On 2026-03-10 18:12:18 [-0700], Eric Biggers wrote:
> > diff --git a/scripts/modules-merkle-tree.c b/scripts/modules-merkle-tree.c
> [...]
>
> > +struct file_entry {
> > + char *name;
> > + unsigned int pos;
> > + unsigned char hash[EVP_MAX_MD_SIZE];
>
> Considering that the hash algorithm is fixed, EVP_MAX_MD_SIZE can be
> replaced with a tighter local definition:
>
> #define MAX_HASH_SIZE 32
>
> > +static struct file_entry *fh_list;
> > +static size_t num_files;
> > +
> > +struct leaf_hash {
> > + unsigned char hash[EVP_MAX_MD_SIZE];
> > +};
> > +
> > +struct mtree {
> > + struct leaf_hash **l;
> > + unsigned int *entries;
> > + unsigned int levels;
> > +};
>
> 'struct leaf_hash' is confusing because it's actually used for the
> hashes of internal nodes, not leaf nodes.
You could still consider the internal nodes as leafs.
> Maybe rename it to 'struct hash' and use it for both the hashes and leaf
> nodes and internal nodes.
>
> Also, clearer naming would improve readability, e.g.:
>
> struct merkle_tree {
> struct hash **level_hashes;
> unsigned int level_size;
> unsigned int num_levels;
> };
but this could improve it, indeed.
> > + hash_evp = EVP_get_digestbyname("sha256");
>
> EVP_sha256()
I would suggest to use EVP_MD_fetch() instead.
> > + hash_size = EVP_MD_get_size(hash_evp);
>
> The old name 'EVP_MD_size()' would have wider compatibility.
EVP_MD_fetch() and EVP_MD_get_size() are openssl 3.0.0+ and nothing
below 3.0.0 is considered supported (while 3.0.0 is EOL 07 Sep 2026).
Sebastian
