Storing glyphs as Pixmaps
Carl Worth
cworth at cworth.org
Mon Aug 6 15:29:28 PDT 2007
On Sun, 05 Aug 2007 12:25:50 -0400, James Cloos wrote:
> >>>>> "Carl" == Carl Worth <cworth at cworth.org> writes:
>
> Carl> I've replaced the weak XOR-based hash with a cryptographically strong
> Carl> hash (SHA1) that will be (probabilistically) collision free. This
> Carl> does introduce a new dependency of the X server on the openssl library.
>
> If you want to avoid that dependency, there is at least one public domain
> implementation of sha1 available.
>
> Steve Reid's version can be found -- among other sites -- at:
>
> http://www.pdcode.org/code/sha1/
>
> A small modification could call that when necessary, or use the hardware
> where available, eg on Via or Niagara2 processors.
Several people have sent me pointers to various small implementations
of the SHA1 algorithm.
Ralph Giles pointed out a public-domain implementation:
http://www.mirrors.wiretapped.net/security/cryptography/hashes/sha1/sha1.c
for which he used a cleaned-up version in jbig2dec:
http://svn.ghostscript.com/ghostscript/trunk/gs/jbig2dec/sha1.h
http://svn.ghostscript.com/ghostscript/trunk/gs/jbig2dec/sha1.c
And Peter Stuge sent me the following list:
http://libtom.org/cvs/cvsweb.pl/libtom/libtomcrypt/src/hashes/sha1.c
(LibTomCrypt, public domain)
http://www.ietf.org/rfc/rfc3174.txt
(ISOC reference implementation, almost public domain)
http://www.packetizer.com/security/sha1/
(Modified version of above, "freeware," distributable)
http://xyssl.org/code/source/sha1/
(Optimized, LGPL)
http://www.di-mgt.com.au/src/sha1.c.txt
(Unspecified license)
Personally, I have no problem with a library dependency. In general,
library code is greatly preferable over pulling a copy of some code
directly into the X server. Using a library means less maintenance
burden, automatically picking up bug fixes and optimizations, and
allowing the library itself to do things like optimizations to call
hardware implementations where available.
I only mentioned the potential concern of a new dependency in case
some Xorg maintainers/developers would be allergic to it. (For me,
personally, openssl is universally available on any machine I would
ever install Xorg on.)
-Carl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20070806/4d91a4e1/attachment.pgp>
More information about the xorg
mailing list