> On Oct 31, 2019, at 7:59 AM, Samuel Williams <[email protected]>
> wrote:
>
> I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing
> SHA3 and BLAKE digests.
>
> In addition, for the first time, I wrote some tests to test ALL algorithms we
> expose, and found that "DSS", "DSS1" and "SHA" no longer exist.
>
> I'm going to assume this algorithm is removed because it's old and/or
> insecure. But I would like to seek some clarification on this because it
> represents a breaking change in semantic versioning, to the extent that we
> exposed these digests explicitly.
My advice would be to avoid specific support for any *particular*
digest algorithm. Instead, provide bindings to:
- EVP_get_digestbyname(),
- EVP_MD_CTX_create(3),
- EVP_DigestInit_ex(3),
- EVP_DigestUpdate(3),
- EVP_DigestFinal_ex(3),
- EVP_MD_CTX_destroy(3)
which can they use *any* available digest algorithm (by name).
--
Viktor.
