On Wed, Oct 16, 2013 at 5:17 PM, Nick Kew <[email protected]> wrote:> OK, that raises two questions: > 1. From your point of view, how useful would a fully-implemented > apr_sha2 be, compared either to using a third-party library or a > standalone implementation?
Well, the alternatives are (a) relying on an extra dependency for my Apache module, probably NSS or OpenSSL or both, or (b) pulling in a semi-random copy of SHA2 from the internet and including that. If APR already included a maintained version of SHA2 (and it looks like it already does, except it's not exposed to external users), that would definitely make things easier for me. > 2. If it does add value, is the API referenced in your bug exactly > what you want, or might there be mileage in reviewing/extending it? Given that the API seen in Doxygen [1] is quite similar to the API already exposed for sha1 (which for some reason doesn't appear at http://apr.apache.org/docs/apr-util/1.5/, although it certainly installed on my Linux box through dev-libs/apr-util-1.5.2), I'm quite confident it's sufficient. (So I only just discovered that the sha1 implementation we're using is in APR-util, not APR itself; not sure how that changes things.) Cheers, Dirkjan [1] http://ci.apache.org/projects/httpd/trunk/doxygen/sha2_8h.html
