mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
2e601c284c
The OpenSSL engine of Digest uses the low-level API of OpenSSL, whose use has been discouraged for years for multiple reasons. A long-standing issue on a FIPS-enabled system is that using ::Digest results in crashing the Ruby process, because the low-level API lacks the mechanism to report an error (the policy violation) and thus kills the process as a last resort[1][2]. Also, the upcoming OpenSSL 3.0 will deprecate it for future removal[3]. Compiling with -Wdeprecated-declarations will start to emit warnings. A proper fix for this is to make it use the EVP API instead. This is a non-trivial work as it requires backwards-incompatible changes to the framework interface of Digest::Base and rb_digest_metadata_t. It is more than 15 years ago that the openssl library became part of the standard library. It has implemented the exactly same functionality as OpenSSL::Digest, in fact, as a subclass of Digest::Class. There is not much point in having an identical code in the digest library. Let's just get rid of OpenSSL within digest. This leaves the C implementations and the CommonCrypto engine for Apple systems. A patch is being prepared for the openssl library to provide ::Digest constants for better performance[4]. [1] https://bugs.ruby-lang.org/issues/6946 [2] https://bugs.ruby-lang.org/issues/13681 [3] https://www.openssl.org/docs/OpenSSL300Design.html [4] https://github.com/ruby/openssl/pull/377 |
||
|---|---|---|
| .. | ||
| -test- | ||
| bigdecimal | ||
| cgi/escape | ||
| continuation | ||
| coverage | ||
| date | ||
| dbm | ||
| digest | ||
| etc | ||
| fcntl | ||
| fiber | ||
| fiddle | ||
| gdbm | ||
| io | ||
| json | ||
| monitor | ||
| nkf | ||
| objspace | ||
| openssl | ||
| pathname | ||
| psych | ||
| pty | ||
| racc/cparse | ||
| rbconfig/sizeof | ||
| readline | ||
| ripper | ||
| rubyvm | ||
| socket | ||
| stringio | ||
| strscan | ||
| syslog | ||
| win32 | ||
| win32ole | ||
| zlib | ||
| .document | ||
| extmk.rb | ||
| Setup | ||
| Setup.atheos | ||
| Setup.nt | ||