible file with a private key</span> <span class="ruby-comment">#and a certificate that has an extended key usage of 'timeStamping'</span> -<span class="ruby-identifier">p12</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKCS12</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">'ts.p12'</span>, <span class="ruby-string">'rb'</span>), <span class="ruby-string">'pwd'</span>) +<span class="ruby-identifier">p12</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKCS12</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'ts.p12'</span>), <span class="ruby-string">'pwd'</span>) <span class="ruby-identifier">md</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'SHA1'</span>) <span class="ruby-identifier">hash</span> = <span class="ruby-identifier">md</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-identifier">data</span>) <span class="ruby-comment">#some binary data to be timestamped</span> <span class="ruby-identifier">req</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Timestamp</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span> @@ -105,16 +105,16 @@ <h3 id="module-OpenSSL::Timestamp-label-Verify+a+timestamp+response-3A">Verify a timestamp response:<span><a href="#module-OpenSSL::Timestamp-label-Verify+a+timestamp+response-3A">¶</a> <a href="#top">↑</a></span></h3> <pre>#Assume we have a timestamp token in a file called ts.der -ts = OpenSSL::Timestamp::Response.new(File.open('ts.der', 'rb') +ts = OpenSSL::Timestamp::Response.new(File.binread('ts.der')) #Assume we have the Request for this token in a file called req.der -req = OpenSSL::Timestamp::Request.new(File.open('req.der', 'rb') +req = OpenSSL::Timestamp::Request.new(File.binread('req.der')) # Assume the associated root CA certificate is contained in a # DER-encoded file named root.cer -root = OpenSSL::X509::Certificate.new(File.open('root.cer', 'rb') +root = OpenSSL::X509::Certificate.new(File.binread('root.cer')) # get the necessary intermediate certificates, available in # DER-encoded form in inter1.cer and inter2.cer -inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb') -inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb') +inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer')) +inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer')) ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails</pre> </section> diff --git a/OpenSSL/Timestamp/Factory.html b/OpenSSL/Timestamp/Factory.html index ea33823f..816dd9f0 100644 --- a/OpenSSL/Timestamp/Factory.html +++ b/OpenSSL/Timestamp/Factory.html @@ -110,18 +110,19 @@ <p>Assume we received a timestamp request that has set <a href="Request.html#method-i-policy_id"><code>Request#policy_id</code></a> to <code>nil</code> and <a href="Request.html#method-i-cert_requested-3F"><code>Request#cert_requested?</code></a> to true. The raw request bytes are stored in a variable called <code>req_raw</code>. We’d still like to integrate the necessary intermediate certificates (in <code>inter1.cer</code> and <code>inter2.cer</code>) to simplify validation of the resulting <a href="Response.html"><code>Response</code></a>. <code>ts.p12</code> is a PKCS#12-compatible file including the private key and the timestamping certificate.</p> -<pre>req = OpenSSL::Timestamp::Request.new(raw_bytes) -p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd') -inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb') -inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb') -fac = OpenSSL::Timestamp::Factory.new -fac.gen_time = Time.now -fac.serial_number = 1 -fac.allowed_digests = ["sha256", "sha384", "sha512"] -#needed because the Request contained no policy identifier -fac.default_policy_id = '1.2.3.4.5' -fac.additional_certificates = [ inter1, inter2 ] -timestamp = fac.create_timestamp(p12.key, p12.certificate, req)</pre> +<pre class="ruby"><span class="ruby-identifier">req</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Timestamp</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">raw_bytes</span>) +<span class="ruby-identifier">p12</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKCS12</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'ts.p12'</span>), <span class="ruby-string">'pwd'</span>) +<span class="ruby-identifier">inter1</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'inter1.cer'</span>)) +<span class="ruby-identifier">inter2</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-string">'inter2.cer'</span>)) +<span class="ruby-identifier">fac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Timestamp</span><span class="ruby-operator">::</span><span class="ruby-constant">Factory</span>.<span class="ruby-identifier">new</span> +<span class="ruby-identifier">fac</span>.<span class="ruby-identifier">gen_time</span> = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span> +<span class="ruby-identifier">fac</span>.<span class="ruby-identifier">serial_number</span> = <span class="ruby-value">1</span> +<span class="ruby-identifier">fac</span>.<span class="ruby-identifier">allowed_digests</span> = [<span class="ruby-string">"sha256"</span>, <span class="ruby-string">"sha384"</span>, <span class="ruby-string">"sha512"</span>] +<span class="ruby-comment">#needed because the Request contained no policy identifier</span> +<span class="ruby-identifier">fac</span>.<span class="ruby-identifier">default_policy_id</span> = <span class="ruby-string">'1.2.3.4.5'</span> +<span class="ruby-identifier">fac</span>.<span class="ruby-identifier">additional_certificates</span> = [ <span class="ruby-identifier">inter1</span>, <span class="ruby-identifier">inter2</span> ] +<span class="ruby-identifier">timestamp</span> = <span class="ruby-identifier">fac</span>.<span class="ruby-identifier">create_timestamp</span>(<span class="ruby-identifier">p12</span>.<span class="ruby-identifier">key</span>, <span class="ruby-identifier">p12</span>.<span class="ruby-identifier">certificate</span>, <span class="ruby-identifier">req</span>) +</pre> <h2 id="class-OpenSSL::Timestamp::Factory-label-Attributes">Attributes<span><a href="#class-OpenSSL::Timestamp::Factory-label-Attributes">¶</a> <a href="#top">↑</a></span></h2> @@ -315,7 +316,7 @@ ossl_tsfac_create_ts(VALUE self, VALUE key, VALUE certificate, VALUE request) goto end; } if (!NIL_P(def_policy_id) && !TS_REQ_get_policy_id(req)) { - def_policy_id_obj = (ASN1_OBJECT*)rb_protect((VALUE (*)(VALUE))obj_to_asn1obj, (VALUE)def_policy_id, &status); + def_policy_id_obj = (ASN1_OBJECT*)rb_protect(obj_to_asn1obj_i, (VALUE)def_policy_id, &status); if (status) goto end; } @@ -357,7 +358,7 @@ ossl_tsfac_create_ts(VALUE self, VALUE key, VALUE certificate, VALUE request) for (i = 0; i < RARRAY_LEN(allowed_digests); i++) { rbmd = rb_ary_entry(allowed_digests, i); - md = (const EVP_MD *)rb_protect((VALUE (*)(VALUE))ossl_evp_get_digestbyname, rbmd, &status); + md = (const EVP_MD *)rb_protect(ossl_evp_get_digestbyname_i, rbmd, &status); if (status) goto end; TS_RESP_CTX_add_md(ctx, md); @@ -368,7 +369,7 @@ ossl_tsfac_create_ts(VALUE self, VALUE key, VALUE certificate, VALUE request) if (status) goto end; - req_bio = (BIO*)rb_protect((VALUE (*)(VALUE))ossl_obj2bio, (VALUE)&str, &status); + req_bio = (BIO*)rb_protect(ossl_obj2bio_i, (VALUE)&str, &status); if (status) goto end; @@ -392,7 +393,7 @@ end: ASN1_OBJECT_free(def_policy_id_obj); TS_RESP_CTX_free(ctx); if (err_msg) - ossl_raise(eTimestampError, err_msg); + rb_exc_raise(ossl_make_error(eTimestampError, rb_str_new_cstr(err_msg))); if (status) rb_jump_tag(status); return ret; diff --git a/OpenSSL/Timestamp/Response.html b/OpenSSL/Timestamp/Response.html index 166a9a74..ff9fd04f 100644 --- a/OpenSSL/Timestamp/Response.html +++ b/OpenSSL/Timestamp/Response.html @@ -531,17 +531,14 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self) X509_up_ref(cert); } - TS_VERIFY_CTS_set_certs(ctx, x509inter); + TS_VERIFY_CTX_set_certs(ctx, x509inter); TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE); TS_VERIFY_CTX_set_store(ctx, x509st); ok = TS_RESP_verify_response(ctx, resp); - - /* WORKAROUND: - * X509_STORE can count references, but X509_STORE_free() doesn't check - * this. To prevent our X509_STORE from being freed with our - * TS_VERIFY_CTX we set the store to NULL first. - * Fixed in OpenSSL 1.0.2; bff9ce4db38b (master), 5b4b9ce976fc (1.0.2) + /* + * TS_VERIFY_CTX_set_store() call above does not increment the reference + * counter, so it must be unset before TS_VERIFY_CTX_free() is called. */ TS_VERIFY_CTX_set_store(ctx, NULL); TS_VERIFY_CTX_free(ctx); diff --git a/OpenSSL/X509/Attribute.html b/OpenSSL/X509/Attribute.html index ceefd056..4d24b5fd 100644 --- a/OpenSSL/X509/Attribute.html +++ b/OpenSSL/X509/Attribute.html @@ -174,7 +174,7 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self) <div class="method-source-code" id="3D-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 312</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 330</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">==</span>(<span class="ruby-identifier">other</span>) <span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">unless</span> <span class="ruby-constant">Attribute</span> <span class="ruby-operator">===</span> <span class="ruby-identifier">other</span> <span class="ruby-identifier">to_der</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">to_der</span> diff --git a/OpenSSL/X509/CRL.html b/OpenSSL/X509/CRL.html index 238ac89a..1e49e0e3 100644 --- a/OpenSSL/X509/CRL.html +++ b/OpenSSL/X509/CRL.html @@ -146,23 +146,26 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) { BIO *in; - X509_CRL *crl, *x = DATA_PTR(self); + X509_CRL *crl, *crl_orig = RTYPEDDATA_DATA(self); VALUE arg; + rb_check_frozen(self); if (rb_scan_args(argc, argv, "01", &arg) == 0) { return self; } arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(&arg); - crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL); - DATA_PTR(self) = x; + crl = d2i_X509_CRL_bio(in, NULL); if (!crl) { OSSL_BIO_reset(in); - crl = d2i_X509_CRL_bio(in, &x); - DATA_PTR(self) = x; + crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); } BIO_free(in); - if (!crl) ossl_raise(eX509CRLError, NULL); + if (!crl) + ossl_raise(eX509CRLError, "PEM_read_bio_X509_CRL"); + + RTYPEDDATA_DATA(self) = crl; + X509_CRL_free(crl_orig); return self; }</pre> @@ -190,7 +193,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) <div class="method-source-code" id="3D-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 347</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 369</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">==</span>(<span class="ruby-identifier">other</span>) <span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">unless</span> <span class="ruby-constant">CRL</span> <span class="ruby-operator">===</span> <span class="ruby-identifier">other</span> <span class="ruby-identifier">to_der</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">to_der</span> diff --git a/OpenSSL/X509/Certificate.html b/OpenSSL/X509/Certificate.html index 6df5f9b3..5c0e16c1 100644 --- a/OpenSSL/X509/Certificate.html +++ b/OpenSSL/X509/Certificate.html @@ -94,6 +94,8 @@ <h3>Methods</h3> <ul class="link-list" role="directory"> + <li ><a href="#method-c-load">::load</a> + <li ><a href="#method-c-load_file">::load_file</a> <li ><a href="#method-c-new">::new</a> <li ><a href="#method-i-3D-3D">#==</a> <li ><a href="#method-i-add_extension">#add_extension</a> @@ -143,7 +145,7 @@ <p><a href="Certificate.html"><code>Certificate</code></a> is capable of handling DER-encoded certificates and certificates encoded in OpenSSL’s PEM format.</p> -<pre class="ruby"><span class="ruby-identifier">raw</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">"cert.cer"</span> <span class="ruby-comment"># DER- or PEM-encoded</span> +<pre class="ruby"><span class="ruby-identifier">raw</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span> <span class="ruby-string">"cert.cer"</span> <span class="ruby-comment"># DER- or PEM-encoded</span> <span class="ruby-identifier">certificate</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span> <span class="ruby-identifier">raw</span> </pre> @@ -222,6 +224,63 @@ <h3>Public Class Methods</h3> </header> + <div id="method-c-load" class="method-detail "> + <div class="method-heading"> + <span class="method-callseq"> + OpenSSL::X509::Certificate.load(string) → [certs...] + </span> + <span class="method-click-advice">click to toggle source</span> + </div> + <div class="method-heading"> + <span class="method-callseq"> + OpenSSL::X509::Certificate.load(file) → [certs...] + </span> + </div> + + <div class="method-description"> + <p>Read the chained certificates from the given input. Supports both PEM and DER encoded certificates.</p> + +<p>PEM is a text format and supports more than one certificate.</p> + +<p>DER is a binary format and only supports one certificate.</p> + +<p>If the file is empty, or contains only unrelated data, an <code>OpenSSL::X509::CertificateError</code> exception will be raised.</p> + + <div class="method-source-code" id="load-source"> + <pre>static VALUE +ossl_x509_load(VALUE klass, VALUE buffer) +{ + BIO *in = ossl_obj2bio(&buffer); + + return rb_ensure(load_chained_certificates, (VALUE)in, load_chained_certificates_ensure, (VALUE)in); +}</pre> + </div> + </div> + + + </div> + + <div id="method-c-load_file" class="method-detail "> + <div class="method-heading"> + <span class="method-name">load_file</span><span + class="method-args">(path)</span> + <span class="method-click-advice">click to toggle source</span> + </div> + + <div class="method-description"> + + + <div class="method-source-code" id="load_file-source"> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 360</span> +<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier ruby-title">load_file</span>(<span class="ruby-identifier">path</span>) + <span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">binread</span>(<span class="ruby-identifier">path</span>)) +<span class="ruby-keyword">end</span></pre> + </div> + </div> + + + </div> + <div id="method-c-new" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -243,24 +302,27 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self) { BIO *in; - X509 *x509, *x = DATA_PTR(self); + X509 *x509, *x509_orig = RTYPEDDATA_DATA(self); VALUE arg; + rb_check_frozen(self); if (rb_scan_args(argc, argv, "01", &arg) == 0) { /* create just empty X509Cert */ return self; } arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(&arg); - x509 = PEM_read_bio_X509(in, &x, NULL, NULL); - DATA_PTR(self) = x; + x509 = d2i_X509_bio(in, NULL); if (!x509) { OSSL_BIO_reset(in); - x509 = d2i_X509_bio(in, &x); - DATA_PTR(self) = x; + x509 = PEM_read_bio_X509(in, NULL, NULL, NULL); } BIO_free(in); - if (!x509) ossl_raise(eX509CertError, NULL); + if (!x509) + ossl_raise(eX509CertError, "PEM_read_bio_X509"); + + RTYPEDDATA_DATA(self) = x509; + X509_free(x509_orig); return self; }</pre> @@ -722,7 +784,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time) <div class="method-source-code" id="pretty_print-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 331</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 349</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">pretty_print</span>(<span class="ruby-identifier">q</span>) <span class="ruby-identifier">q</span>.<span class="ruby-identifier">object_group</span>(<span class="ruby-keyword">self</span>) { <span class="ruby-identifier">q</span>.<span class="ruby-identifier">breakable</span> diff --git a/OpenSSL/X509/ExtensionFactory.html b/OpenSSL/X509/ExtensionFactory.html index 4ba70ea7..f909b568 100644 --- a/OpenSSL/X509/ExtensionFactory.html +++ b/OpenSSL/X509/ExtensionFactory.html @@ -252,11 +252,10 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) GetX509ExtFactory(self, ctx); obj = NewX509Ext(cX509Ext); rconf = rb_iv_get(self, "@config"); - conf = NIL_P(rconf) ? NULL : DupConfigPtr(rconf); + conf = NIL_P(rconf) ? NULL : GetConfig(rconf); X509V3_set_nconf(ctx, conf); ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr)); X509V3_set_ctx_nodb(ctx); - NCONF_free(conf); if (!ext){ ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr); } diff --git a/OpenSSL/X509/Name.html b/OpenSSL/X509/Name.html index b3bf275c..abd2d5ff 100644 --- a/OpenSSL/X509/Name.html +++ b/OpenSSL/X509/Name.html @@ -114,7 +114,7 @@ <p>You can create a <a href="Name.html"><code>Name</code></a> by parsing a distinguished name String or by supplying the distinguished name as an Array.</p> -<pre class="ruby"><span class="ruby-identifier">name</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Name</span>.<span class="ruby-identifier">parse</span> <span class="ruby-string">'/CN=nobody/DC=example'</span> +<pre class="ruby"><span class="ruby-identifier">name</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Name</span>.<span class="ruby-identifier">parse_rfc2253</span> <span class="ruby-string">'DC=example,CN=nobody'</span> <span class="ruby-identifier">name</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Name</span>.<span class="ruby-identifier">new</span> [[<span class="ruby-string">'CN'</span>, <span class="ruby-string">'nobody'</span>], [<span class="ruby-string">'DC'</span>, <span class="ruby-string">'example'</span>]] </pre> @@ -260,10 +260,19 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - + <p>Parses the string representation of a distinguished name. Two different forms are supported:</p> +<ul><li> +<p>OpenSSL format (<code>X509_NAME_oneline()</code>) used by <code>#to_s</code>. For example: <code>/DC=com/DC=example/CN=nobody</code></p> +</li><li> +<p>OpenSSL format (<code>X509_NAME_print()</code>) used by <code>#to_s(OpenSSL::X509::Name::COMPAT)</code>. For example: <code>DC=com, DC=example, CN=nobody</code></p> +</li></ul> + +<p>Neither of them is standardized and has quirks and inconsistencies in handling of escaped characters or multi-valued RDNs.</p> + +<p>Use of this method is discouraged in new applications. See <a href="Name.html#method-c-parse_rfc2253"><code>Name.parse_rfc2253</code></a> and <a href="Name.html#method-i-to_utf8"><code>to_utf8</code></a> for the alternative.</p> <div class="method-source-code" id="parse_openssl-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 287</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 305</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">parse_openssl</span>(<span class="ruby-identifier">str</span>, <span class="ruby-identifier">template</span>=<span class="ruby-constant">OBJECT_TYPE_TEMPLATE</span>) <span class="ruby-keyword">if</span> <span class="ruby-identifier">str</span>.<span class="ruby-identifier">start_with?</span>(<span class="ruby-string">"/"</span>) <span class="ruby-comment"># /A=B/C=D format</span> @@ -291,10 +300,12 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - + <p>Parses the UTF-8 string representation of a distinguished name, according to RFC 2253.</p> + +<p>See also <a href="Name.html#method-i-to_utf8"><code>to_utf8</code></a> for the opposite operation.</p> <div class="method-source-code" id="parse_rfc2253-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 282</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 286</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">parse_rfc2253</span>(<span class="ruby-identifier">str</span>, <span class="ruby-identifier">template</span>=<span class="ruby-constant">OBJECT_TYPE_TEMPLATE</span>) <span class="ruby-identifier">ary</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Name</span><span class="ruby-operator">::</span><span class="ruby-constant">RFC2253DN</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-identifier">str</span>) <span class="ruby-keyword">self</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">ary</span>, <span class="ruby-identifier">template</span>) @@ -565,7 +576,7 @@ ossl_x509name_initialize_copy(VALUE self, VALUE other) <div class="method-source-code" id="pretty_print-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 301</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 319</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">pretty_print</span>(<span class="ruby-identifier">q</span>) <span class="ruby-identifier">q</span>.<span class="ruby-identifier">object_group</span>(<span class="ruby-keyword">self</span>) { <span class="ruby-identifier">q</span>.<span class="ruby-identifier">text</span> <span class="ruby-string">' '</span> @@ -697,7 +708,11 @@ ossl_x509name_to_der(VALUE self) <p><a href="Name.html#MULTILINE"><code>OpenSSL::X509::Name::MULTILINE</code></a></p> </li></ul> -<p>If <em>format</em> is omitted, the largely broken and traditional <a href="../../OpenSSL.html"><code>OpenSSL</code></a> format is used.</p> +<p>If <em>format</em> is omitted, the largely broken and traditional <a href="../../OpenSSL.html"><code>OpenSSL</code></a> format (<code>X509_NAME_oneline()</code> format) is chosen.</p> + +<p><strong>Use of this method is discouraged.</strong> None of the formats other than <a href="Name.html#RFC2253"><code>OpenSSL::X509::Name::RFC2253</code></a> is standardized and may show an inconsistent behavior through OpenSSL versions.</p> + +<p>It is recommended to use <a href="Name.html#method-i-to_utf8"><code>to_utf8</code></a> instead, which is equivalent to calling <code>name.to_s(OpenSSL::X509::Name::RFC2253).force_encoding("UTF-8")</code>.</p> <div class="method-source-code" id="to_s-source"> <pre>static VALUE diff --git a/OpenSSL/X509/Request.html b/OpenSSL/X509/Request.html index b8ad3bfb..fd368bb7 100644 --- a/OpenSSL/X509/Request.html +++ b/OpenSSL/X509/Request.html @@ -140,23 +140,26 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) { BIO *in; - X509_REQ *req, *x = DATA_PTR(self); + X509_REQ *req, *req_orig = RTYPEDDATA_DATA(self); VALUE arg; + rb_check_frozen(self); if (rb_scan_args(argc, argv, "01", &arg) == 0) { return self; } arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(&arg); - req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL); - DATA_PTR(self) = x; + req = d2i_X509_REQ_bio(in, NULL); if (!req) { OSSL_BIO_reset(in); - req = d2i_X509_REQ_bio(in, &x); - DATA_PTR(self) = x; + req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); } BIO_free(in); - if (!req) ossl_raise(eX509ReqError, NULL); + if (!req) + ossl_raise(eX509ReqError, "PEM_read_bio_X509_REQ"); + + RTYPEDDATA_DATA(self) = req; + X509_REQ_free(req_orig); return self; }</pre> @@ -184,7 +187,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) <div class="method-source-code" id="3D-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 363</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 385</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">==</span>(<span class="ruby-identifier">other</span>) <span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">unless</span> <span class="ruby-constant">Request</span> <span class="ruby-operator">===</span> <span class="ruby-identifier">other</span> <span class="ruby-identifier">to_der</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">to_der</span> diff --git a/OpenSSL/X509/Revoked.html b/OpenSSL/X509/Revoked.html index 9ce99dec..b1259930 100644 --- a/OpenSSL/X509/Revoked.html +++ b/OpenSSL/X509/Revoked.html @@ -150,7 +150,7 @@ ossl_x509revoked_initialize(int argc, VALUE *argv, VALUE self) <div class="method-source-code" id="3D-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 354</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 376</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">==</span>(<span class="ruby-identifier">other</span>) <span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">unless</span> <span class="ruby-constant">Revoked</span> <span class="ruby-operator">===</span> <span class="ruby-identifier">other</span> <span class="ruby-identifier">to_der</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">to_der</span> diff --git a/OpenSSL/X509/Store.html b/OpenSSL/X509/Store.html index 9ea6a1ce..e4d795b9 100644 --- a/OpenSSL/X509/Store.html +++ b/OpenSSL/X509/Store.html @@ -145,6 +145,8 @@ <div class="method-description"> <p>The certificate chain constructed by the last call of <a href="Store.html#method-i-verify"><code>verify</code></a>.</p> + +<p>See also <a href="StoreContext.html#method-i-chain"><code>StoreContext#chain</code></a>.</p> </div> </div> <div id="attribute-i-error" class="method-detail"> @@ -155,6 +157,8 @@ <div class="method-description"> <p>The error code set by the last call of <a href="Store.html#method-i-verify"><code>verify</code></a>.</p> + +<p>See also <a href="StoreContext.html#method-i-error"><code>StoreContext#error</code></a>.</p> </div> </div> <div id="attribute-i-error_string" class="method-detail"> @@ -165,6 +169,8 @@ <div class="method-description"> <p>The description for the error code set by the last call of <a href="Store.html#method-i-verify"><code>verify</code></a>.</p> + +<p>See also <a href="StoreContext.html#method-i-error_string"><code>StoreContext#error_string</code></a>.</p> </div> </div> <div id="attribute-i-verify_callback" class="method-detail"> @@ -174,9 +180,15 @@ </div> <div class="method-description"> - <p>The callback for additional certificate verification. It is invoked for each untrusted certificate in the chain.</p> + <p>The callback for additional certificate verification. It is invoked for each certificate in the chain and can be used to implement custom certificate verification conditions.</p> + +<p>The callback is invoked with two values, a boolean that indicates if the pre-verification by <a href="../../OpenSSL.html"><code>OpenSSL</code></a> has succeeded or not, and the <a href="StoreContext.html"><code>StoreContext</code></a> in use.</p> + +<p>The callback can use <a href="StoreContext.html#method-i-error-3D"><code>StoreContext#error=</code></a> to change the error code as needed. The callback must return either true or false.</p> -<p>The callback is invoked with two values, a boolean that indicates if the pre-verification by <a href="../../OpenSSL.html"><code>OpenSSL</code></a> has succeeded or not, and the <a href="StoreContext.html"><code>StoreContext</code></a> in use. The callback must return either true or false.</p> +<p>NOTE: any exception raised within the callback will be ignored.</p> + +<p>See also the man page X509_STORE_CTX_set_verify_cb(3).</p> </div> </div> </section> @@ -204,8 +216,9 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) { X509_STORE *store; -/* BUG: This method takes any number of arguments but appears to ignore them. */ GetX509Store(self, store); + if (argc != 0) + rb_warn("OpenSSL::X509::Store.new does not take any arguments"); #if !defined(HAVE_OPAQUE_OPENSSL) /* [Bug #405] [Bug #1678] [Bug #3000]; already fixed? */ store->ex_data.sk = NULL; @@ -237,7 +250,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) <div id="method-i-add_cert" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - add_cert(cert) + add_cert(cert) → self </span> <span class="method-click-advice">click to toggle source</span> </div> @@ -245,6 +258,8 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) <div class="method-description"> <p>Adds the <a href="Certificate.html"><code>OpenSSL::X509::Certificate</code></a> <em>cert</em> to the certificate store.</p> +<p>See also the man page X509_STORE_add_cert(3).</p> + <div class="method-source-code" id="add_cert-source"> <pre>static VALUE ossl_x509store_add_cert(VALUE self, VALUE arg) @@ -254,9 +269,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg) cert = GetX509CertPtr(arg); /* NO NEED TO DUP */ GetX509Store(self, store); - if (X509_STORE_add_cert(store, cert) != 1){ - ossl_raise(eX509StoreError, NULL); - } + if (X509_STORE_add_cert(store, cert) != 1) + ossl_raise(eX509StoreError, "X509_STORE_add_cert"); return self; }</pre> @@ -277,6 +291,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg) <div class="method-description"> <p>Adds the <a href="CRL.html"><code>OpenSSL::X509::CRL</code></a> <em>crl</em> to the store.</p> +<p>See also the man page X509_STORE_add_crl(3).</p> + <div class="method-source-code" id="add_crl-source"> <pre>static VALUE ossl_x509store_add_crl(VALUE self, VALUE arg) @@ -286,9 +302,8 @@ ossl_x509store_add_crl(VALUE self, VALUE arg) crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */ GetX509Store(self, store); - if (X509_STORE_add_crl(store, crl) != 1){ - ossl_raise(eX509StoreError, NULL); - } + if (X509_STORE_add_crl(store, crl) != 1) + ossl_raise(eX509StoreError, "X509_STORE_add_crl"); return self; }</pre> @@ -309,23 +324,23 @@ ossl_x509store_add_crl(VALUE self, VALUE arg) <div class="method-description"> <p>Adds the certificates in <em>file</em> to the certificate store. <em>file</em> is the path to the file, and the file contains one or more certificates in PEM format concatenated together.</p> +<p>See also the man page X509_LOOKUP_file(3).</p> + <div class="method-source-code" id="add_file-source"> <pre>static VALUE ossl_x509store_add_file(VALUE self, VALUE file) { X509_STORE *store; X509_LOOKUP *lookup; - char *path = NULL; + const char *path; - if(file != Qnil){ - path = StringValueCStr(file); - } GetX509Store(self, store); + path = StringValueCStr(file); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if(lookup == NULL) ossl_raise(eX509StoreError, NULL); - if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){ - ossl_raise(eX509StoreError, NULL); - } + if (!lookup) + ossl_raise(eX509StoreError, "X509_STORE_add_lookup"); + if (X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1) + ossl_raise(eX509StoreError, "X509_LOOKUP_load_file"); #if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER) /* * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file() @@ -355,23 +370,23 @@ ossl_x509store_add_file(VALUE self, VALUE file) <div class="method-description"> <p>Adds <em>path</em> as the hash dir to be looked up by the store.</p> +<p>See also the man page X509_LOOKUP_hash_dir(3).</p> + <div class="method-source-code" id="add_path-source"> <pre>static VALUE ossl_x509store_add_path(VALUE self, VALUE dir) { X509_STORE *store; X509_LOOKUP *lookup; - char *path = NULL; + const char *path; - if(dir != Qnil){ - path = StringValueCStr(dir); - } GetX509Store(self, store); + path = StringValueCStr(dir); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); - if(lookup == NULL) ossl_raise(eX509StoreError, NULL); - if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){ - ossl_raise(eX509StoreError, NULL); - } + if (!lookup) + ossl_raise(eX509StoreError, "X509_STORE_add_lookup"); + if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1) + ossl_raise(eX509StoreError, "X509_LOOKUP_add_dir"); return self; }</pre> @@ -390,7 +405,13 @@ ossl_x509store_add_path(VALUE self, VALUE dir) </div> <div class="method-description"> - <p>Sets <em>flags</em> to the <a href="Store.html"><code>Store</code></a>. <em>flags</em> consists of zero or more of the constants defined in with name V_FLAG_* or’ed together.</p> + <p>Sets the default flags used by certificate chain verification performed with the <a href="Store.html"><code>Store</code></a>.</p> + +<p><em>flags</em> consists of zero or more of the constants defined in <a href="../X509.html"><code>OpenSSL::X509</code></a> with name V_FLAG_* or’ed together.</p> + +<p><a href="StoreContext.html#method-i-flags-3D"><code>OpenSSL::X509::StoreContext#flags=</code></a> can be used to change the flags for a single verification operation.</p> + +<p>See also the man page X509_VERIFY_PARAM_set_flags(3).</p> <div class="method-source-code" id="flags-3D-source"> <pre>static VALUE @@ -419,7 +440,7 @@ ossl_x509store_set_flags(VALUE self, VALUE flags) </div> <div class="method-description"> - <p>Sets the store’s purpose to <em>purpose</em>. If specified, the verifications on the store will check every untrusted certificate’s extensions are consistent with the purpose. The purpose is specified by constants:</p> + <p>Sets the store’s default verification purpose. If specified, the verifications on the store will check every certificate’s extensions are consistent with the purpose. The purpose is specified by constants:</p> <ul><li> <p>X509::PURPOSE_SSL_CLIENT</p> </li><li> @@ -440,6 +461,10 @@ ossl_x509store_set_flags(VALUE self, VALUE flags) <p>X509::PURPOSE_TIMESTAMP_SIGN</p> </li></ul> +<p><a href="StoreContext.html#method-i-purpose-3D"><code>OpenSSL::X509::StoreContext#purpose=</code></a> can be used to change the value for a single verification operation.</p> + +<p>See also the man page X509_VERIFY_PARAM_set_purpose(3).</p> + <div class="method-source-code" id="purpose-3D-source"> <pre>static VALUE ossl_x509store_set_purpose(VALUE self, VALUE purpose) @@ -474,6 +499,8 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose) <p>OpenSSL::X509::DEFAULT_CERT_DIR</p> </li></ul> +<p>See also the man page X509_STORE_set_default_paths(3).</p> + <div class="method-source-code" id="set_default_paths-source"> <pre>static VALUE ossl_x509store_set_default_paths(VALUE self) @@ -481,9 +508,8 @@ ossl_x509store_set_default_paths(VALUE self) X509_STORE *store; GetX509Store(self, store); - if (X509_STORE_set_default_paths(store) != 1){ - ossl_raise(eX509StoreError, NULL); - } + if (X509_STORE_set_default_paths(store) != 1) + ossl_raise(eX509StoreError, "X509_STORE_set_default_paths"); return Qnil; }</pre> @@ -502,7 +528,11 @@ ossl_x509store_set_default_paths(VALUE self) </div> <div class="method-description"> - <p>Sets the time to be used in verifications.</p> + <p>Sets the time to be used in the certificate verifications with the store. By default, if not specified, the current system time is used.</p> + +<p><a href="StoreContext.html#method-i-time-3D"><code>OpenSSL::X509::StoreContext#time=</code></a> can be used to change the value for a single verification operation.</p> + +<p>See also the man page X509_VERIFY_PARAM_set_time(3).</p> <div class="method-source-code" id="time-3D-source"> <pre>static VALUE @@ -526,7 +556,11 @@ ossl_x509store_set_time(VALUE self, VALUE time) </div> <div class="method-description"> - + <p>Sets the default trust settings used by the certificate verification with the store.</p> + +<p><a href="StoreContext.html#method-i-trust-3D"><code>OpenSSL::X509::StoreContext#trust=</code></a> can be used to change the value for a single verification operation.</p> + +<p>See also the man page X509_VERIFY_PARAM_set_trust(3).</p> <div class="method-source-code" id="trust-3D-source"> <pre>static VALUE diff --git a/OpenSSL/X509/StoreContext.html b/OpenSSL/X509/StoreContext.html index 2ed03771..e1f06bd5 100644 --- a/OpenSSL/X509/StoreContext.html +++ b/OpenSSL/X509/StoreContext.html @@ -176,39 +176,28 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) <div id="method-i-chain" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - chain → Array of X509::Certificate + chain → nil | Array of X509::Certificate </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - + <p>Returns the verified chain.</p> + +<p>See also the man page X509_STORE_CTX_set0_verified_chain(3).</p> <div class="method-source-code" id="chain-source"> <pre>static VALUE ossl_x509stctx_get_chain(VALUE self) { X509_STORE_CTX *ctx; - STACK_OF(X509) *chain; - X509 *x509; - int i, num; - VALUE ary; + const STACK_OF(X509) *chain; GetX509StCtx(self, ctx); - if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){ - return Qnil; - } - if((num = sk_X509_num(chain)) < 0){ - OSSL_Debug("certs in chain < 0???"); - return rb_ary_new(); - } - ary = rb_ary_new2(num); - for(i = 0; i < num; i++) { - x509 = sk_X509_value(chain, i); - rb_ary_push(ary, ossl_x509_new(x509)); - } - - return ary; + chain = X509_STORE_CTX_get0_chain(ctx); + if (!chain) + return Qnil; /* Could be an empty array instead? */ + return ossl_x509_sk2ary(chain); }</pre> </div> </div> @@ -227,7 +216,7 @@ ossl_x509stctx_get_chain(VALUE self) <div class="method-source-code" id="cleanup-source"> - <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 319</span> + <pre><span class="ruby-comment"># File lib/openssl/x509.rb, line 337</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">cleanup</span> <span class="ruby-identifier">warn</span> <span class="ruby-node">"(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement"</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">$VERBOSE</span> <span class="ruby-keyword">end</span></pre> @@ -246,7 +235,9 @@ ossl_x509stctx_get_chain(VALUE self) </div> <div class="method-description"> - + <p>Returns the certificate which caused the error.</p> + +<p>See also the man page X509_STORE_CTX_get_current_cert(3).</p> <div class="method-source-code" id="current_cert-source"> <pre>static VALUE @@ -273,7 +264,9 @@ ossl_x509stctx_get_curr_cert(VALUE self) </div> <div class="method-description"> - + <p>Returns the <a href="CRL.html"><code>CRL</code></a> which caused the error.</p> + +<p>See also the man page X509_STORE_CTX_get_current_crl(3).</p> <div class="method-source-code" id="current_crl-source"> <pre>static VALUE @@ -304,7 +297,9 @@ ossl_x509stctx_get_curr_crl(VALUE self) </div> <div class="method-description"> - + <p>Returns the error code of <em>stctx</em>. This is typically called after <a href="StoreContext.html#method-i-verify"><code>verify</code></a> is done, or from the verification callback set to <a href="Store.html#method-i-verify_callback-3D"><code>OpenSSL::X509::Store#verify_callback=</code></a>.</p> + +<p>See also the man page X509_STORE_CTX_get_error(3).</p> <div class="method-source-code" id="error-source"> <pre>static VALUE @@ -331,7 +326,9 @@ ossl_x509stctx_get_err(VALUE self) </div> <div class="method-description"> - + <p>Sets the error code of <em>stctx</em>. This is used by the verification callback set to <a href="Store.html#method-i-verify_callback-3D"><code>OpenSSL::X509::Store#verify_callback=</code></a>.</p> + +<p>See also the man page X509_STORE_CTX_set_error(3).</p> <div class="method-source-code" id="error-3D-source"> <pre>static VALUE @@ -359,7 +356,9 @@ ossl_x509stctx_set_error(VALUE self, VALUE err) </div> <div class="method-description"> - + <p>Returns the depth of the chain. This is used in combination with <a href="StoreContext.html#method-i-error"><code>error</code></a>.</p> + +<p>See also the man page X509_STORE_CTX_get_error_depth(3).</p> <div class="method-source-code" id="error_depth-source"> <pre>static VALUE @@ -386,7 +385,9 @@ ossl_x509stctx_get_err_depth(VALUE self) </div> <div class="method-description"> - <p>Returns the error string corresponding to the error code retrieved by <a href="StoreContext.html#method-i-error"><code>error</code></a>.</p> + <p>Returns the human readable error string corresponding to the error code retrieved by <a href="StoreContext.html#method-i-error"><code>error</code></a>.</p> + +<p>See also the man page X509_verify_cert_error_string(3).</p> <div class="method-source-code" id="error_string-source"> <pre>static VALUE @@ -415,7 +416,9 @@ ossl_x509stctx_get_err_string(VALUE self) </div> <div class="method-description"> - <p>Sets the verification flags to the context. See <a href="Store.html#method-i-flags-3D"><code>Store#flags=</code></a>.</p> + <p>Sets the verification flags to the context. This overrides the default value set by <a href="Store.html#method-i-flags-3D"><code>Store#flags=</code></a>.</p> + +<p>See also the man page X509_VERIFY_PARAM_set_flags(3).</p> <div class="method-source-code" id="flags-3D-source"> <pre>static VALUE @@ -444,7 +447,9 @@ ossl_x509stctx_set_flags(VALUE self, VALUE flags) </div> <div class="method-description"> - <p>Sets the purpose of the context. See <a href="Store.html#method-i-purpose-3D"><code>Store#purpose=</code></a>.</p> + <p>Sets the purpose of the context. This overrides the default value set by <a href="Store.html#method-i-purpose-3D"><code>Store#purpose=</code></a>.</p> + +<p>See also the man page X509_VERIFY_PARAM_set_purpose(3).</p> <div class="method-source-code" id="purpose-3D-source"> <pre>static VALUE @@ -475,6 +480,8 @@ ossl_x509stctx_set_purpose(VALUE self, VALUE purpose) <div class="method-description"> <p>Sets the time used in the verification. If not set, the current time is used.</p> +<p>See also the man page X509_VERIFY_PARAM_set_time(3).</p> + <div class="method-source-code" id="time-3D-source"> <pre>static VALUE ossl_x509stctx_set_time(VALUE self, VALUE time) @@ -503,7 +510,9 @@ ossl_x509stctx_set_time(VALUE self, VALUE time) </div> <div class="method-description"> - + <p>Sets the trust settings of the context. This overrides the default value set by <a href="Store.html#method-i-trust-3D"><code>Store#trust=</code></a>.</p> + +<p>See also the man page X509_VERIFY_PARAM_set_trust(3).</p> <div class="method-source-code" id="trust-3D-source"> <pre>static VALUE @@ -532,7 +541,9 @@ ossl_x509stctx_set_trust(VALUE self, VALUE trust) </div> <div class="method-description"> - + <p>Performs the certificate verification using the parameters set to <em>stctx</em>.</p> + +<p>See also the man page X509_verify_cert(3).</p> <div class="method-source-code" id="verify-source"> <pre>static VALUE @@ -551,7 +562,7 @@ ossl_x509stctx_verify(VALUE self) ossl_clear_error(); return Qfalse; default: - ossl_raise(eX509CertError, NULL); + ossl_raise(eX509CertError, "X509_verify_cert"); } }</pre> </div> diff --git a/js/search_index.js b/js/search_index.js index 845a780e..49394b2f 100644 --- a/js/search_index.js +++ b/js/search_index.js @@ -1 +1 @@ -var search_data = {"index":{"searchIndex":["io","waitreadable","waitwritable","integer","openssl","asn1","asn1data","asn1error","constructive","objectid","primitive","bn","bnerror","buffering","buffer","cipher","cipher","ciphererror","config","configerror","digest","digesterror","engine","engineerror","extconfig","hmac","hmacerror","kdf","kdferror","marshal","classmethods","netscape","spki","spkierror","ocsp","basicresponse","certificateid","ocsperror","request","response","singleresponse","opensslerror","pkcs12","pkcs12error","pkcs5","pkcs7","pkcs7error","recipientinfo","signerinfo","pkey","dh","dherror","dsa","dsaerror","ec","group","error","point","error","ecerror","pkey","pkeyerror","rsa","rsaerror","random","randomerror","ssl","sslcontext","sslerror","sslerrorwaitreadable","sslerrorwaitwritable","sslserver","sslsocket","session","sessionerror","socketforwarder","timestamp","factory","request","response","timestamperror","tokeninfo","x509","attribute","attributeerror","crl","crlerror","certificate","certificateerror","extension","authorityinfoaccess","authoritykeyidentifier","crldistributionpoints","helpers","subjectkeyidentifier","extensionerror","extensionfactory","name","rfc2253dn","nameerror","request","requesterror","revoked","revokederror","store","storecontext","storeerror","%()","*()","**()","+()","+@()","-()","-@()","/()","<<()","<<()","<<()","<<()","<<()","<=>()","<=>()","==()","==()","==()","==()","==()","==()","==()","==()","==()","==()","==()","==()","===()",">>()","digest()","[]()","[]=()","_dump()","_load()","accept()","accept()","accept_nonblock()","add()","add_attribute()","add_cert()","add_certid()","add_certificate()","add_certificate()","add_crl()","add_crl()","add_data()","add_entry()","add_extension()","add_extension()","add_extension()","add_file()","add_nonce()","add_nonce()","add_path()","add_recipient()","add_revoked()","add_signer()","add_status()","add_value()","addr()","algorithm()","algorithm()","algorithm=()","alpn_protocol()","asn1_flag()","asn1_flag=()","attributes()","attributes=()","auth_data=()","auth_tag()","auth_tag=()","auth_tag_len=()","authenticated?()","authority_key_identifier()","basic()","bit_set?()","blinding_off!()","blinding_on!()","block_length()","block_size()","builtin_curves()","by_id()","ca_issuer_uris()","ccm_data_len=()","cert()","cert_requested=()","cert_requested?()","cert_status()","certid()","certid()","certificates()","certificates=()","chain()","challenge()","challenge=()","check_key()","check_nonce()","check_private_key()","check_validity()","cipher()","cipher()","cipher=()","ciphers()","ciphers()","ciphers=()","cleanup()","cleanup()","clear_bit!()","client_ca()","close()","close()","closed?()","cmds()","cmp()","cmp()","cmp()","cmp_issuer()","coerce()","cofactor()","compute_key()","concat()","connect()","connect_nonblock()","copy()","copy_nonce()","create()","create()","create_ext()","create_ext_from_array()","create_ext_from_hash()","create_ext_from_string()","create_extension()","create_timestamp()","critical=()","critical?()","crl=()","crl_uris()","crls()","crls=()","ctrl_cmd()","current_cert()","current_crl()","curve_name()","data=()","debug()","debug=()","decode()","decode_all()","decrypt()","decrypt()","degree()","detached()","detached=()","detached?()","dh_compute_key()","digest()","digest()","digest()","digest()","digest_length()","do_not_reverse_lookup=()","dsa_sign_asn1()","dsa_verify_asn1()","each()","each()","each()","each_byte()","each_line()","ecdh_curves=()","egd()","egd_bytes()","enable_fallback_scsv()","enc_key()","encrypt()","encrypt()","engines()","eof()","eof?()","eql?()","eql?()","eql?()","eql?()","error()","error=()","error_depth()","error_string()","errors()","expand_hexstring()","expand_pair()","expand_value()","export()","export()","export()","export()","extensions()","extensions()","extensions()","extensions()","extensions=()","extensions=()","extensions=()","failure_info()","fcntl()","fileno()","final()","find_extension()","find_response()","finish()","finished_message()","fips_mode()","fips_mode=()","fixed_length_secure_compare()","flags=()","flags=()","flush()","flush_sessions()","freeze()","gcd()","gen_time()","generate()","generate()","generate()","generate()","generate_key()","generate_key!()","generate_key!()","generate_prime()","generator()","get_value()","getc()","gets()","getsockopt()","group()","group=()","hash()","hash()","hash_algorithm()","hash_old()","hexdigest()","hexdigest()","hkdf()","hostname=()","id()","id()","included()","infinity?()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","inspect()","inspect()","inspect()","inspect()","inspect()","invert!()","issuer()","issuer()","issuer()","issuer()","issuer=()","issuer=()","issuer_certificate=()","issuer_key_hash()","issuer_name_hash()","iv=()","iv_len()","iv_len=()","key=()","key_len()","key_len=()","last_update()","last_update=()","listen()","ln()","load()","load_private_key()","load_public_key()","load_random_file()","long_name()","lshift!()","make_affine!()","max_version=()","mem_check_start()","message_imprint()","message_imprint()","message_imprint=()","min_version=()","mod_add()","mod_exp()","mod_inverse()","mod_mul()","mod_sqr()","mod_sub()","mul()","name()","name()","name()","negative?()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","next_update()","next_update()","next_update=()","nonce()","nonce()","nonce=()","not_after()","not_after=()","not_before()","not_before=()","npn_protocol()","num_bits()","num_bytes()","ocsp_uris()","odd?()","oid()","oid()","oid()","oid()","oid=()","oid=()","on_curve?()","one?()","options()","options=()","order()","ordering()","padding=()","params()","params()","params()","params_ok?()","parse()","parse()","parse_config()","parse_openssl()","parse_rfc2253()","pbkdf2_hmac()","pbkdf2_hmac()","pbkdf2_hmac_sha1()","peer_cert()","peer_cert_chain()","peer_finished_message()","peeraddr()","pending()","pkcs5_keyivgen()","point_conversion_form()","point_conversion_form=()","policy_id()","policy_id()","policy_id=()","post_connection_check()","pretty_print()","pretty_print()","pretty_print()","prime?()","prime_fasttest?()","print()","print_mem_leaks()","printf()","private?()","private?()","private?()","private?()","private_decrypt()","private_encrypt()","private_key()","private_key=()","private_key?()","private_to_der()","private_to_pem()","public?()","public?()","public?()","public?()","public_decrypt()","public_encrypt()","public_key()","public_key()","public_key()","public_key()","public_key()","public_key()","public_key()","public_key=()","public_key=()","public_key=()","public_key=()","public_key?()","public_to_der()","public_to_pem()","purpose=()","purpose=()","puts()","random_add()","random_bytes()","random_iv()","random_key()","read()","read()","read_nonblock()","read_smime()","readchar()","readline()","readlines()","readpartial()","recipients()","register()","reset()","reset()","reset()","responses()","revocation_reason()","revocation_time()","revoked()","revoked=()","rshift!()","scan()","scrypt()","sections()","secure_compare()","security_level()","security_level=()","seed()","seed()","seed=()","serial()","serial()","serial()","serial()","serial()","serial=()","serial=()","serial_number()","session()","session=()","session_add()","session_cache_mode()","session_cache_mode=()","session_cache_size()","session_cache_size=()","session_cache_stats()","session_remove()","session_reused?()","set_bit!()","set_crt_params()","set_default()","set_default_paths()","set_factors()","set_generator()","set_key()","set_key()","set_key()","set_params()","set_pqg()","set_pqg()","set_to_infinity!()","setsockopt()","setup()","short_name()","shutdown()","sign()","sign()","sign()","sign()","sign()","sign()","sign()","sign()","sign_pss()","signature_algorithm()","signature_algorithm()","signature_algorithm()","signed?()","signed_time()","signers()","sn()","sqr()","ssl_version()","ssl_version=()","state()","status()","status()","status()","status?()","status_string()","status_text()","subject()","subject()","subject=()","subject=()","subject_certificate=()","subject_key_identifier()","subject_request=()","sysclose()","sysread()","syssign()","sysverify()","syswrite()","this_update()","time()","time()","time=()","time=()","time=()","time=()","timeout()","timeout=()","tmp_key()","to_a()","to_a()","to_bn()","to_bn()","to_bn()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_h()","to_i()","to_int()","to_io()","to_octet_string()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_text()","to_text()","to_text()","to_text()","to_text()","to_text()","to_text()","to_text()","to_text()","to_text()","to_utf8()","token()","token_info()","traverse()","trust=()","trust=()","tsa_certificate()","type()","type=()","ucmp()","ungetc()","update()","update()","update()","value()","value()","value=()","value=()","value_der()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify_callback=()","verify_certificate_identity()","verify_pss()","verify_result()","version()","version()","version()","version()","version()","version=()","version=()","version=()","version=()","write()","write_nonblock()","write_random_file()","write_smime()","zero?()","contributing","history","readme"],"longSearchIndex":["io","io::waitreadable","io::waitwritable","integer","openssl","openssl::asn1","openssl::asn1::asn1data","openssl::asn1::asn1error","openssl::asn1::constructive","openssl::asn1::objectid","openssl::asn1::primitive","openssl::bn","openssl::bnerror","openssl::buffering","openssl::buffering::buffer","openssl::cipher","openssl::cipher::cipher","openssl::cipher::ciphererror","openssl::config","openssl::configerror","openssl::digest","openssl::digest::digesterror","openssl::engine","openssl::engine::engineerror","openssl::extconfig","openssl::hmac","openssl::hmacerror","openssl::kdf","openssl::kdf::kdferror","openssl::marshal","openssl::marshal::classmethods","openssl::netscape","openssl::netscape::spki","openssl::netscape::spkierror","openssl::ocsp","openssl::ocsp::basicresponse","openssl::ocsp::certificateid","openssl::ocsp::ocsperror","openssl::ocsp::request","openssl::ocsp::response","openssl::ocsp::singleresponse","openssl::opensslerror","openssl::pkcs12","openssl::pkcs12::pkcs12error","openssl::pkcs5","openssl::pkcs7","openssl::pkcs7::pkcs7error","openssl::pkcs7::recipientinfo","openssl::pkcs7::signerinfo","openssl::pkey","openssl::pkey::dh","openssl::pkey::dherror","openssl::pkey::dsa","openssl::pkey::dsaerror","openssl::pkey::ec","openssl::pkey::ec::group","openssl::pkey::ec::group::error","openssl::pkey::ec::point","openssl::pkey::ec::point::error","openssl::pkey::ecerror","openssl::pkey::pkey","openssl::pkey::pkeyerror","openssl::pkey::rsa","openssl::pkey::rsaerror","openssl::random","openssl::random::randomerror","openssl::ssl","openssl::ssl::sslcontext","openssl::ssl::sslerror","openssl::ssl::sslerrorwaitreadable","openssl::ssl::sslerrorwaitwritable","openssl::ssl::sslserver","openssl::ssl::sslsocket","openssl::ssl::session","openssl::ssl::session::sessionerror","openssl::ssl::socketforwarder","openssl::timestamp","openssl::timestamp::factory","openssl::timestamp::request","openssl::timestamp::response","openssl::timestamp::timestamperror","openssl::timestamp::tokeninfo","openssl::x509","openssl::x509::attribute","openssl::x509::attributeerror","openssl::x509::crl","openssl::x509::crlerror","openssl::x509::certificate","openssl::x509::certificateerror","openssl::x509::extension","openssl::x509::extension::authorityinfoaccess","openssl::x509::extension::authoritykeyidentifier","openssl::x509::extension::crldistributionpoints","openssl::x509::extension::helpers","openssl::x509::extension::subjectkeyidentifier","openssl::x509::extensionerror","openssl::x509::extensionfactory","openssl::x509::name","openssl::x509::name::rfc2253dn","openssl::x509::nameerror","openssl::x509::request","openssl::x509::requesterror","openssl::x509::revoked","openssl::x509::revokederror","openssl::x509::store","openssl::x509::storecontext","openssl::x509::storeerror","openssl::bn#%()","openssl::bn#*()","openssl::bn#**()","openssl::bn#+()","openssl::bn#+@()","openssl::bn#-()","openssl::bn#-@()","openssl::bn#/()","openssl::bn#<<()","openssl::buffering#<<()","openssl::buffering::buffer#<<()","openssl::digest#<<()","openssl::hmac#<<()","openssl::bn#<=>()","openssl::x509::name#<=>()","openssl::asn1::objectid#==()","openssl::bn#==()","openssl::hmac#==()","openssl::pkey::ec::group#==()","openssl::pkey::ec::point#==()","openssl::ssl::session#==()","openssl::x509::attribute#==()","openssl::x509::crl#==()","openssl::x509::certificate#==()","openssl::x509::extension#==()","openssl::x509::request#==()","openssl::x509::revoked#==()","openssl::bn#===()","openssl::bn#>>()","openssl::digest()","openssl::config#[]()","openssl::config#[]=()","openssl::marshal#_dump()","openssl::marshal::classmethods#_load()","openssl::ssl::sslserver#accept()","openssl::ssl::sslsocket#accept()","openssl::ssl::sslsocket#accept_nonblock()","openssl::pkey::ec::point#add()","openssl::x509::request#add_attribute()","openssl::x509::store#add_cert()","openssl::ocsp::request#add_certid()","openssl::pkcs7#add_certificate()","openssl::ssl::sslcontext#add_certificate()","openssl::pkcs7#add_crl()","openssl::x509::store#add_crl()","openssl::pkcs7#add_data()","openssl::x509::name#add_entry()","openssl::x509::crl#add_extension()","openssl::x509::certificate#add_extension()","openssl::x509::revoked#add_extension()","openssl::x509::store#add_file()","openssl::ocsp::basicresponse#add_nonce()","openssl::ocsp::request#add_nonce()","openssl::x509::store#add_path()","openssl::pkcs7#add_recipient()","openssl::x509::crl#add_revoked()","openssl::pkcs7#add_signer()","openssl::ocsp::basicresponse#add_status()","openssl::config#add_value()","openssl::ssl::socketforwarder#addr()","openssl::timestamp::request#algorithm()","openssl::timestamp::tokeninfo#algorithm()","openssl::timestamp::request#algorithm=()","openssl::ssl::sslsocket#alpn_protocol()","openssl::pkey::ec::group#asn1_flag()","openssl::pkey::ec::group#asn1_flag=()","openssl::x509::request#attributes()","openssl::x509::request#attributes=()","openssl::cipher#auth_data=()","openssl::cipher#auth_tag()","openssl::cipher#auth_tag=()","openssl::cipher#auth_tag_len=()","openssl::cipher#authenticated?()","openssl::x509::extension::authoritykeyidentifier#authority_key_identifier()","openssl::ocsp::response#basic()","openssl::bn#bit_set?()","openssl::pkey::rsa#blinding_off!()","openssl::pkey::rsa#blinding_on!()","openssl::digest#block_length()","openssl::cipher#block_size()","openssl::pkey::ec::builtin_curves()","openssl::engine::by_id()","openssl::x509::extension::authorityinfoaccess#ca_issuer_uris()","openssl::cipher#ccm_data_len=()","openssl::ssl::sslsocket#cert()","openssl::timestamp::request#cert_requested=()","openssl::timestamp::request#cert_requested?()","openssl::ocsp::singleresponse#cert_status()","openssl::ocsp::request#certid()","openssl::ocsp::singleresponse#certid()","openssl::pkcs7#certificates()","openssl::pkcs7#certificates=()","openssl::x509::storecontext#chain()","openssl::netscape::spki#challenge()","openssl::netscape::spki#challenge=()","openssl::pkey::ec#check_key()","openssl::ocsp::request#check_nonce()","openssl::x509::certificate#check_private_key()","openssl::ocsp::singleresponse#check_validity()","openssl::engine#cipher()","openssl::ssl::sslsocket#cipher()","openssl::pkcs7#cipher=()","openssl::cipher::ciphers()","openssl::ssl::sslcontext#ciphers()","openssl::ssl::sslcontext#ciphers=()","openssl::engine::cleanup()","openssl::x509::storecontext#cleanup()","openssl::bn#clear_bit!()","openssl::ssl::sslsocket#client_ca()","openssl::buffering#close()","openssl::ssl::sslserver#close()","openssl::ssl::socketforwarder#closed?()","openssl::engine#cmds()","openssl::bn#cmp()","openssl::ocsp::certificateid#cmp()","openssl::x509::name#cmp()","openssl::ocsp::certificateid#cmp_issuer()","openssl::bn#coerce()","openssl::pkey::ec::group#cofactor()","openssl::pkey::dh#compute_key()","openssl::buffering::buffer#concat()","openssl::ssl::sslsocket#connect()","openssl::ssl::sslsocket#connect_nonblock()","openssl::bn#copy()","openssl::ocsp::basicresponse#copy_nonce()","openssl::ocsp::response::create()","openssl::pkcs12::create()","openssl::x509::extensionfactory#create_ext()","openssl::x509::extensionfactory#create_ext_from_array()","openssl::x509::extensionfactory#create_ext_from_hash()","openssl::x509::extensionfactory#create_ext_from_string()","openssl::x509::extensionfactory#create_extension()","openssl::timestamp::factory#create_timestamp()","openssl::x509::extension#critical=()","openssl::x509::extension#critical?()","openssl::x509::extensionfactory#crl=()","openssl::x509::extension::crldistributionpoints#crl_uris()","openssl::pkcs7#crls()","openssl::pkcs7#crls=()","openssl::engine#ctrl_cmd()","openssl::x509::storecontext#current_cert()","openssl::x509::storecontext#current_crl()","openssl::pkey::ec::group#curve_name()","openssl::pkcs7#data=()","openssl::debug()","openssl::debug=()","openssl::asn1::decode()","openssl::asn1::decode_all()","openssl::cipher#decrypt()","openssl::pkcs7#decrypt()","openssl::pkey::ec::group#degree()","openssl::pkcs7#detached()","openssl::pkcs7#detached=()","openssl::pkcs7#detached?()","openssl::pkey::ec#dh_compute_key()","openssl::digest::digest()","openssl::engine#digest()","openssl::hmac::digest()","openssl::hmac#digest()","openssl::digest#digest_length()","openssl::ssl::socketforwarder#do_not_reverse_lookup=()","openssl::pkey::ec#dsa_sign_asn1()","openssl::pkey::ec#dsa_verify_asn1()","openssl::asn1::constructive#each()","openssl::buffering#each()","openssl::config#each()","openssl::buffering#each_byte()","openssl::buffering#each_line()","openssl::ssl::sslcontext#ecdh_curves=()","openssl::random::egd()","openssl::random::egd_bytes()","openssl::ssl::sslcontext#enable_fallback_scsv()","openssl::pkcs7::recipientinfo#enc_key()","openssl::cipher#encrypt()","openssl::pkcs7::encrypt()","openssl::engine::engines()","openssl::buffering#eof()","openssl::buffering#eof?()","openssl::bn#eql?()","openssl::pkey::ec::group#eql?()","openssl::pkey::ec::point#eql?()","openssl::x509::name#eql?()","openssl::x509::storecontext#error()","openssl::x509::storecontext#error=()","openssl::x509::storecontext#error_depth()","openssl::x509::storecontext#error_string()","openssl::errors()","openssl::x509::name::rfc2253dn#expand_hexstring()","openssl::x509::name::rfc2253dn#expand_pair()","openssl::x509::name::rfc2253dn#expand_value()","openssl::pkey::dh#export()","openssl::pkey::dsa#export()","openssl::pkey::ec#export()","openssl::pkey::rsa#export()","openssl::ocsp::singleresponse#extensions()","openssl::x509::crl#extensions()","openssl::x509::certificate#extensions()","openssl::x509::revoked#extensions()","openssl::x509::crl#extensions=()","openssl::x509::certificate#extensions=()","openssl::x509::revoked#extensions=()","openssl::timestamp::response#failure_info()","openssl::ssl::socketforwarder#fcntl()","openssl::ssl::socketforwarder#fileno()","openssl::cipher#final()","openssl::x509::extension::helpers#find_extension()","openssl::ocsp::basicresponse#find_response()","openssl::engine#finish()","openssl::ssl::sslsocket#finished_message()","openssl::fips_mode()","openssl::fips_mode=()","openssl::fixed_length_secure_compare()","openssl::x509::store#flags=()","openssl::x509::storecontext#flags=()","openssl::buffering#flush()","openssl::ssl::sslcontext#flush_sessions()","openssl::ssl::sslcontext#freeze()","openssl::bn#gcd()","openssl::timestamp::tokeninfo#gen_time()","openssl::pkey::dh::generate()","openssl::pkey::dsa::generate()","openssl::pkey::ec::generate()","openssl::pkey::rsa::generate()","openssl::pkey::ec#generate_key()","openssl::pkey::dh#generate_key!()","openssl::pkey::ec#generate_key!()","openssl::bn::generate_prime()","openssl::pkey::ec::group#generator()","openssl::config#get_value()","openssl::buffering#getc()","openssl::buffering#gets()","openssl::ssl::socketforwarder#getsockopt()","openssl::pkey::ec#group()","openssl::pkey::ec#group=()","openssl::bn#hash()","openssl::x509::name#hash()","openssl::ocsp::certificateid#hash_algorithm()","openssl::x509::name#hash_old()","openssl::hmac::hexdigest()","openssl::hmac#hexdigest()","openssl::kdf::hkdf()","openssl::ssl::sslsocket#hostname=()","openssl::engine#id()","openssl::ssl::session#id()","openssl::marshal::included()","openssl::pkey::ec::point#infinity?()","openssl::bn#initialize_copy()","openssl::cipher#initialize_copy()","openssl::digest#initialize_copy()","openssl::hmac#initialize_copy()","openssl::ocsp::basicresponse#initialize_copy()","openssl::ocsp::certificateid#initialize_copy()","openssl::ocsp::request#initialize_copy()","openssl::ocsp::response#initialize_copy()","openssl::ocsp::singleresponse#initialize_copy()","openssl::pkcs12#initialize_copy()","openssl::pkcs7#initialize_copy()","openssl::pkey::dh#initialize_copy()","openssl::pkey::dsa#initialize_copy()","openssl::pkey::ec#initialize_copy()","openssl::pkey::ec::group#initialize_copy()","openssl::pkey::ec::point#initialize_copy()","openssl::pkey::rsa#initialize_copy()","openssl::ssl::session#initialize_copy()","openssl::x509::attribute#initialize_copy()","openssl::x509::crl#initialize_copy()","openssl::x509::certificate#initialize_copy()","openssl::x509::extension#initialize_copy()","openssl::x509::name#initialize_copy()","openssl::x509::request#initialize_copy()","openssl::x509::revoked#initialize_copy()","openssl::config#inspect()","openssl::engine#inspect()","openssl::hmac#inspect()","openssl::pkey::pkey#inspect()","openssl::x509::certificate#inspect()","openssl::pkey::ec::point#invert!()","openssl::pkcs7::recipientinfo#issuer()","openssl::pkcs7::signerinfo#issuer()","openssl::x509::crl#issuer()","openssl::x509::certificate#issuer()","openssl::x509::crl#issuer=()","openssl::x509::certificate#issuer=()","openssl::x509::extensionfactory#issuer_certificate=()","openssl::ocsp::certificateid#issuer_key_hash()","openssl::ocsp::certificateid#issuer_name_hash()","openssl::cipher#iv=()","openssl::cipher#iv_len()","openssl::cipher#iv_len=()","openssl::cipher#key=()","openssl::cipher#key_len()","openssl::cipher#key_len=()","openssl::x509::crl#last_update()","openssl::x509::crl#last_update=()","openssl::ssl::sslserver#listen()","openssl::asn1::objectid#ln()","openssl::engine::load()","openssl::engine#load_private_key()","openssl::engine#load_public_key()","openssl::random::load_random_file()","openssl::asn1::objectid#long_name()","openssl::bn#lshift!()","openssl::pkey::ec::point#make_affine!()","openssl::ssl::sslcontext#max_version=()","openssl::mem_check_start()","openssl::timestamp::request#message_imprint()","openssl::timestamp::tokeninfo#message_imprint()","openssl::timestamp::request#message_imprint=()","openssl::ssl::sslcontext#min_version=()","openssl::bn#mod_add()","openssl::bn#mod_exp()","openssl::bn#mod_inverse()","openssl::bn#mod_mul()","openssl::bn#mod_sqr()","openssl::bn#mod_sub()","openssl::pkey::ec::point#mul()","openssl::cipher#name()","openssl::digest#name()","openssl::engine#name()","openssl::bn#negative?()","openssl::asn1::asn1data::new()","openssl::asn1::constructive::new()","openssl::asn1::primitive::new()","openssl::bn::new()","openssl::buffering::new()","openssl::buffering::buffer::new()","openssl::cipher::new()","openssl::config::new()","openssl::digest::new()","openssl::hmac::new()","openssl::netscape::spki::new()","openssl::ocsp::basicresponse::new()","openssl::ocsp::certificateid::new()","openssl::ocsp::request::new()","openssl::ocsp::response::new()","openssl::ocsp::singleresponse::new()","openssl::pkcs12::new()","openssl::pkcs7::new()","openssl::pkcs7::recipientinfo::new()","openssl::pkcs7::signerinfo::new()","openssl::pkey::dh::new()","openssl::pkey::dsa::new()","openssl::pkey::ec::new()","openssl::pkey::ec::group::new()","openssl::pkey::ec::point::new()","openssl::pkey::pkey::new()","openssl::pkey::rsa::new()","openssl::ssl::sslcontext::new()","openssl::ssl::sslserver::new()","openssl::ssl::sslsocket::new()","openssl::ssl::session::new()","openssl::timestamp::request::new()","openssl::timestamp::response::new()","openssl::timestamp::tokeninfo::new()","openssl::x509::attribute::new()","openssl::x509::crl::new()","openssl::x509::certificate::new()","openssl::x509::extension::new()","openssl::x509::extensionfactory::new()","openssl::x509::name::new()","openssl::x509::request::new()","openssl::x509::revoked::new()","openssl::x509::store::new()","openssl::x509::storecontext::new()","openssl::ocsp::singleresponse#next_update()","openssl::x509::crl#next_update()","openssl::x509::crl#next_update=()","openssl::timestamp::request#nonce()","openssl::timestamp::tokeninfo#nonce()","openssl::timestamp::request#nonce=()","openssl::x509::certificate#not_after()","openssl::x509::certificate#not_after=()","openssl::x509::certificate#not_before()","openssl::x509::certificate#not_before=()","openssl::ssl::sslsocket#npn_protocol()","openssl::bn#num_bits()","openssl::bn#num_bytes()","openssl::x509::extension::authorityinfoaccess#ocsp_uris()","openssl::bn#odd?()","openssl::asn1::objectid#oid()","openssl::pkey::pkey#oid()","openssl::x509::attribute#oid()","openssl::x509::extension#oid()","openssl::x509::attribute#oid=()","openssl::x509::extension#oid=()","openssl::pkey::ec::point#on_curve?()","openssl::bn#one?()","openssl::ssl::sslcontext#options()","openssl::ssl::sslcontext#options=()","openssl::pkey::ec::group#order()","openssl::timestamp::tokeninfo#ordering()","openssl::cipher#padding=()","openssl::pkey::dh#params()","openssl::pkey::dsa#params()","openssl::pkey::rsa#params()","openssl::pkey::dh#params_ok?()","openssl::config::parse()","openssl::x509::name::parse()","openssl::config::parse_config()","openssl::x509::name::parse_openssl()","openssl::x509::name::parse_rfc2253()","openssl::kdf::pbkdf2_hmac()","openssl::pkcs5#pbkdf2_hmac()","openssl::pkcs5#pbkdf2_hmac_sha1()","openssl::ssl::sslsocket#peer_cert()","openssl::ssl::sslsocket#peer_cert_chain()","openssl::ssl::sslsocket#peer_finished_message()","openssl::ssl::socketforwarder#peeraddr()","openssl::ssl::sslsocket#pending()","openssl::cipher#pkcs5_keyivgen()","openssl::pkey::ec::group#point_conversion_form()","openssl::pkey::ec::group#point_conversion_form=()","openssl::timestamp::request#policy_id()","openssl::timestamp::tokeninfo#policy_id()","openssl::timestamp::request#policy_id=()","openssl::ssl::sslsocket#post_connection_check()","openssl::bn#pretty_print()","openssl::x509::certificate#pretty_print()","openssl::x509::name#pretty_print()","openssl::bn#prime?()","openssl::bn#prime_fasttest?()","openssl::buffering#print()","openssl::print_mem_leaks()","openssl::buffering#printf()","openssl::pkey::dh#private?()","openssl::pkey::dsa#private?()","openssl::pkey::ec#private?()","openssl::pkey::rsa#private?()","openssl::pkey::rsa#private_decrypt()","openssl::pkey::rsa#private_encrypt()","openssl::pkey::ec#private_key()","openssl::pkey::ec#private_key=()","openssl::pkey::ec#private_key?()","openssl::pkey::pkey#private_to_der()","openssl::pkey::pkey#private_to_pem()","openssl::pkey::dh#public?()","openssl::pkey::dsa#public?()","openssl::pkey::ec#public?()","openssl::pkey::rsa#public?()","openssl::pkey::rsa#public_decrypt()","openssl::pkey::rsa#public_encrypt()","openssl::netscape::spki#public_key()","openssl::pkey::dh#public_key()","openssl::pkey::dsa#public_key()","openssl::pkey::ec#public_key()","openssl::pkey::rsa#public_key()","openssl::x509::certificate#public_key()","openssl::x509::request#public_key()","openssl::netscape::spki#public_key=()","openssl::pkey::ec#public_key=()","openssl::x509::certificate#public_key=()","openssl::x509::request#public_key=()","openssl::pkey::ec#public_key?()","openssl::pkey::pkey#public_to_der()","openssl::pkey::pkey#public_to_pem()","openssl::x509::store#purpose=()","openssl::x509::storecontext#purpose=()","openssl::buffering#puts()","openssl::random::random_add()","openssl::random::random_bytes()","openssl::cipher#random_iv()","openssl::cipher#random_key()","openssl::buffering#read()","openssl::pkey::read()","openssl::buffering#read_nonblock()","openssl::pkcs7::read_smime()","openssl::buffering#readchar()","openssl::buffering#readline()","openssl::buffering#readlines()","openssl::buffering#readpartial()","openssl::pkcs7#recipients()","openssl::asn1::objectid::register()","openssl::cipher#reset()","openssl::digest#reset()","openssl::hmac#reset()","openssl::ocsp::basicresponse#responses()","openssl::ocsp::singleresponse#revocation_reason()","openssl::ocsp::singleresponse#revocation_time()","openssl::x509::crl#revoked()","openssl::x509::crl#revoked=()","openssl::bn#rshift!()","openssl::x509::name::rfc2253dn#scan()","openssl::kdf::scrypt()","openssl::config#sections()","openssl::secure_compare()","openssl::ssl::sslcontext#security_level()","openssl::ssl::sslcontext#security_level=()","openssl::pkey::ec::group#seed()","openssl::random::seed()","openssl::pkey::ec::group#seed=()","openssl::ocsp::certificateid#serial()","openssl::pkcs7::recipientinfo#serial()","openssl::pkcs7::signerinfo#serial()","openssl::x509::certificate#serial()","openssl::x509::revoked#serial()","openssl::x509::certificate#serial=()","openssl::x509::revoked#serial=()","openssl::timestamp::tokeninfo#serial_number()","openssl::ssl::sslsocket#session()","openssl::ssl::sslsocket#session=()","openssl::ssl::sslcontext#session_add()","openssl::ssl::sslcontext#session_cache_mode()","openssl::ssl::sslcontext#session_cache_mode=()","openssl::ssl::sslcontext#session_cache_size()","openssl::ssl::sslcontext#session_cache_size=()","openssl::ssl::sslcontext#session_cache_stats()","openssl::ssl::sslcontext#session_remove()","openssl::ssl::sslsocket#session_reused?()","openssl::bn#set_bit!()","openssl::pkey::rsa#set_crt_params()","openssl::engine#set_default()","openssl::x509::store#set_default_paths()","openssl::pkey::rsa#set_factors()","openssl::pkey::ec::group#set_generator()","openssl::pkey::dh#set_key()","openssl::pkey::dsa#set_key()","openssl::pkey::rsa#set_key()","openssl::ssl::sslcontext#set_params()","openssl::pkey::dh#set_pqg()","openssl::pkey::dsa#set_pqg()","openssl::pkey::ec::point#set_to_infinity!()","openssl::ssl::socketforwarder#setsockopt()","openssl::ssl::sslcontext#setup()","openssl::asn1::objectid#short_name()","openssl::ssl::sslserver#shutdown()","openssl::netscape::spki#sign()","openssl::ocsp::basicresponse#sign()","openssl::ocsp::request#sign()","openssl::pkcs7::sign()","openssl::pkey::pkey#sign()","openssl::x509::crl#sign()","openssl::x509::certificate#sign()","openssl::x509::request#sign()","openssl::pkey::rsa#sign_pss()","openssl::x509::crl#signature_algorithm()","openssl::x509::certificate#signature_algorithm()","openssl::x509::request#signature_algorithm()","openssl::ocsp::request#signed?()","openssl::pkcs7::signerinfo#signed_time()","openssl::pkcs7#signers()","openssl::asn1::objectid#sn()","openssl::bn#sqr()","openssl::ssl::sslsocket#ssl_version()","openssl::ssl::sslcontext#ssl_version=()","openssl::ssl::sslsocket#state()","openssl::ocsp::basicresponse#status()","openssl::ocsp::response#status()","openssl::timestamp::response#status()","openssl::random::status?()","openssl::ocsp::response#status_string()","openssl::timestamp::response#status_text()","openssl::x509::certificate#subject()","openssl::x509::request#subject()","openssl::x509::certificate#subject=()","openssl::x509::request#subject=()","openssl::x509::extensionfactory#subject_certificate=()","openssl::x509::extension::subjectkeyidentifier#subject_key_identifier()","openssl::x509::extensionfactory#subject_request=()","openssl::ssl::sslsocket#sysclose()","openssl::ssl::sslsocket#sysread()","openssl::pkey::dsa#syssign()","openssl::pkey::dsa#sysverify()","openssl::ssl::sslsocket#syswrite()","openssl::ocsp::singleresponse#this_update()","openssl::ssl::session#time()","openssl::x509::revoked#time()","openssl::ssl::session#time=()","openssl::x509::revoked#time=()","openssl::x509::store#time=()","openssl::x509::storecontext#time=()","openssl::ssl::session#timeout()","openssl::ssl::session#timeout=()","openssl::ssl::sslsocket#tmp_key()","openssl::x509::extension#to_a()","openssl::x509::name#to_a()","integer#to_bn()","openssl::bn#to_bn()","openssl::pkey::ec::point#to_bn()","openssl::asn1::asn1data#to_der()","openssl::asn1::constructive#to_der()","openssl::asn1::primitive#to_der()","openssl::netscape::spki#to_der()","openssl::ocsp::basicresponse#to_der()","openssl::ocsp::certificateid#to_der()","openssl::ocsp::request#to_der()","openssl::ocsp::response#to_der()","openssl::ocsp::singleresponse#to_der()","openssl::pkcs12#to_der()","openssl::pkcs7#to_der()","openssl::pkey::dh#to_der()","openssl::pkey::dsa#to_der()","openssl::pkey::ec#to_der()","openssl::pkey::ec::group#to_der()","openssl::pkey::rsa#to_der()","openssl::ssl::session#to_der()","openssl::timestamp::request#to_der()","openssl::timestamp::response#to_der()","openssl::timestamp::tokeninfo#to_der()","openssl::x509::attribute#to_der()","openssl::x509::crl#to_der()","openssl::x509::certificate#to_der()","openssl::x509::extension#to_der()","openssl::x509::name#to_der()","openssl::x509::request#to_der()","openssl::x509::revoked#to_der()","openssl::x509::extension#to_h()","openssl::bn#to_i()","openssl::bn#to_int()","openssl::ssl::sslserver#to_io()","openssl::pkey::ec::point#to_octet_string()","openssl::netscape::spki#to_pem()","openssl::pkcs7#to_pem()","openssl::pkey::dh#to_pem()","openssl::pkey::dsa#to_pem()","openssl::pkey::ec#to_pem()","openssl::pkey::ec::group#to_pem()","openssl::pkey::rsa#to_pem()","openssl::ssl::session#to_pem()","openssl::x509::crl#to_pem()","openssl::x509::certificate#to_pem()","openssl::x509::request#to_pem()","openssl::bn#to_s()","openssl::config#to_s()","openssl::hmac#to_s()","openssl::netscape::spki#to_s()","openssl::pkcs7#to_s()","openssl::pkey::dh#to_s()","openssl::pkey::dsa#to_s()","openssl::pkey::rsa#to_s()","openssl::x509::crl#to_s()","openssl::x509::certificate#to_s()","openssl::x509::extension#to_s()","openssl::x509::name#to_s()","openssl::x509::request#to_s()","openssl::netscape::spki#to_text()","openssl::pkey::dh#to_text()","openssl::pkey::dsa#to_text()","openssl::pkey::ec#to_text()","openssl::pkey::ec::group#to_text()","openssl::pkey::rsa#to_text()","openssl::ssl::session#to_text()","openssl::x509::crl#to_text()","openssl::x509::certificate#to_text()","openssl::x509::request#to_text()","openssl::x509::name#to_utf8()","openssl::timestamp::response#token()","openssl::timestamp::response#token_info()","openssl::asn1::traverse()","openssl::x509::store#trust=()","openssl::x509::storecontext#trust=()","openssl::timestamp::response#tsa_certificate()","openssl::pkcs7#type()","openssl::pkcs7#type=()","openssl::bn#ucmp()","openssl::buffering#ungetc()","openssl::cipher#update()","openssl::digest#update()","openssl::hmac#update()","openssl::x509::attribute#value()","openssl::x509::extension#value()","openssl::x509::attribute#value=()","openssl::x509::extension#value=()","openssl::x509::extension#value_der()","openssl::netscape::spki#verify()","openssl::ocsp::basicresponse#verify()","openssl::ocsp::request#verify()","openssl::pkcs7#verify()","openssl::pkey::pkey#verify()","openssl::timestamp::response#verify()","openssl::x509::crl#verify()","openssl::x509::certificate#verify()","openssl::x509::request#verify()","openssl::x509::store#verify()","openssl::x509::storecontext#verify()","openssl::x509::store#verify_callback=()","openssl::ssl::verify_certificate_identity()","openssl::pkey::rsa#verify_pss()","openssl::ssl::sslsocket#verify_result()","openssl::timestamp::request#version()","openssl::timestamp::tokeninfo#version()","openssl::x509::crl#version()","openssl::x509::certificate#version()","openssl::x509::request#version()","openssl::timestamp::request#version=()","openssl::x509::crl#version=()","openssl::x509::certificate#version=()","openssl::x509::request#version=()","openssl::buffering#write()","openssl::buffering#write_nonblock()","openssl::random::write_random_file()","openssl::pkcs7::write_smime()","openssl::bn#zero?()","","",""],"info":[["IO","","IO.html","",""],["IO::WaitReadable","","IO/WaitReadable.html","",""],["IO::WaitWritable","","IO/WaitWritable.html","",""],["Integer","","Integer.html","",""],["OpenSSL","","OpenSSL.html","","<p>OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the OpenSSL library.\n<p>Examples\n<p>All …\n"],["OpenSSL::ASN1","","OpenSSL/ASN1.html","","<p>Abstract Syntax Notation One (or ASN.1) is a notation syntax to describe data structures and is defined …\n"],["OpenSSL::ASN1::ASN1Data","","OpenSSL/ASN1/ASN1Data.html","","<p>The top-level class representing any ASN.1 object. When parsed by ASN1.decode, tagged values are always …\n"],["OpenSSL::ASN1::ASN1Error","","OpenSSL/ASN1/ASN1Error.html","","<p>Generic error class for all errors raised in ASN1 and any of the classes defined in it.\n"],["OpenSSL::ASN1::Constructive","","OpenSSL/ASN1/Constructive.html","","<p>The parent class for all constructed encodings. The <em>value</em> attribute of a Constructive is always an Array …\n"],["OpenSSL::ASN1::ObjectId","","OpenSSL/ASN1/ObjectId.html","","<p>Represents the primitive object id for OpenSSL::ASN1\n"],["OpenSSL::ASN1::Primitive","","OpenSSL/ASN1/Primitive.html","","<p>The parent class for all primitive encodings. Attributes are the same as for ASN1Data, with the addition …\n"],["OpenSSL::BN","","OpenSSL/BN.html","",""],["OpenSSL::BNError","","OpenSSL/BNError.html","","<p>Generic Error for all of OpenSSL::BN (big num)\n"],["OpenSSL::Buffering","","OpenSSL/Buffering.html","","<p>OpenSSL IO buffering mix-in module.\n<p>This module allows an OpenSSL::SSL::SSLSocket to behave like an IO …\n"],["OpenSSL::Buffering::Buffer","","OpenSSL/Buffering/Buffer.html","","<p>A buffer which will retain binary encoding.\n"],["OpenSSL::Cipher","","OpenSSL/Cipher.html","","<p>Provides symmetric algorithms for encryption and decryption. The algorithms that are available depend …\n"],["OpenSSL::Cipher::Cipher","","OpenSSL/Cipher/Cipher.html","","<p>Deprecated.\n<p>This class is only provided for backwards compatibility. Use OpenSSL::Cipher.\n"],["OpenSSL::Cipher::CipherError","","OpenSSL/Cipher/CipherError.html","",""],["OpenSSL::Config","","OpenSSL/Config.html","","<p>OpenSSL::Config\n<p>Configuration for the openssl library.\n<p>Many system’s installation of openssl library …\n"],["OpenSSL::ConfigError","","OpenSSL/ConfigError.html","","<p>General error for openssl library configuration files. Including formatting, parsing errors, etc.\n"],["OpenSSL::Digest","","OpenSSL/Digest.html","","<p>OpenSSL::Digest allows you to compute message digests (sometimes interchangeably called “hashes”) …\n"],["OpenSSL::Digest::DigestError","","OpenSSL/Digest/DigestError.html","","<p>Generic Exception class that is raised if an error occurs during a Digest operation.\n"],["OpenSSL::Engine","","OpenSSL/Engine.html","","<p>This class is the access to openssl’s ENGINE cryptographic module implementation.\n<p>See also, www.openssl.org/docs/crypto/engine.html …\n"],["OpenSSL::Engine::EngineError","","OpenSSL/Engine/EngineError.html","","<p>This is the generic exception for OpenSSL::Engine related errors\n"],["OpenSSL::ExtConfig","","OpenSSL/ExtConfig.html","","<p>This module contains configuration information about the SSL extension, for example if socket support …\n"],["OpenSSL::HMAC","","OpenSSL/HMAC.html","","<p>OpenSSL::HMAC allows computing Hash-based Message Authentication Code (HMAC). It is a type of message …\n"],["OpenSSL::HMACError","","OpenSSL/HMACError.html","","<p>Document-class: OpenSSL::HMAC\n<p>OpenSSL::HMAC allows computing Hash-based Message Authentication Code ( …\n"],["OpenSSL::KDF","","OpenSSL/KDF.html","","<p>Provides functionality of various KDFs (key derivation function).\n<p>KDF is typically used for securely deriving …\n"],["OpenSSL::KDF::KDFError","","OpenSSL/KDF/KDFError.html","","<p>Generic exception class raised if an error occurs in OpenSSL::KDF module.\n"],["OpenSSL::Marshal","","OpenSSL/Marshal.html","",""],["OpenSSL::Marshal::ClassMethods","","OpenSSL/Marshal/ClassMethods.html","",""],["OpenSSL::Netscape","","OpenSSL/Netscape.html","","<p>OpenSSL::Netscape is a namespace for SPKI (Simple Public Key Infrastructure) which implements Signed …\n"],["OpenSSL::Netscape::SPKI","","OpenSSL/Netscape/SPKI.html","","<p>A Simple Public Key Infrastructure implementation (pronounced “spooky”). The structure is defined …\n"],["OpenSSL::Netscape::SPKIError","","OpenSSL/Netscape/SPKIError.html","","<p>Generic Exception class that is raised if an error occurs during an operation on an instance of OpenSSL::Netscape::SPKI …\n"],["OpenSSL::OCSP","","OpenSSL/OCSP.html","","<p>OpenSSL::OCSP implements Online Certificate Status Protocol requests and responses.\n<p>Creating and sending …\n"],["OpenSSL::OCSP::BasicResponse","","OpenSSL/OCSP/BasicResponse.html","","<p>An OpenSSL::OCSP::BasicResponse contains the status of a certificate check which is created from an …\n"],["OpenSSL::OCSP::CertificateId","","OpenSSL/OCSP/CertificateId.html","","<p>An OpenSSL::OCSP::CertificateId identifies a certificate to the CA so that a status check can be performed. …\n"],["OpenSSL::OCSP::OCSPError","","OpenSSL/OCSP/OCSPError.html","","<p>OCSP error class.\n"],["OpenSSL::OCSP::Request","","OpenSSL/OCSP/Request.html","","<p>An OpenSSL::OCSP::Request contains the certificate information for determining if a certificate has been …\n"],["OpenSSL::OCSP::Response","","OpenSSL/OCSP/Response.html","","<p>An OpenSSL::OCSP::Response contains the status of a certificate check which is created from an OpenSSL::OCSP::Request …\n"],["OpenSSL::OCSP::SingleResponse","","OpenSSL/OCSP/SingleResponse.html","","<p>An OpenSSL::OCSP::SingleResponse represents an OCSP SingleResponse structure, which contains the basic …\n"],["OpenSSL::OpenSSLError","","OpenSSL/OpenSSLError.html","","<p>Generic error, common for all classes under OpenSSL module\n"],["OpenSSL::PKCS12","","OpenSSL/PKCS12.html","","<p>Defines a file format commonly used to store private keys with accompanying public key certificates, …\n"],["OpenSSL::PKCS12::PKCS12Error","","OpenSSL/PKCS12/PKCS12Error.html","",""],["OpenSSL::PKCS5","","OpenSSL/PKCS5.html","",""],["OpenSSL::PKCS7","","OpenSSL/PKCS7.html","",""],["OpenSSL::PKCS7::PKCS7Error","","OpenSSL/PKCS7/PKCS7Error.html","",""],["OpenSSL::PKCS7::RecipientInfo","","OpenSSL/PKCS7/RecipientInfo.html","",""],["OpenSSL::PKCS7::SignerInfo","","OpenSSL/PKCS7/SignerInfo.html","",""],["OpenSSL::PKey","","OpenSSL/PKey.html","","<p>Asymmetric Public Key Algorithms\n<p>Asymmetric public key algorithms solve the problem of establishing and …\n"],["OpenSSL::PKey::DH","","OpenSSL/PKey/DH.html","","<p>An implementation of the Diffie-Hellman key exchange protocol based on discrete logarithms in finite …\n"],["OpenSSL::PKey::DHError","","OpenSSL/PKey/DHError.html","","<p>Generic exception that is raised if an operation on a DH PKey fails unexpectedly or in case an instantiation …\n"],["OpenSSL::PKey::DSA","","OpenSSL/PKey/DSA.html","","<p>DSA, the Digital Signature Algorithm, is specified in NIST’s FIPS 186-3. It is an asymmetric public …\n"],["OpenSSL::PKey::DSAError","","OpenSSL/PKey/DSAError.html","","<p>Generic exception that is raised if an operation on a DSA PKey fails unexpectedly or in case an instantiation …\n"],["OpenSSL::PKey::EC","","OpenSSL/PKey/EC.html","","<p>OpenSSL::PKey::EC provides access to Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic …\n"],["OpenSSL::PKey::EC::Group","","OpenSSL/PKey/EC/Group.html","",""],["OpenSSL::PKey::EC::Group::Error","","OpenSSL/PKey/EC/Group/Error.html","",""],["OpenSSL::PKey::EC::Point","","OpenSSL/PKey/EC/Point.html","",""],["OpenSSL::PKey::EC::Point::Error","","OpenSSL/PKey/EC/Point/Error.html","",""],["OpenSSL::PKey::ECError","","OpenSSL/PKey/ECError.html","",""],["OpenSSL::PKey::PKey","","OpenSSL/PKey/PKey.html","","<p>An abstract class that bundles signature creation (PKey#sign) and validation (PKey#verify) that is common …\n"],["OpenSSL::PKey::PKeyError","","OpenSSL/PKey/PKeyError.html","","<p>Raised when errors occur during PKey#sign or PKey#verify.\n"],["OpenSSL::PKey::RSA","","OpenSSL/PKey/RSA.html","","<p>RSA is an asymmetric public key algorithm that has been formalized in RFC 3447. It is in widespread use …\n"],["OpenSSL::PKey::RSAError","","OpenSSL/PKey/RSAError.html","","<p>Generic exception that is raised if an operation on an RSA PKey fails unexpectedly or in case an instantiation …\n"],["OpenSSL::Random","","OpenSSL/Random.html","",""],["OpenSSL::Random::RandomError","","OpenSSL/Random/RandomError.html","",""],["OpenSSL::SSL","","OpenSSL/SSL.html","","<p>Use SSLContext to set up the parameters for a TLS (former SSL) connection. Both client and server TLS …\n"],["OpenSSL::SSL::SSLContext","","OpenSSL/SSL/SSLContext.html","","<p>An SSLContext is used to set various options regarding certificates, algorithms, verification, session …\n"],["OpenSSL::SSL::SSLError","","OpenSSL/SSL/SSLError.html","","<p>Generic error class raised by SSLSocket and SSLContext.\n"],["OpenSSL::SSL::SSLErrorWaitReadable","","OpenSSL/SSL/SSLErrorWaitReadable.html","",""],["OpenSSL::SSL::SSLErrorWaitWritable","","OpenSSL/SSL/SSLErrorWaitWritable.html","",""],["OpenSSL::SSL::SSLServer","","OpenSSL/SSL/SSLServer.html","","<p>SSLServer represents a TCP/IP server socket with Secure Sockets Layer.\n"],["OpenSSL::SSL::SSLSocket","","OpenSSL/SSL/SSLSocket.html","",""],["OpenSSL::SSL::Session","","OpenSSL/SSL/Session.html","",""],["OpenSSL::SSL::Session::SessionError","","OpenSSL/SSL/Session/SessionError.html","",""],["OpenSSL::SSL::SocketForwarder","","OpenSSL/SSL/SocketForwarder.html","",""],["OpenSSL::Timestamp","","OpenSSL/Timestamp.html","","<p>Provides classes and methods to request, create and validate RFC3161-compliant timestamps. Request may …\n"],["OpenSSL::Timestamp::Factory","","OpenSSL/Timestamp/Factory.html","","<p>Used to generate a Response from scratch.\n<p>Please bear in mind that the implementation will always apply …\n"],["OpenSSL::Timestamp::Request","","OpenSSL/Timestamp/Request.html","","<p>Allows to create timestamp requests or parse existing ones. A Request is also needed for creating timestamps …\n"],["OpenSSL::Timestamp::Response","","OpenSSL/Timestamp/Response.html","","<p>Immutable and read-only representation of a timestamp response returned from a timestamp server after …\n"],["OpenSSL::Timestamp::TimestampError","","OpenSSL/Timestamp/TimestampError.html","","<p>Generic exception class of the Timestamp module.\n"],["OpenSSL::Timestamp::TokenInfo","","OpenSSL/Timestamp/TokenInfo.html","","<p>Immutable and read-only representation of a timestamp token info from a Response.\n"],["OpenSSL::X509","","OpenSSL/X509.html","",""],["OpenSSL::X509::Attribute","","OpenSSL/X509/Attribute.html","",""],["OpenSSL::X509::AttributeError","","OpenSSL/X509/AttributeError.html","",""],["OpenSSL::X509::CRL","","OpenSSL/X509/CRL.html","",""],["OpenSSL::X509::CRLError","","OpenSSL/X509/CRLError.html","",""],["OpenSSL::X509::Certificate","","OpenSSL/X509/Certificate.html","","<p>Implementation of an X.509 certificate as specified in RFC 5280. Provides access to a certificate’s …\n"],["OpenSSL::X509::CertificateError","","OpenSSL/X509/CertificateError.html","",""],["OpenSSL::X509::Extension","","OpenSSL/X509/Extension.html","",""],["OpenSSL::X509::Extension::AuthorityInfoAccess","","OpenSSL/X509/Extension/AuthorityInfoAccess.html","",""],["OpenSSL::X509::Extension::AuthorityKeyIdentifier","","OpenSSL/X509/Extension/AuthorityKeyIdentifier.html","",""],["OpenSSL::X509::Extension::CRLDistributionPoints","","OpenSSL/X509/Extension/CRLDistributionPoints.html","",""],["OpenSSL::X509::Extension::Helpers","","OpenSSL/X509/Extension/Helpers.html","",""],["OpenSSL::X509::Extension::SubjectKeyIdentifier","","OpenSSL/X509/Extension/SubjectKeyIdentifier.html","",""],["OpenSSL::X509::ExtensionError","","OpenSSL/X509/ExtensionError.html","",""],["OpenSSL::X509::ExtensionFactory","","OpenSSL/X509/ExtensionFactory.html","",""],["OpenSSL::X509::Name","","OpenSSL/X509/Name.html","","<p>An X.509 name represents a hostname, email address or other entity associated with a public key.\n<p>You can …\n"],["OpenSSL::X509::Name::RFC2253DN","","OpenSSL/X509/Name/RFC2253DN.html","",""],["OpenSSL::X509::NameError","","OpenSSL/X509/NameError.html","",""],["OpenSSL::X509::Request","","OpenSSL/X509/Request.html","",""],["OpenSSL::X509::RequestError","","OpenSSL/X509/RequestError.html","",""],["OpenSSL::X509::Revoked","","OpenSSL/X509/Revoked.html","",""],["OpenSSL::X509::RevokedError","","OpenSSL/X509/RevokedError.html","",""],["OpenSSL::X509::Store","","OpenSSL/X509/Store.html","","<p>The X509 certificate store holds trusted CA certificates used to verify peer certificates.\n<p>The easiest …\n"],["OpenSSL::X509::StoreContext","","OpenSSL/X509/StoreContext.html","","<p>A StoreContext is used while validating a single certificate and holds the status involved.\n"],["OpenSSL::X509::StoreError","","OpenSSL/X509/StoreError.html","",""],["%","OpenSSL::BN","OpenSSL/BN.html#method-i-25","(p1)",""],["*","OpenSSL::BN","OpenSSL/BN.html#method-i-2A","(p1)",""],["**","OpenSSL::BN","OpenSSL/BN.html#method-i-2A-2A","(p1)",""],["+","OpenSSL::BN","OpenSSL/BN.html#method-i-2B","(p1)",""],["+@","OpenSSL::BN","OpenSSL/BN.html#method-i-2B-40","()",""],["-","OpenSSL::BN","OpenSSL/BN.html#method-i-2D","(p1)",""],["-@","OpenSSL::BN","OpenSSL/BN.html#method-i-2D-40","()",""],["/","OpenSSL::BN","OpenSSL/BN.html#method-i-2F","(p1)","<p>Division of OpenSSL::BN instances\n"],["<<","OpenSSL::BN","OpenSSL/BN.html#method-i-3C-3C","(p1)",""],["<<","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-3C-3C","(s)","<p>Writes <em>s</em> to the stream. <em>s</em> will be converted to a String using <code>.to_s</code> method.\n"],["<<","OpenSSL::Buffering::Buffer","OpenSSL/Buffering/Buffer.html#method-i-3C-3C","(string)",""],["<<","OpenSSL::Digest","OpenSSL/Digest.html#method-i-3C-3C","(p1)","<p>Not every message digest can be computed in one single pass. If a message digest is to be computed from …\n"],["<<","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-3C-3C","(p1)","<p>Returns <em>hmac</em> updated with the message to be authenticated. Can be called repeatedly with chunks of the …\n"],["<=>","OpenSSL::BN","OpenSSL/BN.html#method-i-3C-3D-3E","(p1)",""],["<=>","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-3C-3D-3E","(p1)","<p>Compares this Name with <em>other</em> and returns <code>0</code> if they are the same and <code>-1</code> or <code>+1</code> if they are greater or …\n"],["==","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> if <em>other_oid</em> is the same as <em>oid</em>\n"],["==","OpenSSL::BN","OpenSSL/BN.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> only if <em>obj</em> has the same value as <em>bn</em>. Contrast this with OpenSSL::BN#eql?, which requires …\n"],["==","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-3D-3D","(other)","<p>Securely compare with another HMAC instance in constant time.\n"],["==","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> if the two groups use the same curve and have the same parameters, <code>false</code> otherwise.\n"],["==","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-3D-3D","(p1)",""],["==","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> if the two Session is the same, <code>false</code> if not.\n"],["==","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-3D-3D","(p1)","<p>Compares the two certificates. Note that this takes into account all fields, not just the issuer name …\n"],["==","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-3D-3D","(other)",""],["===","OpenSSL::BN","OpenSSL/BN.html#method-i-3D-3D-3D","(p1)","<p>Returns <code>true</code> only if <em>obj</em> has the same value as <em>bn</em>. Contrast this with OpenSSL::BN#eql?, which requires …\n"],[">>","OpenSSL::BN","OpenSSL/BN.html#method-i-3E-3E","(p1)",""],["Digest","OpenSSL","OpenSSL.html#method-c-Digest","(name)","<p>Returns a Digest subclass by <em>name</em>\n\n<pre class=\"ruby\"><span class=\"ruby-identifier\">require</span> <span class=\"ruby-string\">'openssl'</span>\n\n<span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Digest</span>(<span class=\"ruby-string\">"MD5"</span>)\n<span class=\"ruby-comment\"># => OpenSSL::Digest::MD5 ...</span>\n</pre>\n"],["[]","OpenSSL::Config","OpenSSL/Config.html#method-i-5B-5D","(section)","<p>Get a specific <em>section</em> from the current configuration\n<p>Given the following configurating file being loaded: …\n"],["[]=","OpenSSL::Config","OpenSSL/Config.html#method-i-5B-5D-3D","(section, pairs)","<p>*Deprecated in v2.2.0*. This method will be removed in a future release.\n<p>Sets a specific <em>section</em> name …\n"],["_dump","OpenSSL::Marshal","OpenSSL/Marshal.html#method-i-_dump","(_level)",""],["_load","OpenSSL::Marshal::ClassMethods","OpenSSL/Marshal/ClassMethods.html#method-i-_load","(string)",""],["accept","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-accept","()","<p>Works similar to TCPServer#accept.\n"],["accept","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-accept","()","<p>Waits for a SSL/TLS client to initiate a handshake. The handshake may be started after unencrypted data …\n"],["accept_nonblock","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-accept_nonblock","(p1 = {})","<p>Initiates the SSL/TLS handshake as a server in non-blocking manner.\n\n<pre># emulates blocking accept\nbegin\n ...</pre>\n"],["add","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-add","(p1)","<p>Performs elliptic curve point addition.\n"],["add_attribute","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-add_attribute","(p1)",""],["add_cert","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_cert","(p1)","<p>Adds the OpenSSL::X509::Certificate <em>cert</em> to the certificate store.\n"],["add_certid","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-add_certid","(p1)","<p>Adds <em>certificate_id</em> to the request.\n"],["add_certificate","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_certificate","(p1)",""],["add_certificate","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-add_certificate","(p1, p2, p3 = v3)","<p>Adds a certificate to the context. <em>pkey</em> must be a corresponding private key with <em>certificate</em>.\n<p>Multiple …\n"],["add_crl","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_crl","(p1)",""],["add_crl","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_crl","(p1)","<p>Adds the OpenSSL::X509::CRL <em>crl</em> to the store.\n"],["add_data","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_data","(p1)",""],["add_entry","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-add_entry","(p1, p2, p3 = v3, p4 = {})","<p>Adds a new entry with the given <em>oid</em> and <em>value</em> to this name. The <em>oid</em> is an object identifier defined …\n"],["add_extension","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-add_extension","(p1)",""],["add_extension","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-add_extension","(p1)",""],["add_extension","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-add_extension","(p1)",""],["add_file","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_file","(p1)","<p>Adds the certificates in <em>file</em> to the certificate store. <em>file</em> is the path to the file, and the file contains …\n"],["add_nonce","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-add_nonce","(p1 = v1)","<p>Adds <em>nonce</em> to this response. If no nonce was provided a random nonce will be added.\n"],["add_nonce","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-add_nonce","(p1 = v1)","<p>Adds a <em>nonce</em> to the OCSP request. If no nonce is given a random one will be generated.\n<p>The nonce is used …\n"],["add_path","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_path","(p1)","<p>Adds <em>path</em> as the hash dir to be looked up by the store.\n"],["add_recipient","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_recipient","(p1)",""],["add_revoked","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-add_revoked","(p1)",""],["add_signer","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_signer","(p1)",""],["add_status","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-add_status","(p1, p2, p3, p4, p5, p6, p7)","<p>Adds a certificate status for <em>certificate_id</em>. <em>status</em> is the status, and must be one of these:\n<p>OpenSSL::OCSP::V_CERTSTATUS_GOOD …\n"],["add_value","OpenSSL::Config","OpenSSL/Config.html#method-i-add_value","(section, key, value)","<p>*Deprecated in v2.2.0*. This method will be removed in a future release.\n<p>Set the target <em>key</em> with a given …\n"],["addr","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-addr","()",""],["algorithm","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-algorithm","()","<p>Returns the ‘short name’ of the object identifier that represents the algorithm that was used …\n"],["algorithm","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-algorithm","()","<p>Returns the ‘short name’ of the object identifier representing the algorithm that was used to …\n"],["algorithm=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-algorithm-3D","(p1)","<p>Allows to set the object identifier or the ‘short name’ of the algorithm that was used to create …\n"],["alpn_protocol","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-alpn_protocol","()","<p>Returns the ALPN protocol string that was finally selected by the server during the handshake.\n"],["asn1_flag","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-asn1_flag","()","<p>Returns the flags set on the group.\n<p>See also #asn1_flag=.\n"],["asn1_flag=","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-asn1_flag-3D","(p1)","<p>Sets flags on the group. The flag value is used to determine how to encode the group: encode explicit …\n"],["attributes","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-attributes","()",""],["attributes=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-attributes-3D","(p1)",""],["auth_data=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_data-3D","(p1)","<p>Sets the cipher’s additional authenticated data. This field must be set when using AEAD cipher modes …\n"],["auth_tag","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_tag","(p1 = v1)","<p>Gets the authentication tag generated by Authenticated Encryption Cipher modes (GCM for example). This …\n"],["auth_tag=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_tag-3D","(p1)","<p>Sets the authentication tag to verify the integrity of the ciphertext. This can be called only when the …\n"],["auth_tag_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_tag_len-3D","(p1)","<p>Sets the length of the authentication tag to be generated or to be given for AEAD ciphers that requires …\n"],["authenticated?","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-authenticated-3F","()","<p>Indicated whether this Cipher instance uses an Authenticated Encryption mode.\n"],["authority_key_identifier","OpenSSL::X509::Extension::AuthorityKeyIdentifier","OpenSSL/X509/Extension/AuthorityKeyIdentifier.html#method-i-authority_key_identifier","()","<p>Get the issuing certificate’s key identifier from the authorityKeyIdentifier extension, as described …\n"],["basic","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-basic","()","<p>Returns a BasicResponse for this response\n"],["bit_set?","OpenSSL::BN","OpenSSL/BN.html#method-i-bit_set-3F","(p1)","<p>Tests bit <em>bit</em> in <em>bn</em> and returns <code>true</code> if set, <code>false</code> if not set.\n"],["blinding_off!","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-blinding_off-21","()",""],["blinding_on!","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-blinding_on-21","()",""],["block_length","OpenSSL::Digest","OpenSSL/Digest.html#method-i-block_length","()","<p>Returns the block length of the digest algorithm, i.e. the length in bytes of an individual block. Most …\n"],["block_size","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-block_size","()","<p>Returns the size in bytes of the blocks on which this Cipher operates on.\n"],["builtin_curves","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-c-builtin_curves","()","<p>Obtains a list of all predefined curves by the OpenSSL. Curve names are returned as sn.\n<p>See the OpenSSL …\n"],["by_id","OpenSSL::Engine","OpenSSL/Engine.html#method-c-by_id","(p1)","<p>Fetches the engine as specified by the <em>id</em> String.\n\n<pre>OpenSSL::Engine.by_id("openssl")\n => #<OpenSSL::Engine ...</pre>\n"],["ca_issuer_uris","OpenSSL::X509::Extension::AuthorityInfoAccess","OpenSSL/X509/Extension/AuthorityInfoAccess.html#method-i-ca_issuer_uris","()","<p>Get the information and services for the issuer from the certificate’s authority information access …\n"],["ccm_data_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-ccm_data_len-3D","(p1)","<p>Sets the length of the plaintext / ciphertext message that will be processed in CCM mode. Make sure to …\n"],["cert","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-cert","()","<p>The X509 certificate for this socket endpoint.\n"],["cert_requested=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-cert_requested-3D","(p1)","<p>Specify whether the response shall contain the timestamp authority’s certificate or not. The default …\n"],["cert_requested?","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-cert_requested-3F","()","<p>Indicates whether the response shall contain the timestamp authority’s certificate or not.\n"],["cert_status","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-cert_status","()","<p>Returns the status of the certificate identified by the certid. The return value may be one of these …\n"],["certid","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-certid","()","<p>Returns all certificate IDs in this request.\n"],["certid","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-certid","()","<p>Returns the CertificateId for which this SingleResponse is.\n"],["certificates","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-certificates","()",""],["certificates=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-certificates-3D","(p1)",""],["chain","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-chain","()",""],["challenge","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-challenge","()","<p>Returns the challenge string associated with this SPKI.\n"],["challenge=","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-challenge-3D","(p1)","<p>Parameters\n<p><em>str</em> - the challenge string to be set for this instance\n\n<p>Sets the challenge to be associated with …\n"],["check_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-check_key","()","<p>Raises an exception if the key is invalid.\n<p>See the OpenSSL documentation for EC_KEY_check_key()\n"],["check_nonce","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-check_nonce","(p1)","<p>Checks the nonce validity for this request and <em>response</em>.\n<p>The return value is one of the following:\n<p>-1 … — "],["check_private_key","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-check_private_key","(p1)","<p>Returns <code>true</code> if <em>key</em> is the corresponding private key to the Subject Public Key Information, <code>false</code> otherwise. …\n"],["check_validity","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-check_validity","(p1 = v1, p2 = v2)","<p>Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse. This checks the current …\n"],["cipher","OpenSSL::Engine","OpenSSL/Engine.html#method-i-cipher","(p1)","<p>Returns a new instance of OpenSSL::Cipher by <em>name</em>, if it is available in this engine.\n<p>An EngineError will …\n"],["cipher","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-cipher","()","<p>Returns the cipher suite actually used in the current session, or nil if no session has been established. …\n"],["cipher=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-cipher-3D","(p1)",""],["ciphers","OpenSSL::Cipher","OpenSSL/Cipher.html#method-c-ciphers","()","<p>Returns the names of all available ciphers in an array.\n"],["ciphers","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ciphers","()","<p>The list of cipher suites configured for this context.\n"],["ciphers=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ciphers-3D","(p1)","<p>Sets the list of available cipher suites for this context. Note in a server context some ciphers require …\n"],["cleanup","OpenSSL::Engine","OpenSSL/Engine.html#method-c-cleanup","()","<p>It is only necessary to run cleanup when engines are loaded via OpenSSL::Engine.load. However, running …\n"],["cleanup","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-cleanup","()",""],["clear_bit!","OpenSSL::BN","OpenSSL/BN.html#method-i-clear_bit-21","(p1)",""],["client_ca","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-client_ca","()","<p>Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of X509::Certificate …\n"],["close","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-close","()","<p>Closes the SSLSocket and flushes any unwritten data.\n"],["close","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-close","()","<p>See IO#close for details.\n"],["closed?","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-closed-3F","()",""],["cmds","OpenSSL::Engine","OpenSSL/Engine.html#method-i-cmds","()","<p>Returns an array of command definitions for the current engine\n"],["cmp","OpenSSL::BN","OpenSSL/BN.html#method-i-cmp","(p1)",""],["cmp","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-cmp","(p1)","<p>Compares this certificate id with <em>other</em> and returns <code>true</code> if they are the same.\n"],["cmp","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-cmp","(p1)","<p>Compares this Name with <em>other</em> and returns <code>0</code> if they are the same and <code>-1</code> or <code>+1</code> if they are greater or …\n"],["cmp_issuer","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-cmp_issuer","(p1)","<p>Compares this certificate id’s issuer with <em>other</em> and returns <code>true</code> if they are the same.\n"],["coerce","OpenSSL::BN","OpenSSL/BN.html#method-i-coerce","(p1)",""],["cofactor","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-cofactor","()","<p>Returns the cofactor of the group.\n<p>See the OpenSSL documentation for EC_GROUP_get_cofactor()\n"],["compute_key","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-compute_key","(p1)","<p>Returns a String containing a shared secret computed from the other party’s public value. See DH_compute_key …\n"],["concat","OpenSSL::Buffering::Buffer","OpenSSL/Buffering/Buffer.html#method-i-concat","(string)",""],["connect","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-connect","()","<p>Initiates an SSL/TLS handshake with a server. The handshake may be started after unencrypted data has …\n"],["connect_nonblock","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-connect_nonblock","(p1 = {})","<p>Initiates the SSL/TLS handshake as a client in non-blocking manner.\n\n<pre># emulates blocking connect\nbegin ...</pre>\n"],["copy","OpenSSL::BN","OpenSSL/BN.html#method-i-copy","(p1)",""],["copy_nonce","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-copy_nonce","(p1)","<p>Copies the nonce from <em>request</em> into this response. Returns 1 on success and 0 on failure.\n"],["create","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-c-create","(p1, p2)","<p>Creates an OpenSSL::OCSP::Response from <em>status</em> and <em>basic_response</em>.\n"],["create","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-c-create","(p1, p2, p3, p4, p5 = v5, p6 = v6, p7 = v7, p8 = v8, p9 = v9, p10 = v10)","<p>Parameters\n<p><em>pass</em> - string\n<p><em>name</em> - A string describing the key.\n"],["create_ext","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext","(p1, p2, p3 = v3)","<p>Creates a new X509::Extension with passed values. See also x509v3_config(5).\n"],["create_ext_from_array","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext_from_array","(ary)",""],["create_ext_from_hash","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext_from_hash","(hash)",""],["create_ext_from_string","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext_from_string","(str)",""],["create_extension","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_extension","(*arg)",""],["create_timestamp","OpenSSL::Timestamp::Factory","OpenSSL/Timestamp/Factory.html#method-i-create_timestamp","(p1, p2, p3)","<p>Creates a Response with the help of an OpenSSL::PKey, an OpenSSL::X509::Certificate and a Request.\n<p>Mandatory …\n"],["critical=","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-critical-3D","(p1)",""],["critical?","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-critical-3F","()",""],["crl=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-crl-3D","(p1)",""],["crl_uris","OpenSSL::X509::Extension::CRLDistributionPoints","OpenSSL/X509/Extension/CRLDistributionPoints.html#method-i-crl_uris","()","<p>Get the distributionPoint fullName URI from the certificate’s CRL distribution points extension, …\n"],["crls","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-crls","()",""],["crls=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-crls-3D","(p1)",""],["ctrl_cmd","OpenSSL::Engine","OpenSSL/Engine.html#method-i-ctrl_cmd","(p1, p2 = v2)","<p>Sends the given <em>command</em> to this engine.\n<p>Raises an EngineError if the command fails.\n"],["current_cert","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-current_cert","()",""],["current_crl","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-current_crl","()",""],["curve_name","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-curve_name","()","<p>Returns the curve name (sn).\n<p>See the OpenSSL documentation for EC_GROUP_get_curve_name()\n"],["data=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-data-3D","(p1)",""],["debug","OpenSSL","OpenSSL.html#method-c-debug","()",""],["debug=","OpenSSL","OpenSSL.html#method-c-debug-3D","(p1)","<p>Turns on or off debug mode. With debug mode, all erros added to the OpenSSL error queue will be printed …\n"],["decode","OpenSSL::ASN1","OpenSSL/ASN1.html#method-c-decode","(p1)","<p>Decodes a BER- or DER-encoded value and creates an ASN1Data instance. <em>der</em> may be a String or any object …\n"],["decode_all","OpenSSL::ASN1","OpenSSL/ASN1.html#method-c-decode_all","(p1)","<p>Similar to #decode with the difference that #decode expects one distinct value represented in <em>der</em>. #decode_all …\n"],["decrypt","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-decrypt","(*args)","<p>Initializes the Cipher for decryption.\n<p>Make sure to call Cipher#encrypt or Cipher#decrypt before using …\n"],["decrypt","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-decrypt","(p1, p2 = v2, p3 = v3)",""],["degree","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-degree","()","<p>See the OpenSSL documentation for EC_GROUP_get_degree()\n"],["detached","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-detached","()",""],["detached=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-detached-3D","(p1)",""],["detached?","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-detached-3F","()",""],["dh_compute_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-dh_compute_key","(p1)","<p>See the OpenSSL documentation for ECDH_compute_key()\n"],["digest","OpenSSL::Digest","OpenSSL/Digest.html#method-c-digest","(name, data)","<p>Return the hash value computed with <em>name</em> Digest. <em>name</em> is either the long name or short name of a supported …\n"],["digest","OpenSSL::Engine","OpenSSL/Engine.html#method-i-digest","(p1)","<p>Returns a new instance of OpenSSL::Digest by <em>name</em>.\n<p>Will raise an EngineError if the digest is unavailable. …\n"],["digest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-c-digest","(p1, p2, p3)","<p>Returns the authentication code as a binary string. The <em>digest</em> parameter specifies the digest algorithm …\n"],["digest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-digest","()","<p>Returns the authentication code an instance represents as a binary string.\n<p>Example\n\n<pre>instance = OpenSSL::HMAC.new('key', ...</pre>\n"],["digest_length","OpenSSL::Digest","OpenSSL/Digest.html#method-i-digest_length","()","<p>Returns the output size of the digest, i.e. the length in bytes of the final message digest result.\n<p>Example …\n"],["do_not_reverse_lookup=","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-do_not_reverse_lookup-3D","(flag)",""],["dsa_sign_asn1","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-dsa_sign_asn1","(p1)","<p>See the OpenSSL documentation for ECDSA_sign()\n"],["dsa_verify_asn1","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-dsa_verify_asn1","(p1, p2)","<p>See the OpenSSL documentation for ECDSA_verify()\n"],["each","OpenSSL::ASN1::Constructive","OpenSSL/ASN1/Constructive.html#method-i-each","()","<p>Calls the given block once for each element in self, passing that element as parameter <em>asn1</em>. If no block …\n"],["each","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-each","(eol=$/)","<p>Executes the block for every line in the stream where lines are separated by <em>eol</em>.\n<p>See also #gets\n"],["each","OpenSSL::Config","OpenSSL/Config.html#method-i-each","()","<p>For a block.\n<p>Receive the section and its pairs for the current configuration.\n\n<pre>config.each do |section, ...</pre>\n"],["each_byte","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-each_byte","()","<p>Calls the given block once for each byte in the stream.\n"],["each_line","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-each_line","(eol=$/)",""],["ecdh_curves=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ecdh_curves-3D","(p1)","<p>Sets the list of “supported elliptic curves” for this context.\n<p>For a TLS client, the list is …\n"],["egd","OpenSSL::Random","OpenSSL/Random.html#method-c-egd","(p1)","<p>Same as ::egd_bytes but queries 255 bytes by default.\n"],["egd_bytes","OpenSSL::Random","OpenSSL/Random.html#method-c-egd_bytes","(p1, p2)","<p>Queries the entropy gathering daemon EGD on socket path given by <em>filename</em>.\n<p>Fetches <em>length</em> number of bytes …\n"],["enable_fallback_scsv","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-enable_fallback_scsv","()","<p>Activate TLS_FALLBACK_SCSV for this context. See RFC 7507.\n"],["enc_key","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-i-enc_key","()",""],["encrypt","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-encrypt","(*args)","<p>Initializes the Cipher for encryption.\n<p>Make sure to call Cipher#encrypt or Cipher#decrypt before using …\n"],["encrypt","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-encrypt","(p1, p2, p3 = v3, p4 = v4)",""],["engines","OpenSSL::Engine","OpenSSL/Engine.html#method-c-engines","()","<p>Returns an array of currently loaded engines.\n"],["eof","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-eof","()",""],["eof?","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-eof-3F","()","<p>Returns true if the stream is at file which means there is no more data to be read.\n"],["eql?","OpenSSL::BN","OpenSSL/BN.html#method-i-eql-3F","(p1)","<p>Returns <code>true</code> only if <em>obj</em> is a <code>OpenSSL::BN</code> with the same value as <em>bn</em>. Contrast this with OpenSSL::BN#== …\n"],["eql?","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-eql-3F","(p1)","<p>Returns <code>true</code> if the two groups use the same curve and have the same parameters, <code>false</code> otherwise.\n"],["eql?","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-eql-3F","(p1)",""],["eql?","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-eql-3F","(p1)","<p>Returns true if <em>name</em> and <em>other</em> refer to the same hash key.\n"],["error","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error","()",""],["error=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error-3D","(p1)",""],["error_depth","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error_depth","()",""],["error_string","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error_string","()","<p>Returns the error string corresponding to the error code retrieved by #error.\n"],["errors","OpenSSL","OpenSSL.html#method-c-errors","()","<p>See any remaining errors held in queue.\n<p>Any errors you see here are probably due to a bug in Ruby’s …\n"],["expand_hexstring","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-expand_hexstring","(str)",""],["expand_pair","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-expand_pair","(str)",""],["expand_value","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-expand_value","(str1, str2, str3)",""],["export","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-export","()","<p>Encodes this DH to its PEM encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["export","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-export","(p1 = v1, p2 = v2)","<p>Encodes this DSA to its PEM encoding.\n<p>Parameters\n<p><em>cipher</em> is an OpenSSL::Cipher.\n"],["export","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-export","(p1 = v1, p2 = v2)","<p>Outputs the EC key in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["export","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-export","(p1 = v1, p2 = v2)","<p>Outputs this keypair in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["extensions","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-extensions","()",""],["extensions","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-extensions","()","<p>Gets X509v3 extensions as array of X509Ext objects\n"],["extensions","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-extensions","()",""],["extensions","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-extensions","()","<p>Gets X509v3 extensions as array of X509Ext objects\n"],["extensions=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-extensions-3D","(p1)","<p>Sets X509_EXTENSIONs\n"],["extensions=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-extensions-3D","(p1)",""],["extensions=","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-extensions-3D","(p1)","<p>Sets X509_EXTENSIONs\n"],["failure_info","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-failure_info","()","<p>In cases no timestamp token has been created, this field contains further info about the reason why response …\n"],["fcntl","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-fcntl","(*args)",""],["fileno","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-fileno","()","<p>The file descriptor for the socket.\n"],["final","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-final","()","<p>Returns the remaining data held in the cipher object. Further calls to Cipher#update or Cipher#final …\n"],["find_extension","OpenSSL::X509::Extension::Helpers","OpenSSL/X509/Extension/Helpers.html#method-i-find_extension","(oid)",""],["find_response","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-find_response","(p1)","<p>Returns a SingleResponse whose CertId matches with <em>certificate_id</em>, or <code>nil</code> if this BasicResponse does …\n"],["finish","OpenSSL::Engine","OpenSSL/Engine.html#method-i-finish","()","<p>Releases all internal structural references for this engine.\n<p>May raise an EngineError if the engine is …\n"],["finished_message","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-finished_message","()","<p>Returns the last <strong>Finished</strong> message sent\n"],["fips_mode","OpenSSL","OpenSSL.html#method-c-fips_mode","()",""],["fips_mode=","OpenSSL","OpenSSL.html#method-c-fips_mode-3D","(p1)","<p>Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an effect for FIPS-capable installations …\n"],["fixed_length_secure_compare","OpenSSL","OpenSSL.html#method-c-fixed_length_secure_compare","(p1, p2)","<p>Constant time memory comparison for fixed length strings, such as results of HMAC calculations.\n<p>Returns …\n"],["flags=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-flags-3D","(p1)","<p>Sets <em>flags</em> to the Store. <em>flags</em> consists of zero or more of the constants defined in with name V_FLAG_ …\n"],["flags=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-flags-3D","(p1)","<p>Sets the verification flags to the context. See Store#flags=.\n"],["flush","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-flush","()","<p>Flushes buffered data to the SSLSocket.\n"],["flush_sessions","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-flush_sessions","(p1 = v1)","<p>Removes sessions in the internal cache that have expired at <em>time</em>.\n"],["freeze","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-freeze","()","<p>This method is called automatically when a new SSLSocket is created. However, it is not thread-safe and …\n"],["gcd","OpenSSL::BN","OpenSSL/BN.html#method-i-gcd","(p1)",""],["gen_time","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-gen_time","()","<p>Returns time when this timestamp token was created. If status is GRANTED or GRANTED_WITH_MODS, this is …\n"],["generate","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-c-generate","(p1, p2 = v2)","<p>Creates a new DH instance from scratch by generating the private and public components alike.\n<p>Parameters …\n"],["generate","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-c-generate","(p1)","<p>Creates a new DSA instance by generating a private/public key pair from scratch.\n<p>Parameters\n<p><em>size</em> is an …\n"],["generate","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-c-generate","(p1)","<p>Creates a new EC instance with a new random private and public key.\n"],["generate","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-c-generate","(p1, p2 = v2)","<p>Generates an RSA keypair. <em>size</em> is an integer representing the desired key size. Keys smaller than 1024 …\n"],["generate_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-generate_key","()","<p>Generates a new random private and public key.\n<p>See also the OpenSSL documentation for EC_KEY_generate_key …\n"],["generate_key!","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-generate_key-21","()","<p>Generates a private and public key unless a private key already exists. If this DH instance was generated …\n"],["generate_key!","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-generate_key-21","()","<p>Generates a new random private and public key.\n<p>See also the OpenSSL documentation for EC_KEY_generate_key …\n"],["generate_prime","OpenSSL::BN","OpenSSL/BN.html#method-c-generate_prime","(p1, p2 = v2, p3 = v3, p4 = v4)","<p>Generates a random prime number of bit length <em>bits</em>. If <em>safe</em> is set to <code>true</code>, generates a safe prime. …\n"],["generator","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-generator","()","<p>Returns the generator of the group.\n<p>See the OpenSSL documentation for EC_GROUP_get0_generator()\n"],["get_value","OpenSSL::Config","OpenSSL/Config.html#method-i-get_value","(section, key)","<p>Gets the value of <em>key</em> from the given <em>section</em>\n<p>Given the following configurating file being loaded:\n\n<pre class=\"ruby\"><span class=\"ruby-identifier\">config</span> <span class=\"ruby-operator\">...</span>\n</pre>\n"],["getc","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-getc","()","<p>Reads one character from the stream. Returns nil if called at end of file.\n"],["gets","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-gets","(eol=$/, limit=nil)","<p>Reads the next “line” from the stream. Lines are separated by <em>eol</em>. If <em>limit</em> is provided the …\n"],["getsockopt","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-getsockopt","(level, optname)",""],["group","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-group","()","<p>Returns the EC::Group that the key is associated with. Modifying the returned group does not affect …\n"],["group=","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-group-3D","(p1)","<p>Sets the EC::Group for the key. The group structure is internally copied so modification to <em>group</em> after …\n"],["hash","OpenSSL::BN","OpenSSL/BN.html#method-i-hash","()","<p>Returns a hash code for this object.\n<p>See also Object#hash.\n"],["hash","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-hash","()","<p>The hash value returned is suitable for use as a certificate’s filename in a CA path.\n"],["hash_algorithm","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-hash_algorithm","()","<p>Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash …\n"],["hash_old","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-hash_old","()","<p>Returns an MD5 based hash used in OpenSSL 0.9.X.\n"],["hexdigest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-c-hexdigest","(p1, p2, p3)","<p>Returns the authentication code as a hex-encoded string. The <em>digest</em> parameter specifies the digest algorithm …\n"],["hexdigest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-hexdigest","()","<p>Returns the authentication code an instance represents as a hex-encoded string.\n"],["hkdf","OpenSSL::KDF","OpenSSL/KDF.html#method-c-hkdf","(p1, p2 = {})","<p>HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as specified in RFC 5869.\n<p>New in OpenSSL …\n"],["hostname=","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-hostname-3D","(p1)","<p>Sets the server hostname used for SNI. This needs to be set before SSLSocket#connect.\n"],["id","OpenSSL::Engine","OpenSSL/Engine.html#method-i-id","()","<p>Gets the id for this engine.\n\n<pre class=\"ruby\"><span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">load</span>\n<span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">engines</span> <span class=\"ruby-comment\">#=> [#<OpenSSL::Engine#>, ...] ...</span>\n</pre>\n"],["id","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-id","()","<p>Returns the Session ID.\n"],["included","OpenSSL::Marshal","OpenSSL/Marshal.html#method-c-included","(base)",""],["infinity?","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-infinity-3F","()",""],["initialize_copy","OpenSSL::BN","OpenSSL/BN.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::Digest","OpenSSL/Digest.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-initialize_copy","(p1)",""],["inspect","OpenSSL::Config","OpenSSL/Config.html#method-i-inspect","()","<p>String representation of this configuration object, including the class name and its sections.\n"],["inspect","OpenSSL::Engine","OpenSSL/Engine.html#method-i-inspect","()","<p>Pretty prints this engine.\n"],["inspect","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-inspect","()","<p>Returns the authentication code as a hex-encoded string. The <em>digest</em> parameter specifies the digest algorithm …\n"],["inspect","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-inspect","()","<p>Returns a string describing the PKey object.\n"],["inspect","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-inspect","()",""],["invert!","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-invert-21","()",""],["issuer","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-i-issuer","()",""],["issuer","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-i-issuer","()",""],["issuer","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-issuer","()",""],["issuer","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-issuer","()",""],["issuer=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-issuer-3D","(p1)",""],["issuer=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-issuer-3D","(p1)",""],["issuer_certificate=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-issuer_certificate-3D","(p1)",""],["issuer_key_hash","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-issuer_key_hash","()","<p>Returns the issuerKeyHash of this certificate ID, the hash of the issuer’s public key.\n"],["issuer_name_hash","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-issuer_name_hash","()","<p>Returns the issuerNameHash of this certificate ID, the hash of the issuer’s distinguished name calculated …\n"],["iv=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-iv-3D","(p1)","<p>Sets the cipher IV. Please note that since you should never be using ECB mode, an IV is always explicitly …\n"],["iv_len","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-iv_len","()","<p>Returns the expected length in bytes for an IV for this Cipher.\n"],["iv_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-iv_len-3D","(p1)","<p>Sets the IV/nonce length of the Cipher. Normally block ciphers don’t allow changing the IV length, …\n"],["key=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-key-3D","(p1)","<p>Sets the cipher key. To generate a key, you should either use a secure random byte string or, if the …\n"],["key_len","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-key_len","()","<p>Returns the key length in bytes of the Cipher.\n"],["key_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-key_len-3D","(p1)","<p>Sets the key length of the cipher. If the cipher is a fixed length cipher then attempting to set the …\n"],["last_update","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-last_update","()",""],["last_update=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-last_update-3D","(p1)",""],["listen","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-listen","(backlog=Socket::SOMAXCONN)","<p>See TCPServer#listen for details.\n"],["ln","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-ln","()","<p>The long name of the ObjectId, as defined in <openssl/objects.h>.\n"],["load","OpenSSL::Engine","OpenSSL/Engine.html#method-c-load","(p1 = v1)","<p>This method loads engines. If <em>name</em> is nil, then all builtin engines are loaded. Otherwise, the given …\n"],["load_private_key","OpenSSL::Engine","OpenSSL/Engine.html#method-i-load_private_key","(p1 = v1, p2 = v2)","<p>Loads the given private key identified by <em>id</em> and <em>data</em>.\n<p>An EngineError is raised of the OpenSSL::PKey is …\n"],["load_public_key","OpenSSL::Engine","OpenSSL/Engine.html#method-i-load_public_key","(p1 = v1, p2 = v2)","<p>Loads the given public key identified by <em>id</em> and <em>data</em>.\n<p>An EngineError is raised of the OpenSSL::PKey is …\n"],["load_random_file","OpenSSL::Random","OpenSSL/Random.html#method-c-load_random_file","(p1)","<p>Reads bytes from <em>filename</em> and adds them to the PRNG.\n"],["long_name","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-long_name","()","<p>The long name of the ObjectId, as defined in <openssl/objects.h>.\n"],["lshift!","OpenSSL::BN","OpenSSL/BN.html#method-i-lshift-21","(p1)",""],["make_affine!","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-make_affine-21","()",""],["max_version=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-max_version-3D","(version)","<p>Sets the upper bound of the supported SSL/TLS protocol version. See #min_version= for the possible values. …\n"],["mem_check_start","OpenSSL","OpenSSL.html#method-c-mem_check_start","()","<p>Calls CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON). Starts tracking memory allocations. See also OpenSSL.print_mem_leaks …\n"],["message_imprint","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-message_imprint","()","<p>Returns the message imprint (digest) of the data to be timestamped.\n"],["message_imprint","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-message_imprint","()","<p>Returns the message imprint digest. For valid timestamps, this is the same value that was already given …\n"],["message_imprint=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-message_imprint-3D","(p1)","<p>Set the message imprint digest.\n"],["min_version=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-min_version-3D","(version)","<p>Sets the lower bound on the supported SSL/TLS protocol version. The version may be specified by an integer …\n"],["mod_add","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_add","(p1, p2)",""],["mod_exp","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_exp","(p1, p2)",""],["mod_inverse","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_inverse","(p1)",""],["mod_mul","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_mul","(p1, p2)",""],["mod_sqr","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_sqr","(p1)",""],["mod_sub","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_sub","(p1, p2)",""],["mul","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-mul","(p1, p2 = v2, p3 = v3)","<p>Performs elliptic curve point multiplication.\n<p>The first form calculates <code>bn1 * point + bn2 * G</code>, where …\n"],["name","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-name","()","<p>Returns the name of the cipher which may differ slightly from the original name provided.\n"],["name","OpenSSL::Digest","OpenSSL/Digest.html#method-i-name","()","<p>Returns the sn of this Digest algorithm.\n<p>Example\n\n<pre class=\"ruby\"><span class=\"ruby-identifier\">digest</span> = <span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Digest</span>.<span class=\"ruby-identifier\">new</span>(<span class=\"ruby-string\">'SHA512'</span>)\n<span class=\"ruby-identifier\">puts</span> <span class=\"ruby-identifier\">digest</span>.<span class=\"ruby-identifier\">name</span> <span class=\"ruby-operator\">...</span>\n</pre>\n"],["name","OpenSSL::Engine","OpenSSL/Engine.html#method-i-name","()","<p>Get the descriptive name for this engine.\n\n<pre class=\"ruby\"><span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">load</span>\n<span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">engines</span> <span class=\"ruby-comment\">#=> [#<OpenSSL::Engine#>, ...</span>\n</pre>\n"],["negative?","OpenSSL::BN","OpenSSL/BN.html#method-i-negative-3F","()",""],["new","OpenSSL::ASN1::ASN1Data","OpenSSL/ASN1/ASN1Data.html#method-c-new","(p1, p2, p3)","<p><em>value</em>: Please have a look at Constructive and Primitive to see how Ruby types are mapped to ASN.1 types …\n"],["new","OpenSSL::ASN1::Constructive","OpenSSL/ASN1/Constructive.html#method-c-new","(p1, p2 = v2, p3 = v3, p4 = v4)","<p><em>value</em>: is mandatory.\n<p><em>tag</em>: optional, may be specified for tagged values. If no <em>tag</em> is specified, the UNIVERSAL …\n"],["new","OpenSSL::ASN1::Primitive","OpenSSL/ASN1/Primitive.html#method-c-new","(p1, p2 = v2, p3 = v3, p4 = v4)","<p><em>value</em>: is mandatory.\n<p><em>tag</em>: optional, may be specified for tagged values. If no <em>tag</em> is specified, the UNIVERSAL …\n"],["new","OpenSSL::BN","OpenSSL/BN.html#method-c-new","(p1, p2 = v2)","<p>Construct a new OpenSSL BIGNUM object.\n"],["new","OpenSSL::Buffering","OpenSSL/Buffering.html#method-c-new","(*)","<p>Creates an instance of OpenSSL’s buffering IO module.\n"],["new","OpenSSL::Buffering::Buffer","OpenSSL/Buffering/Buffer.html#method-c-new","()",""],["new","OpenSSL::Cipher","OpenSSL/Cipher.html#method-c-new","(p1)","<p>The string must contain a valid cipher name like “AES-256-CBC”.\n<p>A list of cipher names is available …\n"],["new","OpenSSL::Config","OpenSSL/Config.html#method-c-new","(filename = nil)","<p>Creates an instance of OpenSSL’s configuration class.\n<p>This can be used in contexts like OpenSSL::X509::ExtensionFactory.config= …\n"],["new","OpenSSL::Digest","OpenSSL/Digest.html#method-c-new","(p1, p2 = v2)","<p>Creates a Digest instance based on <em>string</em>, which is either the ln (long name) or sn (short name) of a …\n"],["new","OpenSSL::HMAC","OpenSSL/HMAC.html#method-c-new","(p1, p2)","<p>Returns an instance of OpenSSL::HMAC set with the key and digest algorithm to be used. The instance represents …\n"],["new","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-c-new","(p1 = v1)","<p>Parameters\n<p><em>request</em> - optional raw request, either in PEM or DER format.\n\n"],["new","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-c-new","(p1 = v1)","<p>Creates a new BasicResponse. If <em>der_string</em> is given, decodes <em>der_string</em> as DER.\n"],["new","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-c-new","(p1, p2 = v2, p3 = v3)","<p>Creates a new OpenSSL::OCSP::CertificateId for the given <em>subject</em> and <em>issuer</em> X509 certificates. The …\n"],["new","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-c-new","(p1 = v1)","<p>Creates a new OpenSSL::OCSP::Request. The request may be created empty or from a <em>request_der</em> string. …\n"],["new","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-c-new","(p1 = v1)","<p>Creates a new OpenSSL::OCSP::Response. The response may be created empty or from a <em>response_der</em> string. …\n"],["new","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-c-new","(p1)","<p>Creates a new SingleResponse from <em>der_string</em>.\n"],["new","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-c-new","(p1 = v1, p2 = v2)","<p>Parameters\n<p><em>str</em> - Must be a DER encoded PKCS12 string.\n<p><em>pass</em> - string\n"],["new","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-new","(p1 = v1)","<p>Many methods in this class aren’t documented.\n"],["new","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-c-new","(p1)",""],["new","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-c-new","(p1, p2, p3)",""],["new","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-c-new","(p1 = v1, p2 = v2)","<p>Either generates a DH instance from scratch or by reading already existing DH parameters from <em>string</em> …\n"],["new","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-c-new","(p1 = v1, p2 = v2)","<p>Creates a new DSA instance by reading an existing key from <em>string</em>.\n<p>Parameters\n<p><em>size</em> is an integer representing …\n"],["new","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-c-new","(p1 = v1, p2 = v2)","<p>Creates a new EC object from given arguments.\n"],["new","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-c-new","(p1, p2 = v2, p3 = v3, p4 = v4)","<p>Creates a new EC::Group object.\n<p><em>ec_method</em> is a symbol that represents an EC_METHOD. Currently the following …\n"],["new","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-c-new","(p1, p2 = v2)","<p>Creates a new instance of OpenSSL::PKey::EC::Point. If the only argument is an instance of EC::Point …\n"],["new","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-c-new","()","<p>Because PKey is an abstract class, actually calling this method explicitly will raise a NotImplementedError …\n"],["new","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-c-new","(p1 = v1, p2 = v2)","<p>Generates or loads an RSA keypair. If an integer <em>key_size</em> is given it represents the desired key size. …\n"],["new","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-c-new","(version = nil)","<p>Creates a new SSL context.\n<p>If an argument is given, #ssl_version= is called with the value. Note that …\n"],["new","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-c-new","(svr, ctx)","<p>Creates a new instance of SSLServer.\n<p><em>srv</em> is an instance of TCPServer.\n<p><em>ctx</em> is an instance of OpenSSL::SSL::SSLContext …\n"],["new","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-c-new","(p1, p2 = v2)","<p>Creates a new SSL socket from <em>io</em> which must be a real IO object (not an IO-like object that responds …\n"],["new","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-c-new","(p1)","<p>Creates a new Session object from an instance of SSLSocket or DER/PEM encoded String.\n"],["new","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-c-new","(p1 = v1)","<p>When creating a Request with the <code>File</code> or <code>string</code> parameter, the corresponding <code>File</code> or <code>string</code> must be DER-encoded. …\n"],["new","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-c-new","(p1)","<p>Creates a Response from a <code>File</code> or <code>string</code> parameter, the corresponding <code>File</code> or <code>string</code> must be DER-encoded. …\n"],["new","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-c-new","(p1)","<p>Creates a TokenInfo from a <code>File</code> or <code>string</code> parameter, the corresponding <code>File</code> or <code>string</code> must be DER-encoded. …\n"],["new","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-c-new","(p1, p2 = v2)",""],["new","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-c-new","(p1 = v1)",""],["new","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-c-new","(p1 = v1)",""],["new","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-c-new","(p1, p2 = v2, p3 = v3)","<p>Creates an X509 extension.\n<p>The extension may be created from <em>der</em> data or from an extension <em>oid</em> and <em>value</em> …\n"],["new","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-c-new","(p1 = v1, p2 = v2, p3 = v3, p4 = v4)",""],["new","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-new","(p1 = v1, p2 = v2)","<p>Creates a new Name.\n<p>A name may be created from a DER encoded string <em>der</em>, an Array representing a <em>distinguished_name</em> …\n"],["new","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-c-new","(p1 = v1)",""],["new","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-c-new","(*args)",""],["new","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-c-new","(*args)","<p>Creates a new X509::Store.\n"],["new","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-c-new","(p1, p2 = v2, p3 = v3)","<p>Sets up a StoreContext for a verification of the X.509 certificate <em>cert</em>.\n"],["next_update","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-next_update","()",""],["next_update","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-next_update","()",""],["next_update=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-next_update-3D","(p1)",""],["nonce","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-nonce","()","<p>Returns the nonce (number used once) that the server shall include in its response.\n"],["nonce","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-nonce","()","<p>If the timestamp token is valid then this field contains the same nonce that was passed to the timestamp …\n"],["nonce=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-nonce-3D","(p1)","<p>Sets the nonce (number used once) that the server shall include in its response. If the nonce is set, …\n"],["not_after","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_after","()",""],["not_after=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_after-3D","(p1)",""],["not_before","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_before","()",""],["not_before=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_before-3D","(p1)",""],["npn_protocol","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-npn_protocol","()","<p>Returns the protocol string that was finally selected by the client during the handshake.\n"],["num_bits","OpenSSL::BN","OpenSSL/BN.html#method-i-num_bits","()",""],["num_bytes","OpenSSL::BN","OpenSSL/BN.html#method-i-num_bytes","()",""],["ocsp_uris","OpenSSL::X509::Extension::AuthorityInfoAccess","OpenSSL/X509/Extension/AuthorityInfoAccess.html#method-i-ocsp_uris","()","<p>Get the URIs for OCSP from the certificate’s authority information access extension exteension, as …\n"],["odd?","OpenSSL::BN","OpenSSL/BN.html#method-i-odd-3F","()",""],["oid","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-oid","()","<p>Returns a String representing the Object Identifier in the dot notation, e.g. “1.2.3.4.5”\n"],["oid","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-oid","()","<p>Returns the short name of the OID associated with <em>pkey</em>.\n"],["oid","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-oid","()",""],["oid","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-oid","()",""],["oid=","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-oid-3D","(p1)",""],["oid=","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-oid-3D","(p1)",""],["on_curve?","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-on_curve-3F","()",""],["one?","OpenSSL::BN","OpenSSL/BN.html#method-i-one-3F","()",""],["options","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-options","()","<p>Gets various OpenSSL options.\n"],["options=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-options-3D","(p1)","<p>Sets various OpenSSL options.\n"],["order","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-order","()","<p>Returns the order of the group.\n<p>See the OpenSSL documentation for EC_GROUP_get_order()\n"],["ordering","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-ordering","()","<p>If the ordering field is missing, or if the ordering field is present and set to false, then the genTime …\n"],["padding=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-padding-3D","(p1)","<p>Enables or disables padding. By default encryption operations are padded using standard block padding …\n"],["params","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-params","()","<p>Stores all parameters of key to the hash INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use …\n"],["params","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-params","()","<p>Stores all parameters of key to the hash INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use …\n"],["params","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-params","()","<p>THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!\n<p>Stores all parameters of key to the hash. …\n"],["params_ok?","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-params_ok-3F","()","<p>Validates the Diffie-Hellman parameters associated with this instance. It checks whether a safe prime …\n"],["parse","OpenSSL::Config","OpenSSL/Config.html#method-c-parse","(string)","<p>Parses a given <em>string</em> as a blob that contains configuration for OpenSSL.\n<p>If the source of the IO is a …\n"],["parse","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-parse","(str, template=OBJECT_TYPE_TEMPLATE)",""],["parse_config","OpenSSL::Config","OpenSSL/Config.html#method-c-parse_config","(io)","<p>Parses the configuration data read from <em>io</em>, see also #parse.\n<p>Raises a ConfigError on invalid configuration …\n"],["parse_openssl","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-parse_openssl","(str, template=OBJECT_TYPE_TEMPLATE)",""],["parse_rfc2253","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-parse_rfc2253","(str, template=OBJECT_TYPE_TEMPLATE)",""],["pbkdf2_hmac","OpenSSL::KDF","OpenSSL/KDF.html#method-c-pbkdf2_hmac","(p1, p2 = {})","<p>PKCS #5 PBKDF2 (Password-Based Key Derivation Function 2) in combination with HMAC. Takes <em>pass</em>, <em>salt</em> …\n"],["pbkdf2_hmac","OpenSSL::PKCS5","OpenSSL/PKCS5.html#method-i-pbkdf2_hmac","(pass, salt, iter, keylen, digest)","<p>OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac. This method is provided for …\n"],["pbkdf2_hmac_sha1","OpenSSL::PKCS5","OpenSSL/PKCS5.html#method-i-pbkdf2_hmac_sha1","(pass, salt, iter, keylen)",""],["peer_cert","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-peer_cert","()","<p>The X509 certificate for this socket’s peer.\n"],["peer_cert_chain","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-peer_cert_chain","()","<p>The X509 certificate chain for this socket’s peer.\n"],["peer_finished_message","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-peer_finished_message","()","<p>Returns the last <strong>Finished</strong> message received\n"],["peeraddr","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-peeraddr","()",""],["pending","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-pending","()","<p>The number of bytes that are immediately available for reading.\n"],["pkcs5_keyivgen","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-pkcs5_keyivgen","(p1, p2 = v2, p3 = v3, p4 = v4)","<p>Generates and sets the key/IV based on a password.\n<p><strong>WARNING</strong>: This method is only PKCS5 v1.5 compliant when …\n"],["point_conversion_form","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-point_conversion_form","()","<p>Returns the form how EC::Point data is encoded as ASN.1.\n<p>See also #point_conversion_form=.\n"],["point_conversion_form=","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-point_conversion_form-3D","(p1)","<p>Sets the form how EC::Point data is encoded as ASN.1 as defined in X9.62.\n<p><em>format</em> can be one of these: …\n"],["policy_id","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-policy_id","()","<p>Returns the ‘short name’ of the object identifier that represents the timestamp policy under …\n"],["policy_id","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-policy_id","()","<p>Returns the timestamp policy object identifier of the policy this timestamp was created under. If status …\n"],["policy_id=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-policy_id-3D","(p1)","<p>Allows to set the object identifier that represents the timestamp policy under which the server shall …\n"],["post_connection_check","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-post_connection_check","(hostname)","<p>Perform hostname verification following RFC 6125.\n<p>This method MUST be called after calling #connect to …\n"],["pretty_print","OpenSSL::BN","OpenSSL/BN.html#method-i-pretty_print","(q)",""],["pretty_print","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-pretty_print","(q)",""],["pretty_print","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-pretty_print","(q)",""],["prime?","OpenSSL::BN","OpenSSL/BN.html#method-i-prime-3F","(p1 = v1)","<p>Performs a Miller-Rabin probabilistic primality test with <em>checks</em> iterations. If <em>checks</em> is not specified, …\n"],["prime_fasttest?","OpenSSL::BN","OpenSSL/BN.html#method-i-prime_fasttest-3F","(p1 = v1, p2 = v2)","<p>Performs a Miller-Rabin primality test. This is same as #prime? except this first attempts trial divisions …\n"],["print","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-print","(*args)","<p>Writes <em>args</em> to the stream.\n<p>See IO#print for full details.\n"],["print_mem_leaks","OpenSSL","OpenSSL.html#method-c-print_mem_leaks","()","<p>For debugging the Ruby/OpenSSL library. Calls CRYPTO_mem_leaks_fp(stderr). Prints detected memory leaks …\n"],["printf","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-printf","(s, *args)","<p>Formats and writes to the stream converting parameters under control of the format string.\n<p>See Kernel#sprintf …\n"],["private?","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-private-3F","()","<p>Indicates whether this DH instance has a private key associated with it or not. The private key may be …\n"],["private?","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-private-3F","()","<p>Indicates whether this DSA instance has a private key associated with it or not. The private key may …\n"],["private?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private-3F","()","<p>Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key …\n"],["private?","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-private-3F","()","<p>Does this keypair contain a private key?\n"],["private_decrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-private_decrypt","(p1, p2 = v2)","<p>Decrypt <em>string</em>, which has been encrypted with the public key, with the private key. <em>padding</em> defaults …\n"],["private_encrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-private_encrypt","(p1, p2 = v2)","<p>Encrypt <em>string</em> with the private key. <em>padding</em> defaults to PKCS1_PADDING. The encrypted string output …\n"],["private_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private_key","()","<p>See the OpenSSL documentation for EC_KEY_get0_private_key()\n"],["private_key=","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private_key-3D","(p1)","<p>See the OpenSSL documentation for EC_KEY_set_private_key()\n"],["private_key?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private_key-3F","()","<p>Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key …\n"],["private_to_der","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-private_to_der","(*args)","<p>Serializes the private key to DER-encoded PKCS #8 format. If called without arguments, unencrypted PKCS …\n"],["private_to_pem","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-private_to_pem","(*args)","<p>Serializes the private key to PEM-encoded PKCS #8 format. See #private_to_der for more details.\n"],["public?","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-public-3F","()","<p>Indicates whether this DH instance has a public key associated with it or not. The public key may be …\n"],["public?","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-public-3F","()","<p>Indicates whether this DSA instance has a public key associated with it or not. The public key may be …\n"],["public?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public-3F","()","<p>Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with …\n"],["public?","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public-3F","()","<p>The return value is always <code>true</code> since every private key is also a public key.\n"],["public_decrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public_decrypt","(p1, p2 = v2)","<p>Decrypt <em>string</em>, which has been encrypted with the private key, with the public key. <em>padding</em> defaults …\n"],["public_encrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public_encrypt","(p1, p2 = v2)","<p>Encrypt <em>string</em> with the public key. <em>padding</em> defaults to PKCS1_PADDING. The encrypted string output can …\n"],["public_key","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-public_key","()","<p>Returns the public key associated with the SPKI, an instance of OpenSSL::PKey.\n"],["public_key","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-public_key","()","<p>Returns a new DH instance that carries just the public information, i.e. the prime <em>p</em> and the generator …\n"],["public_key","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-public_key","()","<p>Returns a new DSA instance that carries just the public key information. If the current instance has …\n"],["public_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public_key","()","<p>See the OpenSSL documentation for EC_KEY_get0_public_key()\n"],["public_key","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public_key","()","<p>Makes new RSA instance containing the public key from the private key.\n"],["public_key","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-public_key","()",""],["public_key","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-public_key","()",""],["public_key=","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-public_key-3D","(p1)","<p>Parameters\n<p><em>pub</em> - the public key to be set for this instance\n\n<p>Sets the public key to be associated with the …\n"],["public_key=","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public_key-3D","(p1)","<p>See the OpenSSL documentation for EC_KEY_set_public_key()\n"],["public_key=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-public_key-3D","(p1)",""],["public_key=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-public_key-3D","(p1)",""],["public_key?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public_key-3F","()","<p>Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with …\n"],["public_to_der","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-public_to_der","()","<p>Serializes the public key to DER-encoded X.509 SubjectPublicKeyInfo format.\n"],["public_to_pem","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-public_to_pem","()","<p>Serializes the public key to PEM-encoded X.509 SubjectPublicKeyInfo format.\n"],["purpose=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-purpose-3D","(p1)","<p>Sets the store’s purpose to <em>purpose</em>. If specified, the verifications on the store will check every …\n"],["purpose=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-purpose-3D","(p1)","<p>Sets the purpose of the context. See Store#purpose=.\n"],["puts","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-puts","(*args)","<p>Writes <em>args</em> to the stream along with a record separator.\n<p>See IO#puts for full details.\n"],["random_add","OpenSSL::Random","OpenSSL/Random.html#method-c-random_add","(p1, p2)","<p>Mixes the bytes from <em>str</em> into the Pseudo Random Number Generator(PRNG) state.\n<p>Thus, if the data from …\n"],["random_bytes","OpenSSL::Random","OpenSSL/Random.html#method-c-random_bytes","(p1)","<p>Generates a String with <em>length</em> number of cryptographically strong pseudo-random bytes.\n<p>Example\n\n<pre class=\"ruby\"><span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Random</span>.<span class=\"ruby-identifier\">random_bytes</span>(<span class=\"ruby-value\">12</span>) <span class=\"ruby-operator\">...</span>\n</pre>\n"],["random_iv","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-random_iv","()","<p>Generate a random IV with OpenSSL::Random.random_bytes and sets it to the cipher, and returns it.\n<p>You …\n"],["random_key","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-random_key","()","<p>Generate a random key with OpenSSL::Random.random_bytes and sets it to the cipher, and returns it.\n<p>You …\n"],["read","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-read","(size=nil, buf=nil)","<p>Reads <em>size</em> bytes from the stream. If <em>buf</em> is provided it must reference a string which will receive the …\n"],["read","OpenSSL::PKey","OpenSSL/PKey.html#method-c-read","(p1, p2 = v2)","<p>Reads a DER or PEM encoded string from <em>string</em> or <em>io</em> and returns an instance of the appropriate PKey class. …\n"],["read_nonblock","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-read_nonblock","(maxlen, buf=nil, exception: true)","<p>Reads at most <em>maxlen</em> bytes in the non-blocking manner.\n<p>When no data can be read without blocking it raises …\n"],["read_smime","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-read_smime","(p1)",""],["readchar","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readchar","()","<p>Reads a one-character string from the stream. Raises an EOFError at end of file.\n"],["readline","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readline","(eol=$/)","<p>Reads a line from the stream which is separated by <em>eol</em>.\n<p>Raises EOFError if at end of file.\n"],["readlines","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readlines","(eol=$/)","<p>Reads lines from the stream which are separated by <em>eol</em>.\n<p>See also #gets\n"],["readpartial","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readpartial","(maxlen, buf=nil)","<p>Reads at most <em>maxlen</em> bytes from the stream. If <em>buf</em> is provided it must reference a string which will …\n"],["recipients","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-recipients","()",""],["register","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-c-register","(p1, p2, p3)","<p>This adds a new ObjectId to the internal tables. Where <em>object_id</em> is the numerical form, <em>short_name</em> is …\n"],["reset","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-reset","()","<p>Fully resets the internal state of the Cipher. By using this, the same Cipher instance may be used several …\n"],["reset","OpenSSL::Digest","OpenSSL/Digest.html#method-i-reset","()","<p>Resets the Digest in the sense that any Digest#update that has been performed is abandoned and the Digest …\n"],["reset","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-reset","()","<p>Returns <em>hmac</em> as it was when it was first initialized, with all processed data cleared from it.\n<p>Example …\n"],["responses","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-responses","()","<p>Returns an Array of SingleResponse for this BasicResponse.\n"],["revocation_reason","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-revocation_reason","()",""],["revocation_time","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-revocation_time","()",""],["revoked","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-revoked","()",""],["revoked=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-revoked-3D","(p1)",""],["rshift!","OpenSSL::BN","OpenSSL/BN.html#method-i-rshift-21","(p1)",""],["scan","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-scan","(dn)",""],["scrypt","OpenSSL::KDF","OpenSSL/KDF.html#method-c-scrypt","(p1, p2 = {})","<p>Derives a key from <em>pass</em> using given parameters with the scrypt password-based key derivation function. …\n"],["sections","OpenSSL::Config","OpenSSL/Config.html#method-i-sections","()","<p>Get the names of all sections in the current configuration\n"],["secure_compare","OpenSSL","OpenSSL.html#method-c-secure_compare","(a, b)","<p>Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns …\n"],["security_level","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-security_level","()","<p>Returns the security level for the context.\n<p>See also OpenSSL::SSL::SSLContext#security_level=.\n"],["security_level=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-security_level-3D","(p1)","<p>Sets the security level for the context. OpenSSL limits parameters according to the level. The “parameters” …\n"],["seed","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-seed","()","<p>See the OpenSSL documentation for EC_GROUP_get0_seed()\n"],["seed","OpenSSL::Random","OpenSSL/Random.html#method-c-seed","(p1)","<p>::seed is equivalent to ::add where <em>entropy</em> is length of <em>str</em>.\n"],["seed=","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-seed-3D","(p1)","<p>See the OpenSSL documentation for EC_GROUP_set_seed()\n"],["serial","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-serial","()","<p>Returns the serial number of the certificate for which status is being requested.\n"],["serial","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-i-serial","()",""],["serial","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-i-serial","()",""],["serial","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-serial","()",""],["serial","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-serial","()",""],["serial=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-serial-3D","(p1)",""],["serial=","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-serial-3D","(p1)",""],["serial_number","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-serial_number","()","<p>Returns serial number of the timestamp token. This value shall never be the same for two timestamp tokens …\n"],["session","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-session","()","<p>Returns the SSLSession object currently used, or nil if the session is not established.\n"],["session=","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-session-3D","(p1)","<p>Sets the Session to be used when the connection is established.\n"],["session_add","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_add","(p1)","<p>Adds <em>session</em> to the session cache.\n"],["session_cache_mode","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_mode","()","<p>The current session cache mode.\n"],["session_cache_mode=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_mode-3D","(p1)","<p>Sets the SSL session cache mode. Bitwise-or together the desired SESSION_CACHE_* constants to set. …\n"],["session_cache_size","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_size","()","<p>Returns the current session cache size. Zero is used to represent an unlimited cache size.\n"],["session_cache_size=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_size-3D","(p1)","<p>Sets the session cache size. Returns the previously valid session cache size. Zero is used to represent …\n"],["session_cache_stats","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_stats","()","<p>Returns a Hash containing the following keys:\n<p>:accept — Number of started SSL/TLS handshakes in server mode …\n"],["session_remove","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_remove","(p1)","<p>Removes <em>session</em> from the session cache.\n"],["session_reused?","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-session_reused-3F","()","<p>Returns <code>true</code> if a reused session was negotiated during the handshake.\n"],["set_bit!","OpenSSL::BN","OpenSSL/BN.html#method-i-set_bit-21","(p1)",""],["set_crt_params","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-set_crt_params","(p1, p2, p3)","<p>Sets <em>dmp1</em>, <em>dmq1</em>, <em>iqmp</em> for the RSA instance. They are calculated by <code>d mod (p - 1)</code>, <code>d mod (q - 1)</code> and …\n"],["set_default","OpenSSL::Engine","OpenSSL/Engine.html#method-i-set_default","(p1)","<p>Set the defaults for this engine with the given <em>flag</em>.\n<p>These flags are used to control combinations of …\n"],["set_default_paths","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-set_default_paths","()","<p>Configures <em>store</em> to look up CA certificates from the system default certificate store as needed basis. …\n"],["set_factors","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-set_factors","(p1, p2)","<p>Sets <em>p</em>, <em>q</em> for the RSA instance.\n"],["set_generator","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-set_generator","(p1, p2, p3)","<p>Sets the curve parameters. <em>generator</em> must be an instance of EC::Point that is on the curve. <em>order</em> and …\n"],["set_key","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-set_key","(p1, p2)","<p>Sets <em>pub_key</em> and <em>priv_key</em> for the DH instance. <em>priv_key</em> may be <code>nil</code>.\n"],["set_key","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-set_key","(p1, p2)","<p>Sets <em>pub_key</em> and <em>priv_key</em> for the DSA instance. <em>priv_key</em> may be <code>nil</code>.\n"],["set_key","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-set_key","(p1, p2, p3)","<p>Sets <em>n</em>, <em>e</em>, <em>d</em> for the RSA instance.\n"],["set_params","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-set_params","(params={})","<p>Sets saner defaults optimized for the use with HTTP-like protocols.\n<p>If a Hash <em>params</em> is given, the parameters …\n"],["set_pqg","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-set_pqg","(p1, p2, p3)","<p>Sets <em>p</em>, <em>q</em>, <em>g</em> to the DH instance.\n"],["set_pqg","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-set_pqg","(p1, p2, p3)","<p>Sets <em>p</em>, <em>q</em>, <em>g</em> to the DSA instance.\n"],["set_to_infinity!","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-set_to_infinity-21","()",""],["setsockopt","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-setsockopt","(level, optname, optval)",""],["setup","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-setup","()","<p>This method is called automatically when a new SSLSocket is created. However, it is not thread-safe and …\n"],["short_name","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-short_name","()","<p>The short name of the ObjectId, as defined in <openssl/objects.h>.\n"],["shutdown","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-shutdown","(how=Socket::SHUT_RDWR)","<p>See BasicSocket#shutdown for details.\n"],["sign","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-sign","(p1, p2)","<p>Parameters\n<p><em>key</em> - the private key to be used for signing this instance\n<p><em>digest</em> - the digest to be used for …\n"],["sign","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-sign","(p1, p2, p3 = v3, p4 = v4, p5 = v5)","<p>Signs this OCSP response using the <em>cert</em>, <em>key</em> and optional <em>digest</em>. This behaves in the similar way as …\n"],["sign","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-sign","(p1, p2, p3 = v3, p4 = v4, p5 = v5)","<p>Signs this OCSP request using <em>cert</em>, <em>key</em> and optional <em>digest</em>. If <em>digest</em> is not specified, SHA-1 is used. …\n"],["sign","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-sign","(p1, p2, p3, p4 = v4, p5 = v5)",""],["sign","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-sign","(p1, p2)","<p>To sign the String <em>data</em>, <em>digest</em>, an instance of OpenSSL::Digest, must be provided. The return value is …\n"],["sign","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-sign","(p1, p2)",""],["sign","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-sign","(p1, p2)",""],["sign","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-sign","(p1, p2)",""],["sign_pss","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-sign_pss","(p1, p2, p3 = {})","<p>Signs <em>data</em> using the Probabilistic Signature Scheme (RSA-PSS) and returns the calculated signature.\n<p>RSAError …\n"],["signature_algorithm","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-signature_algorithm","()",""],["signature_algorithm","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-signature_algorithm","()",""],["signature_algorithm","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-signature_algorithm","()",""],["signed?","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-signed-3F","()","<p>Returns <code>true</code> if the request is signed, <code>false</code> otherwise. Note that the validity of the signature is <strong>not</strong> …\n"],["signed_time","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-i-signed_time","()",""],["signers","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-signers","()",""],["sn","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-sn","()","<p>The short name of the ObjectId, as defined in <openssl/objects.h>.\n"],["sqr","OpenSSL::BN","OpenSSL/BN.html#method-i-sqr","()",""],["ssl_version","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-ssl_version","()","<p>Returns a String representing the SSL/TLS version that was negotiated for the connection, for example …\n"],["ssl_version=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ssl_version-3D","(meth)","<p>Sets the SSL/TLS protocol version for the context. This forces connections to use only the specified …\n"],["state","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-state","()","<p>A description of the current connection state. This is for diagnostic purposes only.\n"],["status","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-status","()","<p>Returns an Array of statuses for this response. Each status contains a CertificateId, the status (0 …\n"],["status","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-status","()","<p>Returns the status of the response.\n"],["status","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-status","()","<p>Returns one of GRANTED, GRANTED_WITH_MODS, REJECTION, WAITING, REVOCATION_WARNING or REVOCATION_NOTIFICATION …\n"],["status?","OpenSSL::Random","OpenSSL/Random.html#method-c-status-3F","()","<p>Return <code>true</code> if the PRNG has been seeded with enough data, <code>false</code> otherwise.\n"],["status_string","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-status_string","()","<p>Returns a status string for the response.\n"],["status_text","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-status_text","()","<p>In cases of failure this field may contain an array of strings further describing the origin of the failure. …\n"],["subject","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-subject","()",""],["subject","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-subject","()",""],["subject=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-subject-3D","(p1)",""],["subject=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-subject-3D","(p1)",""],["subject_certificate=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-subject_certificate-3D","(p1)",""],["subject_key_identifier","OpenSSL::X509::Extension::SubjectKeyIdentifier","OpenSSL/X509/Extension/SubjectKeyIdentifier.html#method-i-subject_key_identifier","()","<p>Get the subject’s key identifier from the subjectKeyIdentifier exteension, as described in RFC5280 …\n"],["subject_request=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-subject_request-3D","(p1)",""],["sysclose","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-sysclose","()","<p>Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.\n<p>If sync_close …\n"],["sysread","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-sysread","(*args)","<p>Reads <em>length</em> bytes from the SSL connection. If a pre-allocated <em>buffer</em> is provided the data will be written …\n"],["syssign","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-syssign","(p1)","<p>Computes and returns the DSA signature of <em>string</em>, where <em>string</em> is expected to be an already-computed …\n"],["sysverify","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-sysverify","(p1, p2)","<p>Verifies whether the signature is valid given the message digest input. It does so by validating <em>sig</em> …\n"],["syswrite","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-syswrite","(p1)","<p>Writes <em>string</em> to the SSL connection.\n"],["this_update","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-this_update","()",""],["time","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-time","()","<p>Returns the time at which the session was established.\n"],["time","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-time","()",""],["time=","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-time-3D","(p1)","<p>Sets start time of the session. Time resolution is in seconds.\n"],["time=","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-time-3D","(p1)",""],["time=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-time-3D","(p1)","<p>Sets the time to be used in verifications.\n"],["time=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-time-3D","(p1)","<p>Sets the time used in the verification. If not set, the current time is used.\n"],["timeout","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-timeout","()","<p>Returns the timeout value set for the session, in seconds from the established time.\n"],["timeout=","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-timeout-3D","(p1)","<p>Sets how long until the session expires in seconds.\n"],["tmp_key","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-tmp_key","()","<p>Returns the ephemeral key used in case of forward secrecy cipher.\n"],["to_a","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_a","()",""],["to_a","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_a","()","<p>Returns an Array representation of the distinguished name suitable for passing to ::new\n"],["to_bn","Integer","Integer.html#method-i-to_bn","()","<p>Casts an Integer as an OpenSSL::BN\n<p>See ‘man bn` for more info.\n"],["to_bn","OpenSSL::BN","OpenSSL/BN.html#method-i-to_bn","()",""],["to_bn","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-to_bn","(conversion_form = group.point_conversion_form)","<p>Returns the octet string representation of the EC point as an instance of OpenSSL::BN.\n<p>If <em>conversion_form</em> …\n"],["to_der","OpenSSL::ASN1::ASN1Data","OpenSSL/ASN1/ASN1Data.html#method-i-to_der","()","<p>Encodes this ASN1Data into a DER-encoded String value. The result is DER-encoded except for the possibility …\n"],["to_der","OpenSSL::ASN1::Constructive","OpenSSL/ASN1/Constructive.html#method-i-to_der","()","<p>See ASN1Data#to_der for details.\n"],["to_der","OpenSSL::ASN1::Primitive","OpenSSL/ASN1/Primitive.html#method-i-to_der","()","<p>See ASN1Data#to_der for details.\n"],["to_der","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_der","()","<p>Returns the DER encoding of this SPKI.\n"],["to_der","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-to_der","()","<p>Encodes this basic response into a DER-encoded string.\n"],["to_der","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-to_der","()","<p>Encodes this certificate identifier into a DER-encoded string.\n"],["to_der","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-to_der","()","<p>Returns this request as a DER-encoded string\n"],["to_der","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-to_der","()","<p>Returns this response as a DER-encoded string.\n"],["to_der","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-to_der","()","<p>Encodes this SingleResponse into a DER-encoded string.\n"],["to_der","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-i-to_der","()",""],["to_der","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-to_der","()",""],["to_der","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-to_der","()","<p>Encodes this DH to its DER encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["to_der","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-to_der","()","<p>Encodes this DSA to its DER encoding.\n"],["to_der","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-to_der","()","<p>See the OpenSSL documentation for i2d_ECPrivateKey_bio()\n"],["to_der","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-to_der","()","<p>See the OpenSSL documentation for i2d_ECPKParameters_bio()\n"],["to_der","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-to_der","()","<p>Outputs this keypair in DER encoding.\n"],["to_der","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-to_der","()","<p>Returns an ASN1 encoded String that contains the Session object.\n"],["to_der","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-to_der","()","<p>DER-encodes this Request.\n"],["to_der","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-to_der","()","<p>Returns the Response in DER-encoded form.\n"],["to_der","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-to_der","()","<p>Returns the TokenInfo in DER-encoded form.\n"],["to_der","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_der","()","<p>Converts the name to DER encoding\n"],["to_der","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-to_der","()",""],["to_h","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_h","()",""],["to_i","OpenSSL::BN","OpenSSL/BN.html#method-i-to_i","()",""],["to_int","OpenSSL::BN","OpenSSL/BN.html#method-i-to_int","()",""],["to_io","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-to_io","()","<p>Returns the TCPServer passed to the SSLServer when initialized.\n"],["to_octet_string","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-to_octet_string","(p1)","<p>Returns the octet string representation of the elliptic curve point.\n<p><em>conversion_form</em> specifies how the …\n"],["to_pem","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_pem","()","<p>Returns the PEM encoding of this SPKI.\n"],["to_pem","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-to_pem","()",""],["to_pem","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-to_pem","()","<p>Encodes this DH to its PEM encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["to_pem","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-to_pem","(p1 = v1, p2 = v2)","<p>Encodes this DSA to its PEM encoding.\n<p>Parameters\n<p><em>cipher</em> is an OpenSSL::Cipher.\n"],["to_pem","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-to_pem","(p1 = v1, p2 = v2)","<p>Outputs the EC key in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["to_pem","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-to_pem","()","<p>See the OpenSSL documentation for PEM_write_bio_ECPKParameters()\n"],["to_pem","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-to_pem","(p1 = v1, p2 = v2)","<p>Outputs this keypair in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["to_pem","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-to_pem","()","<p>Returns a PEM encoded String that contains the Session object.\n"],["to_pem","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_pem","()",""],["to_pem","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_pem","()",""],["to_pem","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_pem","()",""],["to_s","OpenSSL::BN","OpenSSL/BN.html#method-i-to_s","(p1 = v1)","<p>Parameters\n<p><em>base</em> - Integer Valid values:\n<p>0 - MPI\n"],["to_s","OpenSSL::Config","OpenSSL/Config.html#method-i-to_s","()","<p>Get the parsable form of the current configuration\n<p>Given the following configuration being created:\n\n<pre class=\"ruby\"><span class=\"ruby-identifier\">config</span> <span class=\"ruby-operator\">...</span>\n</pre>\n"],["to_s","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-to_s","()","<p>Returns the authentication code as a hex-encoded string. The <em>digest</em> parameter specifies the digest algorithm …\n"],["to_s","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_s","()","<p>Returns the PEM encoding of this SPKI.\n"],["to_s","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-to_s","()",""],["to_s","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-to_s","()","<p>Encodes this DH to its PEM encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["to_s","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-to_s","(p1 = v1, p2 = v2)","<p>Encodes this DSA to its PEM encoding.\n<p>Parameters\n<p><em>cipher</em> is an OpenSSL::Cipher.\n"],["to_s","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-to_s","(p1 = v1, p2 = v2)","<p>Outputs this keypair in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["to_s","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_s","()",""],["to_s","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_s","()",""],["to_s","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_s","()",""],["to_s","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_s","(*args)","<p>Returns a String representation of the Distinguished Name. <em>format</em> is one of:\n<p>OpenSSL::X509::Name::COMPAT …\n"],["to_s","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_s","()",""],["to_text","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_text","()","<p>Returns a textual representation of this SPKI, useful for debugging purposes.\n"],["to_text","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-to_text","()","<p>Prints all parameters of key to buffer INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use :-)) …\n"],["to_text","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-to_text","()","<p>Prints all parameters of key to buffer INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use :-)) …\n"],["to_text","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-to_text","()","<p>See the OpenSSL documentation for EC_KEY_print()\n"],["to_text","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-to_text","()","<p>See the OpenSSL documentation for ECPKParameters_print()\n"],["to_text","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-to_text","()","<p>THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!\n<p>Dumps all parameters of a keypair to a String …\n"],["to_text","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-to_text","()","<p>Shows everything in the Session object. This is for diagnostic purposes.\n"],["to_text","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_text","()",""],["to_text","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_text","()",""],["to_text","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_text","()",""],["to_utf8","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_utf8","()","<p>Returns an UTF-8 representation of the distinguished name, as specified in RFC 2253.\n"],["token","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-token","()","<p>If a timestamp token is present, this returns it in the form of a OpenSSL::PKCS7.\n"],["token_info","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-token_info","()","<p>Get the response’s token info if present.\n"],["traverse","OpenSSL::ASN1","OpenSSL/ASN1.html#method-c-traverse","(p1)","<p>If a block is given, it prints out each of the elements encountered. Block parameters are (in that order): …\n"],["trust=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-trust-3D","(p1)",""],["trust=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-trust-3D","(p1)",""],["tsa_certificate","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-tsa_certificate","()","<p>If the Request specified to request the TSA certificate (Request#cert_requested = true), then this field …\n"],["type","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-type","()",""],["type=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-type-3D","(p1)",""],["ucmp","OpenSSL::BN","OpenSSL/BN.html#method-i-ucmp","(p1)",""],["ungetc","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-ungetc","(c)","<p>Pushes character <em>c</em> back onto the stream such that a subsequent buffered character read will return it. …\n"],["update","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-update","(p1, p2 = v2)","<p>Encrypts data in a streaming fashion. Hand consecutive blocks of data to the #update method in order …\n"],["update","OpenSSL::Digest","OpenSSL/Digest.html#method-i-update","(p1)","<p>Not every message digest can be computed in one single pass. If a message digest is to be computed from …\n"],["update","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-update","(p1)","<p>Returns <em>hmac</em> updated with the message to be authenticated. Can be called repeatedly with chunks of the …\n"],["value","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-value","()",""],["value","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-value","()",""],["value=","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-value-3D","(p1)",""],["value=","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-value-3D","(p1)",""],["value_der","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-value_der","()",""],["verify","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-verify","(p1)","<p>Parameters\n<p><em>key</em> - the public key to be used for verifying the SPKI signature\n\n<p>Returns <code>true</code> if the signature …\n"],["verify","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-verify","(p1, p2, p3 = v3)","<p>Verifies the signature of the response using the given <em>certificates</em> and <em>store</em>. This works in the similar …\n"],["verify","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-verify","(p1, p2, p3 = v3)","<p>Verifies this request using the given <em>certificates</em> and <em>store</em>. <em>certificates</em> is an array of OpenSSL::X509::Certificate …\n"],["verify","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-verify","(p1, p2, p3 = v3, p4 = v4)",""],["verify","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-verify","(p1, p2, p3)","<p>To verify the String <em>signature</em>, <em>digest</em>, an instance of OpenSSL::Digest, must be provided to re-compute …\n"],["verify","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-verify","(p1, p2, p3 = v3)","<p>Verifies a timestamp token by checking the signature, validating the certificate chain implied by tsa_certificate …\n"],["verify","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-verify","(p1)",""],["verify","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-verify","(p1)","<p>Verifies the signature of the certificate, with the public key <em>key</em>. <em>key</em> must be an instance of OpenSSL::PKey …\n"],["verify","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-verify","(p1)","<p>Checks that cert signature is made with PRIVversion of this PUBLIC ‘key’\n"],["verify","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-verify","(p1, p2 = v2)","<p>Performs a certificate verification on the OpenSSL::X509::Certificate <em>cert</em>.\n<p><em>chain</em> can be an array of …\n"],["verify","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-verify","()",""],["verify_callback=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-verify_callback-3D","(p1)","<p>General callback for OpenSSL verify\n"],["verify_certificate_identity","OpenSSL::SSL","OpenSSL/SSL.html#method-c-verify_certificate_identity","(cert, hostname)",""],["verify_pss","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-verify_pss","(p1, p2, p3, p4 = {})","<p>Verifies <em>data</em> using the Probabilistic Signature Scheme (RSA-PSS).\n<p>The return value is <code>true</code> if the signature …\n"],["verify_result","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-verify_result","()","<p>Returns the result of the peer certificates verification. See verify(1) for error values and descriptions. …\n"],["version","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-version","()","<p>Returns the version of this request. <code>1</code> is the default value.\n"],["version","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-version","()","<p>Returns the version number of the token info. With compliant servers, this value should be <code>1</code> if present. …\n"],["version","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-version","()",""],["version","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-version","()",""],["version","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-version","()",""],["version=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-version-3D","(p1)","<p>Sets the version number for this Request. This should be <code>1</code> for compliant servers.\n"],["version=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-version-3D","(p1)",""],["version=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-version-3D","(p1)",""],["version=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-version-3D","(p1)",""],["write","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-write","(*s)","<p>Writes <em>s</em> to the stream. If the argument is not a String it will be converted using <code>.to_s</code> method. Returns …\n"],["write_nonblock","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-write_nonblock","(s, exception: true)","<p>Writes <em>s</em> in the non-blocking manner.\n<p>If there is buffered data, it is flushed first. This may block. …\n"],["write_random_file","OpenSSL::Random","OpenSSL/Random.html#method-c-write_random_file","(p1)","<p>Writes a number of random generated bytes (currently 1024) to <em>filename</em> which can be used to initialize …\n"],["write_smime","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-write_smime","(p1, p2 = v2, p3 = v3)",""],["zero?","OpenSSL::BN","OpenSSL/BN.html#method-i-zero-3F","()",""],["CONTRIBUTING","","CONTRIBUTING_md.html","","<p>Contributing to Ruby OpenSSL\n<p>Thank you for your interest in contributing to Ruby OpenSSL!\n<p>This documentation …\n"],["History","","History_md.html","","<p>Version 2.2.1\n<p>Merged changes in 2.1.3. Additionally, the following issues are fixed by this\nrelease.\n<p>Bug …\n"],["README","","README_md.html","","<p>OpenSSL for Ruby\n<p><img src=\"https://github.com/ruby/openssl/workflows/CI/badge.svg\">\n<p>OpenSSL provides SSL …\n"]]}}
\ No newline at end of file +var search_data = {"index":{"searchIndex":["io","waitreadable","waitwritable","integer","openssl","asn1","asn1data","asn1error","constructive","objectid","primitive","bn","bnerror","buffering","buffer","cipher","cipher","ciphererror","config","configerror","digest","digesterror","engine","engineerror","extconfig","hmac","hmacerror","kdf","kdferror","marshal","classmethods","netscape","spki","spkierror","ocsp","basicresponse","certificateid","ocsperror","request","response","singleresponse","opensslerror","pkcs12","pkcs12error","pkcs5","pkcs7","pkcs7error","recipientinfo","signerinfo","pkey","dh","dherror","dsa","dsaerror","ec","group","error","point","error","ecerror","pkey","pkeyerror","rsa","rsaerror","random","randomerror","ssl","sslcontext","sslerror","sslerrorwaitreadable","sslerrorwaitwritable","sslserver","sslsocket","session","sessionerror","socketforwarder","timestamp","factory","request","response","timestamperror","tokeninfo","x509","attribute","attributeerror","crl","crlerror","certificate","certificateerror","extension","authorityinfoaccess","authoritykeyidentifier","crldistributionpoints","helpers","subjectkeyidentifier","extensionerror","extensionfactory","name","rfc2253dn","nameerror","request","requesterror","revoked","revokederror","store","storecontext","storeerror","%()","*()","**()","+()","+@()","-()","-@()","/()","<<()","<<()","<<()","<<()","<<()","<=>()","<=>()","==()","==()","==()","==()","==()","==()","==()","==()","==()","==()","==()","==()","===()",">>()","digest()","[]()","_dump()","_load()","abs()","accept()","accept()","accept_nonblock()","add()","add_attribute()","add_cert()","add_certid()","add_certificate()","add_certificate()","add_crl()","add_crl()","add_data()","add_entry()","add_extension()","add_extension()","add_extension()","add_file()","add_nonce()","add_nonce()","add_path()","add_recipient()","add_revoked()","add_signer()","add_status()","addr()","algorithm()","algorithm()","algorithm=()","alpn_protocol()","asn1_flag()","asn1_flag=()","attributes()","attributes=()","auth_data=()","auth_tag()","auth_tag=()","auth_tag_len=()","authenticated?()","authority_key_identifier()","base64digest()","base64digest()","basic()","bit_set?()","block_length()","block_size()","builtin_curves()","by_id()","ca_issuer_uris()","ccm_data_len=()","cert()","cert_requested=()","cert_requested?()","cert_status()","certid()","certid()","certificates()","certificates=()","chain()","challenge()","challenge=()","check_key()","check_nonce()","check_private_key()","check_validity()","cipher()","cipher()","cipher=()","ciphers()","ciphers()","ciphers=()","cleanup()","cleanup()","clear_bit!()","client_ca()","close()","close()","closed?()","cmds()","cmp()","cmp()","cmp()","cmp_issuer()","coerce()","cofactor()","compare?()","compute_key()","concat()","connect()","connect_nonblock()","copy()","copy_nonce()","create()","create()","create_ext()","create_ext_from_array()","create_ext_from_hash()","create_ext_from_string()","create_extension()","create_timestamp()","critical=()","critical?()","crl=()","crl_uris()","crls()","crls=()","ctrl_cmd()","current_cert()","current_crl()","curve_name()","data=()","debug()","debug=()","decode()","decode_all()","decrypt()","decrypt()","decrypt()","degree()","derive()","detached()","detached=()","detached?()","dh_compute_key()","digest()","digest()","digest()","digest()","digest_length()","do_not_reverse_lookup=()","dsa_sign_asn1()","dsa_verify_asn1()","each()","each()","each()","each_byte()","each_line()","ecdh_curves=()","egd()","egd_bytes()","enable_fallback_scsv()","enc_key()","encrypt()","encrypt()","encrypt()","engines()","eof()","eof?()","eql?()","eql?()","eql?()","eql?()","error()","error=()","error_depth()","error_string()","errors()","expand_hexstring()","expand_pair()","expand_value()","export()","export()","export()","export()","extensions()","extensions()","extensions()","extensions()","extensions=()","extensions=()","extensions=()","failure_info()","fcntl()","fileno()","final()","find_extension()","find_response()","finish()","finished_message()","fips_mode()","fips_mode=()","fixed_length_secure_compare()","flags=()","flags=()","flush()","flush_sessions()","freeze()","gcd()","gen_time()","generate()","generate()","generate()","generate()","generate_key()","generate_key()","generate_key!()","generate_key!()","generate_parameters()","generate_prime()","generator()","get_flags()","get_value()","getbyte()","getc()","gets()","getsockopt()","group()","group=()","hash()","hash()","hash_algorithm()","hash_old()","hexdigest()","hexdigest()","hkdf()","hostname=()","id()","id()","included()","infinity?()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","initialize_copy()","inspect()","inspect()","inspect()","inspect()","inspect()","invert!()","issuer()","issuer()","issuer()","issuer()","issuer=()","issuer=()","issuer_certificate=()","issuer_key_hash()","issuer_name_hash()","iv=()","iv_len()","iv_len=()","key=()","key_len()","key_len=()","last_update()","last_update=()","listen()","ln()","load()","load()","load_file()","load_private_key()","load_public_key()","load_random_file()","long_name()","lshift!()","make_affine!()","max_version=()","mem_check_start()","message_imprint()","message_imprint()","message_imprint=()","min_version=()","mod_add()","mod_exp()","mod_inverse()","mod_mul()","mod_sqr()","mod_sub()","mul()","name()","name()","name()","negative?()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","next_update()","next_update()","next_update=()","nonce()","nonce()","nonce=()","not_after()","not_after=()","not_before()","not_before=()","npn_protocol()","num_bits()","num_bytes()","ocsp_uris()","odd?()","oid()","oid()","oid()","oid()","oid=()","oid=()","on_curve?()","one?()","options()","options=()","order()","ordering()","padding=()","params()","params()","params()","params_ok?()","parse()","parse()","parse_config()","parse_openssl()","parse_rfc2253()","pbkdf2_hmac()","pbkdf2_hmac()","pbkdf2_hmac_sha1()","peer_cert()","peer_cert_chain()","peer_finished_message()","peeraddr()","pending()","pkcs5_keyivgen()","point_conversion_form()","point_conversion_form=()","policy_id()","policy_id()","policy_id=()","post_connection_check()","pretty_print()","pretty_print()","pretty_print()","prime?()","prime_fasttest?()","print()","print_mem_leaks()","printf()","private?()","private?()","private?()","private?()","private_decrypt()","private_encrypt()","private_key()","private_key=()","private_key?()","private_to_der()","private_to_pem()","public?()","public?()","public?()","public?()","public_decrypt()","public_encrypt()","public_key()","public_key()","public_key()","public_key()","public_key()","public_key()","public_key()","public_key=()","public_key=()","public_key=()","public_key=()","public_key?()","public_to_der()","public_to_pem()","purpose=()","purpose=()","puts()","rand()","rand_range()","random_add()","random_bytes()","random_iv()","random_key()","read()","read()","read_nonblock()","read_smime()","readchar()","readline()","readlines()","readpartial()","recipients()","register()","reset()","reset()","reset()","responses()","revocation_reason()","revocation_time()","revoked()","revoked=()","rshift!()","scan()","scrypt()","sections()","secure_compare()","security_level()","security_level=()","seed()","seed()","seed=()","serial()","serial()","serial()","serial()","serial()","serial=()","serial=()","serial_number()","session()","session=()","session_add()","session_cache_mode()","session_cache_mode=()","session_cache_size()","session_cache_size=()","session_cache_stats()","session_remove()","session_reused?()","set_bit!()","set_crt_params()","set_default()","set_default_paths()","set_factors()","set_flags()","set_generator()","set_key()","set_key()","set_key()","set_params()","set_pqg()","set_pqg()","set_to_infinity!()","setsockopt()","setup()","short_name()","shutdown()","sign()","sign()","sign()","sign()","sign()","sign()","sign()","sign()","sign_pss()","sign_raw()","signature_algorithm()","signature_algorithm()","signature_algorithm()","signed?()","signed_time()","signers()","sn()","sqr()","ssl_version()","ssl_version=()","state()","status()","status()","status()","status?()","status_string()","status_text()","subject()","subject()","subject=()","subject=()","subject_certificate=()","subject_key_identifier()","subject_request=()","sysclose()","sysread()","syssign()","sysverify()","syswrite()","this_update()","time()","time()","time=()","time=()","time=()","time=()","timeout()","timeout=()","tmp_dh=()","tmp_key()","to_a()","to_a()","to_bn()","to_bn()","to_bn()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_der()","to_h()","to_i()","to_int()","to_io()","to_octet_string()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_pem()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_s()","to_text()","to_text()","to_text()","to_text()","to_text()","to_text()","to_text()","to_utf8()","token()","token_info()","traverse()","trust=()","trust=()","tsa_certificate()","type()","type=()","ucmp()","ungetc()","update()","update()","update()","value()","value()","value=()","value=()","value_der()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify()","verify_callback=()","verify_certificate_identity()","verify_pss()","verify_raw()","verify_recover()","verify_result()","version()","version()","version()","version()","version()","version=()","version=()","version=()","version=()","write()","write_nonblock()","write_random_file()","write_smime()","zero?()","contributing","history","readme"],"longSearchIndex":["io","io::waitreadable","io::waitwritable","integer","openssl","openssl::asn1","openssl::asn1::asn1data","openssl::asn1::asn1error","openssl::asn1::constructive","openssl::asn1::objectid","openssl::asn1::primitive","openssl::bn","openssl::bnerror","openssl::buffering","openssl::buffering::buffer","openssl::cipher","openssl::cipher::cipher","openssl::cipher::ciphererror","openssl::config","openssl::configerror","openssl::digest","openssl::digest::digesterror","openssl::engine","openssl::engine::engineerror","openssl::extconfig","openssl::hmac","openssl::hmacerror","openssl::kdf","openssl::kdf::kdferror","openssl::marshal","openssl::marshal::classmethods","openssl::netscape","openssl::netscape::spki","openssl::netscape::spkierror","openssl::ocsp","openssl::ocsp::basicresponse","openssl::ocsp::certificateid","openssl::ocsp::ocsperror","openssl::ocsp::request","openssl::ocsp::response","openssl::ocsp::singleresponse","openssl::opensslerror","openssl::pkcs12","openssl::pkcs12::pkcs12error","openssl::pkcs5","openssl::pkcs7","openssl::pkcs7::pkcs7error","openssl::pkcs7::recipientinfo","openssl::pkcs7::signerinfo","openssl::pkey","openssl::pkey::dh","openssl::pkey::dherror","openssl::pkey::dsa","openssl::pkey::dsaerror","openssl::pkey::ec","openssl::pkey::ec::group","openssl::pkey::ec::group::error","openssl::pkey::ec::point","openssl::pkey::ec::point::error","openssl::pkey::ecerror","openssl::pkey::pkey","openssl::pkey::pkeyerror","openssl::pkey::rsa","openssl::pkey::rsaerror","openssl::random","openssl::random::randomerror","openssl::ssl","openssl::ssl::sslcontext","openssl::ssl::sslerror","openssl::ssl::sslerrorwaitreadable","openssl::ssl::sslerrorwaitwritable","openssl::ssl::sslserver","openssl::ssl::sslsocket","openssl::ssl::session","openssl::ssl::session::sessionerror","openssl::ssl::socketforwarder","openssl::timestamp","openssl::timestamp::factory","openssl::timestamp::request","openssl::timestamp::response","openssl::timestamp::timestamperror","openssl::timestamp::tokeninfo","openssl::x509","openssl::x509::attribute","openssl::x509::attributeerror","openssl::x509::crl","openssl::x509::crlerror","openssl::x509::certificate","openssl::x509::certificateerror","openssl::x509::extension","openssl::x509::extension::authorityinfoaccess","openssl::x509::extension::authoritykeyidentifier","openssl::x509::extension::crldistributionpoints","openssl::x509::extension::helpers","openssl::x509::extension::subjectkeyidentifier","openssl::x509::extensionerror","openssl::x509::extensionfactory","openssl::x509::name","openssl::x509::name::rfc2253dn","openssl::x509::nameerror","openssl::x509::request","openssl::x509::requesterror","openssl::x509::revoked","openssl::x509::revokederror","openssl::x509::store","openssl::x509::storecontext","openssl::x509::storeerror","openssl::bn#%()","openssl::bn#*()","openssl::bn#**()","openssl::bn#+()","openssl::bn#+@()","openssl::bn#-()","openssl::bn#-@()","openssl::bn#/()","openssl::bn#<<()","openssl::buffering#<<()","openssl::buffering::buffer#<<()","openssl::digest#<<()","openssl::hmac#<<()","openssl::bn#<=>()","openssl::x509::name#<=>()","openssl::asn1::objectid#==()","openssl::bn#==()","openssl::hmac#==()","openssl::pkey::ec::group#==()","openssl::pkey::ec::point#==()","openssl::ssl::session#==()","openssl::x509::attribute#==()","openssl::x509::crl#==()","openssl::x509::certificate#==()","openssl::x509::extension#==()","openssl::x509::request#==()","openssl::x509::revoked#==()","openssl::bn#===()","openssl::bn#>>()","openssl::digest()","openssl::config#[]()","openssl::marshal#_dump()","openssl::marshal::classmethods#_load()","openssl::bn#abs()","openssl::ssl::sslserver#accept()","openssl::ssl::sslsocket#accept()","openssl::ssl::sslsocket#accept_nonblock()","openssl::pkey::ec::point#add()","openssl::x509::request#add_attribute()","openssl::x509::store#add_cert()","openssl::ocsp::request#add_certid()","openssl::pkcs7#add_certificate()","openssl::ssl::sslcontext#add_certificate()","openssl::pkcs7#add_crl()","openssl::x509::store#add_crl()","openssl::pkcs7#add_data()","openssl::x509::name#add_entry()","openssl::x509::crl#add_extension()","openssl::x509::certificate#add_extension()","openssl::x509::revoked#add_extension()","openssl::x509::store#add_file()","openssl::ocsp::basicresponse#add_nonce()","openssl::ocsp::request#add_nonce()","openssl::x509::store#add_path()","openssl::pkcs7#add_recipient()","openssl::x509::crl#add_revoked()","openssl::pkcs7#add_signer()","openssl::ocsp::basicresponse#add_status()","openssl::ssl::socketforwarder#addr()","openssl::timestamp::request#algorithm()","openssl::timestamp::tokeninfo#algorithm()","openssl::timestamp::request#algorithm=()","openssl::ssl::sslsocket#alpn_protocol()","openssl::pkey::ec::group#asn1_flag()","openssl::pkey::ec::group#asn1_flag=()","openssl::x509::request#attributes()","openssl::x509::request#attributes=()","openssl::cipher#auth_data=()","openssl::cipher#auth_tag()","openssl::cipher#auth_tag=()","openssl::cipher#auth_tag_len=()","openssl::cipher#authenticated?()","openssl::x509::extension::authoritykeyidentifier#authority_key_identifier()","openssl::hmac#base64digest()","openssl::hmac::base64digest()","openssl::ocsp::response#basic()","openssl::bn#bit_set?()","openssl::digest#block_length()","openssl::cipher#block_size()","openssl::pkey::ec::builtin_curves()","openssl::engine::by_id()","openssl::x509::extension::authorityinfoaccess#ca_issuer_uris()","openssl::cipher#ccm_data_len=()","openssl::ssl::sslsocket#cert()","openssl::timestamp::request#cert_requested=()","openssl::timestamp::request#cert_requested?()","openssl::ocsp::singleresponse#cert_status()","openssl::ocsp::request#certid()","openssl::ocsp::singleresponse#certid()","openssl::pkcs7#certificates()","openssl::pkcs7#certificates=()","openssl::x509::storecontext#chain()","openssl::netscape::spki#challenge()","openssl::netscape::spki#challenge=()","openssl::pkey::ec#check_key()","openssl::ocsp::request#check_nonce()","openssl::x509::certificate#check_private_key()","openssl::ocsp::singleresponse#check_validity()","openssl::engine#cipher()","openssl::ssl::sslsocket#cipher()","openssl::pkcs7#cipher=()","openssl::cipher::ciphers()","openssl::ssl::sslcontext#ciphers()","openssl::ssl::sslcontext#ciphers=()","openssl::engine::cleanup()","openssl::x509::storecontext#cleanup()","openssl::bn#clear_bit!()","openssl::ssl::sslsocket#client_ca()","openssl::buffering#close()","openssl::ssl::sslserver#close()","openssl::ssl::socketforwarder#closed?()","openssl::engine#cmds()","openssl::bn#cmp()","openssl::ocsp::certificateid#cmp()","openssl::x509::name#cmp()","openssl::ocsp::certificateid#cmp_issuer()","openssl::bn#coerce()","openssl::pkey::ec::group#cofactor()","openssl::pkey::pkey#compare?()","openssl::pkey::dh#compute_key()","openssl::buffering::buffer#concat()","openssl::ssl::sslsocket#connect()","openssl::ssl::sslsocket#connect_nonblock()","openssl::bn#copy()","openssl::ocsp::basicresponse#copy_nonce()","openssl::ocsp::response::create()","openssl::pkcs12::create()","openssl::x509::extensionfactory#create_ext()","openssl::x509::extensionfactory#create_ext_from_array()","openssl::x509::extensionfactory#create_ext_from_hash()","openssl::x509::extensionfactory#create_ext_from_string()","openssl::x509::extensionfactory#create_extension()","openssl::timestamp::factory#create_timestamp()","openssl::x509::extension#critical=()","openssl::x509::extension#critical?()","openssl::x509::extensionfactory#crl=()","openssl::x509::extension::crldistributionpoints#crl_uris()","openssl::pkcs7#crls()","openssl::pkcs7#crls=()","openssl::engine#ctrl_cmd()","openssl::x509::storecontext#current_cert()","openssl::x509::storecontext#current_crl()","openssl::pkey::ec::group#curve_name()","openssl::pkcs7#data=()","openssl::debug()","openssl::debug=()","openssl::asn1::decode()","openssl::asn1::decode_all()","openssl::cipher#decrypt()","openssl::pkcs7#decrypt()","openssl::pkey::pkey#decrypt()","openssl::pkey::ec::group#degree()","openssl::pkey::pkey#derive()","openssl::pkcs7#detached()","openssl::pkcs7#detached=()","openssl::pkcs7#detached?()","openssl::pkey::ec#dh_compute_key()","openssl::digest::digest()","openssl::engine#digest()","openssl::hmac#digest()","openssl::hmac::digest()","openssl::digest#digest_length()","openssl::ssl::socketforwarder#do_not_reverse_lookup=()","openssl::pkey::ec#dsa_sign_asn1()","openssl::pkey::ec#dsa_verify_asn1()","openssl::asn1::constructive#each()","openssl::buffering#each()","openssl::config#each()","openssl::buffering#each_byte()","openssl::buffering#each_line()","openssl::ssl::sslcontext#ecdh_curves=()","openssl::random::egd()","openssl::random::egd_bytes()","openssl::ssl::sslcontext#enable_fallback_scsv()","openssl::pkcs7::recipientinfo#enc_key()","openssl::cipher#encrypt()","openssl::pkcs7::encrypt()","openssl::pkey::pkey#encrypt()","openssl::engine::engines()","openssl::buffering#eof()","openssl::buffering#eof?()","openssl::bn#eql?()","openssl::pkey::ec::group#eql?()","openssl::pkey::ec::point#eql?()","openssl::x509::name#eql?()","openssl::x509::storecontext#error()","openssl::x509::storecontext#error=()","openssl::x509::storecontext#error_depth()","openssl::x509::storecontext#error_string()","openssl::errors()","openssl::x509::name::rfc2253dn#expand_hexstring()","openssl::x509::name::rfc2253dn#expand_pair()","openssl::x509::name::rfc2253dn#expand_value()","openssl::pkey::dh#export()","openssl::pkey::dsa#export()","openssl::pkey::ec#export()","openssl::pkey::rsa#export()","openssl::ocsp::singleresponse#extensions()","openssl::x509::crl#extensions()","openssl::x509::certificate#extensions()","openssl::x509::revoked#extensions()","openssl::x509::crl#extensions=()","openssl::x509::certificate#extensions=()","openssl::x509::revoked#extensions=()","openssl::timestamp::response#failure_info()","openssl::ssl::socketforwarder#fcntl()","openssl::ssl::socketforwarder#fileno()","openssl::cipher#final()","openssl::x509::extension::helpers#find_extension()","openssl::ocsp::basicresponse#find_response()","openssl::engine#finish()","openssl::ssl::sslsocket#finished_message()","openssl::fips_mode()","openssl::fips_mode=()","openssl::fixed_length_secure_compare()","openssl::x509::store#flags=()","openssl::x509::storecontext#flags=()","openssl::buffering#flush()","openssl::ssl::sslcontext#flush_sessions()","openssl::ssl::sslcontext#freeze()","openssl::bn#gcd()","openssl::timestamp::tokeninfo#gen_time()","openssl::pkey::dh::generate()","openssl::pkey::dsa::generate()","openssl::pkey::ec::generate()","openssl::pkey::rsa::generate()","openssl::pkey::generate_key()","openssl::pkey::ec#generate_key()","openssl::pkey::dh#generate_key!()","openssl::pkey::ec#generate_key!()","openssl::pkey::generate_parameters()","openssl::bn::generate_prime()","openssl::pkey::ec::group#generator()","openssl::bn#get_flags()","openssl::config#get_value()","openssl::buffering#getbyte()","openssl::buffering#getc()","openssl::buffering#gets()","openssl::ssl::socketforwarder#getsockopt()","openssl::pkey::ec#group()","openssl::pkey::ec#group=()","openssl::bn#hash()","openssl::x509::name#hash()","openssl::ocsp::certificateid#hash_algorithm()","openssl::x509::name#hash_old()","openssl::hmac#hexdigest()","openssl::hmac::hexdigest()","openssl::kdf::hkdf()","openssl::ssl::sslsocket#hostname=()","openssl::engine#id()","openssl::ssl::session#id()","openssl::marshal::included()","openssl::pkey::ec::point#infinity?()","openssl::bn#initialize_copy()","openssl::cipher#initialize_copy()","openssl::config#initialize_copy()","openssl::digest#initialize_copy()","openssl::hmac#initialize_copy()","openssl::ocsp::basicresponse#initialize_copy()","openssl::ocsp::certificateid#initialize_copy()","openssl::ocsp::request#initialize_copy()","openssl::ocsp::response#initialize_copy()","openssl::ocsp::singleresponse#initialize_copy()","openssl::pkcs12#initialize_copy()","openssl::pkcs7#initialize_copy()","openssl::pkey::dh#initialize_copy()","openssl::pkey::dsa#initialize_copy()","openssl::pkey::ec#initialize_copy()","openssl::pkey::ec::group#initialize_copy()","openssl::pkey::ec::point#initialize_copy()","openssl::pkey::pkey#initialize_copy()","openssl::pkey::rsa#initialize_copy()","openssl::ssl::session#initialize_copy()","openssl::x509::attribute#initialize_copy()","openssl::x509::crl#initialize_copy()","openssl::x509::certificate#initialize_copy()","openssl::x509::extension#initialize_copy()","openssl::x509::name#initialize_copy()","openssl::x509::request#initialize_copy()","openssl::x509::revoked#initialize_copy()","openssl::config#inspect()","openssl::engine#inspect()","openssl::hmac#inspect()","openssl::pkey::pkey#inspect()","openssl::x509::certificate#inspect()","openssl::pkey::ec::point#invert!()","openssl::pkcs7::recipientinfo#issuer()","openssl::pkcs7::signerinfo#issuer()","openssl::x509::crl#issuer()","openssl::x509::certificate#issuer()","openssl::x509::crl#issuer=()","openssl::x509::certificate#issuer=()","openssl::x509::extensionfactory#issuer_certificate=()","openssl::ocsp::certificateid#issuer_key_hash()","openssl::ocsp::certificateid#issuer_name_hash()","openssl::cipher#iv=()","openssl::cipher#iv_len()","openssl::cipher#iv_len=()","openssl::cipher#key=()","openssl::cipher#key_len()","openssl::cipher#key_len=()","openssl::x509::crl#last_update()","openssl::x509::crl#last_update=()","openssl::ssl::sslserver#listen()","openssl::asn1::objectid#ln()","openssl::engine::load()","openssl::x509::certificate::load()","openssl::x509::certificate::load_file()","openssl::engine#load_private_key()","openssl::engine#load_public_key()","openssl::random::load_random_file()","openssl::asn1::objectid#long_name()","openssl::bn#lshift!()","openssl::pkey::ec::point#make_affine!()","openssl::ssl::sslcontext#max_version=()","openssl::mem_check_start()","openssl::timestamp::request#message_imprint()","openssl::timestamp::tokeninfo#message_imprint()","openssl::timestamp::request#message_imprint=()","openssl::ssl::sslcontext#min_version=()","openssl::bn#mod_add()","openssl::bn#mod_exp()","openssl::bn#mod_inverse()","openssl::bn#mod_mul()","openssl::bn#mod_sqr()","openssl::bn#mod_sub()","openssl::pkey::ec::point#mul()","openssl::cipher#name()","openssl::digest#name()","openssl::engine#name()","openssl::bn#negative?()","openssl::asn1::asn1data::new()","openssl::asn1::constructive::new()","openssl::asn1::primitive::new()","openssl::bn::new()","openssl::buffering::new()","openssl::buffering::buffer::new()","openssl::cipher::new()","openssl::config::new()","openssl::digest::new()","openssl::hmac::new()","openssl::netscape::spki::new()","openssl::ocsp::basicresponse::new()","openssl::ocsp::certificateid::new()","openssl::ocsp::request::new()","openssl::ocsp::response::new()","openssl::ocsp::singleresponse::new()","openssl::pkcs12::new()","openssl::pkcs7::new()","openssl::pkcs7::recipientinfo::new()","openssl::pkcs7::signerinfo::new()","openssl::pkey::dh::new()","openssl::pkey::dsa::new()","openssl::pkey::ec::new()","openssl::pkey::ec::group::new()","openssl::pkey::ec::point::new()","openssl::pkey::pkey::new()","openssl::pkey::rsa::new()","openssl::ssl::sslcontext::new()","openssl::ssl::sslserver::new()","openssl::ssl::sslsocket::new()","openssl::ssl::session::new()","openssl::timestamp::request::new()","openssl::timestamp::response::new()","openssl::timestamp::tokeninfo::new()","openssl::x509::attribute::new()","openssl::x509::crl::new()","openssl::x509::certificate::new()","openssl::x509::extension::new()","openssl::x509::extensionfactory::new()","openssl::x509::name::new()","openssl::x509::request::new()","openssl::x509::revoked::new()","openssl::x509::store::new()","openssl::x509::storecontext::new()","openssl::ocsp::singleresponse#next_update()","openssl::x509::crl#next_update()","openssl::x509::crl#next_update=()","openssl::timestamp::request#nonce()","openssl::timestamp::tokeninfo#nonce()","openssl::timestamp::request#nonce=()","openssl::x509::certificate#not_after()","openssl::x509::certificate#not_after=()","openssl::x509::certificate#not_before()","openssl::x509::certificate#not_before=()","openssl::ssl::sslsocket#npn_protocol()","openssl::bn#num_bits()","openssl::bn#num_bytes()","openssl::x509::extension::authorityinfoaccess#ocsp_uris()","openssl::bn#odd?()","openssl::asn1::objectid#oid()","openssl::pkey::pkey#oid()","openssl::x509::attribute#oid()","openssl::x509::extension#oid()","openssl::x509::attribute#oid=()","openssl::x509::extension#oid=()","openssl::pkey::ec::point#on_curve?()","openssl::bn#one?()","openssl::ssl::sslcontext#options()","openssl::ssl::sslcontext#options=()","openssl::pkey::ec::group#order()","openssl::timestamp::tokeninfo#ordering()","openssl::cipher#padding=()","openssl::pkey::dh#params()","openssl::pkey::dsa#params()","openssl::pkey::rsa#params()","openssl::pkey::dh#params_ok?()","openssl::config::parse()","openssl::x509::name::parse()","openssl::config::parse_config()","openssl::x509::name::parse_openssl()","openssl::x509::name::parse_rfc2253()","openssl::kdf::pbkdf2_hmac()","openssl::pkcs5#pbkdf2_hmac()","openssl::pkcs5#pbkdf2_hmac_sha1()","openssl::ssl::sslsocket#peer_cert()","openssl::ssl::sslsocket#peer_cert_chain()","openssl::ssl::sslsocket#peer_finished_message()","openssl::ssl::socketforwarder#peeraddr()","openssl::ssl::sslsocket#pending()","openssl::cipher#pkcs5_keyivgen()","openssl::pkey::ec::group#point_conversion_form()","openssl::pkey::ec::group#point_conversion_form=()","openssl::timestamp::request#policy_id()","openssl::timestamp::tokeninfo#policy_id()","openssl::timestamp::request#policy_id=()","openssl::ssl::sslsocket#post_connection_check()","openssl::bn#pretty_print()","openssl::x509::certificate#pretty_print()","openssl::x509::name#pretty_print()","openssl::bn#prime?()","openssl::bn#prime_fasttest?()","openssl::buffering#print()","openssl::print_mem_leaks()","openssl::buffering#printf()","openssl::pkey::dh#private?()","openssl::pkey::dsa#private?()","openssl::pkey::ec#private?()","openssl::pkey::rsa#private?()","openssl::pkey::rsa#private_decrypt()","openssl::pkey::rsa#private_encrypt()","openssl::pkey::ec#private_key()","openssl::pkey::ec#private_key=()","openssl::pkey::ec#private_key?()","openssl::pkey::pkey#private_to_der()","openssl::pkey::pkey#private_to_pem()","openssl::pkey::dh#public?()","openssl::pkey::dsa#public?()","openssl::pkey::ec#public?()","openssl::pkey::rsa#public?()","openssl::pkey::rsa#public_decrypt()","openssl::pkey::rsa#public_encrypt()","openssl::netscape::spki#public_key()","openssl::pkey::dh#public_key()","openssl::pkey::dsa#public_key()","openssl::pkey::ec#public_key()","openssl::pkey::rsa#public_key()","openssl::x509::certificate#public_key()","openssl::x509::request#public_key()","openssl::netscape::spki#public_key=()","openssl::pkey::ec#public_key=()","openssl::x509::certificate#public_key=()","openssl::x509::request#public_key=()","openssl::pkey::ec#public_key?()","openssl::pkey::pkey#public_to_der()","openssl::pkey::pkey#public_to_pem()","openssl::x509::store#purpose=()","openssl::x509::storecontext#purpose=()","openssl::buffering#puts()","openssl::bn::rand()","openssl::bn::rand_range()","openssl::random::random_add()","openssl::random::random_bytes()","openssl::cipher#random_iv()","openssl::cipher#random_key()","openssl::buffering#read()","openssl::pkey::read()","openssl::buffering#read_nonblock()","openssl::pkcs7::read_smime()","openssl::buffering#readchar()","openssl::buffering#readline()","openssl::buffering#readlines()","openssl::buffering#readpartial()","openssl::pkcs7#recipients()","openssl::asn1::objectid::register()","openssl::cipher#reset()","openssl::digest#reset()","openssl::hmac#reset()","openssl::ocsp::basicresponse#responses()","openssl::ocsp::singleresponse#revocation_reason()","openssl::ocsp::singleresponse#revocation_time()","openssl::x509::crl#revoked()","openssl::x509::crl#revoked=()","openssl::bn#rshift!()","openssl::x509::name::rfc2253dn#scan()","openssl::kdf::scrypt()","openssl::config#sections()","openssl::secure_compare()","openssl::ssl::sslcontext#security_level()","openssl::ssl::sslcontext#security_level=()","openssl::pkey::ec::group#seed()","openssl::random::seed()","openssl::pkey::ec::group#seed=()","openssl::ocsp::certificateid#serial()","openssl::pkcs7::recipientinfo#serial()","openssl::pkcs7::signerinfo#serial()","openssl::x509::certificate#serial()","openssl::x509::revoked#serial()","openssl::x509::certificate#serial=()","openssl::x509::revoked#serial=()","openssl::timestamp::tokeninfo#serial_number()","openssl::ssl::sslsocket#session()","openssl::ssl::sslsocket#session=()","openssl::ssl::sslcontext#session_add()","openssl::ssl::sslcontext#session_cache_mode()","openssl::ssl::sslcontext#session_cache_mode=()","openssl::ssl::sslcontext#session_cache_size()","openssl::ssl::sslcontext#session_cache_size=()","openssl::ssl::sslcontext#session_cache_stats()","openssl::ssl::sslcontext#session_remove()","openssl::ssl::sslsocket#session_reused?()","openssl::bn#set_bit!()","openssl::pkey::rsa#set_crt_params()","openssl::engine#set_default()","openssl::x509::store#set_default_paths()","openssl::pkey::rsa#set_factors()","openssl::bn#set_flags()","openssl::pkey::ec::group#set_generator()","openssl::pkey::dh#set_key()","openssl::pkey::dsa#set_key()","openssl::pkey::rsa#set_key()","openssl::ssl::sslcontext#set_params()","openssl::pkey::dh#set_pqg()","openssl::pkey::dsa#set_pqg()","openssl::pkey::ec::point#set_to_infinity!()","openssl::ssl::socketforwarder#setsockopt()","openssl::ssl::sslcontext#setup()","openssl::asn1::objectid#short_name()","openssl::ssl::sslserver#shutdown()","openssl::netscape::spki#sign()","openssl::ocsp::basicresponse#sign()","openssl::ocsp::request#sign()","openssl::pkcs7::sign()","openssl::pkey::pkey#sign()","openssl::x509::crl#sign()","openssl::x509::certificate#sign()","openssl::x509::request#sign()","openssl::pkey::rsa#sign_pss()","openssl::pkey::pkey#sign_raw()","openssl::x509::crl#signature_algorithm()","openssl::x509::certificate#signature_algorithm()","openssl::x509::request#signature_algorithm()","openssl::ocsp::request#signed?()","openssl::pkcs7::signerinfo#signed_time()","openssl::pkcs7#signers()","openssl::asn1::objectid#sn()","openssl::bn#sqr()","openssl::ssl::sslsocket#ssl_version()","openssl::ssl::sslcontext#ssl_version=()","openssl::ssl::sslsocket#state()","openssl::ocsp::basicresponse#status()","openssl::ocsp::response#status()","openssl::timestamp::response#status()","openssl::random::status?()","openssl::ocsp::response#status_string()","openssl::timestamp::response#status_text()","openssl::x509::certificate#subject()","openssl::x509::request#subject()","openssl::x509::certificate#subject=()","openssl::x509::request#subject=()","openssl::x509::extensionfactory#subject_certificate=()","openssl::x509::extension::subjectkeyidentifier#subject_key_identifier()","openssl::x509::extensionfactory#subject_request=()","openssl::ssl::sslsocket#sysclose()","openssl::ssl::sslsocket#sysread()","openssl::pkey::dsa#syssign()","openssl::pkey::dsa#sysverify()","openssl::ssl::sslsocket#syswrite()","openssl::ocsp::singleresponse#this_update()","openssl::ssl::session#time()","openssl::x509::revoked#time()","openssl::ssl::session#time=()","openssl::x509::revoked#time=()","openssl::x509::store#time=()","openssl::x509::storecontext#time=()","openssl::ssl::session#timeout()","openssl::ssl::session#timeout=()","openssl::ssl::sslcontext#tmp_dh=()","openssl::ssl::sslsocket#tmp_key()","openssl::x509::extension#to_a()","openssl::x509::name#to_a()","integer#to_bn()","openssl::bn#to_bn()","openssl::pkey::ec::point#to_bn()","openssl::asn1::asn1data#to_der()","openssl::asn1::constructive#to_der()","openssl::asn1::primitive#to_der()","openssl::netscape::spki#to_der()","openssl::ocsp::basicresponse#to_der()","openssl::ocsp::certificateid#to_der()","openssl::ocsp::request#to_der()","openssl::ocsp::response#to_der()","openssl::ocsp::singleresponse#to_der()","openssl::pkcs12#to_der()","openssl::pkcs7#to_der()","openssl::pkey::dh#to_der()","openssl::pkey::dsa#to_der()","openssl::pkey::ec#to_der()","openssl::pkey::ec::group#to_der()","openssl::pkey::rsa#to_der()","openssl::ssl::session#to_der()","openssl::timestamp::request#to_der()","openssl::timestamp::response#to_der()","openssl::timestamp::tokeninfo#to_der()","openssl::x509::attribute#to_der()","openssl::x509::crl#to_der()","openssl::x509::certificate#to_der()","openssl::x509::extension#to_der()","openssl::x509::name#to_der()","openssl::x509::request#to_der()","openssl::x509::revoked#to_der()","openssl::x509::extension#to_h()","openssl::bn#to_i()","openssl::bn#to_int()","openssl::ssl::sslserver#to_io()","openssl::pkey::ec::point#to_octet_string()","openssl::netscape::spki#to_pem()","openssl::pkcs7#to_pem()","openssl::pkey::dh#to_pem()","openssl::pkey::dsa#to_pem()","openssl::pkey::ec#to_pem()","openssl::pkey::ec::group#to_pem()","openssl::pkey::rsa#to_pem()","openssl::ssl::session#to_pem()","openssl::x509::crl#to_pem()","openssl::x509::certificate#to_pem()","openssl::x509::request#to_pem()","openssl::bn#to_s()","openssl::config#to_s()","openssl::hmac#to_s()","openssl::netscape::spki#to_s()","openssl::pkcs7#to_s()","openssl::pkey::dh#to_s()","openssl::pkey::dsa#to_s()","openssl::pkey::rsa#to_s()","openssl::x509::crl#to_s()","openssl::x509::certificate#to_s()","openssl::x509::extension#to_s()","openssl::x509::name#to_s()","openssl::x509::request#to_s()","openssl::netscape::spki#to_text()","openssl::pkey::ec::group#to_text()","openssl::pkey::pkey#to_text()","openssl::ssl::session#to_text()","openssl::x509::crl#to_text()","openssl::x509::certificate#to_text()","openssl::x509::request#to_text()","openssl::x509::name#to_utf8()","openssl::timestamp::response#token()","openssl::timestamp::response#token_info()","openssl::asn1::traverse()","openssl::x509::store#trust=()","openssl::x509::storecontext#trust=()","openssl::timestamp::response#tsa_certificate()","openssl::pkcs7#type()","openssl::pkcs7#type=()","openssl::bn#ucmp()","openssl::buffering#ungetc()","openssl::cipher#update()","openssl::digest#update()","openssl::hmac#update()","openssl::x509::attribute#value()","openssl::x509::extension#value()","openssl::x509::attribute#value=()","openssl::x509::extension#value=()","openssl::x509::extension#value_der()","openssl::netscape::spki#verify()","openssl::ocsp::basicresponse#verify()","openssl::ocsp::request#verify()","openssl::pkcs7#verify()","openssl::pkey::pkey#verify()","openssl::timestamp::response#verify()","openssl::x509::crl#verify()","openssl::x509::certificate#verify()","openssl::x509::request#verify()","openssl::x509::store#verify()","openssl::x509::storecontext#verify()","openssl::x509::store#verify_callback=()","openssl::ssl::verify_certificate_identity()","openssl::pkey::rsa#verify_pss()","openssl::pkey::pkey#verify_raw()","openssl::pkey::pkey#verify_recover()","openssl::ssl::sslsocket#verify_result()","openssl::timestamp::request#version()","openssl::timestamp::tokeninfo#version()","openssl::x509::crl#version()","openssl::x509::certificate#version()","openssl::x509::request#version()","openssl::timestamp::request#version=()","openssl::x509::crl#version=()","openssl::x509::certificate#version=()","openssl::x509::request#version=()","openssl::buffering#write()","openssl::buffering#write_nonblock()","openssl::random::write_random_file()","openssl::pkcs7::write_smime()","openssl::bn#zero?()","","",""],"info":[["IO","","IO.html","",""],["IO::WaitReadable","","IO/WaitReadable.html","",""],["IO::WaitWritable","","IO/WaitWritable.html","",""],["Integer","","Integer.html","",""],["OpenSSL","","OpenSSL.html","","<p>OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the OpenSSL library.\n<p>Examples\n<p>All …\n"],["OpenSSL::ASN1","","OpenSSL/ASN1.html","","<p>Abstract Syntax Notation One (or ASN.1) is a notation syntax to describe data structures and is defined …\n"],["OpenSSL::ASN1::ASN1Data","","OpenSSL/ASN1/ASN1Data.html","","<p>The top-level class representing any ASN.1 object. When parsed by ASN1.decode, tagged values are always …\n"],["OpenSSL::ASN1::ASN1Error","","OpenSSL/ASN1/ASN1Error.html","","<p>Generic error class for all errors raised in ASN1 and any of the classes defined in it.\n"],["OpenSSL::ASN1::Constructive","","OpenSSL/ASN1/Constructive.html","","<p>The parent class for all constructed encodings. The <em>value</em> attribute of a Constructive is always an Array …\n"],["OpenSSL::ASN1::ObjectId","","OpenSSL/ASN1/ObjectId.html","","<p>Represents the primitive object id for OpenSSL::ASN1\n"],["OpenSSL::ASN1::Primitive","","OpenSSL/ASN1/Primitive.html","","<p>The parent class for all primitive encodings. Attributes are the same as for ASN1Data, with the addition …\n"],["OpenSSL::BN","","OpenSSL/BN.html","",""],["OpenSSL::BNError","","OpenSSL/BNError.html","","<p>Generic Error for all of OpenSSL::BN (big num)\n"],["OpenSSL::Buffering","","OpenSSL/Buffering.html","","<p>OpenSSL IO buffering mix-in module.\n<p>This module allows an OpenSSL::SSL::SSLSocket to behave like an IO …\n"],["OpenSSL::Buffering::Buffer","","OpenSSL/Buffering/Buffer.html","","<p>A buffer which will retain binary encoding.\n"],["OpenSSL::Cipher","","OpenSSL/Cipher.html","","<p>Provides symmetric algorithms for encryption and decryption. The algorithms that are available depend …\n"],["OpenSSL::Cipher::Cipher","","OpenSSL/Cipher/Cipher.html","","<p>Deprecated.\n<p>This class is only provided for backwards compatibility. Use OpenSSL::Cipher.\n"],["OpenSSL::Cipher::CipherError","","OpenSSL/Cipher/CipherError.html","",""],["OpenSSL::Config","","OpenSSL/Config.html","","<p>Configuration for the openssl library.\n<p>Many system’s installation of openssl library will depend on …\n"],["OpenSSL::ConfigError","","OpenSSL/ConfigError.html","","<p>General error for openssl library configuration files. Including formatting, parsing errors, etc.\n"],["OpenSSL::Digest","","OpenSSL/Digest.html","","<p>OpenSSL::Digest allows you to compute message digests (sometimes interchangeably called “hashes”) …\n"],["OpenSSL::Digest::DigestError","","OpenSSL/Digest/DigestError.html","","<p>Generic Exception class that is raised if an error occurs during a Digest operation.\n"],["OpenSSL::Engine","","OpenSSL/Engine.html","","<p>This class is the access to openssl’s ENGINE cryptographic module implementation.\n<p>See also, www.openssl.org/docs/crypto/engine.html …\n"],["OpenSSL::Engine::EngineError","","OpenSSL/Engine/EngineError.html","","<p>This is the generic exception for OpenSSL::Engine related errors\n"],["OpenSSL::ExtConfig","","OpenSSL/ExtConfig.html","","<p>This module contains configuration information about the SSL extension, for example if socket support …\n"],["OpenSSL::HMAC","","OpenSSL/HMAC.html","","<p>OpenSSL::HMAC allows computing Hash-based Message Authentication Code (HMAC). It is a type of message …\n"],["OpenSSL::HMACError","","OpenSSL/HMACError.html","","<p>Document-class: OpenSSL::HMAC\n<p>OpenSSL::HMAC allows computing Hash-based Message Authentication Code ( …\n"],["OpenSSL::KDF","","OpenSSL/KDF.html","","<p>Provides functionality of various KDFs (key derivation function).\n<p>KDF is typically used for securely deriving …\n"],["OpenSSL::KDF::KDFError","","OpenSSL/KDF/KDFError.html","","<p>Generic exception class raised if an error occurs in OpenSSL::KDF module.\n"],["OpenSSL::Marshal","","OpenSSL/Marshal.html","",""],["OpenSSL::Marshal::ClassMethods","","OpenSSL/Marshal/ClassMethods.html","",""],["OpenSSL::Netscape","","OpenSSL/Netscape.html","","<p>OpenSSL::Netscape is a namespace for SPKI (Simple Public Key Infrastructure) which implements Signed …\n"],["OpenSSL::Netscape::SPKI","","OpenSSL/Netscape/SPKI.html","","<p>A Simple Public Key Infrastructure implementation (pronounced “spooky”). The structure is defined …\n"],["OpenSSL::Netscape::SPKIError","","OpenSSL/Netscape/SPKIError.html","","<p>Generic Exception class that is raised if an error occurs during an operation on an instance of OpenSSL::Netscape::SPKI …\n"],["OpenSSL::OCSP","","OpenSSL/OCSP.html","","<p>OpenSSL::OCSP implements Online Certificate Status Protocol requests and responses.\n<p>Creating and sending …\n"],["OpenSSL::OCSP::BasicResponse","","OpenSSL/OCSP/BasicResponse.html","","<p>An OpenSSL::OCSP::BasicResponse contains the status of a certificate check which is created from an …\n"],["OpenSSL::OCSP::CertificateId","","OpenSSL/OCSP/CertificateId.html","","<p>An OpenSSL::OCSP::CertificateId identifies a certificate to the CA so that a status check can be performed. …\n"],["OpenSSL::OCSP::OCSPError","","OpenSSL/OCSP/OCSPError.html","","<p>OCSP error class.\n"],["OpenSSL::OCSP::Request","","OpenSSL/OCSP/Request.html","","<p>An OpenSSL::OCSP::Request contains the certificate information for determining if a certificate has been …\n"],["OpenSSL::OCSP::Response","","OpenSSL/OCSP/Response.html","","<p>An OpenSSL::OCSP::Response contains the status of a certificate check which is created from an OpenSSL::OCSP::Request …\n"],["OpenSSL::OCSP::SingleResponse","","OpenSSL/OCSP/SingleResponse.html","","<p>An OpenSSL::OCSP::SingleResponse represents an OCSP SingleResponse structure, which contains the basic …\n"],["OpenSSL::OpenSSLError","","OpenSSL/OpenSSLError.html","","<p>Generic error, common for all classes under OpenSSL module\n"],["OpenSSL::PKCS12","","OpenSSL/PKCS12.html","","<p>Defines a file format commonly used to store private keys with accompanying public key certificates, …\n"],["OpenSSL::PKCS12::PKCS12Error","","OpenSSL/PKCS12/PKCS12Error.html","",""],["OpenSSL::PKCS5","","OpenSSL/PKCS5.html","",""],["OpenSSL::PKCS7","","OpenSSL/PKCS7.html","",""],["OpenSSL::PKCS7::PKCS7Error","","OpenSSL/PKCS7/PKCS7Error.html","",""],["OpenSSL::PKCS7::RecipientInfo","","OpenSSL/PKCS7/RecipientInfo.html","",""],["OpenSSL::PKCS7::SignerInfo","","OpenSSL/PKCS7/SignerInfo.html","",""],["OpenSSL::PKey","","OpenSSL/PKey.html","","<p>Asymmetric Public Key Algorithms\n<p>Asymmetric public key algorithms solve the problem of establishing and …\n"],["OpenSSL::PKey::DH","","OpenSSL/PKey/DH.html","","<p>An implementation of the Diffie-Hellman key exchange protocol based on discrete logarithms in finite …\n"],["OpenSSL::PKey::DHError","","OpenSSL/PKey/DHError.html","","<p>Generic exception that is raised if an operation on a DH PKey fails unexpectedly or in case an instantiation …\n"],["OpenSSL::PKey::DSA","","OpenSSL/PKey/DSA.html","","<p>DSA, the Digital Signature Algorithm, is specified in NIST’s FIPS 186-3. It is an asymmetric public …\n"],["OpenSSL::PKey::DSAError","","OpenSSL/PKey/DSAError.html","","<p>Generic exception that is raised if an operation on a DSA PKey fails unexpectedly or in case an instantiation …\n"],["OpenSSL::PKey::EC","","OpenSSL/PKey/EC.html","","<p>OpenSSL::PKey::EC provides access to Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic …\n"],["OpenSSL::PKey::EC::Group","","OpenSSL/PKey/EC/Group.html","",""],["OpenSSL::PKey::EC::Group::Error","","OpenSSL/PKey/EC/Group/Error.html","",""],["OpenSSL::PKey::EC::Point","","OpenSSL/PKey/EC/Point.html","",""],["OpenSSL::PKey::EC::Point::Error","","OpenSSL/PKey/EC/Point/Error.html","",""],["OpenSSL::PKey::ECError","","OpenSSL/PKey/ECError.html","",""],["OpenSSL::PKey::PKey","","OpenSSL/PKey/PKey.html","","<p>An abstract class that bundles signature creation (PKey#sign) and validation (PKey#verify) that is common …\n"],["OpenSSL::PKey::PKeyError","","OpenSSL/PKey/PKeyError.html","","<p>Raised when errors occur during PKey#sign or PKey#verify.\n"],["OpenSSL::PKey::RSA","","OpenSSL/PKey/RSA.html","","<p>RSA is an asymmetric public key algorithm that has been formalized in RFC 3447. It is in widespread use …\n"],["OpenSSL::PKey::RSAError","","OpenSSL/PKey/RSAError.html","","<p>Generic exception that is raised if an operation on an RSA PKey fails unexpectedly or in case an instantiation …\n"],["OpenSSL::Random","","OpenSSL/Random.html","",""],["OpenSSL::Random::RandomError","","OpenSSL/Random/RandomError.html","",""],["OpenSSL::SSL","","OpenSSL/SSL.html","","<p>Use SSLContext to set up the parameters for a TLS (former SSL) connection. Both client and server TLS …\n"],["OpenSSL::SSL::SSLContext","","OpenSSL/SSL/SSLContext.html","","<p>An SSLContext is used to set various options regarding certificates, algorithms, verification, session …\n"],["OpenSSL::SSL::SSLError","","OpenSSL/SSL/SSLError.html","","<p>Generic error class raised by SSLSocket and SSLContext.\n"],["OpenSSL::SSL::SSLErrorWaitReadable","","OpenSSL/SSL/SSLErrorWaitReadable.html","",""],["OpenSSL::SSL::SSLErrorWaitWritable","","OpenSSL/SSL/SSLErrorWaitWritable.html","",""],["OpenSSL::SSL::SSLServer","","OpenSSL/SSL/SSLServer.html","","<p>SSLServer represents a TCP/IP server socket with Secure Sockets Layer.\n"],["OpenSSL::SSL::SSLSocket","","OpenSSL/SSL/SSLSocket.html","",""],["OpenSSL::SSL::Session","","OpenSSL/SSL/Session.html","",""],["OpenSSL::SSL::Session::SessionError","","OpenSSL/SSL/Session/SessionError.html","",""],["OpenSSL::SSL::SocketForwarder","","OpenSSL/SSL/SocketForwarder.html","",""],["OpenSSL::Timestamp","","OpenSSL/Timestamp.html","","<p>Provides classes and methods to request, create and validate RFC3161-compliant timestamps. Request may …\n"],["OpenSSL::Timestamp::Factory","","OpenSSL/Timestamp/Factory.html","","<p>Used to generate a Response from scratch.\n<p>Please bear in mind that the implementation will always apply …\n"],["OpenSSL::Timestamp::Request","","OpenSSL/Timestamp/Request.html","","<p>Allows to create timestamp requests or parse existing ones. A Request is also needed for creating timestamps …\n"],["OpenSSL::Timestamp::Response","","OpenSSL/Timestamp/Response.html","","<p>Immutable and read-only representation of a timestamp response returned from a timestamp server after …\n"],["OpenSSL::Timestamp::TimestampError","","OpenSSL/Timestamp/TimestampError.html","","<p>Generic exception class of the Timestamp module.\n"],["OpenSSL::Timestamp::TokenInfo","","OpenSSL/Timestamp/TokenInfo.html","","<p>Immutable and read-only representation of a timestamp token info from a Response.\n"],["OpenSSL::X509","","OpenSSL/X509.html","",""],["OpenSSL::X509::Attribute","","OpenSSL/X509/Attribute.html","",""],["OpenSSL::X509::AttributeError","","OpenSSL/X509/AttributeError.html","",""],["OpenSSL::X509::CRL","","OpenSSL/X509/CRL.html","",""],["OpenSSL::X509::CRLError","","OpenSSL/X509/CRLError.html","",""],["OpenSSL::X509::Certificate","","OpenSSL/X509/Certificate.html","","<p>Implementation of an X.509 certificate as specified in RFC 5280. Provides access to a certificate’s …\n"],["OpenSSL::X509::CertificateError","","OpenSSL/X509/CertificateError.html","",""],["OpenSSL::X509::Extension","","OpenSSL/X509/Extension.html","",""],["OpenSSL::X509::Extension::AuthorityInfoAccess","","OpenSSL/X509/Extension/AuthorityInfoAccess.html","",""],["OpenSSL::X509::Extension::AuthorityKeyIdentifier","","OpenSSL/X509/Extension/AuthorityKeyIdentifier.html","",""],["OpenSSL::X509::Extension::CRLDistributionPoints","","OpenSSL/X509/Extension/CRLDistributionPoints.html","",""],["OpenSSL::X509::Extension::Helpers","","OpenSSL/X509/Extension/Helpers.html","",""],["OpenSSL::X509::Extension::SubjectKeyIdentifier","","OpenSSL/X509/Extension/SubjectKeyIdentifier.html","",""],["OpenSSL::X509::ExtensionError","","OpenSSL/X509/ExtensionError.html","",""],["OpenSSL::X509::ExtensionFactory","","OpenSSL/X509/ExtensionFactory.html","",""],["OpenSSL::X509::Name","","OpenSSL/X509/Name.html","","<p>An X.509 name represents a hostname, email address or other entity associated with a public key.\n<p>You can …\n"],["OpenSSL::X509::Name::RFC2253DN","","OpenSSL/X509/Name/RFC2253DN.html","",""],["OpenSSL::X509::NameError","","OpenSSL/X509/NameError.html","",""],["OpenSSL::X509::Request","","OpenSSL/X509/Request.html","",""],["OpenSSL::X509::RequestError","","OpenSSL/X509/RequestError.html","",""],["OpenSSL::X509::Revoked","","OpenSSL/X509/Revoked.html","",""],["OpenSSL::X509::RevokedError","","OpenSSL/X509/RevokedError.html","",""],["OpenSSL::X509::Store","","OpenSSL/X509/Store.html","","<p>The X509 certificate store holds trusted CA certificates used to verify peer certificates.\n<p>The easiest …\n"],["OpenSSL::X509::StoreContext","","OpenSSL/X509/StoreContext.html","","<p>A StoreContext is used while validating a single certificate and holds the status involved.\n"],["OpenSSL::X509::StoreError","","OpenSSL/X509/StoreError.html","",""],["%","OpenSSL::BN","OpenSSL/BN.html#method-i-25","(p1)",""],["*","OpenSSL::BN","OpenSSL/BN.html#method-i-2A","(p1)",""],["**","OpenSSL::BN","OpenSSL/BN.html#method-i-2A-2A","(p1)",""],["+","OpenSSL::BN","OpenSSL/BN.html#method-i-2B","(p1)",""],["+@","OpenSSL::BN","OpenSSL/BN.html#method-i-2B-40","()",""],["-","OpenSSL::BN","OpenSSL/BN.html#method-i-2D","(p1)",""],["-@","OpenSSL::BN","OpenSSL/BN.html#method-i-2D-40","()",""],["/","OpenSSL::BN","OpenSSL/BN.html#method-i-2F","(p1)","<p>Division of OpenSSL::BN instances\n"],["<<","OpenSSL::BN","OpenSSL/BN.html#method-i-3C-3C","(p1)",""],["<<","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-3C-3C","(s)","<p>Writes <em>s</em> to the stream. <em>s</em> will be converted to a String using <code>.to_s</code> method.\n"],["<<","OpenSSL::Buffering::Buffer","OpenSSL/Buffering/Buffer.html#method-i-3C-3C","(string)",""],["<<","OpenSSL::Digest","OpenSSL/Digest.html#method-i-3C-3C","(p1)","<p>Not every message digest can be computed in one single pass. If a message digest is to be computed from …\n"],["<<","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-3C-3C","(p1)","<p>Returns <em>hmac</em> updated with the message to be authenticated. Can be called repeatedly with chunks of the …\n"],["<=>","OpenSSL::BN","OpenSSL/BN.html#method-i-3C-3D-3E","(p1)",""],["<=>","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-3C-3D-3E","(p1)","<p>Compares this Name with <em>other</em> and returns <code>0</code> if they are the same and <code>-1</code> or <code>+1</code> if they are greater or …\n"],["==","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> if <em>other_oid</em> is the same as <em>oid</em>\n"],["==","OpenSSL::BN","OpenSSL/BN.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> only if <em>obj</em> has the same value as <em>bn</em>. Contrast this with OpenSSL::BN#eql?, which requires …\n"],["==","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-3D-3D","(other)","<p>Securely compare with another HMAC instance in constant time.\n"],["==","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> if the two groups use the same curve and have the same parameters, <code>false</code> otherwise.\n"],["==","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-3D-3D","(p1)",""],["==","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-3D-3D","(p1)","<p>Returns <code>true</code> if the two Session is the same, <code>false</code> if not.\n"],["==","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-3D-3D","(p1)","<p>Compares the two certificates. Note that this takes into account all fields, not just the issuer name …\n"],["==","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-3D-3D","(other)",""],["==","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-3D-3D","(other)",""],["===","OpenSSL::BN","OpenSSL/BN.html#method-i-3D-3D-3D","(p1)","<p>Returns <code>true</code> only if <em>obj</em> has the same value as <em>bn</em>. Contrast this with OpenSSL::BN#eql?, which requires …\n"],[">>","OpenSSL::BN","OpenSSL/BN.html#method-i-3E-3E","(p1)",""],["Digest","OpenSSL","OpenSSL.html#method-c-Digest","(name)","<p>Returns a Digest subclass by <em>name</em>\n\n<pre class=\"ruby\"><span class=\"ruby-identifier\">require</span> <span class=\"ruby-string\">'openssl'</span>\n\n<span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Digest</span>(<span class=\"ruby-string\">"MD5"</span>)\n<span class=\"ruby-comment\"># => OpenSSL::Digest::MD5 ...</span>\n</pre>\n"],["[]","OpenSSL::Config","OpenSSL/Config.html#method-i-5B-5D","(p1)","<p>Gets all key-value pairs in a specific <em>section</em> from the current configuration.\n<p>Given the following configurating …\n"],["_dump","OpenSSL::Marshal","OpenSSL/Marshal.html#method-i-_dump","(_level)",""],["_load","OpenSSL::Marshal::ClassMethods","OpenSSL/Marshal/ClassMethods.html#method-i-_load","(string)",""],["abs","OpenSSL::BN","OpenSSL/BN.html#method-i-abs","()",""],["accept","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-accept","()","<p>Works similar to TCPServer#accept.\n"],["accept","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-accept","()","<p>Waits for a SSL/TLS client to initiate a handshake.\n"],["accept_nonblock","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-accept_nonblock","(p1 = {})","<p>Initiates the SSL/TLS handshake as a server in non-blocking manner.\n\n<pre># emulates blocking accept\nbegin\n ...</pre>\n"],["add","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-add","(p1)","<p>Performs elliptic curve point addition.\n"],["add_attribute","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-add_attribute","(p1)",""],["add_cert","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_cert","(p1)","<p>Adds the OpenSSL::X509::Certificate <em>cert</em> to the certificate store.\n<p>See also the man page X509_STORE_add_cert …\n"],["add_certid","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-add_certid","(p1)","<p>Adds <em>certificate_id</em> to the request.\n"],["add_certificate","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_certificate","(p1)",""],["add_certificate","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-add_certificate","(p1, p2, p3 = v3)","<p>Adds a certificate to the context. <em>pkey</em> must be a corresponding private key with <em>certificate</em>.\n<p>Multiple …\n"],["add_crl","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_crl","(p1)",""],["add_crl","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_crl","(p1)","<p>Adds the OpenSSL::X509::CRL <em>crl</em> to the store.\n<p>See also the man page X509_STORE_add_crl(3).\n"],["add_data","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_data","(p1)",""],["add_entry","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-add_entry","(p1, p2, p3 = v3, p4 = {})","<p>Adds a new entry with the given <em>oid</em> and <em>value</em> to this name. The <em>oid</em> is an object identifier defined …\n"],["add_extension","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-add_extension","(p1)",""],["add_extension","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-add_extension","(p1)",""],["add_extension","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-add_extension","(p1)",""],["add_file","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_file","(p1)","<p>Adds the certificates in <em>file</em> to the certificate store. <em>file</em> is the path to the file, and the file contains …\n"],["add_nonce","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-add_nonce","(p1 = v1)","<p>Adds <em>nonce</em> to this response. If no nonce was provided a random nonce will be added.\n"],["add_nonce","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-add_nonce","(p1 = v1)","<p>Adds a <em>nonce</em> to the OCSP request. If no nonce is given a random one will be generated.\n<p>The nonce is used …\n"],["add_path","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-add_path","(p1)","<p>Adds <em>path</em> as the hash dir to be looked up by the store.\n<p>See also the man page X509_LOOKUP_hash_dir(3). …\n"],["add_recipient","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_recipient","(p1)",""],["add_revoked","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-add_revoked","(p1)",""],["add_signer","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-add_signer","(p1)",""],["add_status","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-add_status","(p1, p2, p3, p4, p5, p6, p7)","<p>Adds a certificate status for <em>certificate_id</em>. <em>status</em> is the status, and must be one of these:\n<p>OpenSSL::OCSP::V_CERTSTATUS_GOOD …\n"],["addr","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-addr","()",""],["algorithm","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-algorithm","()","<p>Returns the ‘short name’ of the object identifier that represents the algorithm that was used …\n"],["algorithm","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-algorithm","()","<p>Returns the ‘short name’ of the object identifier representing the algorithm that was used to …\n"],["algorithm=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-algorithm-3D","(p1)","<p>Allows to set the object identifier or the ‘short name’ of the algorithm that was used to create …\n"],["alpn_protocol","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-alpn_protocol","()","<p>Returns the ALPN protocol string that was finally selected by the server during the handshake.\n"],["asn1_flag","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-asn1_flag","()","<p>Returns the flags set on the group.\n<p>See also #asn1_flag=.\n"],["asn1_flag=","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-asn1_flag-3D","(p1)","<p>Sets flags on the group. The flag value is used to determine how to encode the group: encode explicit …\n"],["attributes","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-attributes","()",""],["attributes=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-attributes-3D","(p1)",""],["auth_data=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_data-3D","(p1)","<p>Sets the cipher’s additional authenticated data. This field must be set when using AEAD cipher modes …\n"],["auth_tag","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_tag","(p1 = v1)","<p>Gets the authentication tag generated by Authenticated Encryption Cipher modes (GCM for example). This …\n"],["auth_tag=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_tag-3D","(p1)","<p>Sets the authentication tag to verify the integrity of the ciphertext. This can be called only when the …\n"],["auth_tag_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-auth_tag_len-3D","(p1)","<p>Sets the length of the authentication tag to be generated or to be given for AEAD ciphers that requires …\n"],["authenticated?","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-authenticated-3F","()","<p>Indicated whether this Cipher instance uses an Authenticated Encryption mode.\n"],["authority_key_identifier","OpenSSL::X509::Extension::AuthorityKeyIdentifier","OpenSSL/X509/Extension/AuthorityKeyIdentifier.html#method-i-authority_key_identifier","()","<p>Get the issuing certificate’s key identifier from the authorityKeyIdentifier extension, as described …\n"],["base64digest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-base64digest","()","<p>Returns the authentication code an a Base64-encoded string.\n"],["base64digest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-c-base64digest","(digest, key, data)","<p>Returns the authentication code as a Base64-encoded string. The <em>digest</em> parameter specifies the digest …\n"],["basic","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-basic","()","<p>Returns a BasicResponse for this response\n"],["bit_set?","OpenSSL::BN","OpenSSL/BN.html#method-i-bit_set-3F","(p1)","<p>Tests bit <em>bit</em> in <em>bn</em> and returns <code>true</code> if set, <code>false</code> if not set.\n"],["block_length","OpenSSL::Digest","OpenSSL/Digest.html#method-i-block_length","()","<p>Returns the block length of the digest algorithm, i.e. the length in bytes of an individual block. Most …\n"],["block_size","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-block_size","()","<p>Returns the size in bytes of the blocks on which this Cipher operates on.\n"],["builtin_curves","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-c-builtin_curves","()","<p>Obtains a list of all predefined curves by the OpenSSL. Curve names are returned as sn.\n<p>See the OpenSSL …\n"],["by_id","OpenSSL::Engine","OpenSSL/Engine.html#method-c-by_id","(p1)","<p>Fetches the engine as specified by the <em>id</em> String.\n\n<pre>OpenSSL::Engine.by_id("openssl")\n => #<OpenSSL::Engine ...</pre>\n"],["ca_issuer_uris","OpenSSL::X509::Extension::AuthorityInfoAccess","OpenSSL/X509/Extension/AuthorityInfoAccess.html#method-i-ca_issuer_uris","()","<p>Get the information and services for the issuer from the certificate’s authority information access …\n"],["ccm_data_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-ccm_data_len-3D","(p1)","<p>Sets the length of the plaintext / ciphertext message that will be processed in CCM mode. Make sure to …\n"],["cert","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-cert","()","<p>The X509 certificate for this socket endpoint.\n"],["cert_requested=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-cert_requested-3D","(p1)","<p>Specify whether the response shall contain the timestamp authority’s certificate or not. The default …\n"],["cert_requested?","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-cert_requested-3F","()","<p>Indicates whether the response shall contain the timestamp authority’s certificate or not.\n"],["cert_status","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-cert_status","()","<p>Returns the status of the certificate identified by the certid. The return value may be one of these …\n"],["certid","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-certid","()","<p>Returns all certificate IDs in this request.\n"],["certid","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-certid","()","<p>Returns the CertificateId for which this SingleResponse is.\n"],["certificates","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-certificates","()",""],["certificates=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-certificates-3D","(p1)",""],["chain","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-chain","()","<p>Returns the verified chain.\n<p>See also the man page X509_STORE_CTX_set0_verified_chain(3).\n"],["challenge","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-challenge","()","<p>Returns the challenge string associated with this SPKI.\n"],["challenge=","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-challenge-3D","(p1)","<p>Parameters\n<p><em>str</em> - the challenge string to be set for this instance\n\n<p>Sets the challenge to be associated with …\n"],["check_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-check_key","()","<p>Raises an exception if the key is invalid.\n<p>See also the man page EVP_PKEY_public_check(3).\n"],["check_nonce","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-check_nonce","(p1)","<p>Checks the nonce validity for this request and <em>response</em>.\n<p>The return value is one of the following:\n<p>-1 … — "],["check_private_key","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-check_private_key","(p1)","<p>Returns <code>true</code> if <em>key</em> is the corresponding private key to the Subject Public Key Information, <code>false</code> otherwise. …\n"],["check_validity","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-check_validity","(p1 = v1, p2 = v2)","<p>Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse. This checks the current …\n"],["cipher","OpenSSL::Engine","OpenSSL/Engine.html#method-i-cipher","(p1)","<p>Returns a new instance of OpenSSL::Cipher by <em>name</em>, if it is available in this engine.\n<p>An EngineError will …\n"],["cipher","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-cipher","()","<p>Returns the cipher suite actually used in the current session, or nil if no session has been established. …\n"],["cipher=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-cipher-3D","(p1)",""],["ciphers","OpenSSL::Cipher","OpenSSL/Cipher.html#method-c-ciphers","()","<p>Returns the names of all available ciphers in an array.\n"],["ciphers","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ciphers","()","<p>The list of cipher suites configured for this context.\n"],["ciphers=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ciphers-3D","(p1)","<p>Sets the list of available cipher suites for this context. Note in a server context some ciphers require …\n"],["cleanup","OpenSSL::Engine","OpenSSL/Engine.html#method-c-cleanup","()","<p>It is only necessary to run cleanup when engines are loaded via OpenSSL::Engine.load. However, running …\n"],["cleanup","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-cleanup","()",""],["clear_bit!","OpenSSL::BN","OpenSSL/BN.html#method-i-clear_bit-21","(p1)",""],["client_ca","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-client_ca","()","<p>Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of X509::Certificate …\n"],["close","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-close","()","<p>Closes the SSLSocket and flushes any unwritten data.\n"],["close","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-close","()","<p>See IO#close for details.\n"],["closed?","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-closed-3F","()",""],["cmds","OpenSSL::Engine","OpenSSL/Engine.html#method-i-cmds","()","<p>Returns an array of command definitions for the current engine\n"],["cmp","OpenSSL::BN","OpenSSL/BN.html#method-i-cmp","(p1)",""],["cmp","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-cmp","(p1)","<p>Compares this certificate id with <em>other</em> and returns <code>true</code> if they are the same.\n"],["cmp","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-cmp","(p1)","<p>Compares this Name with <em>other</em> and returns <code>0</code> if they are the same and <code>-1</code> or <code>+1</code> if they are greater or …\n"],["cmp_issuer","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-cmp_issuer","(p1)","<p>Compares this certificate id’s issuer with <em>other</em> and returns <code>true</code> if they are the same.\n"],["coerce","OpenSSL::BN","OpenSSL/BN.html#method-i-coerce","(p1)",""],["cofactor","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-cofactor","()","<p>Returns the cofactor of the group.\n<p>See the OpenSSL documentation for EC_GROUP_get_cofactor()\n"],["compare?","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-compare-3F","(p1)","<p>Used primarily to check if an OpenSSL::X509::Certificate#public_key compares to its private key.\n<p>Example …\n"],["compute_key","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-compute_key","(pub_bn)","<p>Returns a String containing a shared secret computed from the other party’s public value.\n<p>This method …\n"],["concat","OpenSSL::Buffering::Buffer","OpenSSL/Buffering/Buffer.html#method-i-concat","(string)",""],["connect","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-connect","()","<p>Initiates an SSL/TLS handshake with a server.\n"],["connect_nonblock","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-connect_nonblock","(p1 = {})","<p>Initiates the SSL/TLS handshake as a client in non-blocking manner.\n\n<pre># emulates blocking connect\nbegin ...</pre>\n"],["copy","OpenSSL::BN","OpenSSL/BN.html#method-i-copy","(p1)",""],["copy_nonce","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-copy_nonce","(p1)","<p>Copies the nonce from <em>request</em> into this response. Returns 1 on success and 0 on failure.\n"],["create","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-c-create","(p1, p2)","<p>Creates an OpenSSL::OCSP::Response from <em>status</em> and <em>basic_response</em>.\n"],["create","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-c-create","(p1, p2, p3, p4, p5 = v5, p6 = v6, p7 = v7, p8 = v8, p9 = v9, p10 = v10)","<p>Parameters\n<p><em>pass</em> - string\n<p><em>name</em> - A string describing the key.\n"],["create_ext","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext","(p1, p2, p3 = v3)","<p>Creates a new X509::Extension with passed values. See also x509v3_config(5).\n"],["create_ext_from_array","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext_from_array","(ary)",""],["create_ext_from_hash","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext_from_hash","(hash)",""],["create_ext_from_string","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_ext_from_string","(str)",""],["create_extension","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-create_extension","(*arg)",""],["create_timestamp","OpenSSL::Timestamp::Factory","OpenSSL/Timestamp/Factory.html#method-i-create_timestamp","(p1, p2, p3)","<p>Creates a Response with the help of an OpenSSL::PKey, an OpenSSL::X509::Certificate and a Request.\n<p>Mandatory …\n"],["critical=","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-critical-3D","(p1)",""],["critical?","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-critical-3F","()",""],["crl=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-crl-3D","(p1)",""],["crl_uris","OpenSSL::X509::Extension::CRLDistributionPoints","OpenSSL/X509/Extension/CRLDistributionPoints.html#method-i-crl_uris","()","<p>Get the distributionPoint fullName URI from the certificate’s CRL distribution points extension, …\n"],["crls","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-crls","()",""],["crls=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-crls-3D","(p1)",""],["ctrl_cmd","OpenSSL::Engine","OpenSSL/Engine.html#method-i-ctrl_cmd","(p1, p2 = v2)","<p>Sends the given <em>command</em> to this engine.\n<p>Raises an EngineError if the command fails.\n"],["current_cert","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-current_cert","()","<p>Returns the certificate which caused the error.\n<p>See also the man page X509_STORE_CTX_get_current_cert …\n"],["current_crl","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-current_crl","()","<p>Returns the CRL which caused the error.\n<p>See also the man page X509_STORE_CTX_get_current_crl(3).\n"],["curve_name","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-curve_name","()","<p>Returns the curve name (sn).\n<p>See the OpenSSL documentation for EC_GROUP_get_curve_name()\n"],["data=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-data-3D","(p1)",""],["debug","OpenSSL","OpenSSL.html#method-c-debug","()",""],["debug=","OpenSSL","OpenSSL.html#method-c-debug-3D","(p1)","<p>Turns on or off debug mode. With debug mode, all errors added to the OpenSSL error queue will be printed …\n"],["decode","OpenSSL::ASN1","OpenSSL/ASN1.html#method-c-decode","(p1)","<p>Decodes a BER- or DER-encoded value and creates an ASN1Data instance. <em>der</em> may be a String or any object …\n"],["decode_all","OpenSSL::ASN1","OpenSSL/ASN1.html#method-c-decode_all","(p1)","<p>Similar to #decode with the difference that #decode expects one distinct value represented in <em>der</em>. #decode_all …\n"],["decrypt","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-decrypt","(*args)","<p>Initializes the Cipher for decryption.\n<p>Make sure to call Cipher#encrypt or Cipher#decrypt before using …\n"],["decrypt","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-decrypt","(p1, p2 = v2, p3 = v3)",""],["decrypt","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-decrypt","(p1, p2 = v2)","<p>Performs a public key decryption operation using <code>pkey</code>.\n<p>See #encrypt for a description of the parameters …\n"],["degree","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-degree","()","<p>See the OpenSSL documentation for EC_GROUP_get_degree()\n"],["derive","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-derive","(p1)","<p>Derives a shared secret from <em>pkey</em> and <em>peer_pkey</em>. <em>pkey</em> must contain the private components, <em>peer_pkey</em> …\n"],["detached","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-detached","()",""],["detached=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-detached-3D","(p1)",""],["detached?","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-detached-3F","()",""],["dh_compute_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-dh_compute_key","(pubkey)","<p>Derives a shared secret by ECDH. <em>pubkey</em> must be an instance of OpenSSL::PKey::EC::Point and must belong …\n"],["digest","OpenSSL::Digest","OpenSSL/Digest.html#method-c-digest","(name, data)","<p>Return the hash value computed with <em>name</em> Digest. <em>name</em> is either the long name or short name of a supported …\n"],["digest","OpenSSL::Engine","OpenSSL/Engine.html#method-i-digest","(p1)","<p>Returns a new instance of OpenSSL::Digest by <em>name</em>.\n<p>Will raise an EngineError if the digest is unavailable. …\n"],["digest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-digest","()","<p>Returns the authentication code an instance represents as a binary string.\n<p>Example\n\n<pre>instance = OpenSSL::HMAC.new('key', ...</pre>\n"],["digest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-c-digest","(digest, key, data)","<p>Returns the authentication code as a binary string. The <em>digest</em> parameter specifies the digest algorithm …\n"],["digest_length","OpenSSL::Digest","OpenSSL/Digest.html#method-i-digest_length","()","<p>Returns the output size of the digest, i.e. the length in bytes of the final message digest result.\n<p>Example …\n"],["do_not_reverse_lookup=","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-do_not_reverse_lookup-3D","(flag)",""],["dsa_sign_asn1","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-dsa_sign_asn1","(data)","<p><strong>Deprecated in version 3.0</strong>. Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.\n"],["dsa_verify_asn1","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-dsa_verify_asn1","(data, sig)","<p><strong>Deprecated in version 3.0</strong>. Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.\n"],["each","OpenSSL::ASN1::Constructive","OpenSSL/ASN1/Constructive.html#method-i-each","()","<p>Calls the given block once for each element in self, passing that element as parameter <em>asn1</em>. If no block …\n"],["each","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-each","(eol=$/)","<p>Executes the block for every line in the stream where lines are separated by <em>eol</em>.\n<p>See also #gets\n"],["each","OpenSSL::Config","OpenSSL/Config.html#method-i-each","()","<p>Retrieves the section and its pairs for the current configuration.\n\n<pre>config.each do |section, key, value| ...</pre>\n"],["each_byte","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-each_byte","()","<p>Calls the given block once for each byte in the stream.\n"],["each_line","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-each_line","(eol=$/)",""],["ecdh_curves=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ecdh_curves-3D","(p1)","<p>Sets the list of “supported elliptic curves” for this context.\n<p>For a TLS client, the list is …\n"],["egd","OpenSSL::Random","OpenSSL/Random.html#method-c-egd","(p1)","<p>Same as ::egd_bytes but queries 255 bytes by default.\n"],["egd_bytes","OpenSSL::Random","OpenSSL/Random.html#method-c-egd_bytes","(p1, p2)","<p>Queries the entropy gathering daemon EGD on socket path given by <em>filename</em>.\n<p>Fetches <em>length</em> number of bytes …\n"],["enable_fallback_scsv","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-enable_fallback_scsv","()","<p>Activate TLS_FALLBACK_SCSV for this context. See RFC 7507.\n"],["enc_key","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-i-enc_key","()",""],["encrypt","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-encrypt","(*args)","<p>Initializes the Cipher for encryption.\n<p>Make sure to call Cipher#encrypt or Cipher#decrypt before using …\n"],["encrypt","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-encrypt","(p1, p2, p3 = v3, p4 = v4)",""],["encrypt","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-encrypt","(p1, p2 = v2)","<p>Performs a public key encryption operation using <code>pkey</code>.\n<p>See #decrypt for the reverse operation.\n<p>Added in …\n"],["engines","OpenSSL::Engine","OpenSSL/Engine.html#method-c-engines","()","<p>Returns an array of currently loaded engines.\n"],["eof","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-eof","()",""],["eof?","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-eof-3F","()","<p>Returns true if the stream is at file which means there is no more data to be read.\n"],["eql?","OpenSSL::BN","OpenSSL/BN.html#method-i-eql-3F","(p1)","<p>Returns <code>true</code> only if <em>obj</em> is a <code>OpenSSL::BN</code> with the same value as <em>bn</em>. Contrast this with OpenSSL::BN#== …\n"],["eql?","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-eql-3F","(p1)","<p>Returns <code>true</code> if the two groups use the same curve and have the same parameters, <code>false</code> otherwise.\n"],["eql?","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-eql-3F","(p1)",""],["eql?","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-eql-3F","(p1)","<p>Returns true if <em>name</em> and <em>other</em> refer to the same hash key.\n"],["error","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error","()","<p>Returns the error code of <em>stctx</em>. This is typically called after #verify is done, or from the verification …\n"],["error=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error-3D","(p1)","<p>Sets the error code of <em>stctx</em>. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback= …\n"],["error_depth","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error_depth","()","<p>Returns the depth of the chain. This is used in combination with #error.\n<p>See also the man page X509_STORE_CTX_get_error_depth …\n"],["error_string","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-error_string","()","<p>Returns the human readable error string corresponding to the error code retrieved by #error.\n<p>See also …\n"],["errors","OpenSSL","OpenSSL.html#method-c-errors","()","<p>See any remaining errors held in queue.\n<p>Any errors you see here are probably due to a bug in Ruby’s …\n"],["expand_hexstring","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-expand_hexstring","(str)",""],["expand_pair","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-expand_pair","(str)",""],["expand_value","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-expand_value","(str1, str2, str3)",""],["export","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-export","()","<p>Encodes this DH to its PEM encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["export","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-export","(*args)","<p>Encodes this DSA to its PEM encoding.\n<p>Parameters\n<p><em>cipher</em> is an OpenSSL::Cipher.\n"],["export","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-export","(*args)","<p>Outputs the EC key in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["export","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-export","(*args)","<p>Outputs this keypair in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["extensions","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-extensions","()",""],["extensions","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-extensions","()","<p>Gets X509v3 extensions as array of X509Ext objects\n"],["extensions","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-extensions","()",""],["extensions","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-extensions","()","<p>Gets X509v3 extensions as array of X509Ext objects\n"],["extensions=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-extensions-3D","(p1)","<p>Sets X509_EXTENSIONs\n"],["extensions=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-extensions-3D","(p1)",""],["extensions=","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-extensions-3D","(p1)","<p>Sets X509_EXTENSIONs\n"],["failure_info","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-failure_info","()","<p>In cases no timestamp token has been created, this field contains further info about the reason why response …\n"],["fcntl","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-fcntl","(*args)",""],["fileno","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-fileno","()","<p>The file descriptor for the socket.\n"],["final","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-final","()","<p>Returns the remaining data held in the cipher object. Further calls to Cipher#update or Cipher#final …\n"],["find_extension","OpenSSL::X509::Extension::Helpers","OpenSSL/X509/Extension/Helpers.html#method-i-find_extension","(oid)",""],["find_response","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-find_response","(p1)","<p>Returns a SingleResponse whose CertId matches with <em>certificate_id</em>, or <code>nil</code> if this BasicResponse does …\n"],["finish","OpenSSL::Engine","OpenSSL/Engine.html#method-i-finish","()","<p>Releases all internal structural references for this engine.\n<p>May raise an EngineError if the engine is …\n"],["finished_message","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-finished_message","()","<p>Returns the last <strong>Finished</strong> message sent\n"],["fips_mode","OpenSSL","OpenSSL.html#method-c-fips_mode","()",""],["fips_mode=","OpenSSL","OpenSSL.html#method-c-fips_mode-3D","(p1)","<p>Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an effect for FIPS-capable installations …\n"],["fixed_length_secure_compare","OpenSSL","OpenSSL.html#method-c-fixed_length_secure_compare","(p1, p2)","<p>Constant time memory comparison for fixed length strings, such as results of HMAC calculations.\n<p>Returns …\n"],["flags=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-flags-3D","(p1)","<p>Sets the default flags used by certificate chain verification performed with the Store.\n<p><em>flags</em> consists …\n"],["flags=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-flags-3D","(p1)","<p>Sets the verification flags to the context. This overrides the default value set by Store#flags=.\n<p>See …\n"],["flush","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-flush","()","<p>Flushes buffered data to the SSLSocket.\n"],["flush_sessions","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-flush_sessions","(p1 = v1)","<p>Removes sessions in the internal cache that have expired at <em>time</em>.\n"],["freeze","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-freeze","()","<p>This method is called automatically when a new SSLSocket is created. However, it is not thread-safe and …\n"],["gcd","OpenSSL::BN","OpenSSL/BN.html#method-i-gcd","(p1)",""],["gen_time","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-gen_time","()","<p>Returns time when this timestamp token was created. If status is GRANTED or GRANTED_WITH_MODS, this is …\n"],["generate","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-c-generate","(size, generator = 2, &blk)","<p>Creates a new DH instance from scratch by generating random parameters and a key pair.\n<p>See also OpenSSL::PKey.generate_parameters …\n"],["generate","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-c-generate","(size, &blk)","<p>Creates a new DSA instance by generating a private/public key pair from scratch.\n<p>See also OpenSSL::PKey.generate_parameters …\n"],["generate","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-c-generate","(p1)","<p>Creates a new EC instance with a new random private and public key.\n"],["generate","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-c-generate","(size, exp = 0x10001, &blk)","<p>Generates an RSA keypair.\n<p>See also OpenSSL::PKey.generate_key.\n<p><code>size</code> — The desired key size in bits.\n"],["generate_key","OpenSSL::PKey","OpenSSL/PKey.html#method-c-generate_key","(*args)","<p>Generates a new key (pair).\n<p>If a String is given as the first argument, it generates a new random key …\n"],["generate_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-generate_key","()","<p>Generates a new random private and public key.\n<p>See also the OpenSSL documentation for EC_KEY_generate_key …\n"],["generate_key!","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-generate_key-21","()","<p>Generates a private and public key unless a private key already exists. If this DH instance was generated …\n"],["generate_key!","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-generate_key-21","()","<p>Generates a new random private and public key.\n<p>See also the OpenSSL documentation for EC_KEY_generate_key …\n"],["generate_parameters","OpenSSL::PKey","OpenSSL/PKey.html#method-c-generate_parameters","(*args)","<p>Generates new parameters for the algorithm. <em>algo_name</em> is a String that represents the algorithm. The …\n"],["generate_prime","OpenSSL::BN","OpenSSL/BN.html#method-c-generate_prime","(p1, p2 = v2, p3 = v3, p4 = v4)","<p>Generates a random prime number of bit length <em>bits</em>. If <em>safe</em> is set to <code>true</code>, generates a safe prime. …\n"],["generator","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-generator","()","<p>Returns the generator of the group.\n<p>See the OpenSSL documentation for EC_GROUP_get0_generator()\n"],["get_flags","OpenSSL::BN","OpenSSL/BN.html#method-i-get_flags","(p1)","<p>Returns the flags on the BN object. The argument is used as a bit mask.\n<p>Parameters\n<p><em>flags</em> - integer\n"],["get_value","OpenSSL::Config","OpenSSL/Config.html#method-i-get_value","(p1, p2)","<p>Gets the value of <em>key</em> from the given <em>section</em>.\n<p>Given the following configurating file being loaded:\n\n<pre class=\"ruby\"><span class=\"ruby-identifier\">config</span> <span class=\"ruby-operator\">...</span>\n</pre>\n"],["getbyte","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-getbyte","()","<p>Get the next 8bit byte from ‘ssl`. Returns `nil` on EOF\n"],["getc","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-getc","()","<p>Reads one character from the stream. Returns nil if called at end of file.\n"],["gets","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-gets","(eol=$/, limit=nil)","<p>Reads the next “line” from the stream. Lines are separated by <em>eol</em>. If <em>limit</em> is provided the …\n"],["getsockopt","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-getsockopt","(level, optname)",""],["group","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-group","()","<p>Returns the EC::Group that the key is associated with. Modifying the returned group does not affect …\n"],["group=","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-group-3D","(p1)","<p>Sets the EC::Group for the key. The group structure is internally copied so modification to <em>group</em> after …\n"],["hash","OpenSSL::BN","OpenSSL/BN.html#method-i-hash","()","<p>Returns a hash code for this object.\n<p>See also Object#hash.\n"],["hash","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-hash","()","<p>The hash value returned is suitable for use as a certificate’s filename in a CA path.\n"],["hash_algorithm","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-hash_algorithm","()","<p>Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash …\n"],["hash_old","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-hash_old","()","<p>Returns an MD5 based hash used in OpenSSL 0.9.X.\n"],["hexdigest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-hexdigest","()","<p>Returns the authentication code an instance represents as a hex-encoded string.\n"],["hexdigest","OpenSSL::HMAC","OpenSSL/HMAC.html#method-c-hexdigest","(digest, key, data)","<p>Returns the authentication code as a hex-encoded string. The <em>digest</em> parameter specifies the digest algorithm …\n"],["hkdf","OpenSSL::KDF","OpenSSL/KDF.html#method-c-hkdf","(p1, p2 = {})","<p>HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as specified in RFC 5869.\n<p>New in OpenSSL …\n"],["hostname=","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-hostname-3D","(p1)","<p>Sets the server hostname used for SNI. This needs to be set before SSLSocket#connect.\n"],["id","OpenSSL::Engine","OpenSSL/Engine.html#method-i-id","()","<p>Gets the id for this engine.\n\n<pre class=\"ruby\"><span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">load</span>\n<span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">engines</span> <span class=\"ruby-comment\">#=> [#<OpenSSL::Engine#>, ...] ...</span>\n</pre>\n"],["id","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-id","()","<p>Returns the Session ID.\n"],["included","OpenSSL::Marshal","OpenSSL/Marshal.html#method-c-included","(base)",""],["infinity?","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-infinity-3F","()",""],["initialize_copy","OpenSSL::BN","OpenSSL/BN.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::Config","OpenSSL/Config.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::Digest","OpenSSL/Digest.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-initialize_copy","(p1)",""],["initialize_copy","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-initialize_copy","(p1)",""],["inspect","OpenSSL::Config","OpenSSL/Config.html#method-i-inspect","()","<p>String representation of this configuration object, including the class name and its sections.\n"],["inspect","OpenSSL::Engine","OpenSSL/Engine.html#method-i-inspect","()","<p>Pretty prints this engine.\n"],["inspect","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-inspect","()","<p>Returns the authentication code an instance represents as a hex-encoded string.\n"],["inspect","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-inspect","()","<p>Returns a string describing the PKey object.\n"],["inspect","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-inspect","()",""],["invert!","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-invert-21","()",""],["issuer","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-i-issuer","()",""],["issuer","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-i-issuer","()",""],["issuer","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-issuer","()",""],["issuer","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-issuer","()",""],["issuer=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-issuer-3D","(p1)",""],["issuer=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-issuer-3D","(p1)",""],["issuer_certificate=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-issuer_certificate-3D","(p1)",""],["issuer_key_hash","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-issuer_key_hash","()","<p>Returns the issuerKeyHash of this certificate ID, the hash of the issuer’s public key.\n"],["issuer_name_hash","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-issuer_name_hash","()","<p>Returns the issuerNameHash of this certificate ID, the hash of the issuer’s distinguished name calculated …\n"],["iv=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-iv-3D","(p1)","<p>Sets the cipher IV. Please note that since you should never be using ECB mode, an IV is always explicitly …\n"],["iv_len","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-iv_len","()","<p>Returns the expected length in bytes for an IV for this Cipher.\n"],["iv_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-iv_len-3D","(p1)","<p>Sets the IV/nonce length of the Cipher. Normally block ciphers don’t allow changing the IV length, …\n"],["key=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-key-3D","(p1)","<p>Sets the cipher key. To generate a key, you should either use a secure random byte string or, if the …\n"],["key_len","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-key_len","()","<p>Returns the key length in bytes of the Cipher.\n"],["key_len=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-key_len-3D","(p1)","<p>Sets the key length of the cipher. If the cipher is a fixed length cipher then attempting to set the …\n"],["last_update","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-last_update","()",""],["last_update=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-last_update-3D","(p1)",""],["listen","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-listen","(backlog=Socket::SOMAXCONN)","<p>See TCPServer#listen for details.\n"],["ln","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-ln","()","<p>The long name of the ObjectId, as defined in <openssl/objects.h>.\n"],["load","OpenSSL::Engine","OpenSSL/Engine.html#method-c-load","(p1 = v1)","<p>This method loads engines. If <em>name</em> is nil, then all builtin engines are loaded. Otherwise, the given …\n"],["load","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-c-load","(p1)","<p>Read the chained certificates from the given input. Supports both PEM and DER encoded certificates.\n<p>PEM …\n"],["load_file","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-c-load_file","(path)",""],["load_private_key","OpenSSL::Engine","OpenSSL/Engine.html#method-i-load_private_key","(p1 = v1, p2 = v2)","<p>Loads the given private key identified by <em>id</em> and <em>data</em>.\n<p>An EngineError is raised of the OpenSSL::PKey is …\n"],["load_public_key","OpenSSL::Engine","OpenSSL/Engine.html#method-i-load_public_key","(p1 = v1, p2 = v2)","<p>Loads the given public key identified by <em>id</em> and <em>data</em>.\n<p>An EngineError is raised of the OpenSSL::PKey is …\n"],["load_random_file","OpenSSL::Random","OpenSSL/Random.html#method-c-load_random_file","(p1)","<p>Reads bytes from <em>filename</em> and adds them to the PRNG.\n"],["long_name","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-long_name","()","<p>The long name of the ObjectId, as defined in <openssl/objects.h>.\n"],["lshift!","OpenSSL::BN","OpenSSL/BN.html#method-i-lshift-21","(p1)",""],["make_affine!","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-make_affine-21","()","<p>This method is deprecated and should not be used. This is a no-op.\n"],["max_version=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-max_version-3D","(version)","<p>Sets the upper bound of the supported SSL/TLS protocol version. See #min_version= for the possible values. …\n"],["mem_check_start","OpenSSL","OpenSSL.html#method-c-mem_check_start","()","<p>Calls CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON). Starts tracking memory allocations. See also OpenSSL.print_mem_leaks …\n"],["message_imprint","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-message_imprint","()","<p>Returns the message imprint (digest) of the data to be timestamped.\n"],["message_imprint","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-message_imprint","()","<p>Returns the message imprint digest. For valid timestamps, this is the same value that was already given …\n"],["message_imprint=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-message_imprint-3D","(p1)","<p>Set the message imprint digest.\n"],["min_version=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-min_version-3D","(version)","<p>Sets the lower bound on the supported SSL/TLS protocol version. The version may be specified by an integer …\n"],["mod_add","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_add","(p1, p2)",""],["mod_exp","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_exp","(p1, p2)",""],["mod_inverse","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_inverse","(p1)",""],["mod_mul","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_mul","(p1, p2)",""],["mod_sqr","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_sqr","(p1)",""],["mod_sub","OpenSSL::BN","OpenSSL/BN.html#method-i-mod_sub","(p1, p2)",""],["mul","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-mul","(p1, p2 = v2, p3 = v3)","<p>Performs elliptic curve point multiplication.\n<p>The first form calculates <code>bn1 * point + bn2 * G</code>, where …\n"],["name","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-name","()","<p>Returns the name of the cipher which may differ slightly from the original name provided.\n"],["name","OpenSSL::Digest","OpenSSL/Digest.html#method-i-name","()","<p>Returns the sn of this Digest algorithm.\n<p>Example\n\n<pre class=\"ruby\"><span class=\"ruby-identifier\">digest</span> = <span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Digest</span>.<span class=\"ruby-identifier\">new</span>(<span class=\"ruby-string\">'SHA512'</span>)\n<span class=\"ruby-identifier\">puts</span> <span class=\"ruby-identifier\">digest</span>.<span class=\"ruby-identifier\">name</span> <span class=\"ruby-operator\">...</span>\n</pre>\n"],["name","OpenSSL::Engine","OpenSSL/Engine.html#method-i-name","()","<p>Get the descriptive name for this engine.\n\n<pre class=\"ruby\"><span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">load</span>\n<span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Engine</span>.<span class=\"ruby-identifier\">engines</span> <span class=\"ruby-comment\">#=> [#<OpenSSL::Engine#>, ...</span>\n</pre>\n"],["negative?","OpenSSL::BN","OpenSSL/BN.html#method-i-negative-3F","()",""],["new","OpenSSL::ASN1::ASN1Data","OpenSSL/ASN1/ASN1Data.html#method-c-new","(p1, p2, p3)","<p><em>value</em>: Please have a look at Constructive and Primitive to see how Ruby types are mapped to ASN.1 types …\n"],["new","OpenSSL::ASN1::Constructive","OpenSSL/ASN1/Constructive.html#method-c-new","(p1, p2 = v2, p3 = v3, p4 = v4)","<p><em>value</em>: is mandatory.\n<p><em>tag</em>: optional, may be specified for tagged values. If no <em>tag</em> is specified, the UNIVERSAL …\n"],["new","OpenSSL::ASN1::Primitive","OpenSSL/ASN1/Primitive.html#method-c-new","(p1, p2 = v2, p3 = v3, p4 = v4)","<p><em>value</em>: is mandatory.\n<p><em>tag</em>: optional, may be specified for tagged values. If no <em>tag</em> is specified, the UNIVERSAL …\n"],["new","OpenSSL::BN","OpenSSL/BN.html#method-c-new","(p1, p2 = v2)","<p>Construct a new OpenSSL BIGNUM object.\n<p>If <code>bn</code> is an Integer or OpenSSL::BN, a new instance of OpenSSL::BN …\n"],["new","OpenSSL::Buffering","OpenSSL/Buffering.html#method-c-new","(*)","<p>Creates an instance of OpenSSL’s buffering IO module.\n"],["new","OpenSSL::Buffering::Buffer","OpenSSL/Buffering/Buffer.html#method-c-new","()",""],["new","OpenSSL::Cipher","OpenSSL/Cipher.html#method-c-new","(p1)","<p>The string must contain a valid cipher name like “aes-256-cbc”.\n<p>A list of cipher names is available …\n"],["new","OpenSSL::Config","OpenSSL/Config.html#method-c-new","(p1 = v1)","<p>Creates an instance of OpenSSL::Config from the content of the file specified by <em>filename</em>.\n<p>This can be …\n"],["new","OpenSSL::Digest","OpenSSL/Digest.html#method-c-new","(p1, p2 = v2)","<p>Creates a Digest instance based on <em>string</em>, which is either the ln (long name) or sn (short name) of a …\n"],["new","OpenSSL::HMAC","OpenSSL/HMAC.html#method-c-new","(p1, p2)","<p>Returns an instance of OpenSSL::HMAC set with the key and digest algorithm to be used. The instance represents …\n"],["new","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-c-new","(p1 = v1)","<p>Parameters\n<p><em>request</em> - optional raw request, either in PEM or DER format.\n\n"],["new","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-c-new","(p1 = v1)","<p>Creates a new BasicResponse. If <em>der_string</em> is given, decodes <em>der_string</em> as DER.\n"],["new","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-c-new","(p1, p2 = v2, p3 = v3)","<p>Creates a new OpenSSL::OCSP::CertificateId for the given <em>subject</em> and <em>issuer</em> X509 certificates. The …\n"],["new","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-c-new","(p1 = v1)","<p>Creates a new OpenSSL::OCSP::Request. The request may be created empty or from a <em>request_der</em> string. …\n"],["new","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-c-new","(p1 = v1)","<p>Creates a new OpenSSL::OCSP::Response. The response may be created empty or from a <em>response_der</em> string. …\n"],["new","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-c-new","(p1)","<p>Creates a new SingleResponse from <em>der_string</em>.\n"],["new","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-c-new","(p1 = v1, p2 = v2)","<p>Parameters\n<p><em>str</em> - Must be a DER encoded PKCS12 string.\n<p><em>pass</em> - string\n"],["new","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-new","(p1 = v1)","<p>Many methods in this class aren’t documented.\n"],["new","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-c-new","(p1)",""],["new","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-c-new","(p1, p2, p3)",""],["new","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-c-new","(p1 = v1)","<p>Creates a new instance of OpenSSL::PKey::DH.\n<p>If called without arguments, an empty instance without any …\n"],["new","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-c-new","(p1 = v1, p2 = v2)","<p>Creates a new DSA instance by reading an existing key from <em>string</em>.\n<p>If called without arguments, creates …\n"],["new","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-c-new","(p1 = v1, p2 = v2)","<p>Creates a new EC object from given arguments.\n"],["new","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-c-new","(p1, p2 = v2, p3 = v3, p4 = v4)","<p>Creates a new EC::Group object.\n<p>If the first argument is :GFp or :GF2m, creates a new curve with given …\n"],["new","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-c-new","(p1, p2 = v2)","<p>Creates a new instance of OpenSSL::PKey::EC::Point. If the only argument is an instance of EC::Point …\n"],["new","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-c-new","()","<p>Because PKey is an abstract class, actually calling this method explicitly will raise a NotImplementedError …\n"],["new","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-c-new","(p1 = v1, p2 = v2)","<p>Generates or loads an RSA keypair.\n<p>If called without arguments, creates a new instance with no key components …\n"],["new","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-c-new","(version = nil)","<p>Creates a new SSL context.\n<p>If an argument is given, #ssl_version= is called with the value. Note that …\n"],["new","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-c-new","(svr, ctx)","<p>Creates a new instance of SSLServer.\n<p><em>srv</em> is an instance of TCPServer.\n<p><em>ctx</em> is an instance of OpenSSL::SSL::SSLContext …\n"],["new","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-c-new","(p1, p2 = v2)","<p>Creates a new SSL socket from <em>io</em> which must be a real IO object (not an IO-like object that responds …\n"],["new","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-c-new","(p1)","<p>Creates a new Session object from an instance of SSLSocket or DER/PEM encoded String.\n"],["new","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-c-new","(p1 = v1)","<p>When creating a Request with the <code>File</code> or <code>string</code> parameter, the corresponding <code>File</code> or <code>string</code> must be DER-encoded. …\n"],["new","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-c-new","(p1)","<p>Creates a Response from a <code>File</code> or <code>string</code> parameter, the corresponding <code>File</code> or <code>string</code> must be DER-encoded. …\n"],["new","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-c-new","(p1)","<p>Creates a TokenInfo from a <code>File</code> or <code>string</code> parameter, the corresponding <code>File</code> or <code>string</code> must be DER-encoded. …\n"],["new","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-c-new","(p1, p2 = v2)",""],["new","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-c-new","(p1 = v1)",""],["new","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-c-new","(p1 = v1)",""],["new","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-c-new","(p1, p2 = v2, p3 = v3)","<p>Creates an X509 extension.\n<p>The extension may be created from <em>der</em> data or from an extension <em>oid</em> and <em>value</em> …\n"],["new","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-c-new","(p1 = v1, p2 = v2, p3 = v3, p4 = v4)",""],["new","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-new","(p1 = v1, p2 = v2)","<p>Creates a new Name.\n<p>A name may be created from a DER encoded string <em>der</em>, an Array representing a <em>distinguished_name</em> …\n"],["new","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-c-new","(p1 = v1)",""],["new","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-c-new","(*args)",""],["new","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-c-new","(*args)","<p>Creates a new X509::Store.\n"],["new","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-c-new","(p1, p2 = v2, p3 = v3)","<p>Sets up a StoreContext for a verification of the X.509 certificate <em>cert</em>.\n"],["next_update","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-next_update","()",""],["next_update","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-next_update","()",""],["next_update=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-next_update-3D","(p1)",""],["nonce","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-nonce","()","<p>Returns the nonce (number used once) that the server shall include in its response.\n"],["nonce","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-nonce","()","<p>If the timestamp token is valid then this field contains the same nonce that was passed to the timestamp …\n"],["nonce=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-nonce-3D","(p1)","<p>Sets the nonce (number used once) that the server shall include in its response. If the nonce is set, …\n"],["not_after","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_after","()",""],["not_after=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_after-3D","(p1)",""],["not_before","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_before","()",""],["not_before=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-not_before-3D","(p1)",""],["npn_protocol","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-npn_protocol","()","<p>Returns the protocol string that was finally selected by the client during the handshake.\n"],["num_bits","OpenSSL::BN","OpenSSL/BN.html#method-i-num_bits","()",""],["num_bytes","OpenSSL::BN","OpenSSL/BN.html#method-i-num_bytes","()",""],["ocsp_uris","OpenSSL::X509::Extension::AuthorityInfoAccess","OpenSSL/X509/Extension/AuthorityInfoAccess.html#method-i-ocsp_uris","()","<p>Get the URIs for OCSP from the certificate’s authority information access extension exteension, as …\n"],["odd?","OpenSSL::BN","OpenSSL/BN.html#method-i-odd-3F","()",""],["oid","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-oid","()","<p>Returns a String representing the Object Identifier in the dot notation, e.g. “1.2.3.4.5”\n"],["oid","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-oid","()","<p>Returns the short name of the OID associated with <em>pkey</em>.\n"],["oid","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-oid","()",""],["oid","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-oid","()",""],["oid=","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-oid-3D","(p1)",""],["oid=","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-oid-3D","(p1)",""],["on_curve?","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-on_curve-3F","()",""],["one?","OpenSSL::BN","OpenSSL/BN.html#method-i-one-3F","()",""],["options","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-options","()","<p>Gets various OpenSSL options.\n"],["options=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-options-3D","(p1)","<p>Sets various OpenSSL options.\n"],["order","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-order","()","<p>Returns the order of the group.\n<p>See the OpenSSL documentation for EC_GROUP_get_order()\n"],["ordering","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-ordering","()","<p>If the ordering field is missing, or if the ordering field is present and set to false, then the genTime …\n"],["padding=","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-padding-3D","(p1)","<p>Enables or disables padding. By default encryption operations are padded using standard block padding …\n"],["params","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-params","()","<p>Stores all parameters of key to the hash INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use …\n"],["params","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-params","()","<p>Stores all parameters of key to the hash INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!! Don’t use …\n"],["params","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-params","()","<p>THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!\n<p>Stores all parameters of key to the hash. …\n"],["params_ok?","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-params_ok-3F","()","<p>Validates the Diffie-Hellman parameters associated with this instance. It checks whether a safe prime …\n"],["parse","OpenSSL::Config","OpenSSL/Config.html#method-c-parse","(p1)","<p>Parses a given <em>string</em> as a blob that contains configuration for OpenSSL.\n"],["parse","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-parse","(str, template=OBJECT_TYPE_TEMPLATE)",""],["parse_config","OpenSSL::Config","OpenSSL/Config.html#method-c-parse_config","(p1)","<p>Parses the configuration data read from <em>io</em> and returns the whole content as a Hash.\n"],["parse_openssl","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-parse_openssl","(str, template=OBJECT_TYPE_TEMPLATE)","<p>Parses the string representation of a distinguished name. Two different forms are supported:\n<p>OpenSSL format …\n"],["parse_rfc2253","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-c-parse_rfc2253","(str, template=OBJECT_TYPE_TEMPLATE)","<p>Parses the UTF-8 string representation of a distinguished name, according to RFC 2253.\n<p>See also #to_utf8 …\n"],["pbkdf2_hmac","OpenSSL::KDF","OpenSSL/KDF.html#method-c-pbkdf2_hmac","(p1, p2 = {})","<p>PKCS #5 PBKDF2 (Password-Based Key Derivation Function 2) in combination with HMAC. Takes <em>pass</em>, <em>salt</em> …\n"],["pbkdf2_hmac","OpenSSL::PKCS5","OpenSSL/PKCS5.html#method-i-pbkdf2_hmac","(pass, salt, iter, keylen, digest)","<p>OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac. This method is provided for …\n"],["pbkdf2_hmac_sha1","OpenSSL::PKCS5","OpenSSL/PKCS5.html#method-i-pbkdf2_hmac_sha1","(pass, salt, iter, keylen)",""],["peer_cert","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-peer_cert","()","<p>The X509 certificate for this socket’s peer.\n"],["peer_cert_chain","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-peer_cert_chain","()","<p>The X509 certificate chain for this socket’s peer.\n"],["peer_finished_message","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-peer_finished_message","()","<p>Returns the last <strong>Finished</strong> message received\n"],["peeraddr","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-peeraddr","()",""],["pending","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-pending","()","<p>The number of bytes that are immediately available for reading.\n"],["pkcs5_keyivgen","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-pkcs5_keyivgen","(p1, p2 = v2, p3 = v3, p4 = v4)","<p>Generates and sets the key/IV based on a password.\n<p><strong>WARNING</strong>: This method is only PKCS5 v1.5 compliant when …\n"],["point_conversion_form","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-point_conversion_form","()","<p>Returns the form how EC::Point data is encoded as ASN.1.\n<p>See also #point_conversion_form=.\n"],["point_conversion_form=","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-point_conversion_form-3D","(p1)","<p>Sets the form how EC::Point data is encoded as ASN.1 as defined in X9.62.\n<p><em>format</em> can be one of these: …\n"],["policy_id","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-policy_id","()","<p>Returns the ‘short name’ of the object identifier that represents the timestamp policy under …\n"],["policy_id","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-policy_id","()","<p>Returns the timestamp policy object identifier of the policy this timestamp was created under. If status …\n"],["policy_id=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-policy_id-3D","(p1)","<p>Allows to set the object identifier that represents the timestamp policy under which the server shall …\n"],["post_connection_check","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-post_connection_check","(hostname)","<p>Perform hostname verification following RFC 6125.\n<p>This method MUST be called after calling #connect to …\n"],["pretty_print","OpenSSL::BN","OpenSSL/BN.html#method-i-pretty_print","(q)",""],["pretty_print","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-pretty_print","(q)",""],["pretty_print","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-pretty_print","(q)",""],["prime?","OpenSSL::BN","OpenSSL/BN.html#method-i-prime-3F","(*args)","<p>Performs a Miller-Rabin probabilistic primality test for <code>bn</code>.\n<p><strong><code>checks</code> parameter is deprecated in version</strong> …\n"],["prime_fasttest?","OpenSSL::BN","OpenSSL/BN.html#method-i-prime_fasttest-3F","(*args)","<p>Performs a Miller-Rabin probabilistic primality test for <code>bn</code>.\n<p><strong>Deprecated in version 3.0.</strong> Use #prime? instead. …\n"],["print","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-print","(*args)","<p>Writes <em>args</em> to the stream.\n<p>See IO#print for full details.\n"],["print_mem_leaks","OpenSSL","OpenSSL.html#method-c-print_mem_leaks","()","<p>For debugging the Ruby/OpenSSL library. Calls CRYPTO_mem_leaks_fp(stderr). Prints detected memory leaks …\n"],["printf","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-printf","(s, *args)","<p>Formats and writes to the stream converting parameters under control of the format string.\n<p>See Kernel#sprintf …\n"],["private?","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-private-3F","()","<p>Indicates whether this DH instance has a private key associated with it or not. The private key may be …\n"],["private?","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-private-3F","()","<p>Indicates whether this DSA instance has a private key associated with it or not. The private key may …\n"],["private?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private-3F","()","<p>Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key …\n"],["private?","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-private-3F","()","<p>Does this keypair contain a private key?\n"],["private_decrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-private_decrypt","(data, padding = PKCS1_PADDING)","<p>Decrypt <code>string</code>, which has been encrypted with the public key, with the private key. <code>padding</code> defaults …\n"],["private_encrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-private_encrypt","(string, padding = PKCS1_PADDING)","<p>Encrypt <code>string</code> with the private key. <code>padding</code> defaults to PKCS1_PADDING. The encrypted string output …\n"],["private_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private_key","()","<p>See the OpenSSL documentation for EC_KEY_get0_private_key()\n"],["private_key=","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private_key-3D","(p1)","<p>See the OpenSSL documentation for EC_KEY_set_private_key()\n"],["private_key?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-private_key-3F","()","<p>Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key …\n"],["private_to_der","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-private_to_der","(*args)","<p>Serializes the private key to DER-encoded PKCS #8 format. If called without arguments, unencrypted PKCS …\n"],["private_to_pem","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-private_to_pem","(*args)","<p>Serializes the private key to PEM-encoded PKCS #8 format. See #private_to_der for more details.\n"],["public?","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-public-3F","()","<p>Indicates whether this DH instance has a public key associated with it or not. The public key may be …\n"],["public?","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-public-3F","()","<p>Indicates whether this DSA instance has a public key associated with it or not. The public key may be …\n"],["public?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public-3F","()","<p>Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with …\n"],["public?","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public-3F","()","<p>The return value is always <code>true</code> since every private key is also a public key.\n"],["public_decrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public_decrypt","(string, padding = PKCS1_PADDING)","<p>Decrypt <code>string</code>, which has been encrypted with the private key, with the public key. <code>padding</code> defaults …\n"],["public_encrypt","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public_encrypt","(data, padding = PKCS1_PADDING)","<p>Encrypt <code>string</code> with the public key. <code>padding</code> defaults to PKCS1_PADDING. The encrypted string output can …\n"],["public_key","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-public_key","()","<p>Returns the public key associated with the SPKI, an instance of OpenSSL::PKey.\n"],["public_key","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-public_key","()","<p>Returns a new DH instance that carries just the DH parameters.\n<p>Contrary to the method name, the returned …\n"],["public_key","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-public_key","()","<p>Returns a new DSA instance that carries just the DSA parameters and the public key.\n<p>This method is provided …\n"],["public_key","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public_key","()","<p>See the OpenSSL documentation for EC_KEY_get0_public_key()\n"],["public_key","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-public_key","()","<p>Returns a new RSA instance that carries just the public key components.\n<p>This method is provided for backwards …\n"],["public_key","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-public_key","()",""],["public_key","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-public_key","()",""],["public_key=","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-public_key-3D","(p1)","<p>Parameters\n<p><em>pub</em> - the public key to be set for this instance\n\n<p>Sets the public key to be associated with the …\n"],["public_key=","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public_key-3D","(p1)","<p>See the OpenSSL documentation for EC_KEY_set_public_key()\n"],["public_key=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-public_key-3D","(p1)",""],["public_key=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-public_key-3D","(p1)",""],["public_key?","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-public_key-3F","()","<p>Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with …\n"],["public_to_der","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-public_to_der","()","<p>Serializes the public key to DER-encoded X.509 SubjectPublicKeyInfo format.\n"],["public_to_pem","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-public_to_pem","()","<p>Serializes the public key to PEM-encoded X.509 SubjectPublicKeyInfo format.\n"],["purpose=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-purpose-3D","(p1)","<p>Sets the store’s default verification purpose. If specified, the verifications on the store will …\n"],["purpose=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-purpose-3D","(p1)","<p>Sets the purpose of the context. This overrides the default value set by Store#purpose=.\n<p>See also the …\n"],["puts","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-puts","(*args)","<p>Writes <em>args</em> to the stream along with a record separator.\n<p>See IO#puts for full details.\n"],["rand","OpenSSL::BN","OpenSSL/BN.html#method-c-rand","(p1, p2 = v2, p3 = v3)","<p>Generates a cryptographically strong pseudo-random number of <code>bits</code>.\n<p>See also the man page BN_rand(3).\n"],["rand_range","OpenSSL::BN","OpenSSL/BN.html#method-c-rand_range","(p1)","<p>Generates a cryptographically strong pseudo-random number in the range 0…<code>range</code>.\n<p>See also the man page …\n"],["random_add","OpenSSL::Random","OpenSSL/Random.html#method-c-random_add","(p1, p2)","<p>Mixes the bytes from <em>str</em> into the Pseudo Random Number Generator(PRNG) state.\n<p>Thus, if the data from …\n"],["random_bytes","OpenSSL::Random","OpenSSL/Random.html#method-c-random_bytes","(p1)","<p>Generates a String with <em>length</em> number of cryptographically strong pseudo-random bytes.\n<p>Example\n\n<pre class=\"ruby\"><span class=\"ruby-constant\">OpenSSL</span><span class=\"ruby-operator\">::</span><span class=\"ruby-constant\">Random</span>.<span class=\"ruby-identifier\">random_bytes</span>(<span class=\"ruby-value\">12</span>) <span class=\"ruby-operator\">...</span>\n</pre>\n"],["random_iv","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-random_iv","()","<p>Generate a random IV with OpenSSL::Random.random_bytes and sets it to the cipher, and returns it.\n<p>You …\n"],["random_key","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-random_key","()","<p>Generate a random key with OpenSSL::Random.random_bytes and sets it to the cipher, and returns it.\n<p>You …\n"],["read","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-read","(size=nil, buf=nil)","<p>Reads <em>size</em> bytes from the stream. If <em>buf</em> is provided it must reference a string which will receive the …\n"],["read","OpenSSL::PKey","OpenSSL/PKey.html#method-c-read","(p1, p2 = v2)","<p>Reads a DER or PEM encoded string from <em>string</em> or <em>io</em> and returns an instance of the appropriate PKey class. …\n"],["read_nonblock","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-read_nonblock","(maxlen, buf=nil, exception: true)","<p>Reads at most <em>maxlen</em> bytes in the non-blocking manner.\n<p>When no data can be read without blocking it raises …\n"],["read_smime","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-read_smime","(p1)",""],["readchar","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readchar","()","<p>Reads a one-character string from the stream. Raises an EOFError at end of file.\n"],["readline","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readline","(eol=$/)","<p>Reads a line from the stream which is separated by <em>eol</em>.\n<p>Raises EOFError if at end of file.\n"],["readlines","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readlines","(eol=$/)","<p>Reads lines from the stream which are separated by <em>eol</em>.\n<p>See also #gets\n"],["readpartial","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-readpartial","(maxlen, buf=nil)","<p>Reads at most <em>maxlen</em> bytes from the stream. If <em>buf</em> is provided it must reference a string which will …\n"],["recipients","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-recipients","()",""],["register","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-c-register","(p1, p2, p3)","<p>This adds a new ObjectId to the internal tables. Where <em>object_id</em> is the numerical form, <em>short_name</em> is …\n"],["reset","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-reset","()","<p>Fully resets the internal state of the Cipher. By using this, the same Cipher instance may be used several …\n"],["reset","OpenSSL::Digest","OpenSSL/Digest.html#method-i-reset","()","<p>Resets the Digest in the sense that any Digest#update that has been performed is abandoned and the Digest …\n"],["reset","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-reset","()","<p>Returns <em>hmac</em> as it was when it was first initialized, with all processed data cleared from it.\n<p>Example …\n"],["responses","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-responses","()","<p>Returns an Array of SingleResponse for this BasicResponse.\n"],["revocation_reason","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-revocation_reason","()",""],["revocation_time","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-revocation_time","()",""],["revoked","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-revoked","()",""],["revoked=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-revoked-3D","(p1)",""],["rshift!","OpenSSL::BN","OpenSSL/BN.html#method-i-rshift-21","(p1)",""],["scan","OpenSSL::X509::Name::RFC2253DN","OpenSSL/X509/Name/RFC2253DN.html#method-i-scan","(dn)",""],["scrypt","OpenSSL::KDF","OpenSSL/KDF.html#method-c-scrypt","(p1, p2 = {})","<p>Derives a key from <em>pass</em> using given parameters with the scrypt password-based key derivation function. …\n"],["sections","OpenSSL::Config","OpenSSL/Config.html#method-i-sections","()","<p>Get the names of all sections in the current configuration.\n"],["secure_compare","OpenSSL","OpenSSL.html#method-c-secure_compare","(a, b)","<p>Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns …\n"],["security_level","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-security_level","()","<p>Returns the security level for the context.\n<p>See also OpenSSL::SSL::SSLContext#security_level=.\n"],["security_level=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-security_level-3D","(p1)","<p>Sets the security level for the context. OpenSSL limits parameters according to the level. The “parameters” …\n"],["seed","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-seed","()","<p>See the OpenSSL documentation for EC_GROUP_get0_seed()\n"],["seed","OpenSSL::Random","OpenSSL/Random.html#method-c-seed","(p1)","<p>::seed is equivalent to ::add where <em>entropy</em> is length of <em>str</em>.\n"],["seed=","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-seed-3D","(p1)","<p>See the OpenSSL documentation for EC_GROUP_set_seed()\n"],["serial","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-serial","()","<p>Returns the serial number of the certificate for which status is being requested.\n"],["serial","OpenSSL::PKCS7::RecipientInfo","OpenSSL/PKCS7/RecipientInfo.html#method-i-serial","()",""],["serial","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-i-serial","()",""],["serial","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-serial","()",""],["serial","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-serial","()",""],["serial=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-serial-3D","(p1)",""],["serial=","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-serial-3D","(p1)",""],["serial_number","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-serial_number","()","<p>Returns serial number of the timestamp token. This value shall never be the same for two timestamp tokens …\n"],["session","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-session","()","<p>Returns the SSLSession object currently used, or nil if the session is not established.\n"],["session=","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-session-3D","(p1)","<p>Sets the Session to be used when the connection is established.\n"],["session_add","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_add","(p1)","<p>Adds <em>session</em> to the session cache.\n"],["session_cache_mode","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_mode","()","<p>The current session cache mode.\n"],["session_cache_mode=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_mode-3D","(p1)","<p>Sets the SSL session cache mode. Bitwise-or together the desired SESSION_CACHE_* constants to set. …\n"],["session_cache_size","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_size","()","<p>Returns the current session cache size. Zero is used to represent an unlimited cache size.\n"],["session_cache_size=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_size-3D","(p1)","<p>Sets the session cache size. Returns the previously valid session cache size. Zero is used to represent …\n"],["session_cache_stats","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_cache_stats","()","<p>Returns a Hash containing the following keys:\n<p>:accept — Number of started SSL/TLS handshakes in server mode …\n"],["session_remove","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-session_remove","(p1)","<p>Removes <em>session</em> from the session cache.\n"],["session_reused?","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-session_reused-3F","()","<p>Returns <code>true</code> if a reused session was negotiated during the handshake.\n"],["set_bit!","OpenSSL::BN","OpenSSL/BN.html#method-i-set_bit-21","(p1)",""],["set_crt_params","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-set_crt_params","(p1, p2, p3)","<p>Sets <em>dmp1</em>, <em>dmq1</em>, <em>iqmp</em> for the RSA instance. They are calculated by <code>d mod (p - 1)</code>, <code>d mod (q - 1)</code> and …\n"],["set_default","OpenSSL::Engine","OpenSSL/Engine.html#method-i-set_default","(p1)","<p>Set the defaults for this engine with the given <em>flag</em>.\n<p>These flags are used to control combinations of …\n"],["set_default_paths","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-set_default_paths","()","<p>Configures <em>store</em> to look up CA certificates from the system default certificate store as needed basis. …\n"],["set_factors","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-set_factors","(p1, p2)","<p>Sets <em>p</em>, <em>q</em> for the RSA instance.\n"],["set_flags","OpenSSL::BN","OpenSSL/BN.html#method-i-set_flags","(p1)","<p>Enables the flags on the BN object. Currently, the flags argument can contain zero of OpenSSL::BN::CONSTTIME …\n"],["set_generator","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-set_generator","(p1, p2, p3)","<p>Sets the curve parameters. <em>generator</em> must be an instance of EC::Point that is on the curve. <em>order</em> and …\n"],["set_key","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-set_key","(p1, p2)","<p>Sets <em>pub_key</em> and <em>priv_key</em> for the DH instance. <em>priv_key</em> may be <code>nil</code>.\n"],["set_key","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-set_key","(p1, p2)","<p>Sets <em>pub_key</em> and <em>priv_key</em> for the DSA instance. <em>priv_key</em> may be <code>nil</code>.\n"],["set_key","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-set_key","(p1, p2, p3)","<p>Sets <em>n</em>, <em>e</em>, <em>d</em> for the RSA instance.\n"],["set_params","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-set_params","(params={})","<p>Sets saner defaults optimized for the use with HTTP-like protocols.\n<p>If a Hash <em>params</em> is given, the parameters …\n"],["set_pqg","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-set_pqg","(p1, p2, p3)","<p>Sets <em>p</em>, <em>q</em>, <em>g</em> to the DH instance.\n"],["set_pqg","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-set_pqg","(p1, p2, p3)","<p>Sets <em>p</em>, <em>q</em>, <em>g</em> to the DSA instance.\n"],["set_to_infinity!","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-set_to_infinity-21","()",""],["setsockopt","OpenSSL::SSL::SocketForwarder","OpenSSL/SSL/SocketForwarder.html#method-i-setsockopt","(level, optname, optval)",""],["setup","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-setup","()","<p>This method is called automatically when a new SSLSocket is created. However, it is not thread-safe and …\n"],["short_name","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-short_name","()","<p>The short name of the ObjectId, as defined in <openssl/objects.h>.\n"],["shutdown","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-shutdown","(how=Socket::SHUT_RDWR)","<p>See BasicSocket#shutdown for details.\n"],["sign","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-sign","(p1, p2)","<p>Parameters\n<p><em>key</em> - the private key to be used for signing this instance\n<p><em>digest</em> - the digest to be used for …\n"],["sign","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-sign","(p1, p2, p3 = v3, p4 = v4, p5 = v5)","<p>Signs this OCSP response using the <em>cert</em>, <em>key</em> and optional <em>digest</em>. This behaves in the similar way as …\n"],["sign","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-sign","(p1, p2, p3 = v3, p4 = v4, p5 = v5)","<p>Signs this OCSP request using <em>cert</em>, <em>key</em> and optional <em>digest</em>. If <em>digest</em> is not specified, SHA-1 is used. …\n"],["sign","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-sign","(p1, p2, p3, p4 = v4, p5 = v5)",""],["sign","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-sign","(p1, p2, p3 = v3)","<p>Hashes and signs the <code>data</code> using a message digest algorithm <code>digest</code> and a private key <code>pkey</code>.\n<p>See #verify …\n"],["sign","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-sign","(p1, p2)",""],["sign","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-sign","(p1, p2)",""],["sign","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-sign","(p1, p2)",""],["sign_pss","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-sign_pss","(p1, p2, p3 = {})","<p>Signs <em>data</em> using the Probabilistic Signature Scheme (RSA-PSS) and returns the calculated signature.\n<p>RSAError …\n"],["sign_raw","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-sign_raw","(p1, p2, p3 = v3)","<p>Signs <code>data</code> using a private key <code>pkey</code>. Unlike #sign, <code>data</code> will not be hashed by <code>digest</code> automatically.\n<p>See …\n"],["signature_algorithm","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-signature_algorithm","()",""],["signature_algorithm","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-signature_algorithm","()",""],["signature_algorithm","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-signature_algorithm","()",""],["signed?","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-signed-3F","()","<p>Returns <code>true</code> if the request is signed, <code>false</code> otherwise. Note that the validity of the signature is <strong>not</strong> …\n"],["signed_time","OpenSSL::PKCS7::SignerInfo","OpenSSL/PKCS7/SignerInfo.html#method-i-signed_time","()",""],["signers","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-signers","()",""],["sn","OpenSSL::ASN1::ObjectId","OpenSSL/ASN1/ObjectId.html#method-i-sn","()","<p>The short name of the ObjectId, as defined in <openssl/objects.h>.\n"],["sqr","OpenSSL::BN","OpenSSL/BN.html#method-i-sqr","()",""],["ssl_version","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-ssl_version","()","<p>Returns a String representing the SSL/TLS version that was negotiated for the connection, for example …\n"],["ssl_version=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-ssl_version-3D","(meth)","<p>Sets the SSL/TLS protocol version for the context. This forces connections to use only the specified …\n"],["state","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-state","()","<p>A description of the current connection state. This is for diagnostic purposes only.\n"],["status","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-status","()","<p>Returns an Array of statuses for this response. Each status contains a CertificateId, the status (0 …\n"],["status","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-status","()","<p>Returns the status of the response.\n"],["status","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-status","()","<p>Returns one of GRANTED, GRANTED_WITH_MODS, REJECTION, WAITING, REVOCATION_WARNING or REVOCATION_NOTIFICATION …\n"],["status?","OpenSSL::Random","OpenSSL/Random.html#method-c-status-3F","()","<p>Return <code>true</code> if the PRNG has been seeded with enough data, <code>false</code> otherwise.\n"],["status_string","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-status_string","()","<p>Returns a status string for the response.\n"],["status_text","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-status_text","()","<p>In cases of failure this field may contain an array of strings further describing the origin of the failure. …\n"],["subject","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-subject","()",""],["subject","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-subject","()",""],["subject=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-subject-3D","(p1)",""],["subject=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-subject-3D","(p1)",""],["subject_certificate=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-subject_certificate-3D","(p1)",""],["subject_key_identifier","OpenSSL::X509::Extension::SubjectKeyIdentifier","OpenSSL/X509/Extension/SubjectKeyIdentifier.html#method-i-subject_key_identifier","()","<p>Get the subject’s key identifier from the subjectKeyIdentifier exteension, as described in RFC5280 …\n"],["subject_request=","OpenSSL::X509::ExtensionFactory","OpenSSL/X509/ExtensionFactory.html#method-i-subject_request-3D","(p1)",""],["sysclose","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-sysclose","()","<p>Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.\n<p>If sync_close …\n"],["sysread","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-sysread","(*args)","<p>Reads <em>length</em> bytes from the SSL connection. If a pre-allocated <em>buffer</em> is provided the data will be written …\n"],["syssign","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-syssign","(string)","<p>Computes and returns the DSA signature of <code>string</code>, where <code>string</code> is expected to be an already-computed …\n"],["sysverify","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-sysverify","(digest, sig)","<p>Verifies whether the signature is valid given the message digest input. It does so by validating <code>sig</code> …\n"],["syswrite","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-syswrite","(p1)","<p>Writes <em>string</em> to the SSL connection.\n"],["this_update","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-this_update","()",""],["time","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-time","()","<p>Returns the time at which the session was established.\n"],["time","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-time","()",""],["time=","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-time-3D","(p1)","<p>Sets start time of the session. Time resolution is in seconds.\n"],["time=","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-time-3D","(p1)",""],["time=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-time-3D","(p1)","<p>Sets the time to be used in the certificate verifications with the store. By default, if not specified, …\n"],["time=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-time-3D","(p1)","<p>Sets the time used in the verification. If not set, the current time is used.\n<p>See also the man page X509_VERIFY_PARAM_set_time …\n"],["timeout","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-timeout","()","<p>Returns the timeout value set for the session, in seconds from the established time.\n"],["timeout=","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-timeout-3D","(p1)","<p>Sets how long until the session expires in seconds.\n"],["tmp_dh=","OpenSSL::SSL::SSLContext","OpenSSL/SSL/SSLContext.html#method-i-tmp_dh-3D","(p1)","<p>Sets DH parameters used for ephemeral DH key exchange. This is relevant for servers only.\n<p><code>pkey</code> is an instance …\n"],["tmp_key","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-tmp_key","()","<p>Returns the ephemeral key used in case of forward secrecy cipher.\n"],["to_a","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_a","()",""],["to_a","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_a","()","<p>Returns an Array representation of the distinguished name suitable for passing to ::new\n"],["to_bn","Integer","Integer.html#method-i-to_bn","()","<p>Casts an Integer as an OpenSSL::BN\n<p>See ‘man bn` for more info.\n"],["to_bn","OpenSSL::BN","OpenSSL/BN.html#method-i-to_bn","()",""],["to_bn","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-to_bn","(conversion_form = group.point_conversion_form)","<p>Returns the octet string representation of the EC point as an instance of OpenSSL::BN.\n<p>If <em>conversion_form</em> …\n"],["to_der","OpenSSL::ASN1::ASN1Data","OpenSSL/ASN1/ASN1Data.html#method-i-to_der","()","<p>Encodes this ASN1Data into a DER-encoded String value. The result is DER-encoded except for the possibility …\n"],["to_der","OpenSSL::ASN1::Constructive","OpenSSL/ASN1/Constructive.html#method-i-to_der","()","<p>See ASN1Data#to_der for details.\n"],["to_der","OpenSSL::ASN1::Primitive","OpenSSL/ASN1/Primitive.html#method-i-to_der","()","<p>See ASN1Data#to_der for details.\n"],["to_der","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_der","()","<p>Returns the DER encoding of this SPKI.\n"],["to_der","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-to_der","()","<p>Encodes this basic response into a DER-encoded string.\n"],["to_der","OpenSSL::OCSP::CertificateId","OpenSSL/OCSP/CertificateId.html#method-i-to_der","()","<p>Encodes this certificate identifier into a DER-encoded string.\n"],["to_der","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-to_der","()","<p>Returns this request as a DER-encoded string\n"],["to_der","OpenSSL::OCSP::Response","OpenSSL/OCSP/Response.html#method-i-to_der","()","<p>Returns this response as a DER-encoded string.\n"],["to_der","OpenSSL::OCSP::SingleResponse","OpenSSL/OCSP/SingleResponse.html#method-i-to_der","()","<p>Encodes this SingleResponse into a DER-encoded string.\n"],["to_der","OpenSSL::PKCS12","OpenSSL/PKCS12.html#method-i-to_der","()",""],["to_der","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-to_der","()",""],["to_der","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-to_der","()","<p>Encodes this DH to its DER encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["to_der","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-to_der","()","<p>Encodes this DSA to its DER encoding.\n"],["to_der","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-to_der","()","<p>See the OpenSSL documentation for i2d_ECPrivateKey_bio()\n"],["to_der","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-to_der","()","<p>See the OpenSSL documentation for i2d_ECPKParameters_bio()\n"],["to_der","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-to_der","()","<p>Outputs this keypair in DER encoding.\n"],["to_der","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-to_der","()","<p>Returns an ASN1 encoded String that contains the Session object.\n"],["to_der","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-to_der","()","<p>DER-encodes this Request.\n"],["to_der","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-to_der","()","<p>Returns the Response in DER-encoded form.\n"],["to_der","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-to_der","()","<p>Returns the TokenInfo in DER-encoded form.\n"],["to_der","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_der","()","<p>Converts the name to DER encoding\n"],["to_der","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_der","()",""],["to_der","OpenSSL::X509::Revoked","OpenSSL/X509/Revoked.html#method-i-to_der","()",""],["to_h","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_h","()",""],["to_i","OpenSSL::BN","OpenSSL/BN.html#method-i-to_i","()",""],["to_int","OpenSSL::BN","OpenSSL/BN.html#method-i-to_int","()",""],["to_io","OpenSSL::SSL::SSLServer","OpenSSL/SSL/SSLServer.html#method-i-to_io","()","<p>Returns the TCPServer passed to the SSLServer when initialized.\n"],["to_octet_string","OpenSSL::PKey::EC::Point","OpenSSL/PKey/EC/Point.html#method-i-to_octet_string","(p1)","<p>Returns the octet string representation of the elliptic curve point.\n<p><em>conversion_form</em> specifies how the …\n"],["to_pem","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_pem","()","<p>Returns the PEM encoding of this SPKI.\n"],["to_pem","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-to_pem","()",""],["to_pem","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-to_pem","()","<p>Encodes this DH to its PEM encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["to_pem","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-to_pem","(*args)","<p>Encodes this DSA to its PEM encoding.\n<p>Parameters\n<p><em>cipher</em> is an OpenSSL::Cipher.\n"],["to_pem","OpenSSL::PKey::EC","OpenSSL/PKey/EC.html#method-i-to_pem","(*args)","<p>Outputs the EC key in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["to_pem","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-to_pem","()","<p>See the OpenSSL documentation for PEM_write_bio_ECPKParameters()\n"],["to_pem","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-to_pem","(*args)","<p>Outputs this keypair in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["to_pem","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-to_pem","()","<p>Returns a PEM encoded String that contains the Session object.\n"],["to_pem","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_pem","()",""],["to_pem","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_pem","()",""],["to_pem","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_pem","()",""],["to_s","OpenSSL::BN","OpenSSL/BN.html#method-i-to_s","(p1 = v1)","<p>Returns the string representation of the bignum.\n<p>BN.new can parse the encoded string to convert back into …\n"],["to_s","OpenSSL::Config","OpenSSL/Config.html#method-i-to_s","()","<p>Gets the parsable form of the current configuration.\n<p>Given the following configuration being created: …\n"],["to_s","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-to_s","()","<p>Returns the authentication code an instance represents as a hex-encoded string.\n"],["to_s","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_s","()","<p>Returns the PEM encoding of this SPKI.\n"],["to_s","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-to_s","()",""],["to_s","OpenSSL::PKey::DH","OpenSSL/PKey/DH.html#method-i-to_s","()","<p>Encodes this DH to its PEM encoding. Note that any existing per-session public/private keys will <strong>not</strong> …\n"],["to_s","OpenSSL::PKey::DSA","OpenSSL/PKey/DSA.html#method-i-to_s","(*args)","<p>Encodes this DSA to its PEM encoding.\n<p>Parameters\n<p><em>cipher</em> is an OpenSSL::Cipher.\n"],["to_s","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-to_s","(*args)","<p>Outputs this keypair in PEM encoding. If <em>cipher</em> and <em>pass_phrase</em> are given they will be used to encrypt …\n"],["to_s","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_s","()",""],["to_s","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_s","()",""],["to_s","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-to_s","()",""],["to_s","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_s","(*args)","<p>Returns a String representation of the Distinguished Name. <em>format</em> is one of:\n<p>OpenSSL::X509::Name::COMPAT …\n"],["to_s","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_s","()",""],["to_text","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-to_text","()","<p>Returns a textual representation of this SPKI, useful for debugging purposes.\n"],["to_text","OpenSSL::PKey::EC::Group","OpenSSL/PKey/EC/Group.html#method-i-to_text","()","<p>See the OpenSSL documentation for ECPKParameters_print()\n"],["to_text","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-to_text","()","<p>Dumps key parameters, public key, and private key components contained in the key into a human-readable …\n"],["to_text","OpenSSL::SSL::Session","OpenSSL/SSL/Session.html#method-i-to_text","()","<p>Shows everything in the Session object. This is for diagnostic purposes.\n"],["to_text","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-to_text","()",""],["to_text","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-to_text","()",""],["to_text","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-to_text","()",""],["to_utf8","OpenSSL::X509::Name","OpenSSL/X509/Name.html#method-i-to_utf8","()","<p>Returns an UTF-8 representation of the distinguished name, as specified in RFC 2253.\n"],["token","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-token","()","<p>If a timestamp token is present, this returns it in the form of a OpenSSL::PKCS7.\n"],["token_info","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-token_info","()","<p>Get the response’s token info if present.\n"],["traverse","OpenSSL::ASN1","OpenSSL/ASN1.html#method-c-traverse","(p1)","<p>If a block is given, it prints out each of the elements encountered. Block parameters are (in that order): …\n"],["trust=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-trust-3D","(p1)","<p>Sets the default trust settings used by the certificate verification with the store.\n<p>OpenSSL::X509::StoreContext#trust= …\n"],["trust=","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-trust-3D","(p1)","<p>Sets the trust settings of the context. This overrides the default value set by Store#trust=.\n<p>See also …\n"],["tsa_certificate","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-tsa_certificate","()","<p>If the Request specified to request the TSA certificate (Request#cert_requested = true), then this field …\n"],["type","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-type","()",""],["type=","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-type-3D","(p1)",""],["ucmp","OpenSSL::BN","OpenSSL/BN.html#method-i-ucmp","(p1)",""],["ungetc","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-ungetc","(c)","<p>Pushes character <em>c</em> back onto the stream such that a subsequent buffered character read will return it. …\n"],["update","OpenSSL::Cipher","OpenSSL/Cipher.html#method-i-update","(p1, p2 = v2)","<p>Encrypts data in a streaming fashion. Hand consecutive blocks of data to the #update method in order …\n"],["update","OpenSSL::Digest","OpenSSL/Digest.html#method-i-update","(p1)","<p>Not every message digest can be computed in one single pass. If a message digest is to be computed from …\n"],["update","OpenSSL::HMAC","OpenSSL/HMAC.html#method-i-update","(p1)","<p>Returns <em>hmac</em> updated with the message to be authenticated. Can be called repeatedly with chunks of the …\n"],["value","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-value","()",""],["value","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-value","()",""],["value=","OpenSSL::X509::Attribute","OpenSSL/X509/Attribute.html#method-i-value-3D","(p1)",""],["value=","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-value-3D","(p1)",""],["value_der","OpenSSL::X509::Extension","OpenSSL/X509/Extension.html#method-i-value_der","()",""],["verify","OpenSSL::Netscape::SPKI","OpenSSL/Netscape/SPKI.html#method-i-verify","(p1)","<p>Parameters\n<p><em>key</em> - the public key to be used for verifying the SPKI signature\n\n<p>Returns <code>true</code> if the signature …\n"],["verify","OpenSSL::OCSP::BasicResponse","OpenSSL/OCSP/BasicResponse.html#method-i-verify","(p1, p2, p3 = v3)","<p>Verifies the signature of the response using the given <em>certificates</em> and <em>store</em>. This works in the similar …\n"],["verify","OpenSSL::OCSP::Request","OpenSSL/OCSP/Request.html#method-i-verify","(p1, p2, p3 = v3)","<p>Verifies this request using the given <em>certificates</em> and <em>store</em>. <em>certificates</em> is an array of OpenSSL::X509::Certificate …\n"],["verify","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-i-verify","(p1, p2, p3 = v3, p4 = v4)",""],["verify","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-verify","(p1, p2, p3, p4 = v4)","<p>Verifies the <code>signature</code> for the <code>data</code> using a message digest algorithm <code>digest</code> and a public key <code>pkey</code>.\n<p>Returns …\n"],["verify","OpenSSL::Timestamp::Response","OpenSSL/Timestamp/Response.html#method-i-verify","(p1, p2, p3 = v3)","<p>Verifies a timestamp token by checking the signature, validating the certificate chain implied by tsa_certificate …\n"],["verify","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-verify","(p1)",""],["verify","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-verify","(p1)","<p>Verifies the signature of the certificate, with the public key <em>key</em>. <em>key</em> must be an instance of OpenSSL::PKey …\n"],["verify","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-verify","(p1)","<p>Checks that cert signature is made with PRIVversion of this PUBLIC ‘key’\n"],["verify","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-verify","(p1, p2 = v2)","<p>Performs a certificate verification on the OpenSSL::X509::Certificate <em>cert</em>.\n<p><em>chain</em> can be an array of …\n"],["verify","OpenSSL::X509::StoreContext","OpenSSL/X509/StoreContext.html#method-i-verify","()","<p>Performs the certificate verification using the parameters set to <em>stctx</em>.\n<p>See also the man page X509_verify_cert …\n"],["verify_callback=","OpenSSL::X509::Store","OpenSSL/X509/Store.html#method-i-verify_callback-3D","(p1)","<p>General callback for OpenSSL verify\n"],["verify_certificate_identity","OpenSSL::SSL","OpenSSL/SSL.html#method-c-verify_certificate_identity","(cert, hostname)",""],["verify_pss","OpenSSL::PKey::RSA","OpenSSL/PKey/RSA.html#method-i-verify_pss","(p1, p2, p3, p4 = {})","<p>Verifies <em>data</em> using the Probabilistic Signature Scheme (RSA-PSS).\n<p>The return value is <code>true</code> if the signature …\n"],["verify_raw","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-verify_raw","(p1, p2, p3, p4 = v4)","<p>Verifies the <code>signature</code> for the <code>data</code> using a public key <code>pkey</code>. Unlike #verify, this method will not hash …\n"],["verify_recover","OpenSSL::PKey::PKey","OpenSSL/PKey/PKey.html#method-i-verify_recover","(p1, p2, p3 = v3)","<p>Recovers the signed data from <code>signature</code> using a public key <code>pkey</code>. Not all signature algorithms support …\n"],["verify_result","OpenSSL::SSL::SSLSocket","OpenSSL/SSL/SSLSocket.html#method-i-verify_result","()","<p>Returns the result of the peer certificates verification. See verify(1) for error values and descriptions. …\n"],["version","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-version","()","<p>Returns the version of this request. <code>1</code> is the default value.\n"],["version","OpenSSL::Timestamp::TokenInfo","OpenSSL/Timestamp/TokenInfo.html#method-i-version","()","<p>Returns the version number of the token info. With compliant servers, this value should be <code>1</code> if present. …\n"],["version","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-version","()",""],["version","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-version","()",""],["version","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-version","()",""],["version=","OpenSSL::Timestamp::Request","OpenSSL/Timestamp/Request.html#method-i-version-3D","(p1)","<p>Sets the version number for this Request. This should be <code>1</code> for compliant servers.\n"],["version=","OpenSSL::X509::CRL","OpenSSL/X509/CRL.html#method-i-version-3D","(p1)",""],["version=","OpenSSL::X509::Certificate","OpenSSL/X509/Certificate.html#method-i-version-3D","(p1)",""],["version=","OpenSSL::X509::Request","OpenSSL/X509/Request.html#method-i-version-3D","(p1)",""],["write","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-write","(*s)","<p>Writes <em>s</em> to the stream. If the argument is not a String it will be converted using <code>.to_s</code> method. Returns …\n"],["write_nonblock","OpenSSL::Buffering","OpenSSL/Buffering.html#method-i-write_nonblock","(s, exception: true)","<p>Writes <em>s</em> in the non-blocking manner.\n<p>If there is buffered data, it is flushed first. This may block. …\n"],["write_random_file","OpenSSL::Random","OpenSSL/Random.html#method-c-write_random_file","(p1)","<p>Writes a number of random generated bytes (currently 1024) to <em>filename</em> which can be used to initialize …\n"],["write_smime","OpenSSL::PKCS7","OpenSSL/PKCS7.html#method-c-write_smime","(p1, p2 = v2, p3 = v3)",""],["zero?","OpenSSL::BN","OpenSSL/BN.html#method-i-zero-3F","()",""],["CONTRIBUTING","","CONTRIBUTING_md.html","","<p>Contributing to Ruby OpenSSL\n<p>Thank you for your interest in contributing to Ruby OpenSSL!\n<p>This documentation …\n"],["History","","History_md.html","","<p>Version 3.0.0\n<p>Compatibility notes\n<p>OpenSSL 1.0.1 and Ruby 2.3-2.5 are no longer supported.\n [GitHub #396] ...\n"],["README","","README_md.html","","<p>OpenSSL for Ruby\n<p><img src=\"https://github.com/ruby/openssl/workflows/CI/badge.svg\">\n<p>OpenSSL provides SSL …\n"]]}}
\ No newline at end of file diff --git a/table_of_contents.html b/table_of_contents.html index 8eea10a6..30274d2a 100644 --- a/table_of_contents.html +++ b/table_of_contents.html @@ -35,7 +35,7 @@ <li><a href="CONTRIBUTING_md.html#label-Bugs+and+feature+requests">Bugs and feature requests</a> <li><a href="CONTRIBUTING_md.html#label-Submitting+patches">Submitting patches</a> <li><a href="CONTRIBUTING_md.html#label-Testing">Testing</a> - <li><a href="CONTRIBUTING_md.html#label-Docker">Docker</a> + <li><a href="CONTRIBUTING_md.html#label-With+different+versions+of+OpenSSL">With different versions of OpenSSL</a> <li><a href="CONTRIBUTING_md.html#label-Relation+with+Ruby+source+tree">Relation with Ruby source tree</a> <li><a href="CONTRIBUTING_md.html#label-Release+policy">Release policy</a> <li><a href="CONTRIBUTING_md.html#label-Security">Security</a> @@ -45,6 +45,9 @@ <a href="History_md.html">History</a> <ul> + <li><a href="History_md.html#label-Version+3.0.0">Version 3.0.0</a> + <li><a href="History_md.html#label-Compatibility+notes">Compatibility notes</a> + <li><a href="History_md.html#label-Notable+changes">Notable changes</a> <li><a href="History_md.html#label-Version+2.2.1">Version 2.2.1</a> <li><a href="History_md.html#label-Bug+fixes">Bug fixes</a> <li><a href="History_md.html#label-Version+2.2.0">Version 2.2.0</a> @@ -238,10 +241,6 @@ </li> <li class="class"> <a href="OpenSSL/Config.html">OpenSSL::Config</a> - - <ul> - <li><a href="OpenSSL/Config.html#label-OpenSSL-3A-3AConfig">OpenSSL::Config</a> - </ul> </li> <li class="class"> <a href="OpenSSL/ConfigError.html">OpenSSL::ConfigError</a> @@ -582,6 +581,11 @@ <span class="container">OpenSSL</span> <li class="method"> + <a href="OpenSSL/HMAC.html#method-c-base64digest">::base64digest</a> + — + <span class="container">OpenSSL::HMAC</span> + + <li class="method"> <a href="OpenSSL/PKey/EC.html#method-c-builtin_curves">::builtin_curves</a> — <span class="container">OpenSSL::PKey::EC</span> @@ -702,6 +706,16 @@ <span class="container">OpenSSL::PKey::RSA</span> <li class="method"> + <a href="OpenSSL/PKey.html#method-c-generate_key">::generate_key</a> + — + <span class="container">OpenSSL::PKey</span> + + <li class="method"> + <a href="OpenSSL/PKey.html#method-c-generate_parameters">::generate_parameters</a> + — + <span class="container">OpenSSL::PKey</span> + + <li class="method"> <a href="OpenSSL/BN.html#method-c-generate_prime">::generate_prime</a> — <span class="container">OpenSSL::BN</span> @@ -727,6 +741,16 @@ <span class="container">OpenSSL::Engine</span> <li class="method"> + <a href="OpenSSL/X509/Certificate.html#method-c-load">::load</a> + — + <span class="container">OpenSSL::X509::Certificate</span> + + <li class="method"> + <a href="OpenSSL/X509/Certificate.html#method-c-load_file">::load_file</a> + — + <span class="container">OpenSSL::X509::Certificate</span> + + <li class="method"> <a href="OpenSSL/Random.html#method-c-load_random_file">::load_random_file</a> — <span class="container">OpenSSL::Random</span> @@ -992,6 +1016,16 @@ <span class="container">OpenSSL</span> <li class="method"> + <a href="OpenSSL/BN.html#method-c-rand">::rand</a> + — + <span class="container">OpenSSL::BN</span> + + <li class="method"> + <a href="OpenSSL/BN.html#method-c-rand_range">::rand_range</a> + — + <span class="container">OpenSSL::BN</span> + + <li class="method"> <a href="OpenSSL/Random.html#method-c-random_add">::random_add</a> — <span class="container">OpenSSL::Random</span> @@ -1212,11 +1246,6 @@ <span class="container">OpenSSL::Config</span> <li class="method"> - <a href="OpenSSL/Config.html#method-i-5B-5D-3D">#[]=</a> - — - <span class="container">OpenSSL::Config</span> - - <li class="method"> <a href="OpenSSL/Marshal.html#method-i-_dump">#_dump</a> — <span class="container">OpenSSL::Marshal</span> @@ -1227,6 +1256,11 @@ <span class="container">OpenSSL::Marshal::ClassMethods</span> <li class="method"> + <a href="OpenSSL/BN.html#method-i-abs">#abs</a> + — + <span class="container">OpenSSL::BN</span> + + <li class="method"> <a href="OpenSSL/SSL/SSLSocket.html#method-i-accept">#accept</a> — <span class="container">OpenSSL::SSL::SSLSocket</span> @@ -1347,11 +1381,6 @@ <span class="container">OpenSSL::OCSP::BasicResponse</span> <li class="method"> - <a href="OpenSSL/Config.html#method-i-add_value">#add_value</a> - — - <span class="container">OpenSSL::Config</span> - - <li class="method"> <a href="OpenSSL/SSL/SocketForwarder.html#method-i-addr">#addr</a> — <span class="container">OpenSSL::SSL::SocketForwarder</span> @@ -1427,6 +1456,11 @@ <span class="container">OpenSSL::X509::Extension::AuthorityKeyIdentifier</span> <li class="method"> + <a href="OpenSSL/HMAC.html#method-i-base64digest">#base64digest</a> + — + <span class="container">OpenSSL::HMAC</span> + + <li class="method"> <a href="OpenSSL/OCSP/Response.html#method-i-basic">#basic</a> — <span class="container">OpenSSL::OCSP::Response</span> @@ -1437,16 +1471,6 @@ <span class="container">OpenSSL::BN</span> <li class="method"> - <a href="OpenSSL/PKey/RSA.html#method-i-blinding_off-21">#blinding_off!</a> - — - <span class="container">OpenSSL::PKey::RSA</span> - - <li class="method"> - <a href="OpenSSL/PKey/RSA.html#method-i-blinding_on-21">#blinding_on!</a> - — - <span class="container">OpenSSL::PKey::RSA</span> - - <li class="method"> <a href="OpenSSL/Digest.html#method-i-block_length">#block_length</a> — <span class="container">OpenSSL::Digest</span> @@ -1632,6 +1656,11 @@ <span class="container">OpenSSL::PKey::EC::Group</span> <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-compare-3F">#compare?</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> <a href="OpenSSL/PKey/DH.html#method-i-compute_key">#compute_key</a> — <span class="container">OpenSSL::PKey::DH</span> @@ -1757,11 +1786,21 @@ <span class="container">OpenSSL::PKCS7</span> <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-decrypt">#decrypt</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> <a href="OpenSSL/PKey/EC/Group.html#method-i-degree">#degree</a> — <span class="container">OpenSSL::PKey::EC::Group</span> <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-derive">#derive</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> <a href="OpenSSL/PKCS7.html#method-i-detached">#detached</a> — <span class="container">OpenSSL::PKCS7</span> @@ -1857,6 +1896,11 @@ <span class="container">OpenSSL::Cipher</span> <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-encrypt">#encrypt</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> <a href="OpenSSL/Buffering.html#method-i-eof">#eof</a> — <span class="container">OpenSSL::Buffering</span> @@ -2072,11 +2116,21 @@ <span class="container">OpenSSL::PKey::EC::Group</span> <li class="method"> + <a href="OpenSSL/BN.html#method-i-get_flags">#get_flags</a> + — + <span class="container">OpenSSL::BN</span> + + <li class="method"> <a href="OpenSSL/Config.html#method-i-get_value">#get_value</a> — <span class="container">OpenSSL::Config</span> <li class="method"> + <a href="OpenSSL/Buffering.html#method-i-getbyte">#getbyte</a> + — + <span class="container">OpenSSL::Buffering</span> + + <li class="method"> <a href="OpenSSL/Buffering.html#method-i-getc">#getc</a> — <span class="container">OpenSSL::Buffering</span> @@ -2157,6 +2211,11 @@ <span class="container">OpenSSL::Cipher</span> <li class="method"> + <a href="OpenSSL/Config.html#method-i-initialize_copy">#initialize_copy</a> + — + <span class="container">OpenSSL::Config</span> + + <li class="method"> <a href="OpenSSL/Digest.html#method-i-initialize_copy">#initialize_copy</a> — <span class="container">OpenSSL::Digest</span> @@ -2202,6 +2261,11 @@ <span class="container">OpenSSL::PKCS7</span> <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-initialize_copy">#initialize_copy</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> <a href="OpenSSL/PKey/DH.html#method-i-initialize_copy">#initialize_copy</a> — <span class="container">OpenSSL::PKey::DH</span> @@ -3172,6 +3236,11 @@ <span class="container">OpenSSL::PKey::RSA</span> <li class="method"> + <a href="OpenSSL/BN.html#method-i-set_flags">#set_flags</a> + — + <span class="container">OpenSSL::BN</span> + + <li class="method"> <a href="OpenSSL/PKey/EC/Group.html#method-i-set_generator">#set_generator</a> — <span class="container">OpenSSL::PKey::EC::Group</span> @@ -3272,6 +3341,11 @@ <span class="container">OpenSSL::PKey::RSA</span> <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-sign_raw">#sign_raw</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> <a href="OpenSSL/X509/Certificate.html#method-i-signature_algorithm">#signature_algorithm</a> — <span class="container">OpenSSL::X509::Certificate</span> @@ -3457,6 +3531,11 @@ <span class="container">OpenSSL::SSL::Session</span> <li class="method"> + <a href="OpenSSL/SSL/SSLContext.html#method-i-tmp_dh-3D">#tmp_dh=</a> + — + <span class="container">OpenSSL::SSL::SSLContext</span> + + <li class="method"> <a href="OpenSSL/SSL/SSLSocket.html#method-i-tmp_key">#tmp_key</a> — <span class="container">OpenSSL::SSL::SSLSocket</span> @@ -3772,19 +3851,9 @@ <span class="container">OpenSSL::Netscape::SPKI</span> <li class="method"> - <a href="OpenSSL/PKey/DH.html#method-i-to_text">#to_text</a> - — - <span class="container">OpenSSL::PKey::DH</span> - - <li class="method"> - <a href="OpenSSL/PKey/DSA.html#method-i-to_text">#to_text</a> - — - <span class="container">OpenSSL::PKey::DSA</span> - - <li class="method"> - <a href="OpenSSL/PKey/EC.html#method-i-to_text">#to_text</a> + <a href="OpenSSL/PKey/PKey.html#method-i-to_text">#to_text</a> — - <span class="container">OpenSSL::PKey::EC</span> + <span class="container">OpenSSL::PKey::PKey</span> <li class="method"> <a href="OpenSSL/PKey/EC/Group.html#method-i-to_text">#to_text</a> @@ -3792,11 +3861,6 @@ <span class="container">OpenSSL::PKey::EC::Group</span> <li class="method"> - <a href="OpenSSL/PKey/RSA.html#method-i-to_text">#to_text</a> - — - <span class="container">OpenSSL::PKey::RSA</span> - - <li class="method"> <a href="OpenSSL/SSL/Session.html#method-i-to_text">#to_text</a> — <span class="container">OpenSSL::SSL::Session</span> @@ -3972,6 +4036,16 @@ <span class="container">OpenSSL::PKey::RSA</span> <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-verify_raw">#verify_raw</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> + <a href="OpenSSL/PKey/PKey.html#method-i-verify_recover">#verify_recover</a> + — + <span class="container">OpenSSL::PKey::PKey</span> + + <li class="method"> <a href="OpenSSL/SSL/SSLSocket.html#method-i-verify_result">#verify_result</a> — <span class="container">OpenSSL::SSL::SSLSocket</span> |