First Last Prev Next    This bug is not in your last search results.
Bug 1012272 - azureus: implements elliptic curve cryptography
azureus: implements elliptic curve cryptography
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: azureus (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: David Juran
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-Legal ecc
  Show dependency treegraph
 
Reported: 2013-09-26 03:21 EDT by Mikolaj Izdebski
Modified: 2015-12-13 22:20 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-10 11:58:12 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mikolaj Izdebski 2013-09-26 03:21:20 EDT 
Description of problem:
azureus implements elliptic curve cryptography (ECC), which is patented and therefore not allowed to be included in Fedora.

See bug #319901 for detailed discussion about ECC in OpenSSL package.

Version-Release number of selected component (if applicable):
1.46-10

Steps to Reproduce:
1. unpack package sources
2. grep -i -r elliptic
Comment 1 Mikolaj Izdebski 2013-09-26 03:22:09 EDT 
(In reply to Mikolaj Izdebski from comment #0)
> Version-Release number of selected component (if applicable):
> 1.46-10

Version should be 5.0.0.0-2
Comment 2 Scott Schmit 2013-10-15 06:36:54 EDT 
This may now be a non-issue. See bug #319901. CC'ing Tom.
Comment 3 Sergio Monteiro Basto 2014-01-10 11:58:12 EST 
as recommended in bug #1019390 this is not a bug anymore , closing
Comment 4 Sergio Monteiro Basto 2015-12-13 22:20:06 EST 
JFTR: After removed bundled libs

rm -fR org/apache
rm -fR org/bouncycastle
rm -fR org/json

result of: grep -i -r elliptic is nothing 

All elliptic curve cryptography (ECC) are in org/bouncycastle , so this package with or without elliptic curve cryptography in Fedora / Redhat is safe . 

Further investigation:

cd com/aelitis/azureus/core/security/
grep -r ECName

CryptoECCUtils.java:import org.bouncycastle.jce.ECNamedCurveTable;
CryptoECCUtils.java:import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
CryptoECCUtils.java:    private static final ECNamedCurveParameterSpec ECCparam = ECNamedCurveTable.getParameterSpec("prime192v2")

Azureus use prime192v2 from bouncycastle .
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.