Digest algorithms for Ruby
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Oct 31 14:35:05 UTC 2019
> On Oct 31, 2019, at 7:59 AM, Samuel Williams <space.ship.traveller at gmail.com> wrote:
>
> I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing SHA3 and BLAKE digests.
>
> In addition, for the first time, I wrote some tests to test ALL algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer exist.
>
> I'm going to assume this algorithm is removed because it's old and/or insecure. But I would like to seek some clarification on this because it represents a breaking change in semantic versioning, to the extent that we exposed these digests explicitly.
My advice would be to avoid specific support for any *particular*
digest algorithm. Instead, provide bindings to:
- EVP_get_digestbyname(),
- EVP_MD_CTX_create(3),
- EVP_DigestInit_ex(3),
- EVP_DigestUpdate(3),
- EVP_DigestFinal_ex(3),
- EVP_MD_CTX_destroy(3)
which can they use *any* available digest algorithm (by name).
--
Viktor.
More information about the openssl-users
mailing list