Restricted IP crypto in OpenSSL

Larry larry at linuxfromscratch.org
Sun Jun 15 18:03:30 PDT 2003


On Fri, Jun 06, 2003 at 11:37:50AM -0500, DJ Lucas wrote:
> Dagmar d'Surreal wrote:
> 
> >In the course of trying to update someone's machine that's _really_
> >behind, I noticed that RH's openssl srpm has a script in it to yank out
> >("hobble" is the word alright) the three cryptographic methods that
> >aren't kosher to use inside the US due to intellectual property
> >constraints (longhand for "copyrighted methods").  I'm somewhat
> >embarrassed to admit that I've known about it and never bother to remove
> >them from the library in my own builds, mainly because I try to get
> >everything to use either twofish, blowfish, or RSA when I can so those
> >methods just don't get used by me.
> >
> >Is BLFS going to address doing that with OpenSSL with a patch or a
> >mention or is it going to be left up to the user to figure things out on
> >their own?  It's something I think should probably be at least
> >mentioned, but it's going to be three weeks or more before I can get
> >back to that.  I figured I'd mention it while it was still fresh in my
> >mind and maybe someone else can jump on this...
> >
> 
> Is it as simple as a switch passed to configure,
> or an 'rm -f whatever'?
> 
> DJ
>
sher to use inside the US due to intellectual property
> >constraints (longhand for "copyrighted methods").  I'm somewhat
> >embarrassed to admit that I've known about it and never bother to
> >remove
> >them from the library in my own builds, mainly because I try to get
> >everything to use either twofish, blowfish, or RSA when I can so
> >those
> >methods just don't get used by me.
> >
> >Is BLFS going to address doing that with OpenSSL with a patch or a
> >mention or is it going to be left up to the user to figure things out
> >on
> >their own?  It's something I think should probably be at least
> >mentioned, but it's going to be three weeks or more before I can get
> >back to that.  I figured I'd mention it while it was still fresh in
> >my
> >mind and maybe someone else can jump on this...
> >
>
> Is it as simple as a switch passed to configure,
> or an 'rm -f whatever'?
>
> DJ
>
It is, according to openssl faq,
> >aren't kosher to use inside the US due to intellectual property
> >constraints (longhand for "copyrighted methods").  I'm somewhat
> >embarrassed to admit that I've known about it and never bother to
> >remove
> >them from the library in my own builds, mainly because I try to get
> >everything to use either twofish, blowfish, or RSA when I can so
> >those
> >methods just don't get used by me.
> >
> >Is BLFS going to address doing that with OpenSSL with a patch or a
> >mention or is it going to be left up to the user to figure things out
> >on
> >their own?  It's something I think should probably be at least
> >mentioned, but it's going to be three weeks or more before I can get
> >back to that.  I figured I'd mention it while it was still fresh in
> >my
> >mind and maybe someone else can jump on this...
> >
>
> Is it as simple as a switch passed to configure,
> or an 'rm -f whatever'?
>
> DJ
>
It is, according to openssl faq,
> >aren't kosher to use inside the US due to intellectual property
> >constraints (longhand for "copyrighted methods").  I'm somewhat
> >embarrassed to admit that I've known about it and never bother to
> >remove
> >them from the library in my own builds, mainly because I try to get
> >everything to use either twofish, blowfish, or RSA when I can so
> >those
> >methods just don't get used by me.
> >
> >Is BLFS going to address doing that with OpenSSL with a patch or a
> >mention or is it going to be left up to the user to figure things out
> >on
> >their own?  It's something I think should probably be at least
> >mentioned, but it's going to be three weeks or more before I can get
> >back to that.  I figured I'd mention it while it was still fresh in
> >my
> >mind and maybe someone else can jump on this...
> >
>
> Is it as simple as a switch passed to configure,
> or an 'rm -f whatever'?
>
> DJ
>
It is, according to openssl faq,
> >aren't kosher to use inside the US due to intellectual property
> >constraints (longhand for "copyrighted methods").  I'm somewhat
> >embarrassed to admit that I've known about it and never bother to
> >remove
> >them from the library in my own builds, mainly because I try to get
> >everything to use either twofish, blowfish, or RSA when I can so
> >those
> >methods just don't get used by me.
> >
> >Is BLFS going to address doing that with OpenSSL with a patch or a
> >mention or is it going to be left up to the user to figure things out
> >on
> >their own?  It's something I think should probably be at least
> >mentioned, but it's going to be three weeks or more before I can get
> >back to that.  I figured I'd mention it while it was still fresh in
> >my
> >mind and maybe someone else can jump on this...
> >
>
> Is it as simple as a switch passed to configure,
> or an 'rm -f whatever'?
>
> DJ
>
It is. Aaccording to openssl faq, passing './Config no-rc5 no-idea'
eliminates patent issues. Looks like they need to update their faq,
because it is './Configure no-rc5 no-idea' now.

I wish I could believe that everyone reads the faqs at some point.

I don't know what needs to be done in the book.  Silence feels weird,
but the audience for this book is worldwide, so geographical issues seem
to be beyond the scope of the book.

Thoughts?

Larry
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-dev' in the subject header of the message



More information about the blfs-dev mailing list