lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 29 Mar 2017 17:49:16 -0700
From:   Tyrel Datwyler <tyreld@...ux.vnet.ibm.com>
To:     Michael Ellerman <mpe@...erman.id.au>,
        Michal Suchanek <msuchanek@...e.de>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
        linuxppc-dev@...ts.ozlabs.org,
        "paulmck@...ux.vnet.ibm.com" <paulmck@...ux.vnet.ibm.com>,
        appro@...nssl.org
Subject: Re: [PATCH] crypto: vmx: Remove dubiously licensed crypto code

On 03/29/2017 05:17 PM, Michael Ellerman wrote:
> Michal Suchanek <msuchanek@...e.de> writes:
> 
>> While reviewing commit 11c6e16ee13a ("crypto: vmx - Adding asm
>> subroutines for XTS") which adds the OpenSSL license header to
>> drivers/crypto/vmx/aesp8-ppc.pl licensing of this driver came into
>> qestion. The whole license reads:
>>
>>  # Licensed under the OpenSSL license (the "License").  You may not use
>>  # this file except in compliance with the License.  You can obtain a
>>  # copy
>>  # in the file LICENSE in the source distribution or at
>>  # https://www.openssl.org/source/license.html
>>
>>  #
>>  # ====================================================================
>>  # Written by Andy Polyakov <appro@...nssl.org> for the OpenSSL
>>  # project. The module is, however, dual licensed under OpenSSL and
>>  # CRYPTOGAMS licenses depending on where you obtain it. For further
>>  # details see http://www.openssl.org/~appro/cryptogams/.
>>  # ====================================================================
>>
>> After seeking legal advice it is still not clear that this driver can be
>> legally used in Linux. In particular the "depending on where you obtain
>> it" part does not make it clear when you can apply the GPL and when the
>> OpenSSL license.
> 
> It seems pretty clear to me that the intention is that the CRYPTOGAM
> license applies.
> 
> If you visit it's URL it includes:
> 
>   ALTERNATIVELY, provided that this notice is retained in full, this
>   product may be distributed under the terms of the GNU General Public
>   License (GPL), in which case the provisions of the GPL apply INSTEAD OF
>   those given above.
> 
> 
> I agree that the text in the file is not sufficiently clear about what
> license applies, but I'm unconvinced that there is any code here that is
> actually being distributed incorrectly.

The original commit message also outlines that the authors collaborated
directly with Andy.

commit 5c380d623ed30b71a2441fb4f2e053a4e1a50794
Author: Leonidas S. Barbosa <leosilva@...ux.vnet.ibm.com>
Date:   Fri Feb 6 14:59:35 2015 -0200

    crypto: vmx - Add support for VMS instructions by ASM

    OpenSSL implements optimized ASM algorithms which support
    VMX instructions on Power 8 CPU.

    These scripts generate an endian-agnostic ASM implementation
    in order to support both big and little-endian.
        - aesp8-ppc.pl: implements suport for AES instructions
        implemented by POWER8 processor.
        - ghashp8-ppc.pl: implements support for  GHASH for Power8.
        - ppc-xlate.pl:  ppc assembler distiller.

    These code has been adopted from OpenSSL project in collaboration
    with the original author (Andy Polyakov <appro@...nssl.org>).

    Signed-off-by: Leonidas S. Barbosa <leosilva@...ux.vnet.ibm.com>
    Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>

-Tyrel

> 
> Getting the text in the header changed to be clearer seems like the
> obvious solution.
> 
>> I tried contacting the author of the code for clarification but did not
>> hear back. In absence of clear licensing the only solution I see is
>> removing this code.
> 
> Did you try contacting anyone else? Like perhaps the powerpc or crypto
> maintainers, or anyone else who's worked on the driver?
> 
> Sending a patch to delete all the code clearly works to get people's
> attention, I'll give you that.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ