Bug 1012272 - azureus: implements elliptic curve cryptography
Summary: azureus: implements elliptic curve cryptography
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: azureus   
(Show other bugs)
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: David Juran
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FE-Legal ecc
TreeView+ depends on / blocked
 
Reported: 2013-09-26 07:21 UTC by Mikolaj Izdebski
Modified: 2015-12-14 03:20 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-10 16:58:12 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Mikolaj Izdebski 2013-09-26 07:21:20 UTC 
Description of problem:
azureus implements elliptic curve cryptography (ECC), which is patented and therefore not allowed to be included in Fedora.

See bug #319901 for detailed discussion about ECC in OpenSSL package.

Version-Release number of selected component (if applicable):
1.46-10

Steps to Reproduce:
1. unpack package sources
2. grep -i -r elliptic
Comment 1 Mikolaj Izdebski 2013-09-26 07:22:09 UTC 
(In reply to Mikolaj Izdebski from comment #0)
> Version-Release number of selected component (if applicable):
> 1.46-10

Version should be 5.0.0.0-2
Comment 2 Scott Schmit 2013-10-15 10:36:54 UTC 
This may now be a non-issue. See bug #319901. CC'ing Tom.
Comment 3 Sergio Monteiro Basto 2014-01-10 16:58:12 UTC 
as recommended in bug #1019390 this is not a bug anymore , closing
Comment 4 Sergio Monteiro Basto 2015-12-14 03:20:06 UTC 
JFTR: After removed bundled libs

rm -fR org/apache
rm -fR org/bouncycastle
rm -fR org/json

result of: grep -i -r elliptic is nothing 

All elliptic curve cryptography (ECC) are in org/bouncycastle , so this package with or without elliptic curve cryptography in Fedora / Redhat is safe . 

Further investigation:

cd com/aelitis/azureus/core/security/
grep -r ECName

CryptoECCUtils.java:import org.bouncycastle.jce.ECNamedCurveTable;
CryptoECCUtils.java:import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
CryptoECCUtils.java:    private static final ECNamedCurveParameterSpec ECCparam = ECNamedCurveTable.getParameterSpec("prime192v2")

Azureus use prime192v2 from bouncycastle .
Note You need to log in before you can comment on or make changes to this bug.