apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: SHA2 in APR
Date Thu, 07 Nov 2013 11:15:38 GMT
On 07.11.2013 06:57, William A. Rowe Jr. wrote:
> On Wed, 16 Oct 2013 16:17:33 +0100
> Nick Kew <niq@apache.org> wrote:
>> On 10 Oct 2013, at 21:49, Dirkjan Ochtman wrote:
>>
>>> The reason I've recently gotten interested in APR (and SHA support)
>>> is my work on https://github.com/mozilla/mod_authn_persona.
>> OK, that raises two questions:
>>
>> 1. From your point of view, how useful would a fully-implemented
>>    apr_sha2 be, compared either to using a third-party library or a
>>    standalone implementation?
>>
>> 2. If it does add value, is the API referenced in your bug exactly
>>    what you want, or might there be mileage in reviewing/extending it?
>>
>> It's not really clear to me what value an APR wrapper adds to sha2.
>> Or indeed, md5/sha1, beyond their being widely used by existing apps.
> If we are a 'hash provider', IMHO we should provide the strongest
> hashing available, even if we simply delegate it to openssl (which we
> already consume in apr 2).  Otherwise, it seems prudent to get out of
> the hashing business and rip out md/sha1 entirely from apr 2.

I'd sooner rip the dbd and dbm providers ... and the built-in
Berkeley-DB wrapper whose only discernible purpose is to create havoc by
helping apps to load two different versions of BDB at the same time.

-- Brane

Mime
View raw message