Re: openssl hmac and key on the command line

On 6/8/2024 5:12 AM, Neil Horman wrote: printf '%s' "hello" | LD_LIBRARY_PATH=$PWD ./apps/openssl dgst -sha1 -hmac $(cat key.txt) SHA1(stdin)= c3b424548c3dbd02161a9541d89287e689f076d7 That will expose the key in the process args, so is NOT secure. -- Carson

Re: Best Practices for private key files handling

On 9/15/2022 3:15 PM, Shawn Heisey via openssl-users wrote: If symlinks are used responsibly, they won't have security risks. In general, if the program checks the ownership and permissions of the actual file before using it, it shouldn't matter whether there is a symlink or not. As long as

Re: [openssl-users] OpenSSL 1.0.2 Solaris 32 bit build is broken

s 5.10. One must use /usr/xpg4/bin/sh (or ksh, bash, etc.) if one expects 'export foo=bar' to work. -- Carson ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.0.2 Solaris 32 bit build is broken

As a counter-example, I just built OpenSSL 1.0.2a 32-bit on SPARC and 'make test' is just fine. Host: Sun Fire v490 Compiler: Solaris Studio 12.2 OS: Solaris 10 u9 Configure args: solaris-sparcv9-cc So I suspect the OP is suffering from some local issue.

Re: [openssl-users] OpenSSL 1.0.2 Solaris 32 bit build is broken

oesn't know all of the bizarre dialects of gcc, e.g. 'a ?: b' *shudder*). The real issue is usually inline assembly being in GNU format, which is incompatible with all others. Oracle's /usr/ccs/bin/as doesn't always understand all the GNUisms. But

Re: References to NSS libraries

lookup to the configured backend(s) (files, NIS, LDAP, DNS, ...) Dynamic linking is here to stay - embrace your shared object overlords ;-) -- Carson __ OpenSSL Project http://www.openssl.org Us

AES speed regression in 1.0.0-stable-SNAP-20090705

After compiling 1.0.0-stable-SNAP-20090705 I ran a couple of "openssl speed aes" runs to lightly test the new code, and discovered a massive slowdown in small bytesize AES compared to 0.9.8k, in some cases more than 50%. Is this known / expected? SunOS gandalf 5.10 Generic_138889-08 i86pc i386

Why are man pages installed under openssldir, and not under prefix?

that MANDIR and HTMLIR are specified relative to OPENSSLDIR instead of INSTALLTOP in Makefile.org? -- Carson __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: Problem making shared libraries on Solaris

at you have all compiler tool chain patches applied. -- Carson __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automat

Re: Problem compiling openssl-0.9.8d on Solaris 8

ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c -o ui_err.o ui_err.c You're not compiling with gcc. And I suspect cc is /usr/ucb/cc. Fix your config. -- Carson __ OpenS

RE: renegotiating problem - connection hanging?

king That code is broken. Fix it. You must _always_ check for short writes. Not doing so is buggy code. Nothing in POSIX, SUSvn, or any other standard requires that write blocks until everything is written. And on many operating systems, it won

Re: Solaris make install problems for 0.9.7e

--On Thursday, October 28, 2004 15:13:14 +0100 Robert Bannocks <[EMAIL PROTECTED]> wrote: I get this too if you quote the $(EXHEADER) to be "$(EXHEADER)" in the install section of the files listed below it compiles and installs ok. This will break if EXHEADER is _not_ empty. The following snippet

Make Test Error

ling me much on how to fix the problem.  Any help would be greatly appreciated.   Thanks   Carson

ASN.1 buffer overflows - is OpenSSL vulnerable?

The recently published SNMP vulnerabilities are mostly ASN.1 vulnerabilities. Has anyone reviewed the ASN.1 code, and OpenSSL's usage thereof, to see if there are any issues? -- Carson Gaspar - [EMAIL PROTECTED] Queen Trapped in a Butch

Solaris gcc shared library target is broken in 0.9.6a

\1:solaris-shared:\2,' Configure >Configure.fixed We only noticed when we tried to compile under 2.5.1 (don't ask...) which isn't supported by the current Sun cc. Sorry I didn't catch this in the release candidates. -- Carson Gaspar - [EMA

Re: Build fails on Solaris 5.6

/crypto or make sure > your path includes the current directory. If the make process requires . to be in your PATH, it's broken and should be fixed. I don't think it does, though, since my PATH does _not_ contain ., and 0.9.6 built just fine... -- Carson Gaspar -- [EMAIL PROTECT

Re: random generator on solaris

and then invokes gcc. It should work like a charm. -- Carson Gaspar - [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: Certi

lso use a hardware key store, and unlock that instead. And perhaps charge more for the increased security. -- Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body _

Re: RSA Security and Red Hat, Inc. Sign Licensing Agreement

ause if they used OpenSSL, they could be sued for huge tracts of cash by RSA for violating their patent. They _must_ license the patent from somebody. -- Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cs.columbia.edu/~c

Re: BN_dup bug?

. Obviously, garbage pointers are not easily detectable without trapping bus errors, but null pointers are. -- Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body ___

Re: Problems to compile openssl on IRIX 6.2

nts. Changing them to #if !defined() statements fixes this, and there is a patch available. This may or may not be your problem, but it's worth checking. Sorry I can't provide a patch reference, but I'm not the one who maintains our SGI environment - I just reported the bug and lo - th