Age | Commit message (Collapse) | Author |
|
The OpenSSL engine of Digest uses the low-level API of OpenSSL, whose
use has been discouraged for years for multiple reasons.
A long-standing issue on a FIPS-enabled system is that using ::Digest
results in crashing the Ruby process, because the low-level API lacks
the mechanism to report an error (the policy violation) and thus kills
the process as a last resort[1][2]. Also, the upcoming OpenSSL 3.0 will
deprecate it for future removal[3]. Compiling with
-Wdeprecated-declarations will start to emit warnings.
A proper fix for this is to make it use the EVP API instead. This is a
non-trivial work as it requires backwards-incompatible changes to the
framework interface of Digest::Base and rb_digest_metadata_t.
It is more than 15 years ago that the openssl library became part of the
standard library. It has implemented the exactly same functionality as
OpenSSL::Digest, in fact, as a subclass of Digest::Class. There is not
much point in having an identical code in the digest library. Let's
just get rid of OpenSSL within digest. This leaves the C implementations
and the CommonCrypto engine for Apple systems.
A patch is being prepared for the openssl library to provide ::Digest
constants for better performance[4].
[1] https://bugs.ruby-lang.org/issues/6946
[2] https://bugs.ruby-lang.org/issues/13681
[3] https://www.openssl.org/docs/OpenSSL300Design.html
[4] https://github.com/ruby/openssl/pull/377
Notes:
Merged: https://github.com/ruby/ruby/pull/3149
|
|
Suppress warning on Solaris with Oracle Solaris Studio 12.
[ruby-dev:49692] [Bug #12524]
* ext/digest/md5/md5cc.h: ditto.
* ext/digest/sha1/sha1cc.h: ditto.
* ext/digest/sha1/sha1ossl.h: ditto.
* ext/digest/sha2/sha2cc.h: ditto.
* ext/digest/sha2/sha2ossl.h: ditto.
* ext/openssl/ossl_pkey_rsa.c: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55523 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/digest/digest.h (DEFINE_FINISH_FUNC_FROM_FINAL): macro for
finish functions, by inverting arguments order.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rb_digest_base_equal): Simplify the equality check and just
compare resulted digests since state-level equality should
not be significant.
* ext/digest/digest.h: Ditto.
* ext/digest/*/*.[ch]: Ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11131 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SHA_BLOCK_LENGTH.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
hash_final_func_t was inconsistent with others, change it and
rename to hash_finish_func_t to avoid confusion.
* ext/digest/digest.[ch]: Remove and eliminate the use of
hash_end_func_t. Implement hexdigest conversion in the base
class.
* ext/digest/md5/md5.c, ext/digest/md5/md5.h,
ext/digest/md5/md5init.c, ext/digest/md5/md5ossl.c,
ext/digest/md5/md5ossl.h: Remove MD5_End() and change
MD5_Final() to MD5_Finish().
* ext/digest/rmd160/depend, ext/digest/rmd160/extconf.rb,
ext/digest/rmd160/rmd160.c, ext/digest/rmd160/rmd160.h,
ext/digest/rmd160/rmd160hl.c, ext/digest/rmd160/rmd160init.c,
ext/digest/rmd160/rmd160ossl.c, ext/digest/rmd160/rmd160ossl.h:
Remove unused functions RMD160_End(), RMD160_File(),
RMD160_Data() and change RMD160_Final() to RMD160_Finish().
* ext/digest/sha1/extconf.rb, ext/digest/sha1/sha1.c,
ext/digest/sha1/sha1.h, ext/digest/sha1/sha1hl.c,
ext/digest/sha1/sha1init.c, ext/digest/sha1/sha1ossl.c,
ext/digest/sha1/sha1ossl.h: Likewise.
* ext/digest/sha2/extconf.rb, ext/digest/sha2/sha2.c,
ext/digest/sha2/sha2.h, ext/digest/sha2/sha2hl.c,
ext/digest/sha2/sha2init.c: Likewise.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11086 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/digest/sha1/sha1ossl.h: include <stddef.h> to avoid
error in compilation with OpenSSL-0.9.8. [ruby-list:41068]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9049 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
much faster than what we have now (sha1.[ch]). Add a knob
(--with-bundled-sha1) to extconf.rb which makes it use the
bundled one anyway.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@2895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|