On Thu, 29 Jan 2026 at 11:24, Joe Orton <[email protected]> wrote: > On Wed, Dec 31, 2025 at 11:44:26AM +0100, Daniel Sahlberg wrote: > > Hi, > > > > Subversion is using the APR/APR-util checksum implementations (SHA1 and > > MD5). One of our committers in Subversion made some tests switching out > > these for the ones in OpenSSL instead. OpenSSL is (opt-out) using an ASM > > optimized implementation on many platforms. > > > > Copy-pasting from the commit message[1] to include some raw numbers: > > Hi Daniel, > > The apr_crypto API already wraps the OpenSSL EVP API, so adding another > wrapper using the deprecated digest APIs wouldn't really make sense IMO. > It's also (again IMO) important to note that the OpenSSL digest > implementations should be treated as having restricted availability; > MD5_Init() etc will fail under FIPS mode (as do the EVP equivalents). >
May be I misunderstand something, but I don't see checks for FIPS mode in **MD5_Init()**: https://github.com/openssl/openssl/blob/66ead9927dc7aba0dcfb9068f9288ce1e4feda53/crypto/md5/md5_dgst.c#L29 [[[ int MD5_Init(MD5_CTX *c) { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; c->B = INIT_DATA_B; c->C = INIT_DATA_C; c->D = INIT_DATA_D; return 1; } ]]] -- Ivan Zhakov
