<div dir="ltr">Thanks everyone, your replies were most helpful.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 2 Nov 2019 at 06:42, Jordan Brown <<a href="mailto:openssl@jordan.maileater.net">openssl@jordan.maileater.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div>On 10/31/2019 7:35 AM, Viktor Dukhovni
wrote:<br>
</div>
<blockquote type="cite">My
advice would be to avoid specific support for any *particular*
digest algorithm. Instead, provide bindings to:
<pre> - EVP_get_digestbyname(),
- EVP_MD_CTX_create(3),
- EVP_DigestInit_ex(3),
- EVP_DigestUpdate(3),
- EVP_DigestFinal_ex(3),
- EVP_MD_CTX_destroy(3)
</pre>
<p>which can they use *any* available digest algorithm (by name).
</p>
</blockquote>
<br>
That avoids having *your* software be dependent on the digest
algorithms, but it does so by exporting the dependency out to your
caller.<br>
<br>
The bottom line for somebody trying to maintain compatibility is
that when you remove some algorithm X, there's always a risk that
something in the stack - be it software or user configuration -
explicitly depends on X and so will fail on upgrade.<br>
<br>
<pre cols="72">--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris</pre>
</div>
</blockquote></div>