summaryrefslogtreecommitdiff
path: root/ext/digest/sha2/sha2ossl.h
AgeCommit message (Collapse)Author
2020-12-02digest: remove OpenSSL engineKazuki Yamaguchi
The OpenSSL engine of Digest uses the low-level API of OpenSSL, whose use has been discouraged for years for multiple reasons. A long-standing issue on a FIPS-enabled system is that using ::Digest results in crashing the Ruby process, because the low-level API lacks the mechanism to report an error (the policy violation) and thus kills the process as a last resort[1][2]. Also, the upcoming OpenSSL 3.0 will deprecate it for future removal[3]. Compiling with -Wdeprecated-declarations will start to emit warnings. A proper fix for this is to make it use the EVP API instead. This is a non-trivial work as it requires backwards-incompatible changes to the framework interface of Digest::Base and rb_digest_metadata_t. It is more than 15 years ago that the openssl library became part of the standard library. It has implemented the exactly same functionality as OpenSSL::Digest, in fact, as a subclass of Digest::Class. There is not much point in having an identical code in the digest library. Let's just get rid of OpenSSL within digest. This leaves the C implementations and the CommonCrypto engine for Apple systems. A patch is being prepared for the openssl library to provide ::Digest constants for better performance[4]. [1] https://bugs.ruby-lang.org/issues/6946 [2] https://bugs.ruby-lang.org/issues/13681 [3] https://www.openssl.org/docs/OpenSSL300Design.html [4] https://github.com/ruby/openssl/pull/377 Notes: Merged: https://github.com/ruby/ruby/pull/3149
2016-06-28* ext/digest/md5/md5ossl.h: Remove excess semicolons.ngoto
Suppress warning on Solaris with Oracle Solaris Studio 12. [ruby-dev:49692] [Bug #12524] * ext/digest/md5/md5cc.h: ditto. * ext/digest/sha1/sha1cc.h: ditto. * ext/digest/sha1/sha1ossl.h: ditto. * ext/digest/sha2/sha2cc.h: ditto. * ext/digest/sha2/sha2ossl.h: ditto. * ext/openssl/ossl_pkey_rsa.c: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55523 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-02-11digest: define Finish func from Final funcnobu
* ext/digest/digest.h (DEFINE_FINISH_FUNC_FROM_FINAL): macro for finish functions, by inverting arguments order. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-02-22* ext/digest/sha2: Use OpenSSL's SHA1 engine if available.nobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26726 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 01:49:48 +0000