Use openssl for `sha256` instead of `sha2`.

mozilla / rust-ece

Encrypted Content-Encoding for HTTP (RFC 8188) Rust implementation

Mozilla Public License 2.0

25 stars 11 forks source link

Use openssl for `sha256` instead of `sha2`. #24

Open thomcc opened 5 years ago

thomcc commented 5 years ago

It's unclear to me why sha2 is used here: https://github.com/mozilla/rust-ece/blob/master/src/crypto_backends/openssl.rs#L20.

jrconlin commented 5 years ago

It's kind of required by the hkdf function., and was probably included as part of the example cargo.

The pedigree for the hkdf and sha2 crates look to be fairly good.

I can investigate using openssl only to reduce the amount of dependencies.

jrconlin commented 5 years ago

Hrm. openssl::sha::Sha256 doesn't implement a fair number of traits the HKDF library wants. (Notably digest::Input and digest::FixedOutput) I could probably create a wrapper class for openssl that includes those traits, but not really sure that's the best solution rather than just use the pure rust libraries, since that would be less hacky.

thomcc commented 5 years ago

Honestly you should probably not be using HKDF either. Stuff from the rust-crypto project hasn't gotten any security auditing IIUC.

But I guess rust-openssl doesn't expose openssl's hkdf functions, dang.