Nanno Langstraat wrote:
> I think you may have misread my quoted text. It specifically says that
> the application can choose the beginning operation freely and choose the
> ending operation freely.
> I.e. that the application can mix freely.

Point understood. The man page just needs to be clear that SHA1_Init()
and SHA1_Load_State() both only ever operate on an uninitialized SHA_CTX.

That SHA_{Drop,End}() only ever operates on an initialized SHA_CTX and
performs cleanup to put the SHA_CTX into an uninitialized state.

Maybe your SHA_{Load,Save}_State() additions should also be in a
separate man-page so as not to confuse normal usage with extra API.

> I'll take any other name if there is a semi-consensus.
> The thought behind the name "Drop()" is to signal the premature end of
> the context (versus the "normal, full" lifecycle that ends with Final()).
> I do personally think "End" would be more, not less, confusing, it is
> has no distinct connotation to contrast with the existing "Final".

Yes true this is my consensus of C APIs, SHA_Uninit() is still better
than SHA_Drop() IMHO. What other APIs on what other systems use
XXX_Drop() maybe if I could understand your viewpoint that would help.

I also note you at not objecting anyhow but would Request For Comments
by others on this point.

The best thing to do would be to investigate other parts of the OpenSSL
API and see what they do so at least as a product there is some

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager