On Thu, 29 Jan 2026 at 14:17, Branko Čibej <[email protected]> wrote:
> On 29. 1. 26 11:23, Joe Orton wrote: > > On Wed, Dec 31, 2025 at 11:44:26AM +0100, Daniel Sahlberg wrote: > > Hi, > > Subversion is using the APR/APR-util checksum implementations (SHA1 and > MD5). One of our committers in Subversion made some tests switching out > these for the ones in OpenSSL instead. OpenSSL is (opt-out) using an ASM > optimized implementation on many platforms. > > Copy-pasting from the commit message[1] to include some raw numbers: > > Hi Daniel, > > The apr_crypto API already wraps the OpenSSL EVP API, so adding another > wrapper using the deprecated digest APIs wouldn't really make sense IMO. > It's also (again IMO) important to note that the OpenSSL digest > implementations should be treated as having restricted availability; > MD5_Init() etc will fail under FIPS mode (as do the EVP equivalents). > The SVN code referenced seems ignore the _Init() return values (copying > dev@svn for this). > > > > The EVP API is in this case a wrapper around the deprecated functions. I > see no reason not to use it instead, there won't be any detectable > difference in performance. > > There are reports that EVP API is significantly slower in some cases. E.g: https://github.com/openssl/openssl/issues/19612 And some tricks are necessary to avoid significant performance hit for small buffers. -- Ivan Zhakov
