Hi, I'm considering changing the crypto modules to use the OpenSSL EVP APIs [1].
A recent coreutils bug report found that 'sha256sum', etc. were not using SHA-NI instructions despite being supported by the CPU [2]. The cause of this was OpenSSL 3.6 silently removing "__attribute__ ((__constructor__)" on the function which calls cpuid (or equivalent instruction for non-X86 machines) [3][4]. Before that change the CPU features would be detected upon loading the shared library. Then the deprecated, yet still commonly used, $DIGEST_(Init|Update|Final) APIs would use them. After the change, this is not the case. One would have to call OPENSSL_init_crypto explicitly, which is not recommended [5], or use the EVP APIs which do that automatically. This feels like an unfortunate bug, that I hope gets fixed. However, an OpenSSL maintainer said the following: The non-EVP APIs have been a bit hit and miss about using assembly optimisations for a while now. Therefore, I think it might be safer to change them to avoid more potential issues in the future. But I figured it was worth discussing on list first. Any agreement/disagreement on this plan? Collin [1] https://docs.openssl.org/master/man3/EVP_DigestInit/ [2] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=79971 [3] https://github.com/openssl/openssl/issues/29340 [4] https://github.com/openssl/openssl/pull/27466 [5] https://docs.openssl.org/master/man3/OPENSSL_init_crypto/#description
