> On Oct 31, 2019, at 7:59 AM, Samuel Williams <space.ship.travel...@gmail.com> > wrote: > > I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing > SHA3 and BLAKE digests. > > In addition, for the first time, I wrote some tests to test ALL algorithms we > expose, and found that "DSS", "DSS1" and "SHA" no longer exist. > > I'm going to assume this algorithm is removed because it's old and/or > insecure. But I would like to seek some clarification on this because it > represents a breaking change in semantic versioning, to the extent that we > exposed these digests explicitly.
My advice would be to avoid specific support for any *particular* digest algorithm. Instead, provide bindings to: - EVP_get_digestbyname(), - EVP_MD_CTX_create(3), - EVP_DigestInit_ex(3), - EVP_DigestUpdate(3), - EVP_DigestFinal_ex(3), - EVP_MD_CTX_destroy(3) which can they use *any* available digest algorithm (by name). -- Viktor.