[You may forward this to the list if you want.  I am not subscribed,
so I won't see replies unless they are Cc'ed to me or you forward them
back to me.]


http://mail-index.netbsd.org/tech-security/2002/09/24/0014.html:

>    Subject: Re: openssl license change
>    To: None <itojun@iijlab.net>
>    From: Robert Elz <kre@munnari.OZ.AU>
>    List: tech-security
>    Date: 09/24/2002 19:21:41

>   |     so i'm not sure if we can avoid Sun license by doing #define
>   |     NO_SUN_CODE.
> 
> There is no sun licence to avoid.

Exactly.

> itojun@iijlab.net said in a separate message:
>   |     and as i believe you are well aware of, there are *a lot* of patents
>   |     filed for elliptic curve crypto algorithms. 
> 
> No, the legalities of cryptography (and cryptography in general) aren't
> my field.   I have no idea how many patents exist in this area, but I will
> believe you about this.

You can disable ECC completely if you are worried about patents.
I am not aware of any ECC patents affecting the default configuration;
but if there are some, they are most likely not Sun's, so they
have nothing to do with that covenant.

There's one function affected by a (pending) Sun patent, see file
CHANGES:

     Two implementations for BN_GF2m_mod_div() are available.
     The default algorithm simply uses BN_GF2m_mod_inv() and
     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
     copyright notice in crypto/bn/bn_gf2m.c before enabling it).

The default configuration does not require you to accept Sun's
conditions.


-- 
Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036