mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
2e601c284c
The OpenSSL engine of Digest uses the low-level API of OpenSSL, whose use has been discouraged for years for multiple reasons. A long-standing issue on a FIPS-enabled system is that using ::Digest results in crashing the Ruby process, because the low-level API lacks the mechanism to report an error (the policy violation) and thus kills the process as a last resort[1][2]. Also, the upcoming OpenSSL 3.0 will deprecate it for future removal[3]. Compiling with -Wdeprecated-declarations will start to emit warnings. A proper fix for this is to make it use the EVP API instead. This is a non-trivial work as it requires backwards-incompatible changes to the framework interface of Digest::Base and rb_digest_metadata_t. It is more than 15 years ago that the openssl library became part of the standard library. It has implemented the exactly same functionality as OpenSSL::Digest, in fact, as a subclass of Digest::Class. There is not much point in having an identical code in the digest library. Let's just get rid of OpenSSL within digest. This leaves the C implementations and the CommonCrypto engine for Apple systems. A patch is being prepared for the openssl library to provide ::Digest constants for better performance[4]. [1] https://bugs.ruby-lang.org/issues/6946 [2] https://bugs.ruby-lang.org/issues/13681 [3] https://www.openssl.org/docs/OpenSSL300Design.html [4] https://github.com/ruby/openssl/pull/377
19 lines
363 B
Ruby
19 lines
363 B
Ruby
# -*- coding: us-ascii -*-
|
|
# frozen_string_literal: false
|
|
# $RoughId: extconf.rb,v 1.3 2001/08/14 19:54:51 knu Exp $
|
|
# $Id$
|
|
|
|
require "mkmf"
|
|
require File.expand_path("../../digest_conf", __FILE__)
|
|
|
|
$defs << "-DHAVE_CONFIG_H"
|
|
|
|
$objs = [ "sha1init.#{$OBJEXT}" ]
|
|
|
|
digest_conf("sha1")
|
|
|
|
have_header("sys/cdefs.h")
|
|
|
|
$preload = %w[digest]
|
|
|
|
create_makefile("digest/sha1")
|