[PATCH] crypto: Add SPDX ids to some files

[PATCH] crypto: Add SPDX ids to some files

[Tim Bird]

Add SDPX-License-Identifier ID lines to assorted C files in the
crypto directory, that are missing them.  Remove licensing text,
except in cases where the text itself says that the notice must
be retained.

Signed-off-by: Tim Bird <tim.bird@sony.com>

---
Note that this does not finish adding SPDX id lines to all the
files, as there are a few special cases with weird license texts.
---
 crypto/algif_rng.c           |  1 +
 crypto/anubis.c              |  7 +------
 crypto/drbg.c                |  1 +
 crypto/ecc.c                 | 22 +---------------------
 crypto/fcrypt.c              | 33 +--------------------------------
 crypto/jitterentropy-kcapi.c |  1 +
 crypto/jitterentropy.c       |  1 +
 crypto/khazad.c              |  7 +------
 crypto/md4.c                 |  7 +------
 crypto/wp512.c               |  7 +------
 10 files changed, 10 insertions(+), 77 deletions(-)

diff --git a/crypto/algif_rng.c b/crypto/algif_rng.c
index 1a86e40c8372..a9dffe53e85a 100644
--- a/crypto/algif_rng.c
+++ b/crypto/algif_rng.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
 /*
  * algif_rng: User-space interface for random number generators
  *
diff --git a/crypto/anubis.c b/crypto/anubis.c
index 4b01b6ec961a..18b359883d99 100644
--- a/crypto/anubis.c
+++ b/crypto/anubis.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Cryptographic API.
  *
@@ -21,12 +22,6 @@
  * have put this under the GNU General Public License.
  *
  * By Aaron Grothe ajgrothe@yahoo.com, October 28, 2004
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
  */
 
 #include <crypto/algapi.h>
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 5e7ed5f5c192..410cecc45ab9 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
 /*
  * DRBG: Deterministic Random Bits Generator
  *       Based on NIST Recommended DRBG from NIST SP800-90A with the following
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 2808b3d5f483..c38e4bc0d613 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1,27 +1,7 @@
+// SPDX-License-Identifier: BSD-2-Clause
 /*
  * Copyright (c) 2013, 2014 Kenneth MacKay. All rights reserved.
  * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *  * Redistributions of source code must retain the above copyright
- *   notice, this list of conditions and the following disclaimer.
- *  * Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <crypto/ecc_curve.h>
diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c
index 80036835cec5..63c542ec5b85 100644
--- a/crypto/fcrypt.c
+++ b/crypto/fcrypt.c
@@ -1,45 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-3-Clause
 /* FCrypt encryption algorithm
  *
  * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
  *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
  * Based on code:
  *
  * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
  */
 
 #include <asm/byteorder.h>
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 7c880cf34c52..ad1d60252a96 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
 /*
  * Non-physical true random number generator based on timing jitter --
  * Linux Kernel Crypto API specific code
diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c
index 3f93cdc9a7af..1ff0d5800b72 100644
--- a/crypto/jitterentropy.c
+++ b/crypto/jitterentropy.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
 /*
  * Non-physical true random number generator based on timing jitter --
  * Jitter RNG standalone code.
diff --git a/crypto/khazad.c b/crypto/khazad.c
index dee54ad5f0e4..0868e0fb6ad9 100644
--- a/crypto/khazad.c
+++ b/crypto/khazad.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Cryptographic API.
  *
@@ -11,12 +12,6 @@
  * have put this under the GNU General Public License.
  *
  * By Aaron Grothe ajgrothe@yahoo.com, August 1, 2004
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
  */
 
 #include <crypto/algapi.h>
diff --git a/crypto/md4.c b/crypto/md4.c
index 55bf47e23c13..3f04b1a2e839 100644
--- a/crypto/md4.c
+++ b/crypto/md4.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /* 
  * Cryptographic API.
  *
@@ -13,12 +14,6 @@
  * Copyright (c) Cryptoapi developers.
  * Copyright (c) 2002 David S. Miller (davem@redhat.com)
  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
  */
 #include <crypto/internal/hash.h>
 #include <linux/init.h>
diff --git a/crypto/wp512.c b/crypto/wp512.c
index 229b189a7988..1c9acdf007f3 100644
--- a/crypto/wp512.c
+++ b/crypto/wp512.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Cryptographic API.
  *
@@ -12,12 +13,6 @@
  * have put this under the GNU General Public License.
  *
  * By Aaron Grothe ajgrothe@yahoo.com, August 23, 2004
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
  */
 #include <crypto/internal/hash.h>
 #include <linux/init.h>
-- 
2.43.0

Re: [PATCH] crypto: Add SPDX ids to some files

[Vitaly Chikunov]

Tim,

On Wed, Feb 18, 2026 at 05:09:38PM -0700, Tim Bird wrote:
> Add SDPX-License-Identifier ID lines to assorted C files in the
> crypto directory, that are missing them.  Remove licensing text,
> except in cases where the text itself says that the notice must
> be retained.

You are saying "except" but in at least two cases in this patch you
removing the following text: "retain the above copyright notice, this
list of conditions and the following disclaimer." Aren't it should be
retained?

Also, in one case below you skip dual-licensing in SPDX record.

Cam you also state in the commit message the reason why you are removing
existing license texts at all and not just adding SPDX?

> 
> Signed-off-by: Tim Bird <tim.bird@sony.com>
> 
> ---
> Note that this does not finish adding SPDX id lines to all the
> files, as there are a few special cases with weird license texts.
> ---
>  crypto/algif_rng.c           |  1 +
>  crypto/anubis.c              |  7 +------
>  crypto/drbg.c                |  1 +
>  crypto/ecc.c                 | 22 +---------------------
>  crypto/fcrypt.c              | 33 +--------------------------------
>  crypto/jitterentropy-kcapi.c |  1 +
>  crypto/jitterentropy.c       |  1 +
>  crypto/khazad.c              |  7 +------
>  crypto/md4.c                 |  7 +------
>  crypto/wp512.c               |  7 +------
>  10 files changed, 10 insertions(+), 77 deletions(-)
> 
> diff --git a/crypto/algif_rng.c b/crypto/algif_rng.c
> index 1a86e40c8372..a9dffe53e85a 100644
> --- a/crypto/algif_rng.c
> +++ b/crypto/algif_rng.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
>  /*
>   * algif_rng: User-space interface for random number generators
>   *
> diff --git a/crypto/anubis.c b/crypto/anubis.c
> index 4b01b6ec961a..18b359883d99 100644
> --- a/crypto/anubis.c
> +++ b/crypto/anubis.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
>  /*
>   * Cryptographic API.
>   *
> @@ -21,12 +22,6 @@
>   * have put this under the GNU General Public License.
>   *
>   * By Aaron Grothe ajgrothe@yahoo.com, October 28, 2004
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
>   */
>  
>  #include <crypto/algapi.h>
> diff --git a/crypto/drbg.c b/crypto/drbg.c
> index 5e7ed5f5c192..410cecc45ab9 100644
> --- a/crypto/drbg.c
> +++ b/crypto/drbg.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
>  /*
>   * DRBG: Deterministic Random Bits Generator
>   *       Based on NIST Recommended DRBG from NIST SP800-90A with the following
> diff --git a/crypto/ecc.c b/crypto/ecc.c
> index 2808b3d5f483..c38e4bc0d613 100644
> --- a/crypto/ecc.c
> +++ b/crypto/ecc.c
> @@ -1,27 +1,7 @@
> +// SPDX-License-Identifier: BSD-2-Clause

The file also have the line:

  MODULE_LICENSE("Dual BSD/GPL");

Thanks,

>  /*
>   * Copyright (c) 2013, 2014 Kenneth MacKay. All rights reserved.
>   * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions are
> - * met:
> - *  * Redistributions of source code must retain the above copyright
> - *   notice, this list of conditions and the following disclaimer.
> - *  * Redistributions in binary form must reproduce the above copyright
> - *    notice, this list of conditions and the following disclaimer in the
> - *    documentation and/or other materials provided with the distribution.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>   */
>  
>  #include <crypto/ecc_curve.h>
> diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c
> index 80036835cec5..63c542ec5b85 100644
> --- a/crypto/fcrypt.c
> +++ b/crypto/fcrypt.c
> @@ -1,45 +1,14 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-3-Clause
>  /* FCrypt encryption algorithm
>   *
>   * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
>   * Written by David Howells (dhowells@redhat.com)
>   *
> - * This program is free software; you can redistribute it and/or
> - * modify it under the terms of the GNU General Public License
> - * as published by the Free Software Foundation; either version
> - * 2 of the License, or (at your option) any later version.
> - *
>   * Based on code:
>   *
>   * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
>   * (Royal Institute of Technology, Stockholm, Sweden).
>   * All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * 1. Redistributions of source code must retain the above copyright
> - *    notice, this list of conditions and the following disclaimer.
> - *
> - * 2. Redistributions in binary form must reproduce the above copyright
> - *    notice, this list of conditions and the following disclaimer in the
> - *    documentation and/or other materials provided with the distribution.
> - *
> - * 3. Neither the name of the Institute nor the names of its contributors
> - *    may be used to endorse or promote products derived from this software
> - *    without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> - * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> - * SUCH DAMAGE.
>   */
>  
>  #include <asm/byteorder.h>
> diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
> index 7c880cf34c52..ad1d60252a96 100644
> --- a/crypto/jitterentropy-kcapi.c
> +++ b/crypto/jitterentropy-kcapi.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
>  /*
>   * Non-physical true random number generator based on timing jitter --
>   * Linux Kernel Crypto API specific code
> diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c
> index 3f93cdc9a7af..1ff0d5800b72 100644
> --- a/crypto/jitterentropy.c
> +++ b/crypto/jitterentropy.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
>  /*
>   * Non-physical true random number generator based on timing jitter --
>   * Jitter RNG standalone code.
> diff --git a/crypto/khazad.c b/crypto/khazad.c
> index dee54ad5f0e4..0868e0fb6ad9 100644
> --- a/crypto/khazad.c
> +++ b/crypto/khazad.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
>  /*
>   * Cryptographic API.
>   *
> @@ -11,12 +12,6 @@
>   * have put this under the GNU General Public License.
>   *
>   * By Aaron Grothe ajgrothe@yahoo.com, August 1, 2004
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
>   */
>  
>  #include <crypto/algapi.h>
> diff --git a/crypto/md4.c b/crypto/md4.c
> index 55bf47e23c13..3f04b1a2e839 100644
> --- a/crypto/md4.c
> +++ b/crypto/md4.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
>  /* 
>   * Cryptographic API.
>   *
> @@ -13,12 +14,6 @@
>   * Copyright (c) Cryptoapi developers.
>   * Copyright (c) 2002 David S. Miller (davem@redhat.com)
>   * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
>   */
>  #include <crypto/internal/hash.h>
>  #include <linux/init.h>
> diff --git a/crypto/wp512.c b/crypto/wp512.c
> index 229b189a7988..1c9acdf007f3 100644
> --- a/crypto/wp512.c
> +++ b/crypto/wp512.c
> @@ -1,3 +1,4 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
>  /*
>   * Cryptographic API.
>   *
> @@ -12,12 +13,6 @@
>   * have put this under the GNU General Public License.
>   *
>   * By Aaron Grothe ajgrothe@yahoo.com, August 23, 2004
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
>   */
>  #include <crypto/internal/hash.h>
>  #include <linux/init.h>
> -- 
> 2.43.0
> 

Re: [PATCH] crypto: Add SPDX ids to some files

[Richard Fontana]

On Wed, Feb 18, 2026 at 7:10 PM Tim Bird <tim.bird@sony.com> wrote:
>


> +// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-3-Clause
>  /* FCrypt encryption algorithm
>   *
>   * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
>   * Written by David Howells (dhowells@redhat.com)
>   *
> - * This program is free software; you can redistribute it and/or
> - * modify it under the terms of the GNU General Public License
> - * as published by the Free Software Foundation; either version
> - * 2 of the License, or (at your option) any later version.
> - *
>   * Based on code:
>   *
>   * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
>   * (Royal Institute of Technology, Stockholm, Sweden).
>   * All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * 1. Redistributions of source code must retain the above copyright
> - *    notice, this list of conditions and the following disclaimer.
> - *
> - * 2. Redistributions in binary form must reproduce the above copyright
> - *    notice, this list of conditions and the following disclaimer in the
> - *    documentation and/or other materials provided with the distribution.
> - *
> - * 3. Neither the name of the Institute nor the names of its contributors
> - *    may be used to endorse or promote products derived from this software
> - *    without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> - * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> - * SUCH DAMAGE.

This is not `GPL-2.0-or-later OR BSD-3-Clause`. It appears to be
something like "GPLv2-or-later code based partly on some BSD-3-Clause
code" which would be `GPL-2.0-or-later AND BSD-3-Clause` (with some
significant loss of information in the conversion to SPDX notation,
but I've complained about that before in other forums).

Richard

RE: [PATCH] crypto: Add SPDX ids to some files

[Bird, Tim]

> -----Original Message-----
> From: Vitaly Chikunov <vt@altlinux.org>
> Tim,
> 
> On Wed, Feb 18, 2026 at 05:09:38PM -0700, Tim Bird wrote:
> > Add SDPX-License-Identifier ID lines to assorted C files in the
> > crypto directory, that are missing them.  Remove licensing text,
> > except in cases where the text itself says that the notice must
> > be retained.
> 
> You are saying "except" but in at least two cases in this patch you
> removing the following text: "retain the above copyright notice, this
> list of conditions and the following disclaimer." Aren't it should be
> retained?

The kernel source tree 'retains' the BSD-3-Clause and BSD-2-Clause license text under the LICENSES directory.
In cases where I removed them, the text is a match for what's in LICENSES.

In the cases where I left the license text in the file (e.g. jitterentropy.c), there
was wording that was slightly different, and required to retain "the entire permission notice
in its entirety".  Ironically, that's the only phrase that's different, but if I removed
the notice from the file , it wouldn't be retained anywhere in the kernel source
unless I added another license file (which I hesitate to do).

I'll explain in subsequent version of the patch why I'm removing the license text,
but in general it updates the code to the new licensing standard (which is to just
have the SPDX-License-Identifier, without license boilerplate text).   Having
the 'application' text (for GPL) or the license text itself (for BSD and others)
leads to lots of minor variations that are a pain to deal with and cause more
legal ambiguity than they are worth.
 
> 
> Also, in one case below you skip dual-licensing in SPDX record.
> 
> Cam you also state in the commit message the reason why you are removing
> existing license texts at all and not just adding SPDX?
I will do this in the subsequent versions of the patch.  Thanks for the suggestion.

> 
> >
> > Signed-off-by: Tim Bird <tim.bird@sony.com>
> >
> > ---
> > Note that this does not finish adding SPDX id lines to all the
> > files, as there are a few special cases with weird license texts.
> > ---
> >  crypto/algif_rng.c           |  1 +
> >  crypto/anubis.c              |  7 +------
> >  crypto/drbg.c                |  1 +
> >  crypto/ecc.c                 | 22 +---------------------
> >  crypto/fcrypt.c              | 33 +--------------------------------
> >  crypto/jitterentropy-kcapi.c |  1 +
> >  crypto/jitterentropy.c       |  1 +
> >  crypto/khazad.c              |  7 +------
> >  crypto/md4.c                 |  7 +------
> >  crypto/wp512.c               |  7 +------
> >  10 files changed, 10 insertions(+), 77 deletions(-)
> >
> > diff --git a/crypto/algif_rng.c b/crypto/algif_rng.c
> > index 1a86e40c8372..a9dffe53e85a 100644
> > --- a/crypto/algif_rng.c
> > +++ b/crypto/algif_rng.c
> > @@ -1,3 +1,4 @@
> > +// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
> >  /*
> >   * algif_rng: User-space interface for random number generators
> >   *
> > diff --git a/crypto/anubis.c b/crypto/anubis.c
> > index 4b01b6ec961a..18b359883d99 100644
> > --- a/crypto/anubis.c
> > +++ b/crypto/anubis.c
> > @@ -1,3 +1,4 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> >  /*
> >   * Cryptographic API.
> >   *
> > @@ -21,12 +22,6 @@
> >   * have put this under the GNU General Public License.
> >   *
> >   * By Aaron Grothe ajgrothe@yahoo.com, October 28, 2004
> > - *
> > - * This program is free software; you can redistribute it and/or modify
> > - * it under the terms of the GNU General Public License as published by
> > - * the Free Software Foundation; either version 2 of the License, or
> > - * (at your option) any later version.
> > - *
> >   */
> >
> >  #include <crypto/algapi.h>
> > diff --git a/crypto/drbg.c b/crypto/drbg.c
> > index 5e7ed5f5c192..410cecc45ab9 100644
> > --- a/crypto/drbg.c
> > +++ b/crypto/drbg.c
> > @@ -1,3 +1,4 @@
> > +// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
> >  /*
> >   * DRBG: Deterministic Random Bits Generator
> >   *       Based on NIST Recommended DRBG from NIST SP800-90A with the following
> > diff --git a/crypto/ecc.c b/crypto/ecc.c
> > index 2808b3d5f483..c38e4bc0d613 100644
> > --- a/crypto/ecc.c
> > +++ b/crypto/ecc.c
> > @@ -1,27 +1,7 @@
> > +// SPDX-License-Identifier: BSD-2-Clause
> 
> The file also have the line:
> 
>   MODULE_LICENSE("Dual BSD/GPL");
This line is not legally dispositive, but may indicate intent.
I'll do some research and see if this means I should adopt an OR clause
in the license.  Since the entire kernel is GPL-2.0-only, then all instances
of BSD IDs alone actually have the meaning of 'GPL-2.0-only OR BSD-whatever'.
But it's probably better to be explicit.

Thanks for catching that!  I need to review MODULE_LICENSE lines in the future
and I'll add this to my tooling for this project.

The review is much appreciated!
 -- Tim 

RE: [PATCH] crypto: Add SPDX ids to some files

[Bird, Tim]

> -----Original Message-----
> From: Richard Fontana <rfontana@redhat.com>
> On Wed, Feb 18, 2026 at 7:10 PM Tim Bird <tim.bird@sony.com> wrote:
> >
> 
> > +// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-3-Clause
> >  /* FCrypt encryption algorithm
> >   *
> >   * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
> >   * Written by David Howells (dhowells@redhat.com)
> >   *
> > - * This program is free software; you can redistribute it and/or
> > - * modify it under the terms of the GNU General Public License
> > - * as published by the Free Software Foundation; either version
> > - * 2 of the License, or (at your option) any later version.
> > - *
> >   * Based on code:
> >   *
> >   * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
> >   * (Royal Institute of Technology, Stockholm, Sweden).
> >   * All rights reserved.
> > - *
> > - * Redistribution and use in source and binary forms, with or without
> > - * modification, are permitted provided that the following conditions
> > - * are met:
> > - *
> > - * 1. Redistributions of source code must retain the above copyright
> > - *    notice, this list of conditions and the following disclaimer.
> > - *
> > - * 2. Redistributions in binary form must reproduce the above copyright
> > - *    notice, this list of conditions and the following disclaimer in the
> > - *    documentation and/or other materials provided with the distribution.
> > - *
> > - * 3. Neither the name of the Institute nor the names of its contributors
> > - *    may be used to endorse or promote products derived from this software
> > - *    without specific prior written permission.
> > - *
> > - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> > - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> > - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> > - * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> > - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> > - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> > - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> > - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> > - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> > - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> > - * SUCH DAMAGE.
> 
> This is not `GPL-2.0-or-later OR BSD-3-Clause`. It appears to be
> something like "GPLv2-or-later code based partly on some BSD-3-Clause
> code" which would be `GPL-2.0-or-later AND BSD-3-Clause` (with some
> significant loss of information in the conversion to SPDX notation,
> but I've complained about that before in other forums).

Well, this particular combination is indeed problematic.  The 'Based on' notice
does indeed not necessarily mean that either license could be used, if this code
were extracted from the kernel. 
It would take some deep research to determine what was added that was NOT 
BSD-3-Clause before and after the code entered the kernel source tree.  After the
code enters the kernel source tree, the usual assumption is that code contributions
are under GPL-2.0-only unless the specific file license says otherwise. However, with both licenses mentioned
in the header, I suspect a large number of contributors interpreted the situation
as an OR.  The end result of this is that normally most of the contributions are assumed
to be GPL-2.0-only, and it would not be appropriate to release the whole file under BSD-3-Clause.

I don't think it can be 'GPL-2.0-or-later AND BSD-3-Clause', because the 3rd clause
in BSD-3-Clause is incompatible with GPL-2.0 (although some people disagree with that,
that's how I read it).

There are likely a number of cases in the kernel where developers took BSD-3-Clause code
and re-licensed it as GPL-2.0 (or GPL-2.0-or-later), which is not strictly kosher based solely
on the 3rd condition issue.  However, I think the 3rd condition (the no-endorsement clause)
is a goofy one, that has never been acted on in any legal capacity, and for which the risk of
a bad outcome is very low, if it were completely ignored.  I could expand my thinking on this,
but this post is already too long. Overall, I'm inclined to just mark this one as 'GPL-2.0 -or-later'
(not using an OR at all), but leave the 'based on' text, and call it good. I might add some text
saying to look at the original code as submitted to the kernel if someone wants a version of
the code under the BSD license.

By the way, Richard, I appreciate the review of the patches and your thoughts.
 -- Tim

Re: [PATCH] crypto: Add SPDX ids to some files

[Richard Fontana]

On Thu, Feb 19, 2026 at 7:02 PM Bird, Tim <Tim.Bird@sony.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Richard Fontana <rfontana@redhat.com>
> > On Wed, Feb 18, 2026 at 7:10 PM Tim Bird <tim.bird@sony.com> wrote:
> > >
> >
> > > +// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-3-Clause
> > >  /* FCrypt encryption algorithm
> > >   *
> > >   * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
> > >   * Written by David Howells (dhowells@redhat.com)
> > >   *
> > > - * This program is free software; you can redistribute it and/or
> > > - * modify it under the terms of the GNU General Public License
> > > - * as published by the Free Software Foundation; either version
> > > - * 2 of the License, or (at your option) any later version.
> > > - *
> > >   * Based on code:
> > >   *
> > >   * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
> > >   * (Royal Institute of Technology, Stockholm, Sweden).
> > >   * All rights reserved.
> > > - *
> > > - * Redistribution and use in source and binary forms, with or without
> > > - * modification, are permitted provided that the following conditions
> > > - * are met:
> > > - *
> > > - * 1. Redistributions of source code must retain the above copyright
> > > - *    notice, this list of conditions and the following disclaimer.
> > > - *
> > > - * 2. Redistributions in binary form must reproduce the above copyright
> > > - *    notice, this list of conditions and the following disclaimer in the
> > > - *    documentation and/or other materials provided with the distribution.
> > > - *
> > > - * 3. Neither the name of the Institute nor the names of its contributors
> > > - *    may be used to endorse or promote products derived from this software
> > > - *    without specific prior written permission.
> > > - *
> > > - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> > > - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> > > - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> > > - * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> > > - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> > > - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> > > - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> > > - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> > > - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> > > - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> > > - * SUCH DAMAGE.
> >
> > This is not `GPL-2.0-or-later OR BSD-3-Clause`. It appears to be
> > something like "GPLv2-or-later code based partly on some BSD-3-Clause
> > code" which would be `GPL-2.0-or-later AND BSD-3-Clause` (with some
> > significant loss of information in the conversion to SPDX notation,
> > but I've complained about that before in other forums).
>
> Well, this particular combination is indeed problematic.  The 'Based on' notice
> does indeed not necessarily mean that either license could be used, if this code
> were extracted from the kernel.
> It would take some deep research to determine what was added that was NOT
> BSD-3-Clause before and after the code entered the kernel source tree.  After the
> code enters the kernel source tree, the usual assumption is that code contributions
> are under GPL-2.0-only unless the specific file license says otherwise. However, with both licenses mentioned
> in the header, I suspect a large number of contributors interpreted the situation
> as an OR.

That would surprise me, but, in the words of the Big Lebowski, perhaps
you're right.

> The end result of this is that normally most of the contributions are assumed
> to be GPL-2.0-only, and it would not be appropriate to release the whole file under BSD-3-Clause.
>
> I don't think it can be 'GPL-2.0-or-later AND BSD-3-Clause', because the 3rd clause
> in BSD-3-Clause is incompatible with GPL-2.0 (although some people disagree with that,
> that's how I read it).

That's a legitimate reading but I would contend it's out of step with
settled expectations going back multiple decades about the ability to
combine BSD-3-Clause (and licenses with similar clauses to clause 3).
Even if you're right, though, that doesn't mean "AND" is incorrect, it
would just mean that there's a license incompatibility for people who
care about that sort of thing.

> There are likely a number of cases in the kernel where developers took BSD-3-Clause code
> and re-licensed it as GPL-2.0 (or GPL-2.0-or-later), which is not strictly kosher based solely
> on the 3rd condition issue.  However, I think the 3rd condition (the no-endorsement clause)
> is a goofy one, that has never been acted on in any legal capacity, and for which the risk of
> a bad outcome is very low, if it were completely ignored.  I could expand my thinking on this,
> but this post is already too long. Overall, I'm inclined to just mark this one as 'GPL-2.0 -or-later'
> (not using an OR at all), but leave the 'based on' text, and call it good. I might add some text
> saying to look at the original code as submitted to the kernel if someone wants a version of
> the code under the BSD license.

> By the way, Richard, I appreciate the review of the patches and your thoughts.

Thank you!

Richard