On Tue, Jan 8, 2013 at 3:46 PM, Gabriela Gibson
> In line 555 and 690 in crypto.c, there are the following FIXME's:
> /* ### FIXME: This should be a SHA-256. */
> SVN_ERR(svn_checksum(&stuff_sum, svn_checksum_sha1, stuff_vector,
> stuff_len, scratch_pool));
This code is actually unused. It's intended to provide a master
passphrase to unlock a password store. See:
> The problem appears to be that there is no sha-256 implementation in
> the apr_util crypto library, the one sha-256 algorithm there is,
> resides in /apr/random/unix/sha2.c and looks like an internal
> implementation which is not meant for public consumption.
That's one of the issues.
> Should there be a new label, which ensures that issues that are
> dependent on outside agents are checked periodically to see if they
> now can be resolved? Say: WAITING: <last date checked, reason>
> so in this case, the comment would be:
> /* ### WAITING 2013-Jan:
> Convert to sha-256 once apr_util supplies this. */
In this case I think this code should probably be removed from trunk
for the time being. The wiki for this functionality mentions that it
may complicate our export control status. If we're not using it we
should probably remove it prior to 1.8 branching. We can put it back
later if we're ready to use it.
Received on 2013-01-09 01:54:36 CET