I received another question from this same interlocutor:

Also, I understand you haven't read the original bitcoind code but do you have any guess for why the author chose to lift your SHA256 implementation from Crypto++ when the project already required openssl-0.9.8h? Is there anything odd about the OpenSSL implementation that wouldn't be immediately obvious to someone who isn't a crypto expert?

Hmm, I’m not sure. I thought it might have been the optimizations I put into my SHA256 implementation in March 2009 (due to discussions on the NIST mailing list for standardizing SHA-3, about how fast SHA-2 really is), which made it the fastest available at the time, but it looks like Bitcoin 0.1 was already released prior to that (in Jan 2009) and therefore had my old code. Maybe someone could test if the old code was still faster than OpenSSL?