lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <29700dff2d59fa3a8a97604390280246a35df3bf.camel@HansenPartnership.com>
Date: Tue, 18 Nov 2025 07:59:42 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: David Howells <dhowells@...hat.com>
Cc: Eric Biggers <ebiggers@...nel.org>, Herbert Xu
 <herbert@...dor.apana.org.au>,  Luis Chamberlain <mcgrof@...nel.org>, Petr
 Pavlu <petr.pavlu@...e.com>, Daniel Gomez <da.gomez@...nel.org>, Sami
 Tolvanen <samitolvanen@...gle.com>, "Jason A . Donenfeld"
 <Jason@...c4.com>, Ard Biesheuvel <ardb@...nel.org>, Stephan Mueller
 <smueller@...onox.de>,  Lukas Wunner <lukas@...ner.de>, Ignat Korchagin
 <ignat@...udflare.com>, linux-crypto@...r.kernel.org, 
 keyrings@...r.kernel.org, linux-modules@...r.kernel.org, 
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v9 2/9] crypto: Add ML-DSA/Dilithium verify support

On Tue, 2025-11-18 at 08:39 +0000, David Howells wrote:
> James Bottomley <James.Bottomley@...senPartnership.com> wrote:
> 
> > But even if you don't accept that, Google keeps effective joint
> > ownership of the code through their CLA and so could grant a dual
> > licence to the kernel anyway without needing to refer to any
> > contributors.
> 
> Actually, the fact that BoringSSL's ML-DSA implementation uses C++
> with heavy use of integer-parametered templating is more
> insurmountable for borrowing their code.  Yes, it does allow them to
> reduce their LoC to ~3000 and is much more readable, but I can't do
> that in C.

I was only commenting on the legality of copying not the technical
feasibility. 

>   Now, if we want to work on persuading Linus to allow C++ into the
> kernel...

Having worked on it, C++ is a bit of a messy language in that there are
many more idioms for the same construct than in C, so I can see why C
is preferred for cleaner coding.  On the other hand if the safety
profiles work actually produces something useful (unlike safe C++ which
just flamed out) I could see that being a reason to revisit.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ