On 6/8/2024 5:12 AM, Neil Horman wrote:
printf '%s' "hello" | LD_LIBRARY_PATH=$PWD ./apps/openssl dgst -sha1
-hmac $(cat key.txt)
SHA1(stdin)= c3b424548c3dbd02161a9541d89287e689f076d7
That will expose the key in the process args, so is NOT secure.
--
Carson
On 9/15/2022 3:15 PM, Shawn Heisey via openssl-users wrote:
If symlinks are used responsibly, they won't have security risks. In
general, if the program checks the ownership and permissions of the
actual file before using it, it shouldn't matter whether there is a
symlink or not.
As long as
s 5.10. One must use /usr/xpg4/bin/sh (or
ksh, bash, etc.) if one expects 'export foo=bar' to work.
--
Carson
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
As a counter-example, I just built OpenSSL 1.0.2a 32-bit on SPARC and
'make test' is just fine.
Host: Sun Fire v490
Compiler: Solaris Studio 12.2
OS: Solaris 10 u9
Configure args: solaris-sparcv9-cc
So I suspect the OP is suffering from some local issue.
oesn't know all of the bizarre dialects of gcc, e.g. 'a
?: b' *shudder*).
The real issue is usually inline assembly being in GNU format, which is
incompatible with all others. Oracle's /usr/ccs/bin/as doesn't always
understand all the GNUisms.
But
lookup to the configured backend(s) (files, NIS,
LDAP, DNS, ...)
Dynamic linking is here to stay - embrace your shared object overlords ;-)
--
Carson
__
OpenSSL Project http://www.openssl.org
Us
After compiling 1.0.0-stable-SNAP-20090705 I ran a couple of "openssl speed aes"
runs to lightly test the new code, and discovered a massive slowdown in small
bytesize AES compared to 0.9.8k, in some cases more than 50%. Is this known /
expected?
SunOS gandalf 5.10 Generic_138889-08 i86pc i386
that MANDIR and HTMLIR are specified relative to
OPENSSLDIR instead of INSTALLTOP in Makefile.org?
--
Carson
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
at you have all compiler tool chain
patches applied.
--
Carson
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automat
ultra -xarch=v8plus -xO5
-xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c -o ui_err.o
ui_err.c
You're not compiling with gcc. And I suspect cc is /usr/ucb/cc. Fix your
config.
--
Carson
__
OpenS
king
That code is broken. Fix it. You must _always_ check for short writes. Not
doing so is buggy code. Nothing in POSIX, SUSvn, or any other standard
requires that write blocks until everything is written. And on many
operating systems, it won
--On Thursday, October 28, 2004 15:13:14 +0100 Robert Bannocks
<[EMAIL PROTECTED]> wrote:
I get this too if you quote the $(EXHEADER) to be "$(EXHEADER)" in the
install section of the files listed below it compiles and installs ok.
This will break if EXHEADER is _not_ empty. The following snippet
ling me much on how to fix the problem. Any help would be greatly
appreciated.
Thanks
Carson
The recently published SNMP vulnerabilities are mostly ASN.1
vulnerabilities. Has anyone reviewed the ASN.1 code, and OpenSSL's usage
thereof, to see if there are any issues?
--
Carson Gaspar - [EMAIL PROTECTED]
Queen Trapped in a Butch
\1:solaris-shared:\2,'
Configure >Configure.fixed
We only noticed when we tried to compile under 2.5.1 (don't ask...) which
isn't supported by the current Sun cc. Sorry I didn't catch this in the
release candidates.
--
Carson Gaspar - [EMA
/crypto or make sure
> your path includes the current directory.
If the make process requires . to be in your PATH, it's broken and should
be fixed. I don't think it does, though, since my PATH does _not_ contain
., and 0.9.6 built just fine...
--
Carson Gaspar -- [EMAIL PROTECT
and then invokes gcc. It should work like a charm.
--
Carson Gaspar - [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
lso use a hardware key store, and unlock that
instead. And perhaps charge more for the increased security.
--
Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
_
ause if they used OpenSSL, they could be sued for huge tracts of cash by
RSA for violating their patent. They _must_ license the patent from
somebody.
--
Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.cs.columbia.edu/~c
. Obviously, garbage pointers are not easily detectable without
trapping bus errors, but null pointers are.
--
Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
___
nts. Changing them to #if !defined() statements fixes this, and
there is a patch available. This may or may not be your problem, but
it's worth checking.
Sorry I can't provide a patch reference, but I'm not the one who
maintains our SGI environment - I just reported the bug and lo - th
21 matches
Mail list logo