From: Job Snijders <job@sobornost.net>
Subject: Re: rpki-client: change SHA256_{Init,Update,Final} to EVP_Digest{Init_ex,Update,Final_ex}
To: Theo Buehler <tb@theobuehler.org>, tech <tech@openbsd.org>
Date: Tue, 27 Feb 2024 22:47:20 +0100

On Tue, 27 Feb 2024 at 22:34, Theo Buehler <tb@theobuehler.org> wrote:

> On Tue, Feb 27, 2024 at 09:23:37PM +0000, Job Snijders wrote:
> > Changing the following to help with future portability.
> >
> > SHA256_Init() -> EVP_DigestInit_ex()
> > SHA256_Update() -> EVP_DigestUpdate()
> > SHA256_Final() -> EVP_DigestFinal_ex()
> >
> > Also add EVP_MD_CTX_new() and EVP_MD_CTX_free()
>
> I don't think we should do this. It adds complexity for no benefit.
> Also, you now pay the price for allocations.



Ok, but we use EVP_Digest* in acme-client, dig, snmpd, radiusctl, npppd,
snmp, ssh. What’s the story there? I don’t mind dropping the diff, just
curious.

I came upon this looking for the lowest common denominator between LibreSSL
and potentially future OpenSSL; figured getting rid of some warnings on
other platforms makes things easier on the eyes.

Kind regards,

Job