netbsd-bugs: lib/10883: MKCRYPTO_{RC5,IDEA} should be set to "no" by default

Subject: lib/10883: MKCRYPTO_{RC5,IDEA} should be set to "no" by default
To: None <gnats-bugs@gnats.netbsd.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 08/22/2000 18:50:15

>Number:         10883
>Category:       lib
>Synopsis:       MKCRYPTO_{RC5,IDEA} should be set to "no" by default
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 22 18:51:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Jun-ichiro itojun Hagino
>Release:        1.5E
>Organization:
	itojun.org
>Environment:


>Description:
	src/crypto/Makefile.openssl uses MKCRYPTO_{IDEA,RC5,RSA} to control
	inclusion of patented algorithms into /usr/lib/libcrypto.a.
	it seems that those functions are compiled in by default.
	wouldn't this make it harder for us to ship intellectural-property-
	rights clean system by default?  is it really okay to ship them?
>How-To-Repeat:
	% nm /usr/lib/libcrypto.a | grep -i rc5
	% nm /usr/lib/libcrypto.a | grep -i idea
	% less src/crypto/Makefile.openssl
>Fix:
	change Makefile.openssl so that it won't include IDEA and RC5
	by default.  for example,
.if !(defined(MKCRYPTO_RC5) && ${MKCRYPTO_RC5} == "YES")
CPPFLAGS+=-DNO_RC5
.endif

	RSA patent will expire soon, so it should be okay to leave MKCRYPTO_RSA
	undefined.  (not sure about RSA patent in non-US countries... in
	Japan, there's no RSA patent)
>Release-Note:
>Audit-Trail:
>Unformatted: