path: root/ext/digest/sha1/sha1ossl.h
AgeCommit message (Collapse)Author
2020-12-02digest: remove OpenSSL engineKazuki Yamaguchi
The OpenSSL engine of Digest uses the low-level API of OpenSSL, whose use has been discouraged for years for multiple reasons. A long-standing issue on a FIPS-enabled system is that using ::Digest results in crashing the Ruby process, because the low-level API lacks the mechanism to report an error (the policy violation) and thus kills the process as a last resort[1][2]. Also, the upcoming OpenSSL 3.0 will deprecate it for future removal[3]. Compiling with -Wdeprecated-declarations will start to emit warnings. A proper fix for this is to make it use the EVP API instead. This is a non-trivial work as it requires backwards-incompatible changes to the framework interface of Digest::Base and rb_digest_metadata_t. It is more than 15 years ago that the openssl library became part of the standard library. It has implemented the exactly same functionality as OpenSSL::Digest, in fact, as a subclass of Digest::Class. There is not much point in having an identical code in the digest library. Let's just get rid of OpenSSL within digest. This leaves the C implementations and the CommonCrypto engine for Apple systems. A patch is being prepared for the openssl library to provide ::Digest constants for better performance[4]. [1] [2] [3] [4] Notes: Merged:
2016-06-28* ext/digest/md5/md5ossl.h: Remove excess semicolons.ngoto
Suppress warning on Solaris with Oracle Solaris Studio 12. [ruby-dev:49692] [Bug #12524] * ext/digest/md5/md5cc.h: ditto. * ext/digest/sha1/sha1cc.h: ditto. * ext/digest/sha1/sha1ossl.h: ditto. * ext/digest/sha2/sha2cc.h: ditto. * ext/digest/sha2/sha2ossl.h: ditto. * ext/openssl/ossl_pkey_rsa.c: ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-02-11digest: define Finish func from Final funcnobu
* ext/digest/digest.h (DEFINE_FINISH_FUNC_FROM_FINAL): macro for finish functions, by inverting arguments order. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-10-11* ext/digest/digest.c (rb_digest_base_alloc,knu
rb_digest_base_equal): Simplify the equality check and just compare resulted digests since state-level equality should not be significant. * ext/digest/digest.h: Ditto. * ext/digest/*/*.[ch]: Ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-10-11* ext/digest/sha1/sha1ossl.h: libssl 0.9.8c-3 defines nomatz
SHA_BLOCK_LENGTH. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-10-05* ext/digest/digest.[ch]: Since the argument order ofknu
hash_final_func_t was inconsistent with others, change it and rename to hash_finish_func_t to avoid confusion. * ext/digest/digest.[ch]: Remove and eliminate the use of hash_end_func_t. Implement hexdigest conversion in the base class. * ext/digest/md5/md5.c, ext/digest/md5/md5.h, ext/digest/md5/md5init.c, ext/digest/md5/md5ossl.c, ext/digest/md5/md5ossl.h: Remove MD5_End() and change MD5_Final() to MD5_Finish(). * ext/digest/rmd160/depend, ext/digest/rmd160/extconf.rb, ext/digest/rmd160/rmd160.c, ext/digest/rmd160/rmd160.h, ext/digest/rmd160/rmd160hl.c, ext/digest/rmd160/rmd160init.c, ext/digest/rmd160/rmd160ossl.c, ext/digest/rmd160/rmd160ossl.h: Remove unused functions RMD160_End(), RMD160_File(), RMD160_Data() and change RMD160_Final() to RMD160_Finish(). * ext/digest/sha1/extconf.rb, ext/digest/sha1/sha1.c, ext/digest/sha1/sha1.h, ext/digest/sha1/sha1hl.c, ext/digest/sha1/sha1init.c, ext/digest/sha1/sha1ossl.c, ext/digest/sha1/sha1ossl.h: Likewise. * ext/digest/sha2/extconf.rb, ext/digest/sha2/sha2.c, ext/digest/sha2/sha2.h, ext/digest/sha2/sha2hl.c, ext/digest/sha2/sha2init.c: Likewise. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-08-30* ext/digest/md5/md5ossl.h, ext/digest/rmd160/rmd160ossl.h,gotoyuzo
ext/digest/sha1/sha1ossl.h: include <stddef.h> to avoid error in compilation with OpenSSL-0.9.8. [ruby-list:41068] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2002-09-26* ext/digest/sha1: Use OpenSSL's SHA1 engine if available. It isknu
much faster than what we have now (sha1.[ch]). Add a knob (--with-bundled-sha1) to extconf.rb which makes it use the bundled one anyway. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e