Theo Buehler:

> struct got_hash is often used on the stack. This would suggest using the
> SHA* versions from the OpenSSL API whose context can live on the stack
> as well. The downside of using this is that OpenSSL 3 deprecated it with
> very ugly compiler warnings from warning attributes.

Sigh.  Scratch that idea.

> If you want to avoid the warnings without -Wno-deprecated-declarations,
> you'll need to use the EVP_Digest* API using EVP_MD_CTX. The downside of
> this is that this requires allocations, hence requires reworking the
> got_hash API, which might be more intrusive than desired. Plus, there's
> obviously going to be the overhead of more allocating and freeing.

There are questions regarding error handling, but in principle the
API should fit?  E.g., libarchive has this for the OpenSSL case:

static int
__archive_sha1init(archive_sha1_ctx *ctx)
{
  if ((*ctx = EVP_MD_CTX_new()) == NULL)
        return (ARCHIVE_FAILED);
  if (!EVP_DigestInit(*ctx, EVP_sha1()))
        return (ARCHIVE_FAILED);
  return (ARCHIVE_OK);
}

static int
__archive_sha1update(archive_sha1_ctx *ctx, const void *indata,
    size_t insize)
{
  EVP_DigestUpdate(*ctx, indata, insize);
  return (ARCHIVE_OK);
}

static int
__archive_sha1final(archive_sha1_ctx *ctx, void *md)
{
  EVP_DigestFinal(*ctx, md, NULL);
  EVP_MD_CTX_free(*ctx);
  *ctx = NULL;
  return (ARCHIVE_OK);
}

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de