Den tors 29 jan. 2026 kl 11:24 skrev Joe Orton <[email protected]>: > On Wed, Dec 31, 2025 at 11:44:26AM +0100, Daniel Sahlberg wrote: > > Hi, > > > > Subversion is using the APR/APR-util checksum implementations (SHA1 and > > MD5). One of our committers in Subversion made some tests switching out > > these for the ones in OpenSSL instead. OpenSSL is (opt-out) using an ASM > > optimized implementation on many platforms. > > > > Copy-pasting from the commit message[1] to include some raw numbers: > > Hi Daniel, > > The apr_crypto API already wraps the OpenSSL EVP API, so adding another > wrapper using the deprecated digest APIs wouldn't really make sense IMO. > It's also (again IMO) important to note that the OpenSSL digest > implementations should be treated as having restricted availability; > MD5_Init() etc will fail under FIPS mode (as do the EVP equivalents).
Hi, I'm not sure I understand the above... If it relates to the actual implementation in Subversion, it wasn't my intention to say "hey, let's copypaste this to APR". I believe it should be updated to a current API (although I've seen Ivan's e-mails about performance - these need to be considered). My question was rather: Would it make sense for APR to use OpenSSL's digest algorithms, if available (and if built with OpenSSL support)? Cheers, Daniel > > The SVN code referenced seems ignore the _Init() return values (copying > dev@svn for this). > Thanks for noticing. We should review this. > Regards, Joe > > > > > Cheers, > > Daniel > > > > [1] https://lists.apache.org/thread/o38r06vg08pyzzy35bfgg8ooovphsxss > >
