Re: [PATCH] crypto: vmx: Remove dubiously licensed crypto code

From: Paulo Flabiano Smorigo
Date: Thu Mar 30 2017 - 12:26:46 EST

Next message: Russell King - ARM Linux: "Re: [PATCH v6 00/39] i.MX Media Driver"
Previous message: Kees Cook: "Re: [PATCH v4 2/2] extable: verify address is read-only"
In reply to: Tyrel Datwyler: "Re: [PATCH] crypto: vmx: Remove dubiously licensed crypto code"
Next in thread: Tyrel Datwyler: "Re: [PATCH] crypto: vmx: Remove dubiously licensed crypto code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017-03-29 20:08, Tyrel Datwyler wrote:

On 03/29/2017 08:13 AM, Michal SuchÃnek wrote:

On Wed, 29 Mar 2017 16:51:35 +0200
Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:

On Wed, Mar 29, 2017 at 02:56:39PM +0200, Michal Suchanek wrote:

While reviewing commit 11c6e16ee13a ("crypto: vmx - Adding asm
subroutines for XTS") which adds the OpenSSL license header to
drivers/crypto/vmx/aesp8-ppc.pl licensing of this driver came into
qestion. The whole license reads:

# Licensed under the OpenSSL license (the "License"). You may not
use # this file except in compliance with the License. You can
obtain a # copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

#
#
====================================================================
# Written by Andy Polyakov <appro@xxxxxxxxxxx> for the OpenSSL #
project. The module is, however, dual licensed under OpenSSL and #
CRYPTOGAMS licenses depending on where you obtain it. For further #
details see http://www.openssl.org/~appro/cryptogams/. #
====================================================================

After seeking legal advice it is still not clear that this driver
can be legally used in Linux. In particular the "depending on where
you obtain it" part does not make it clear when you can apply the
GPL and when the OpenSSL license.

I tried contacting the author of the code for clarification but did
not hear back. In absence of clear licensing the only solution I
see is removing this code.

A quick 'git grep OpenSSL' of the Linux tree returns several other
crypto files under the ARM architecture that are similarly licensed. Namely:

arch/arm/crypto/sha1-armv4-large.S
arch/arm/crypto/sha256-armv4.pl
arch/arm/crypto/sha256-core.S_shipped
arch/arm/crypto/sha512-armv4.pl
arch/arm/crypto/sha512-core.S_shipped
arch/arm64/crypto/sha256-core.S_shipped
arch/arm64/crypto/sha512-armv8.pl
arch/arm64/crypto/sha512-core.S_shipped

On closer inspection of some of those files have the addendum that
"Permission to use under GPL terms is granted", but not all of them.

-Tyrel

In 2015, Andy Polyakov, the author, replied in this mailing list [1]:

"I have no problems with reusing assembly modules in kernel context. The
whole idea behind cryptogams initiative was exactly to reuse code in
different contexts."

[1] https://patchwork.kernel.org/patch/6027481/

--
Paulo Flabiano Smorigo
IBM Linux Technology Center

Next message: Russell King - ARM Linux: "Re: [PATCH v6 00/39] i.MX Media Driver"
Previous message: Kees Cook: "Re: [PATCH v4 2/2] extable: verify address is read-only"
In reply to: Tyrel Datwyler: "Re: [PATCH] crypto: vmx: Remove dubiously licensed crypto code"
Next in thread: Tyrel Datwyler: "Re: [PATCH] crypto: vmx: Remove dubiously licensed crypto code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]