Bruno Haible <[email protected]> writes: > Collin Funk wrote: >> The non-EVP APIs have been a bit hit and miss about using assembly >> optimisations for a while now. >> >> Therefore, I think it might be safer to change them to avoid more >> potential issues in the future. But I figured it was worth discussing on >> list first. Any agreement/disagreement on this plan? > > What exactly is your plan? To use the EVP APIs?
Yes. Sorry, should have mentioned that explicitly. I think that it would require changing all of the function return types to "int" or "bool" instead of "void". > In the past discussion [1][2], we found how to invoke malloc() for > the context, while still being future-proof. Since EVP_DigestUpdate, EVP_DigestFinal_ex, etc. all could theoretically throw errors, I think it is fine to just use EVP_MD_CTX_create. That avoids the possibility, however unlikely, that the size we allocate on the stack is too small. Collin
