Nelson Bolyard wrote:
Can I use the library with GOST from OpenSSL (libgost.so) for
integration into the NSS?
Any software contributed to NSS must be licensed under the Mozilla
public "tri-license". If you are the sole author of a piece of code
that you have previously contributed to another project under other
non-exclusive license terms, and you have retained copyright to that
work, then you are probably free to also contribute it to NSS under
the MPL "tri-license". But if you are not the sole author, and the
work has previously been contributed to another project under a different
license, then you may not have the right to simply contribute it to NSS
and change the license. It may be possible to contact the entire set of
authors who have previously contributed to the work, and get them to agree
to also contribute the work to Mozilla/NSS under the MPL tri-license terms,
provided that they have retained copyright.
I looked into the licensing for the OpenSSL implementation of GOST. As
far as I can tell, all of the significant OpenSSL code related to GOST
is in the OpenSSL source directory engines/ccgost. (There's GOST-related
stuff elsewhere in OpenSSL, but it's mainly glue code to invoke GOST
algorithms and cyphersuites in various contexts.) Of the files in the
diectory engines/ccgost, three of them (e_gost_err.c, e_gost_err.h, and
e_gost_err.proto) are GOST-specific copies of generic OpenSSL files
relating to OpenSSL error handling, and are under the same copyright and
licensing arrangements as the rest of OpenSSL. All the other files are
copyright by Cryptocom LTD <http://www.cryptocom.ru/> and have the
notice "This file is distributed under the same license as OpenSSL".
The OpenSSL license is incompatible with the GPL (because it includes
the same sort of "advertising clause" found in the original BSD
license), so we can't simply take the GOST source files and include them
in NSS. However since all the relevant code was contributed by
Cryptocom, all we need to do is to ask permission from Cryptocom to be
able to use the source files in NSS under the NSS licensing arrangements
(i.e., the MPL/GPL/LGPL tri-license). Since Cryptocom was willing to
contribute its code to implement GOST in OpenSSL, I suspect they would
be amenable to doing the same thing for NSS.
I think this is basically
impossible for people who have licensed work under GPL and have thereby
relinquished copyright to the work.
Licensing your work under the GPL does *not* mean you have relinguished
copyright. If you release a work under the GPL you are still the
copyright owner, and have the right to release the work under other
licenses other than the GPL. (This is exactly what MySQL AB used to do
with the MySQL database code.)
But I am not a lawyer.
I'm not a lawyer either, but I deal with these sorts of issues all the time.
I have not very clear plan about this. What may be a problem?
Depends on your skills. Non-programmers find programming to be the hard
part. Programmers who wish to use work that is not entirely their own
original work typically find licensing issues to be the hard part.
I'd be glad to help with the licensing issues, if there is genuine
interest in supporting GOST and someone willing and able to do the
implementation.
Frank
--
Frank Hecker
hec...@mozillafoundation.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto