Add OpenSSL::Digest.digests to get a list of available digests

[bdewater]

This returns the long names of digests. Similar to OpenSSL::Cipher.ciphers (I took most of the implementation from it)

Maybe the only confusing thing is that Digest#name returns the short name, Cipher#name does have a little disclaimer in the docs it might not be the same as given to the constructor.

[bdewater]

Test failure looks unrelated.

[rhenium]

Test failure looks unrelated.

Yes. #728 should fix it.

[rhenium]

Thanks for working on this! This is a good addition.

Changes look good to me, with one style nit:

[junaruga]

Thank you for your work!
In my understanding the test still works with my proposed changes,right? If it still works, I hope you would accept my proposal. My intention is to change only essential parts, and align with the existing encryption name style with upper case in this testing file.

[bdewater]

In my understanding the test still works with my proposed changes,right?

No, not without additional changes. As mentioned earlier OpenSSL::Digest.digests (like OpenSSL::Cipher.ciphers) returns the lower cased long names. On my system:

ruby 3.2.0 (2022-12-25 revision a528908271) [arm64-darwin22]
OpenSSL::OPENSSL_VERSION: OpenSSL 3.0.7 1 Nov 2022
OpenSSL::OPENSSL_LIBRARY_VERSION: OpenSSL 3.0.7 1 Nov 2022
OpenSSL::OPENSSL_VERSION_NUMBER: 30000070

OpenSSL::Digest.digests
=>
["RSA-MD4",                                                          
 "RSA-MD5",                                                          
 "RSA-MDC2",                                                         
 "RSA-RIPEMD160",                                                    
 "RSA-SHA1",                                                         
 "RSA-SHA1-2",                                                       
 "RSA-SHA224",                                                       
 "RSA-SHA256",                                                       
 "RSA-SHA3-224",                                                     
 "RSA-SHA3-256",                                                     
 "RSA-SHA3-384",                                                     
 "RSA-SHA3-512",                                                     
 "RSA-SHA384",                                                       
 "RSA-SHA512",                                                       
 "RSA-SHA512/224",
 "RSA-SHA512/256",
 "RSA-SM3",
 "blake2b512",
 "blake2s256",
 "id-rsassa-pkcs1-v1_5-with-sha3-224",
 "id-rsassa-pkcs1-v1_5-with-sha3-256",
 "id-rsassa-pkcs1-v1_5-with-sha3-384",
 "id-rsassa-pkcs1-v1_5-with-sha3-512",
 "md4",
 "md4WithRSAEncryption",
 "md5",
 "md5-sha1",
 "md5WithRSAEncryption",
 "mdc2",
 "mdc2WithRSA",
 "ripemd",
 "ripemd160",
 "ripemd160WithRSA",
 "rmd160",
 "sha1",
 "sha1WithRSAEncryption",
 "sha224",
 "sha224WithRSAEncryption",
 "sha256",
 "sha256WithRSAEncryption",
 "sha3-224",
 "sha3-256",
 "sha3-384",
 "sha3-512",
 "sha384",
 "sha384WithRSAEncryption",
 "sha512",
 "sha512-224",
 "sha512-224WithRSAEncryption",
 "sha512-256",
 "sha512-256WithRSAEncryption",
 "sha512WithRSAEncryption",
 "shake128",
 "shake256",
 "sm3",
 "sm3WithRSAEncryption",
 "ssl3-md5",
 "ssl3-sha1",
 "whirlpool"]

[junaruga]

Thank you for your explanation. Sorry, I misunderstand the implementation in this PR. OK I checked the PR on my local, and confirmed the behavior was similar between OpenSSL::Digest and OpenSSL::Cipher.

OpenSSL::Digest

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.new("SHA512-224")'
#<OpenSSL::Digest: 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4>

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.new("sha512-224")'
#<OpenSSL::Digest: 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4>

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.digests.include?("SHA512-224")'
false

$ ruby -I lib -r openssl -e 'p OpenSSL::Digest.digests.include?("sha512-224")'
true

OpenSSL::Cipher

$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.new("AES-256-CBC-HMAC-SHA256")'
#<OpenSSL::Cipher:0x00007f883e05ce68>
$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.new("aes-256-cbc-hmac-sha256")'
#<OpenSSL::Cipher:0x00007f9d589fce58>

$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.ciphers.include?("AES-256-CBC-HMAC-SHA256")'
false

$ ruby -I lib -r openssl -e 'p OpenSSL::Cipher.ciphers.include?("aes-256-cbc-hmac-sha256")'
true

Please check my new comment for the digest_available?. Thank you.

[junaruga]

Is there an official document about the "shot name" and "long name" as a return value in OpenSSL project? I am confused because for example, both "SHA512-224" and "sha512-224" is the same string length. It's neither short nor long.

[junaruga]

By the way, I am not the main maintainer of this repository. I just commented.

[rhenium]

Is there an official document about the "shot name" and "long name" as a return value in OpenSSL project? I am confused because for example, both "SHA512-224" and "sha512-224" is the same string length. It's neither short nor long.

OBJ_nid2obj(3) explains it a bit, but not the reason why each object has two names in the first place. I don't really understand it, either.

The list obtained from OBJ_NAME_do_all_sorted() appears to be excluding case-insensitive duplicates and looks weird (which is not necessarily wrong because names are case-insensitive, but still feels strange):

 "RSA-SHA1",              # SN for 1.2.840.113549.1.1.5
 "RSA-SHA1-2",            # SN for 1.3.14.3.2.29
 "sha1",                  # LN for 1.3.14.3.2.26
 "sha1WithRSAEncryption", # LN for 1.2.840.113549.1.1.5 (notice SN is also included in the list)
 "ssl3-sha1",             # An alias of SHA1, doesn't have an OID

(All of the above are alias of SHA-1)

Would it make sense to make OpenSSL::Digest.digests and OpenSSL::Cipher.ciphers include all possible names? It would be out of scope of this PR, though.