[PATCH] digest-openssl: improve OpenSSL v3 support
Theo de Raadt
deraadt at openbsd.org
Tue Sep 2 08:57:47 AEST 2025
Damien Miller <djm at mindrot.org> wrote:
> On Sun, 31 Aug 2025, Dimitri John Ledkov wrote:
>
> > From OpenSSL v3 documentation https://docs.openssl.org/3.0/man3/EVP_sha1/#notes:
> >
> > Developers should be aware of the negative performance implications
> > of calling this function multiple times and should consider using
> > EVP_MD_fetch(3) with EVP_MD-SHA1(7) instead. See "Performance" in
> > crypto(7) for further information.
>
> hash/MAC instantiation doesn't happen very often in OpenSSH. Does this
> change yield any observable performance benefit? ("make unit-bench"
> might help here).
I think that cpp (meaning #ifdef) is an amazing programming language
with extremely strong negative incentive to not test the other codepath
when a change is made. Dangerously so. There's got to be strong
benefit, before this kind of thing gets done.
More information about the openssh-unix-dev
mailing list