On Thu, 29 Jan 2026 at 14:17, Branko Čibej <[email protected]> wrote:

> On 29. 1. 26 11:23, Joe Orton wrote:
>
> On Wed, Dec 31, 2025 at 11:44:26AM +0100, Daniel Sahlberg wrote:
>
> Hi,
>
> Subversion is using the APR/APR-util checksum implementations (SHA1 and
> MD5). One of our committers in Subversion made some tests switching out
> these for the ones in OpenSSL instead. OpenSSL is (opt-out) using an ASM
> optimized implementation on many platforms.
>
> Copy-pasting from the commit message[1] to include some raw numbers:
>
> Hi Daniel,
>
> The apr_crypto API already wraps the OpenSSL EVP API, so adding another
> wrapper using the deprecated digest APIs wouldn't really make sense IMO.
> It's also (again IMO) important to note that the OpenSSL digest
> implementations should be treated as having restricted availability;
> MD5_Init() etc will fail under FIPS mode (as do the EVP equivalents).
> The SVN code referenced seems ignore the _Init() return values (copying
> dev@svn for this).
>
>
>
> The EVP API is in this case a wrapper around the deprecated functions. I
> see no reason not to use it instead, there won't be any detectable
> difference in performance.
>
> There are reports that EVP API is significantly slower in some cases. E.g:
https://github.com/openssl/openssl/issues/19612

And some tricks are necessary to avoid significant performance hit for
small buffers.

-- 
Ivan Zhakov

Reply via email to