1012272 – azureus: implements elliptic curve cryptography

Bug 1012272 - azureus: implements elliptic curve cryptography

Summary: azureus: implements elliptic curve cryptography

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	azureus
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	David Juran
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FE-Legal ecc
TreeView+	depends on / blocked

Reported:	2013-09-26 07:21 UTC by Mikolaj Izdebski
Modified:	2015-12-14 03:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-10 16:58:12 UTC
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Mikolaj Izdebski 2013-09-26 07:21:20 UTC

Description of problem:
azureus implements elliptic curve cryptography (ECC), which is patented and therefore not allowed to be included in Fedora.

See bug #319901 for detailed discussion about ECC in OpenSSL package.

Version-Release number of selected component (if applicable):
1.46-10

Steps to Reproduce:
1. unpack package sources
2. grep -i -r elliptic

Comment 1 Mikolaj Izdebski 2013-09-26 07:22:09 UTC

(In reply to Mikolaj Izdebski from comment #0)
> Version-Release number of selected component (if applicable):
> 1.46-10

Version should be 5.0.0.0-2

Comment 2 Scott Schmit 2013-10-15 10:36:54 UTC

This may now be a non-issue. See bug #319901. CC'ing Tom.

Comment 3 Sergio Monteiro Basto 2014-01-10 16:58:12 UTC

as recommended in bug #1019390 this is not a bug anymore , closing

Comment 4 Sergio Monteiro Basto 2015-12-14 03:20:06 UTC

JFTR: After removed bundled libs

rm -fR org/apache
rm -fR org/bouncycastle
rm -fR org/json

result of: grep -i -r elliptic is nothing 

All elliptic curve cryptography (ECC) are in org/bouncycastle , so this package with or without elliptic curve cryptography in Fedora / Redhat is safe . 

Further investigation:

cd com/aelitis/azureus/core/security/
grep -r ECName

CryptoECCUtils.java:import org.bouncycastle.jce.ECNamedCurveTable;
CryptoECCUtils.java:import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
CryptoECCUtils.java:    private static final ECNamedCurveParameterSpec ECCparam = ECNamedCurveTable.getParameterSpec("prime192v2")

Azureus use prime192v2 from bouncycastle .

Note You need to log in before you can comment on or make changes to this bug.