Digest algorithms for Ruby

Viktor Dukhovni openssl-users at dukhovni.org
Thu Oct 31 14:35:05 UTC 2019


> On Oct 31, 2019, at 7:59 AM, Samuel Williams <space.ship.traveller at gmail.com> wrote:
> 
> I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing SHA3 and BLAKE digests.
> 
> In addition, for the first time, I wrote some tests to test ALL algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer exist.
> 
> I'm going to assume this algorithm is removed because it's old and/or insecure. But I would like to seek some clarification on this because it represents a breaking change in semantic versioning, to the extent that we exposed these digests explicitly.

My advice would be to avoid specific support for any *particular*
digest algorithm.  Instead, provide bindings to:

  - EVP_get_digestbyname(),
  - EVP_MD_CTX_create(3),
  - EVP_DigestInit_ex(3),
  - EVP_DigestUpdate(3),
  - EVP_DigestFinal_ex(3),
  - EVP_MD_CTX_destroy(3)

which can they use *any* available digest algorithm (by name).

-- 
	Viktor.


More information about the openssl-users mailing list