> In fact, we could also do this on OpenBSD.  LibreSSL provides
> arch/CPU-optimized implementations on some architectures as opposed
> to the plain C code implementation in libc.  I don't know if SHA1/2
> performance is a bottleneck anywhere in Got, though.
> 
> Thoughts before I start making patches?

Not sure there is an obvious win down this path:

struct got_hash is often used on the stack. This would suggest using the
SHA* versions from the OpenSSL API whose context can live on the stack
as well. The downside of using this is that OpenSSL 3 deprecated it with
very ugly compiler warnings from warning attributes.

If you want to avoid the warnings without -Wno-deprecated-declarations,
you'll need to use the EVP_Digest* API using EVP_MD_CTX. The downside of
this is that this requires allocations, hence requires reworking the
got_hash API, which might be more intrusive than desired. Plus, there's
obviously going to be the overhead of more allocating and freeing.