|
On 10/31/2019 7:35 AM, Viktor Dukhovni
wrote:
My advice would be to avoid specific support for any *particular* digest algorithm. Instead, provide bindings to:- EVP_get_digestbyname(), - EVP_MD_CTX_create(3), - EVP_DigestInit_ex(3), - EVP_DigestUpdate(3), - EVP_DigestFinal_ex(3), - EVP_MD_CTX_destroy(3) That avoids having *your* software be dependent on the digest algorithms, but it does so by exporting the dependency out to your caller. The bottom line for somebody trying to maintain compatibility is that when you remove some algorithm X, there's always a risk that something in the stack - be it software or user configuration - explicitly depends on X and so will fail on upgrade. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris |
