> On Oct 31, 2019, at 7:59 AM, Samuel Williams <space.ship.traveller@xxxxxxxxx> wrote: > > I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing SHA3 and BLAKE digests. > > In addition, for the first time, I wrote some tests to test ALL algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer exist. > > I'm going to assume this algorithm is removed because it's old and/or insecure. But I would like to seek some clarification on this because it represents a breaking change in semantic versioning, to the extent that we exposed these digests explicitly. My advice would be to avoid specific support for any *particular* digest algorithm. Instead, provide bindings to: - EVP_get_digestbyname(), - EVP_MD_CTX_create(3), - EVP_DigestInit_ex(3), - EVP_DigestUpdate(3), - EVP_DigestFinal_ex(3), - EVP_MD_CTX_destroy(3) which can they use *any* available digest algorithm (by name). -- Viktor.
