xserver dependency on crypto library because of a hashmap

Alan Coopersmith alan.coopersmith at oracle.com
Mon Jun 9 15:37:25 PDT 2014


On 06/ 9/14 04:04 AM, Pali Rohár wrote:
> I think that security flaws found in openssl/gnutls last days/months is
> very good reason to not use it - when it is not needed.

I believe all of those have been in the SSL/TLS layers, and not down in
the cryptographic hash primitives themselves.

One of the prime motivators we had for moving to an externally maintained
SHA-1 implementation for Xorg was to let someone else deal with all the
optimizations for specific CPUs and let us simply reap the benefits of
their work.

If you don't want to use one of the existing libraries, you can take your
own SHA-1 implementation, make it conform to one of the existing API's and
simply build with it, but that seems like a lot of work to move from a known
good implementation to one that's probably not as good.

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list