Digest algorithms for Ruby

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Digest algorithms for Ruby

Samuel Williams
I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing SHA3 and BLAKE digests.

In addition, for the first time, I wrote some tests to test ALL algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer exist.

I'm going to assume this algorithm is removed because it's old and/or insecure. But I would like to seek some clarification on this because it represents a breaking change in semantic versioning, to the extent that we exposed these digests explicitly.

So:

- Did they exist?
- When did they stop existing?
- Are they still relevant?

Kind regards,
Samuel.
Reply | Threaded
Open this post in threaded view
|

Re: Digest algorithms for Ruby

Viktor Dukhovni
> On Oct 31, 2019, at 7:59 AM, Samuel Williams <[hidden email]> wrote:
>
> I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing SHA3 and BLAKE digests.
>
> In addition, for the first time, I wrote some tests to test ALL algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer exist.
>
> I'm going to assume this algorithm is removed because it's old and/or insecure. But I would like to seek some clarification on this because it represents a breaking change in semantic versioning, to the extent that we exposed these digests explicitly.

My advice would be to avoid specific support for any *particular*
digest algorithm.  Instead, provide bindings to:

  - EVP_get_digestbyname(),
  - EVP_MD_CTX_create(3),
  - EVP_DigestInit_ex(3),
  - EVP_DigestUpdate(3),
  - EVP_DigestFinal_ex(3),
  - EVP_MD_CTX_destroy(3)

which can they use *any* available digest algorithm (by name).

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Digest algorithms for Ruby

Matt Caswell-2
In reply to this post by Samuel Williams


On 31/10/2019 11:59, Samuel Williams wrote:

> I am maintaining the OpenSSL bindings for Ruby, and I'm considering
> exposing SHA3 and BLAKE digests.
>
> In addition, for the first time, I wrote some tests to test ALL
> algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer
> exist.
>
> I'm going to assume this algorithm is removed because it's old and/or
> insecure. But I would like to seek some clarification on this because it
> represents a breaking change in semantic versioning, to the extent that
> we exposed these digests explicitly.
>
> So:
>
> - Did they exist?


Yes, they did exist. EVP_sha() (aka SHA0) and EVP_dss() (aka DSS0) were
removed by commit 474e469bb. It had this commit description:

commit 474e469bbd056aebcf7e7d3207ef820f2faed4ce
Author:     Rich Salz <[hidden email]>
AuthorDate: Tue Jan 27 12:34:45 2015 -0500
Commit:     Rich Salz <[hidden email]>
CommitDate: Tue Jan 27 12:34:45 2015 -0500

    OPENSSL_NO_xxx cleanup: SHA

    Remove support for SHA0 and DSS0 (they were broken), and remove
    the ability to attempt to build without SHA (it didn't work).
    For simplicity, remove the option of not building various SHA
algorithms;
    you could argue that SHA_224/256/384/512 should be kept, since they're
    like crypto algorithms, but I decided to go the other way.
    So these options are gone:
            GENUINE_DSA         OPENSSL_NO_SHA0
            OPENSSL_NO_SHA      OPENSSL_NO_SHA1
            OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
            OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

    Reviewed-by: Richard Levitte <[hidden email]>

EVP_dss1() was removed by commit 7f572e958b with this commit description:

commit 7f572e958b13041056f377a62d3219633cfb1e8a
Author:     Dr. Stephen Henson <[hidden email]>
AuthorDate: Wed Dec 2 13:57:04 2015 +0000
Commit:     Dr. Stephen Henson <[hidden email]>
CommitDate: Wed Dec 2 17:52:01 2015 +0000

    Remove legacy sign/verify from EVP_MD.

    Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
    legacy from when digests were linked to public key types. All signing is
    now handled by the corresponding EVP_PKEY_METHOD.

    Only allow supported digest types in RSA EVP_PKEY_METHOD: other
algorithms
    already block unsupported types.

    Remove now obsolete EVP_dss1() and EVP_ecdsa().

    Reviewed-by: Richard Levitte <[hidden email]>


> - When did they stop existing?

The first release that contained the above commits was OpenSSL 1.1.0.
That was a major release that did not claim backwards source
compatibility. Most notably because of the structures becoming opaque,
but it did impact some other areas too.


> - Are they still relevant?

Since 1.1.0 has been around for nearly 4 years now, and this is the
first time I recall anyone ever noticing this, I would say "No".

Reply | Threaded
Open this post in threaded view
|

Re: Digest algorithms for Ruby

JordanBrown
In reply to this post by Viktor Dukhovni
On 10/31/2019 7:35 AM, Viktor Dukhovni wrote:
My advice would be to avoid specific support for any *particular* digest algorithm. Instead, provide bindings to:
  - EVP_get_digestbyname(),
  - EVP_MD_CTX_create(3),
  - EVP_DigestInit_ex(3),
  - EVP_DigestUpdate(3),
  - EVP_DigestFinal_ex(3),
  - EVP_MD_CTX_destroy(3)

which can they use *any* available digest algorithm (by name).


That avoids having *your* software be dependent on the digest algorithms, but it does so by exporting the dependency out to your caller.

The bottom line for somebody trying to maintain compatibility is that when you remove some algorithm X, there's always a risk that something in the stack - be it software or user configuration - explicitly depends on X and so will fail on upgrade.

-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris