Re: PLEASE HELP - How do I include OpenSSL in my code?

From: Clever Monkey <clvrmnky.invalid@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 15 May 2006 12:56:07 -0400

Martin Ambuhl wrote:

cpptutor2000@xxxxxxxxx wrote:
Could some C guru please help me? I have a simple piece of code as:

#include <stdio.h>
#include <stdlib.h>
#include <openssl/rand.h>

You're trying to get us into trouble, aren't you. Even if openssl were on topic here, or if your implementation-specific question were on topic, the language from the openssl site would scre me off:
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY,
RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS
OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY
ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS
WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY
VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

Why is this scary? It's just a typical "you cannot sue us" extension of the BSD license. In reality there are only a few countries where this would be a problem. A hint is that OpenSSL development having to do with encryption is not done in those countries (and therefore, not subject to export law). They ship from those countries "because they can" (quote from the OpenSSL website).

Even in the US, as long as you do not export the software you write based on strong crypto like OpenSSL you should be fine. It is not illegal to code (yet). Most export laws are triggered once you try to sell or provide software based on such tech to another country or agent of another country.

However, the laws regarding such material are byzantine and subject to broad interpretation. This warning is a just a YMMV.
.

Follow-Ups:
- Re: PLEASE HELP - How do I include OpenSSL in my code?
  - From: Martin Ambuhl

References:
- PLEASE HELP - How do I include OpenSSL in my code?
  - From: cpptutor2000@xxxxxxxxx
- Re: PLEASE HELP - How do I include OpenSSL in my code?
  - From: Martin Ambuhl

Prev by Date: Re: short or int
Next by Date: Re: Introduce urself
Previous by thread: Re: PLEASE HELP - How do I include OpenSSL in my code? <OT: Cryptographic laws>
Next by thread: Re: PLEASE HELP - How do I include OpenSSL in my code?
Index(es):
- Date
- Thread

Relevant Pages

Re: Adding standalone RSA code
... > I'd like to add a new library for lightweight barebones RSA ... > (openssl), but I think my code has important advantages which justify ... > Any objections? ... cryptography, then using elliptic curve cryptography would be more ...
(freebsd-arch)
Re: Digest::Base problem
... with "openssl" (so, adding the path was incorrect information on my ... In the Bad Old Days nobody wanted to hand strong cryptography ... The easiest way was classifying crypto as weapons, ...
(comp.lang.ruby)