Hi,

Use the tool Dependency Walker (http://www.dependencywalker.com/) to look
at the exported functions of libeay32.dll. If it exports RC5, you will see
exported symbols starting with RC5. For MDC2, you'll find symbols starting
with MDC2 and etc...

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On Mon, June 16, 2008 3:55 pm, bagavathy raj wrote:
> Hi,
>
> I have openssl dlls(i.e.libeay32.dll, ssleay32.dll). I need to know if
> these
> libaries are using any of the patented algorithms like IDEA, RC4, RC5,MDC2
> etc. Can you please let me know if there is any way to find out this?
> Any help would be highly appreciated.
>
> Thanks in adavance,
> Bagavathy
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

Hi,
Is there any binary distribution where I can find SSL dlls without
patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling
without them. I could exclude other algos but not RC4. Some linking
issues. So i need to know if there is any ssl release without the
patented algorithms.

On 6/16/08, Mounir IDRASSI wrote:
> Hi,
>
> Use the tool Dependency Walker (http://www.dependencywalker.com/) to look
> at the exported functions of libeay32.dll. If it exports RC5, you will see
> exported symbols starting with RC5. For MDC2, you'll find symbols starting
> with MDC2 and etc...
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> On Mon, June 16, 2008 3:55 pm, bagavathy raj wrote:
>> Hi,
>>
>> I have openssl dlls(i.e.libeay32.dll, ssleay32.dll). I need to know if
>> these
>> libaries are using any of the patented algorithms like IDEA, RC4, RC5,MDC2
>> etc. Can you please let me know if there is any way to find out this?
>> Any help would be highly appreciated.
>>
>> Thanks in adavance,
>> Bagavathy
>>
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

On 6/16/08, bagavathy raj wrote:
> Hi,
> Is there any binary distribution where I can find SSL dlls without
> patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling
> without them. I could exclude other algos but not RC4. Some linking
> issues. So i need to know if there is any ssl release without the
> patented algorithms.

RC4 is owned (and trademarked) by RSA Security Inc, but they are no
longer enforcing the patent, and will allow free usage of the OpenSSL
implementation of this cipher to those that ask. However they do
require that OpenSSL toolkit users either do not call it RC4, or call
it "Alleged RC4 cipher" to avoid trademark infringement. If you even
mention the words RC4 in your documentation you may need to mention
that it is "Alleged" and that RC4 is a trademark of RSA Security.
RC2 is also a trademark of RSA Security, but this one can be used
without the "Alleged" prefix, providing you list them as the trademark
owner.

Disclaimer: I am not a lawyer, and I suggest you contact RSA directly
to confirm this information on your own.

-Chris
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

> RC4 is owned (and trademarked) by RSA Security Inc, but they are no
> longer enforcing the patent,

RC4 was never protected by patent, but by trade secret. When the
details of the algorithm were published, Ron Rivest himself suggested
calling the "alleged RC4" "ARCFOUR". It is indeed a trademark of RSA
Security.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

At 01:20 PM 6/16/2008, Michael Sierchio wrote:

>>RC4 is owned (and trademarked) by RSA Security Inc, but they are no
>>longer enforcing the patent,
>
>RC4 was never protected by patent, but by trade secret. When the
>details of the algorithm were published, Ron Rivest himself suggested
>calling the "alleged RC4" "ARCFOUR". It is indeed a trademark of RSA
>Security.

Michael is right. No patent. RSA subsequently switched to patent
protection for RC5 and RC5. Some ancient history might offer context.

RC4, developed by Rivest in 1987, was originally sold, under
contractual constraints, as a proprietary RSA trade secret -- a mode
of IP protection which soon proved to be frail and toothless in
Cyberspace, where anonymous publication on the Net broke the trade
secret contract but allowed the perpetrator to escape all liability.

RSADSI initially filed for US trademark protection on RC4 in 1993,
and the trademark -- as a mark of origin, a "mark" that identified
the source of the distributed code -- became the last line defense
for the RC4 IP when the RC4 algorithm was reverse engineered and
published on the Cypherpunks List in September of 1994.

In a swirl of ironies, this was a critical event in public crypto
history, because the illicit publication of RC4 made it possible for
non-US developers to do their own versions of SSL. SSLea, ancestor
of OpenSSL, soon broke the NSA's restrictive policies on the
international use of strong-crypto SSL for browsers and web-based
transactions. Many versions of alleged RC4 (ARC4 or ArcFour) were
soon in widespread use, even in IETF standards. Anyone can code or
use ACR4, but EMC/RSA still defends its monopoly on the RC4 trademark
because undefended trademarks become invalid.

_Vin


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org