Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OpenSSL::Digest.digests to get a list of available digests #726

Merged
merged 2 commits into from
Apr 30, 2024

Conversation

bdewater
Copy link
Contributor

This returns the long names of digests. Similar to OpenSSL::Cipher.ciphers (I took most of the implementation from it)

Maybe the only confusing thing is that Digest#name returns the short name, Cipher#name does have a little disclaimer in the docs it might not be the same as given to the constructor.

@bdewater
Copy link
Contributor Author

Test failure looks unrelated.

@rhenium
Copy link
Member

rhenium commented Mar 13, 2024

Test failure looks unrelated.

Yes. #728 should fix it.

Copy link
Member

@rhenium rhenium left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this! This is a good addition.

Changes look good to me, with one style nit:

ext/openssl/ossl_digest.c Outdated Show resolved Hide resolved
Copy link
Member

@junaruga junaruga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your work!
In my understanding the test still works with my proposed changes,right? If it still works, I hope you would accept my proposal. My intention is to change only essential parts, and align with the existing encryption name style with upper case in this testing file.

test/openssl/test_digest.rb Show resolved Hide resolved
test/openssl/test_digest.rb Show resolved Hide resolved
test/openssl/test_digest.rb Show resolved Hide resolved
@bdewater
Copy link
Contributor Author

In my understanding the test still works with my proposed changes,right?

No, not without additional changes. As mentioned earlier OpenSSL::Digest.digests (like OpenSSL::Cipher.ciphers) returns the lower cased long names. On my system:

ruby 3.2.0 (2022-12-25 revision a528908271) [arm64-darwin22]
OpenSSL::OPENSSL_VERSION: OpenSSL 3.0.7 1 Nov 2022
OpenSSL::OPENSSL_LIBRARY_VERSION: OpenSSL 3.0.7 1 Nov 2022
OpenSSL::OPENSSL_VERSION_NUMBER: 30000070

OpenSSL::Digest.digests
=>
["RSA-MD4",                                                          
 "RSA-MD5",                                                          
 "RSA-MDC2",                                                         
 "RSA-RIPEMD160",                                                    
 "RSA-SHA1",                                                         
 "RSA-SHA1-2",                                                       
 "RSA-SHA224",                                                       
 "RSA-SHA256",                                                       
 "RSA-SHA3-224",                                                     
 "RSA-SHA3-256",                                                     
 "RSA-SHA3-384",                                                     
 "RSA-SHA3-512",                                                     
 "RSA-SHA384",                                                       
 "RSA-SHA512",                                                       
 "RSA-SHA512/224",
 "RSA-SHA512/256",
 "RSA-SM3",
 "blake2b512",
 "blake2s256",
 "id-rsassa-pkcs1-v1_5-with-sha3-224",
 "id-rsassa-pkcs1-v1_5-with-sha3-256",
 "id-rsassa-pkcs1-v1_5-with-sha3-384",
 "id-rsassa-pkcs1-v1_5-with-sha3-512",
 "md4",
 "md4WithRSAEncryption",
 "md5",
 "md5-sha1",
 "md5WithRSAEncryption",
 "mdc2",
 "mdc2WithRSA",
 "ripemd",
 "ripemd160",
 "ripemd160WithRSA",
 "rmd160",
 "sha1",
 "sha1WithRSAEncryption",
 "sha224",
 "sha224WithRSAEncryption",
 "sha256",
 "sha256WithRSAEncryption",
 "sha3-224",
 "sha3-256",
 "sha3-384",
 "sha3-512",
 "sha384",
 "sha384WithRSAEncryption",
 "sha512",
 "sha512-224",
 "sha512-224WithRSAEncryption",
 "sha512-256",
 "sha512-256WithRSAEncryption",
 "sha512WithRSAEncryption",
 "shake128",
 "shake256",
 "sm3",
 "sm3WithRSAEncryption",
 "ssl3-md5",
 "ssl3-sha1",
 "whirlpool"]

Copy link
Member

@junaruga junaruga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your explanation. Sorry, I misunderstand the implementation in this PR. OK I checked the PR on my local, and confirmed the behavior was similar between OpenSSL::Digest and OpenSSL::Cipher.

OpenSSL::Digest

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.new("SHA512-224")'
#<OpenSSL::Digest: 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4>

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.new("sha512-224")'
#<OpenSSL::Digest: 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4>

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.digests.include?("SHA512-224")'
false

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.digests.include?("sha512-224")'
true

OpenSSL::Cipher

$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.new("AES-256-CBC-HMAC-SHA256")'
#<OpenSSL::Cipher:0x00007f883e05ce68>
$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.new("aes-256-cbc-hmac-sha256")'
#<OpenSSL::Cipher:0x00007f9d589fce58>

$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.ciphers.include?("AES-256-CBC-HMAC-SHA256")'
false

$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.ciphers.include?("aes-256-cbc-hmac-sha256")'
true

Please check my new comment for the digest_available?. Thank you.

test/openssl/test_digest.rb Show resolved Hide resolved
@junaruga
Copy link
Member

Is there an official document about the "shot name" and "long name" as a return value in OpenSSL project? I am confused because for example, both "SHA512-224" and "sha512-224" is the same string length. It's neither short nor long.

@junaruga
Copy link
Member

By the way, I am not the main maintainer of this repository. I just commented.

@rhenium
Copy link
Member

rhenium commented Mar 21, 2024

Is there an official document about the "shot name" and "long name" as a return value in OpenSSL project? I am confused because for example, both "SHA512-224" and "sha512-224" is the same string length. It's neither short nor long.

OBJ_nid2obj(3) explains it a bit, but not the reason why each object has two names in the first place. I don't really understand it, either.

The list obtained from OBJ_NAME_do_all_sorted() appears to be excluding case-insensitive duplicates and looks weird (which is not necessarily wrong because names are case-insensitive, but still feels strange):

 "RSA-SHA1",              # SN for 1.2.840.113549.1.1.5
 "RSA-SHA1-2",            # SN for 1.3.14.3.2.29
 "sha1",                  # LN for 1.3.14.3.2.26
 "sha1WithRSAEncryption", # LN for 1.2.840.113549.1.1.5 (notice SN is also included in the list)
 "ssl3-sha1",             # An alias of SHA1, doesn't have an OID

(All of the above are alias of SHA-1)

Would it make sense to make OpenSSL::Digest.digests and OpenSSL::Cipher.ciphers include all possible names? It would be out of scope of this PR, though.

@rhenium rhenium merged commit e8ed759 into ruby:master Apr 30, 2024
50 checks passed
@bdewater bdewater deleted the digests branch May 3, 2024 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants