类 OpenSSL::Engine
此类是访问 openssl 的 ENGINE 加密模块实现的入口。
公共类方法
根据 id String
获取引擎。
OpenSSL::Engine.by_id("openssl") => #<OpenSSL::Engine id="openssl" name="Software engine support">
有关当前加载的引擎,请参阅 OpenSSL::Engine.engines
。
static VALUE ossl_engine_s_by_id(VALUE klass, VALUE id) { ENGINE *e; VALUE obj; StringValueCStr(id); ossl_engine_s_load(1, &id, klass); obj = NewEngine(klass); if(!(e = ENGINE_by_id(RSTRING_PTR(id)))) ossl_raise(eEngineError, NULL); SetEngine(obj, e); if(rb_block_given_p()) rb_yield(obj); if(!ENGINE_init(e)) ossl_raise(eEngineError, NULL); ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK, 0, NULL, (void(*)(void))ossl_pem_passwd_cb); ossl_clear_error(); return obj; }
只有在通过 OpenSSL::Engine.load
加载引擎时才需要运行清理。但是,建议在退出之前运行清理。
请注意,这仅在 OpenSSL
< 1.1.0 中需要且有效。
static VALUE ossl_engine_s_cleanup(VALUE self) { #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000 ENGINE_cleanup(); #endif return Qnil; }
返回当前加载的引擎数组。
static VALUE ossl_engine_s_engines(VALUE klass) { ENGINE *e; VALUE ary, obj; ary = rb_ary_new(); for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)){ obj = NewEngine(klass); /* Need a ref count of two here because of ENGINE_free being * called internally by OpenSSL when moving to the next ENGINE * and by us when releasing the ENGINE reference */ ENGINE_up_ref(e); SetEngine(obj, e); rb_ary_push(ary, obj); } return ary; }
此方法加载引擎。如果 name 为 nil,则加载所有内置引擎。否则,如果给定的 name(作为 String
)在您的运行时环境中可用,则加载它并返回 true。如果找不到 name,则返回 nil。
static VALUE ossl_engine_s_load(int argc, VALUE *argv, VALUE klass) { VALUE name; rb_scan_args(argc, argv, "01", &name); if(NIL_P(name)){ ENGINE_load_builtin_engines(); return Qtrue; } StringValueCStr(name); #ifdef HAVE_ENGINE_LOAD_DYNAMIC OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC); #endif #ifndef OPENSSL_NO_STATIC_ENGINE #ifdef HAVE_ENGINE_LOAD_4758CCA OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA); #endif #ifdef HAVE_ENGINE_LOAD_AEP OSSL_ENGINE_LOAD_IF_MATCH(aep, AEP); #endif #ifdef HAVE_ENGINE_LOAD_ATALLA OSSL_ENGINE_LOAD_IF_MATCH(atalla, ATALLA); #endif #ifdef HAVE_ENGINE_LOAD_CHIL OSSL_ENGINE_LOAD_IF_MATCH(chil, CHIL); #endif #ifdef HAVE_ENGINE_LOAD_CSWIFT OSSL_ENGINE_LOAD_IF_MATCH(cswift, CSWIFT); #endif #ifdef HAVE_ENGINE_LOAD_NURON OSSL_ENGINE_LOAD_IF_MATCH(nuron, NURON); #endif #ifdef HAVE_ENGINE_LOAD_SUREWARE OSSL_ENGINE_LOAD_IF_MATCH(sureware, SUREWARE); #endif #ifdef HAVE_ENGINE_LOAD_UBSEC OSSL_ENGINE_LOAD_IF_MATCH(ubsec, UBSEC); #endif #ifdef HAVE_ENGINE_LOAD_PADLOCK OSSL_ENGINE_LOAD_IF_MATCH(padlock, PADLOCK); #endif #ifdef HAVE_ENGINE_LOAD_CAPI OSSL_ENGINE_LOAD_IF_MATCH(capi, CAPI); #endif #ifdef HAVE_ENGINE_LOAD_GMP OSSL_ENGINE_LOAD_IF_MATCH(gmp, GMP); #endif #ifdef HAVE_ENGINE_LOAD_GOST OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST); #endif #endif #ifdef HAVE_ENGINE_LOAD_CRYPTODEV OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV); #endif OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL); rb_warning("no such builtin loader for `%"PRIsVALUE"'", name); return Qnil; }
公共实例方法
如果此引擎中可用,则通过 name 返回 OpenSSL::Cipher
的新实例。
如果密码不可用,则会引发 EngineError
。
e = OpenSSL::Engine.by_id("openssl") => #<OpenSSL::Engine id="openssl" name="Software engine support"> e.cipher("RC4") => #<OpenSSL::Cipher:0x007fc5cacc3048>
static VALUE ossl_engine_get_cipher(VALUE self, VALUE name) { ENGINE *e; const EVP_CIPHER *ciph, *tmp; int nid; tmp = EVP_get_cipherbyname(StringValueCStr(name)); if(!tmp) ossl_raise(eEngineError, "no such cipher `%"PRIsVALUE"'", name); nid = EVP_CIPHER_nid(tmp); GetEngine(self, e); ciph = ENGINE_get_cipher(e, nid); if(!ciph) ossl_raise(eEngineError, NULL); return ossl_cipher_new(ciph); }
返回当前引擎的命令定义数组。
static VALUE ossl_engine_get_cmds(VALUE self) { ENGINE *e; const ENGINE_CMD_DEFN *defn, *p; VALUE ary, tmp; GetEngine(self, e); ary = rb_ary_new(); if ((defn = ENGINE_get_cmd_defns(e)) != NULL){ for (p = defn; p->cmd_num > 0; p++){ tmp = rb_ary_new(); rb_ary_push(tmp, rb_str_new2(p->cmd_name)); rb_ary_push(tmp, rb_str_new2(p->cmd_desc)); rb_ary_push(tmp, ossl_engine_cmd_flag_to_name(p->cmd_flags)); rb_ary_push(ary, tmp); } } return ary; }
将给定的 command 发送到此引擎。
如果命令失败,则会引发 EngineError
。
static VALUE ossl_engine_ctrl_cmd(int argc, VALUE *argv, VALUE self) { ENGINE *e; VALUE cmd, val; int ret; GetEngine(self, e); rb_scan_args(argc, argv, "11", &cmd, &val); ret = ENGINE_ctrl_cmd_string(e, StringValueCStr(cmd), NIL_P(val) ? NULL : StringValueCStr(val), 0); if (!ret) ossl_raise(eEngineError, NULL); return self; }
通过 name 返回 OpenSSL::Digest
的新实例。
如果摘要不可用,则会引发 EngineError
。
e = OpenSSL::Engine.by_id("openssl") #=> #<OpenSSL::Engine id="openssl" name="Software engine support"> e.digest("SHA1") #=> #<OpenSSL::Digest: da39a3ee5e6b4b0d3255bfef95601890afd80709> e.digest("zomg") #=> OpenSSL::Engine::EngineError: no such digest `zomg'
static VALUE ossl_engine_get_digest(VALUE self, VALUE name) { ENGINE *e; const EVP_MD *md, *tmp; int nid; tmp = EVP_get_digestbyname(StringValueCStr(name)); if(!tmp) ossl_raise(eEngineError, "no such digest `%"PRIsVALUE"'", name); nid = EVP_MD_nid(tmp); GetEngine(self, e); md = ENGINE_get_digest(e, nid); if(!md) ossl_raise(eEngineError, NULL); return ossl_digest_new(md); }
释放此引擎的所有内部结构引用。
如果引擎不可用,则可能会引发 EngineError
static VALUE ossl_engine_finish(VALUE self) { ENGINE *e; GetEngine(self, e); if(!ENGINE_finish(e)) ossl_raise(eEngineError, NULL); return Qnil; }
获取此引擎的 id。
OpenSSL::Engine.load OpenSSL::Engine.engines #=> [#<OpenSSL::Engine#>, ...] OpenSSL::Engine.engines.first.id #=> "rsax"
static VALUE ossl_engine_get_id(VALUE self) { ENGINE *e; GetEngine(self, e); return rb_str_new2(ENGINE_get_id(e)); }
漂亮地打印此引擎。
static VALUE ossl_engine_inspect(VALUE self) { ENGINE *e; GetEngine(self, e); return rb_sprintf("#<%"PRIsVALUE" id=\"%s\" name=\"%s\">", rb_obj_class(self), ENGINE_get_id(e), ENGINE_get_name(e)); }
加载由 id 和 data 标识的给定私钥。
如果 OpenSSL::PKey
不可用,则会引发 EngineError
。
static VALUE ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self) { ENGINE *e; EVP_PKEY *pkey; VALUE id, data, obj; char *sid, *sdata; rb_scan_args(argc, argv, "02", &id, &data); sid = NIL_P(id) ? NULL : StringValueCStr(id); sdata = NIL_P(data) ? NULL : StringValueCStr(data); GetEngine(self, e); pkey = ENGINE_load_private_key(e, sid, NULL, sdata); if (!pkey) ossl_raise(eEngineError, NULL); obj = ossl_pkey_new(pkey); OSSL_PKEY_SET_PRIVATE(obj); return obj; }
加载由 id 和 data 标识的给定公钥。
如果 OpenSSL::PKey
不可用,则会引发 EngineError
。
static VALUE ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self) { ENGINE *e; EVP_PKEY *pkey; VALUE id, data; char *sid, *sdata; rb_scan_args(argc, argv, "02", &id, &data); sid = NIL_P(id) ? NULL : StringValueCStr(id); sdata = NIL_P(data) ? NULL : StringValueCStr(data); GetEngine(self, e); pkey = ENGINE_load_public_key(e, sid, NULL, sdata); if (!pkey) ossl_raise(eEngineError, NULL); return ossl_pkey_new(pkey); }
获取此引擎的描述性名称。
OpenSSL::Engine.load OpenSSL::Engine.engines #=> [#<OpenSSL::Engine#>, ...] OpenSSL::Engine.engines.first.name #=> "RSAX engine support"
static VALUE ossl_engine_get_name(VALUE self) { ENGINE *e; GetEngine(self, e); return rb_str_new2(ENGINE_get_name(e)); }
使用给定的 flag Set
此引擎的默认值。
这些标志用于控制算法方法的组合。
flag 可以是以下之一,其他标志根据您的操作系统而有所不同。
- 所有标志
-
0xFFFF
- 无标志
-
0x0000
另请参阅 <openssl/engine.h>
static VALUE ossl_engine_set_default(VALUE self, VALUE flag) { ENGINE *e; int f = NUM2INT(flag); GetEngine(self, e); ENGINE_set_default(e, f); return Qtrue; }