This patent expired 2 years ago, it seems 1.0.0 is a good time to get this fixed... at least if it remains default-disabled, then the justification should be noted (no longer "patented" but perhaps some "deprecated" commentary?)
I think the changes are limited to the lines below... README ------ The MDC2 algorithm is patented by IBM. FAQ --- You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using ./config no-idea no-mdc2 no-rc5 [...] FYI: Patent numbers and expiry dates of US patents: MDC-2: 4,908,861 13/03/2007 util/cygwin.sh -------------- CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2" Configure --------- my %disabled = ( # "what" => "comment" [or special keyword "experimental"] [...] "mdc2" => "default", [...] # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE"; Miscellany ---------- from util/mk1mf.pl "no-patents" => [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa], Why RSA (expired in 2000)? How are RC2, RC4 in this list. Not patents. Trademarks? Also it seems odd this is recognized by mk1mf.pl - wrong place. Should be set up in Configure. No? Somewhere, perhaps add; MDC2 was covered by a US patent issued to IBM which expired in March 2007. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org