> From: owner-openssl-us...@openssl.org On Behalf Of Young, Alistair
> Sent: Friday, 06 February, 2009 05:17
> -----Original Message-----
> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson
> Sent: 06 February 2009 00:29
> > > But, to complicate things further, I'm trying to invoke this from
Java.
> > > So I have something like:
> > > byte[] key = ....;
> > > Runtime.getRuntime().exec("openssl", "dgst", "-sha256", "-hmac",
> > > "\"" + new String(key) + "\"", "-binary"); I then pipe my message in,
> > > and collect the output from the output stream.
>
> > In the Java I have (SDK5=jre1.6.0_02) I can't Runtime.exec multiple
strings
> > like that, I have to put them in an array with {}. (Or a single String,
but
> > then I'm not sure whose parsing rules are used and when.) With a String
[],
> > don't add quotes around the key value. In a shell command, " ' \ are
processed
> > by the shell before being passed to the program. As are the ` above.
> > Then it works for me.
>
> You're right about the array, of course - this was some poorly
> transcribed code! :)
>
> Without the quotes, if my hmac key contains a space or tab
> character, it seems that somewhere along the way, the two halves
> of the key are treated as separate parameters. So, if my key was
> "£$%& £$%&*", attempting to execute the command simply results in
> OpenSSL giving a "£$%&* not found" error.
>
Are those pounds in 8859-1, as posted? I don't use any non-US charsets
here and so can't easily test that, but with "$%& $%&*" (minus quotes)
it (still) works for me. (I previously lazily tested on my local Windows
instead of Linux, but this time to be certain I used a convenient Linux box,
which actually has an older jre, 1.5.0_06-b05 .)
> Adding the quotes didn't work because, if I understand things
> correctly, the notion of quotes (or escaping characters with \)
> is a shell concept - hence my attempt to force the command to run
> under a shell.
>
Those are shell concepts, yes. But then you have to figure out
exactly what to tell the shell to get it to end up with the
exactly right values passed to the program i.e. openssl.
Shell is designed to be convenient for normal (interactive) cases,
as the cost of confusion and obscurity in weird cases.
<snip>
> Incidentally, the simple approach (simply passing the key as a
> parameter, regardless of its content) worked flawlessly under
> Windows (using non-FIPS OpenSSL).
>
That makes me really suspicious. I wonder if it might be an issue with
high-half signed characters somewhere, or Unicode encoding, or such.
Could you try passing the desired arguments to instead a simple program
that just shows you exactly what it's getting, something like:
#include <stdio.h>
int main (void) {int c, char **v)
{ char*p; while(p=*++v){
fputs(p);while(*p)printf(" %02x",*p++);putchar ('\n'); }
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
