On 09/02/2015 03:19 PM, Jimmy Zhang wrote:
Libmcrypto is an open source crypto library. It can be found at
http://code.google.com/p/libmcrypto/
Not for much longer; Google code is shutting down. Is there a new
upstream location for the code that we can reference? Is the project
still alive?
Can we not link against a distribution package rather than copying the
code inside cbootimage, and having to forever maintain it ourselves,
including watching out for security holes and backporting fixes etc.?
Has an internal IP audit been performed for this use of libmcrypto? The
Google code page says:
There is no license associated with this library (although I have to
select BSD license as code.google.com forced me to) except the
respective licenses of included hash implementation. Anyway, if you
use it, it would be nice if you drop me and David Ireland a line to
say thank.
... and indeed there are no license headers in any of the files except
one. I'd like our IP audit team to validate that using the code from
cbootimage is acceptable and that copying the code into cbootimage is
acceptable.
src/libm/base64.c | 132 +++++
src/libm/bigdUtils.c | 208 +++++++
src/libm/bigdigits.h | 294 ++++++++++
src/libm/common.c | 58 ++
"libm" is not the name of the library, and this directory layout does
not match the upstream package. Please follow upstream's layout:
libmcrypto/include/bigdigits.h
libmcrypto/src/base64.c
... although I still think it'd be even better to just link against a
distro package of libmcrypto, or otherwise require it to already exist
when building cbootimage, if at all possible.
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html