Digest algorithms for Ruby

Jordan Brown openssl at jordan.maileater.net
Fri Nov 1 17:34:57 UTC 2019

On 10/31/2019 7:35 AM, Viktor Dukhovni wrote:
> My advice would be to avoid specific support for any *particular*
> digest algorithm. Instead, provide bindings to:
>   - EVP_get_digestbyname(),
>   - EVP_MD_CTX_create(3),
>   - EVP_DigestInit_ex(3),
>   - EVP_DigestUpdate(3),
>   - EVP_DigestFinal_ex(3),
>   - EVP_MD_CTX_destroy(3)
> which can they use *any* available digest algorithm (by name).

That avoids having *your* software be dependent on the digest
algorithms, but it does so by exporting the dependency out to your caller.

The bottom line for somebody trying to maintain compatibility is that
when you remove some algorithm X, there's always a risk that something
in the stack - be it software or user configuration - explicitly depends
on X and so will fail on upgrade.

Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191101/47b6c06a/attachment.html>

More information about the openssl-users mailing list