lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 13 Jun 2023 10:00:44 +0200
From:   Heiko Stübner <heiko@...ech.de>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     palmer@...belt.com, paul.walmsley@...ive.com,
        aou@...s.berkeley.edu, herbert@...dor.apana.org.au,
        davem@...emloft.net, conor.dooley@...rochip.com,
        linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-crypto@...r.kernel.org, christoph.muellner@...ll.eu
Subject: Re: [PATCH v5 4/4] RISC-V: crypto: add accelerated GCM GHASH implementation

Am Dienstag, 13. Juni 2023, 05:10:06 CEST schrieb Eric Biggers:
> Hi Heiko,
> 
> On Mon, Jun 12, 2023 at 11:04:42PM +0200, Heiko Stuebner wrote:
> > diff --git a/arch/riscv/crypto/ghash-riscv64-zbc.pl b/arch/riscv/crypto/ghash-riscv64-zbc.pl
> > new file mode 100644
> > index 000000000000..677c438a44bf
> > --- /dev/null
> > +++ b/arch/riscv/crypto/ghash-riscv64-zbc.pl
> > @@ -0,0 +1,427 @@
> > +#! /usr/bin/env perl
> > +# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
> > +#
> > +# Licensed under the Apache License 2.0 (the "License").  You may not use
> > +# this file except in compliance with the License.  You can obtain a copy
> > +# in the file LICENSE in the source distribution or at
> > +# https://www.openssl.org/source/license.html
> > +
> > +# This file is dual-licensed and is also available under the following
> > +# terms:
> > +#
> > +# Copyright (c) 2023, Christoph Müllner <christoph.muellner@...ll.eu>
> > +# All rights reserved.
> > +#
> > +# Redistribution and use in source and binary forms, with or without
> > +# modification, are permitted provided that the following conditions
> > +# are met:
> > +# 1. Redistributions of source code must retain the above copyright
> > +#    notice, this list of conditions and the following disclaimer.
> > +# 2. Redistributions in binary form must reproduce the above copyright
> > +#    notice, this list of conditions and the following disclaimer in the
> > +#    documentation and/or other materials provided with the distribution.
> 
> Is this worded properly for a dual license?  The paragraph about the Apache
> License makes it sound like the Apache License must always be complied with:
> "You may not use this file except in compliance with the License."
> 
> So I worry that this could be interpreted as:
> 
>     Apache-2.0 AND BSD-2-Clause
> 
> instead of
> 
>     Apache-2.0 OR BSD-2-Clause
> 
> It needs to be the latter.
> 
> So I think the file header needs to be clarified w.r.t. the dual license.

Hmm, I think the 
	"This file is dual-licensed and is also available under the following terms"
should be pretty clear?

Also this is wording openSSL uses since 2004 in other parts like
crypto/LPdir_*.c . So I'd guess any "issue" should've come up already
in all these years?


> Side note: can you please also include a SPDX-License-Identifier?

ok, will add them


Heiko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ