On 29. 1. 26 11:23, Joe Orton wrote:
On Wed, Dec 31, 2025 at 11:44:26AM +0100, Daniel Sahlberg wrote:
Hi,
Subversion is using the APR/APR-util checksum implementations (SHA1 and
MD5). One of our committers in Subversion made some tests switching out
these for the ones in OpenSSL instead. OpenSSL is (opt-out) using an ASM
optimized implementation on many platforms.
Copy-pasting from the commit message[1] to include some raw numbers:
Hi Daniel,
The apr_crypto API already wraps the OpenSSL EVP API, so adding another
wrapper using the deprecated digest APIs wouldn't really make sense IMO.
It's also (again IMO) important to note that the OpenSSL digest
implementations should be treated as having restricted availability;
MD5_Init() etc will fail under FIPS mode (as do the EVP equivalents).
The SVN code referenced seems ignore the _Init() return values (copying
dev@svn for this).
The EVP API is in this case a wrapper around the deprecated functions. I
see no reason not to use it instead, there won't be any detectable
difference in performance.
-- Brane
