linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: "Herbert Xu" <herbert@gondor.apana.org.au>,
	"Stephan Müller" <smueller@chronox.de>,
	"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
	"Tianjia Zhang" <tianjia.zhang@linux.alibaba.com>,
	"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
	nhorman@redhat.com, simo@redhat.com
Subject: Re: [PATCH v2 2/5] lib/mpi: Add mpi_sub_ui()
Date: Thu, 16 Jul 2020 10:41:28 -0300	[thread overview]
Message-ID: <20200716134128.7br6npd2nsck33qm@valinor> (raw)
In-Reply-To: <CAMj1kXHBmgaQKDQoVd-wN0JpKunE53QRg6uQ=3fRZmpNw=drYg@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 8513 bytes --]

On Thu, Jul 16, 2020 at 04:09:39PM +0300, Ard Biesheuvel wrote:
> On Thu, 16 Jul 2020 at 15:50, Marcelo Henrique Cerri
> <marcelo.cerri@canonical.com> wrote:
> >
> > No. The code is really based on Gnu MP. I used the header from
> > lib/mpi/mpi-pow.c as reference and that's source of the mention to
> > GnuPG that went unnoticed by me.
> >
> 
> So where did the file lib/mpi/mpi-sub-ui.c come from? From GnuPG or
> from GnuMP? Did you modify the license statement? Because as proposed,
> this patch clearly is not acceptable from GPL compliance  point of
> view.

Sorry for the confusion. The code is from Gnu MP (not GnuPG).

Gnu MP is distributed under either LGPLv3 or later or GPLv2 or later
(check their license statement on the aors_ui.h file below).

For mpi-sub-ui.h I added a SPDX identifier for GPLv2 or later and I
kept the FSF copyright line.

I also used the header from mpi-powm.c as a reference basically to
inform the code was changed from its original form.

Here lies my mistake, I didn't notice that part was referring to GnuPG
instead of Gnu MP.

So mpi-sub-ui.h header was actually intended to be:

    // SPDX-License-Identifier: GPL-2.0-or-later
    /* mpi-sub-ui.c  -  MPI functions
     *      Copyright 1991, 1993, 1994, 1996, 1999-2002, 2004, 2012, 2013, 2015
     *      Free Software Foundation, Inc.
     *
     * This file is part of Gnu MP.
     *
     * Note: This code is heavily based on the GNU MP Library.
     *      Actually it's the same code with only minor changes in the
     *      way the data is stored; this is to support the abstraction
     *      of an optional secure memory allocation which may be used
     *      to avoid revealing of sensitive data due to paging etc.
     *      The GNU MP Library itself is published under the LGPL;
     *      however I decided to publish this code under the plain GPL.
     */

Or maybe instead of "This file is part of Gnu MP.", "This file is
based on Gnu MP" might be more appropriate.

Do you have any license concerns considering this updated header?


> 
> 
> 
> > You can find the original Gnu MP source that I used as reference in
> > the file gmp-6.2.0/mpz/aors_ui.h from:
> >
> > https://gmplib.org/download/gmp/gmp-6.2.0.tar.lz
> >
> > I'm pasting the contents of gmp-6.2.0/mpz/aors_ui.h below for
> > reference. Do you think we should use or adapt the original header
> > instead?
> >
> > That said, assuming the patch set submitted by Tianjia is updated to
> > ensure that mpi_sub_ui() and other functions are returning allocation
> > errors, we could drop this patch in favor of that patch set that is
> > more extensive and also provides an implementation to mpi_sub_ui().
> >
> >
> > --->8---
> > /* mpz_add_ui, mpz_sub_ui -- Add or subtract an mpz_t and an unsigned
> >    one-word integer.
> >
> > Copyright 1991, 1993, 1994, 1996, 1999-2002, 2004, 2012, 2013, 2015
> > Free Software Foundation, Inc.
> >


Gnu MP license -.
                V


> > This file is part of the GNU MP Library.
> >
> > The GNU MP Library is free software; you can redistribute it and/or modify
> > it under the terms of either:
> >
> >   * the GNU Lesser General Public License as published by the Free
> >     Software Foundation; either version 3 of the License, or (at your
> >     option) any later version.
> >
> > or
> >
> >   * the GNU General Public License as published by the Free Software
> >     Foundation; either version 2 of the License, or (at your option) any
> >     later version.
> >
> > or both in parallel, as here.
> >
> > The GNU MP Library is distributed in the hope that it will be useful, but
> > WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
> > or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
> > for more details.
> >
> > You should have received copies of the GNU General Public License and the
> > GNU Lesser General Public License along with the GNU MP Library.  If not,
> > see https://www.gnu.org/licenses/.  */
> >
> > #include "gmp-impl.h"
> >
> >
> > #ifdef OPERATION_add_ui
> > #define FUNCTION          mpz_add_ui
> > #define FUNCTION2         mpz_add
> > #define VARIATION_CMP     >=
> > #define VARIATION_NEG
> > #define VARIATION_UNNEG   -
> > #endif
> >
> > #ifdef OPERATION_sub_ui
> > #define FUNCTION          mpz_sub_ui
> > #define FUNCTION2         mpz_sub
> > #define VARIATION_CMP     <
> > #define VARIATION_NEG     -
> > #define VARIATION_UNNEG
> > #endif
> >
> > #ifndef FUNCTION
> > Error, need OPERATION_add_ui or OPERATION_sub_ui
> > #endif
> >
> >
> > void
> > FUNCTION (mpz_ptr w, mpz_srcptr u, unsigned long int vval)
> > {
> >   mp_srcptr up;
> >   mp_ptr wp;
> >   mp_size_t usize, wsize;
> >   mp_size_t abs_usize;
> >
> > #if BITS_PER_ULONG > GMP_NUMB_BITS  /* avoid warnings about shift amount */
> >   if (vval > GMP_NUMB_MAX)
> >     {
> >       mpz_t v;
> >       mp_limb_t vl[2];
> >       PTR(v) = vl;
> >       vl[0] = vval & GMP_NUMB_MASK;
> >       vl[1] = vval >> GMP_NUMB_BITS;
> >       SIZ(v) = 2;
> >       FUNCTION2 (w, u, v);
> >       return;
> >     }
> > #endif
> >
> >   usize = SIZ (u);
> >   if (usize == 0)
> >     {
> >       MPZ_NEWALLOC (w, 1)[0] = vval;
> >       SIZ (w) = VARIATION_NEG (vval != 0);
> >       return;
> >     }
> >
> >   abs_usize = ABS (usize);
> >
> >   /* If not space for W (and possible carry), increase space.  */
> >   wp = MPZ_REALLOC (w, abs_usize + 1);
> >
> >   /* These must be after realloc (U may be the same as W).  */
> >   up = PTR (u);
> >
> >   if (usize VARIATION_CMP 0)
> >     {
> >       mp_limb_t cy;
> >       cy = mpn_add_1 (wp, up, abs_usize, (mp_limb_t) vval);
> >       wp[abs_usize] = cy;
> >       wsize = VARIATION_NEG (abs_usize + cy);
> >     }
> >   else
> >     {
> >       /* The signs are different.  Need exact comparison to determine
> >          which operand to subtract from which.  */
> >       if (abs_usize == 1 && up[0] < vval)
> >         {
> >           wp[0] = vval - up[0];
> >           wsize = VARIATION_NEG 1;
> >         }
> >       else
> >         {
> >           mpn_sub_1 (wp, up, abs_usize, (mp_limb_t) vval);
> >           /* Size can decrease with at most one limb.  */
> >           wsize = VARIATION_UNNEG (abs_usize - (wp[abs_usize - 1] == 0));
> >         }
> >     }
> >
> >   SIZ (w) = wsize;
> > }
> > --->*---
> >
> >
> >
> > On Thu, Jul 16, 2020 at 11:41:17AM +0300, Ard Biesheuvel wrote:
> > > On Thu, 16 Jul 2020 at 10:30, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> > > >
> > > > On Sun, Jul 12, 2020 at 06:39:54PM +0200, Stephan Müller wrote:
> > > > >
> > > > > diff --git a/lib/mpi/mpi-sub-ui.c b/lib/mpi/mpi-sub-ui.c
> > > > > new file mode 100644
> > > > > index 000000000000..fa6b085bac36
> > > > > --- /dev/null
> > > > > +++ b/lib/mpi/mpi-sub-ui.c
> > > > > @@ -0,0 +1,60 @@
> > > > > +// SPDX-License-Identifier: GPL-2.0-or-later
> > > > > +/* mpi-sub-ui.c  -  MPI functions
> > > > > + *      Copyright 1991, 1993, 1994, 1996, 1999-2002, 2004, 2012, 2013, 2015
> > > > > + *      Free Software Foundation, Inc.
> > > > > + *
> > > > > + * This file is part of GnuPG.
> > > > > + *
> > > > > + * Note: This code is heavily based on the GNU MP Library.
> > > > > + *    Actually it's the same code with only minor changes in the
> > > > > + *    way the data is stored; this is to support the abstraction
> > > > > + *    of an optional secure memory allocation which may be used
> > > > > + *    to avoid revealing of sensitive data due to paging etc.
> > > > > + *    The GNU MP Library itself is published under the LGPL;
> > > > > + *    however I decided to publish this code under the plain GPL.
> > > > > + */
> > > >
> > > > Hmm, you said that this code is from GNU MP.  But this notice clearly
> > > > says that it's part of GnuPG and is under GPL.  Though it doesn't
> > > > clarify what version of GPL it is.  Can you please clarify this with
> > > > the author?
> > > >
> > >
> > > GnuPG was relicensed under GPLv3 in ~2007, IIRC, so given the
> > > copyright years and the explicit statements that the file is part of
> > > GnuPG and not under the original LGPL license, there is no way we can
> > > take this code under the kernel's GPLv2 license.
> >
> > --
> > Regards,
> > Marcelo
> >

-- 
Regards,
Marcelo


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

  reply	other threads:[~2020-07-16 13:41 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-10 10:09 [PATCH 0/3] DH: SP800-56A rev 3 compliant shared secret Stephan Müller
2020-07-10 10:10 ` [PATCH 1/3] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-10 10:10 ` [PATCH 2/3] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-10 14:42   ` Ard Biesheuvel
2020-07-10 15:10     ` Stephan Mueller
2020-07-10 10:15 ` [PATCH 3/3] crypto: DH - check validity of Z before export Stephan Müller
2020-07-12 16:38 ` [PATCH v2 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-12 16:39   ` [PATCH v2 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-12 18:02     ` Vitaly Chikunov
2020-07-15 13:17     ` Marcelo Henrique Cerri
2020-07-12 16:39   ` [PATCH v2 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-16  7:30     ` Herbert Xu
2020-07-16  8:41       ` Ard Biesheuvel
2020-07-16 12:50         ` Marcelo Henrique Cerri
2020-07-16 13:09           ` Ard Biesheuvel
2020-07-16 13:41             ` Marcelo Henrique Cerri [this message]
2020-07-16 13:53               ` Ard Biesheuvel
2020-07-16 14:23                 ` Marcelo Henrique Cerri
2020-07-16 14:37                   ` Ard Biesheuvel
2020-07-16 14:56                     ` Marcelo Henrique Cerri
2020-07-16 15:20                       ` Ard Biesheuvel
2020-07-12 16:40   ` [PATCH v2 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-15 13:17     ` Marcelo Henrique Cerri
2020-07-12 16:40   ` [PATCH v2 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-15 13:18     ` Marcelo Henrique Cerri
2020-07-12 16:42   ` [PATCH v2 5/5] crypto: ECDH " Stephan Müller
2020-07-12 18:06     ` Vitaly Chikunov
2020-07-13  5:04       ` Stephan Mueller
2020-07-13  5:59         ` Vitaly Chikunov
2020-07-13  6:02           ` Stephan Müller
2020-07-15 13:19     ` Marcelo Henrique Cerri
2020-07-20 17:05   ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-20 17:07     ` [PATCH v3 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-22 13:11       ` Vitaly Chikunov
2020-07-24 17:47       ` Neil Horman
2020-07-20 17:08     ` [PATCH v3 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-20 17:08     ` [PATCH v3 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-24 18:02       ` Neil Horman
2020-07-20 17:08     ` [PATCH v3 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-20 17:09     ` [PATCH v3 5/5] crypto: ECDH " Stephan Müller
2020-07-21 11:35     ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Marcelo Henrique Cerri
2020-07-31 13:29     ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200716134128.7br6npd2nsck33qm@valinor \
    --to=marcelo.cerri@canonical.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=ardb@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=nhorman@redhat.com \
    --cc=simo@redhat.com \
    --cc=smueller@chronox.de \
    --cc=tianjia.zhang@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).