In message <[EMAIL PROTECTED]> on Thu, 19 Jun 2003 08:51:58 +0200 (METDST), "Bob
Hepple via RT" <[EMAIL PROTECTED]> said:
rt> I am busy porting OpenSSL to the Eracom hardware engine and have run into
rt> a problem when entering PINS (ie using fgets() without echo). Thought I'd
rt> share the workaround and invite comment ...
rt>
rt> Normally, openssl does not need to access this function so I imagine it
rt> has not been much debugged. But with this hardware engine I need to be
rt> able to input a PIN without echo and since there is a mechanism in openssl
rt> to do just that, naturally I prefer to use it rather than write more code.
Uhmm, you're doing the prompting through a UI_METHOD, I assume (more
precisely, the one returned by UI_OpenSSL()). All OpenSSL application
prompting for pass phrases ('openssl genrsa' and lots of other
commands) use that same mechanism, so I'm quite surprised this hasn't
been heard of before.
Have you tested if 'openssl genrsa' works? If it does, perhaps you
should figure out what you do differently from the OpenSSL
application. You probably want to check out the function
setup_ui_method() and related static functions in apps/apps.c, or
check out the nCipher engine, which I'm pretty sure does things
properly (at least last time I tested).
rt> Normally, Linux is configured with -DTERMIO set. This causes fgets() to
rt> return an error (it returns NULL and feof() is set) when NOECHO is used in
rt> crypto/ui/ui_openssl:read_string_inner()
rt>
rt> If I compile with -DTERMIOS instead, there is no error. So my question is
rt> in 3 parts:
rt>
rt> 1. what is the 'correct' way to specify TERMIOS instead of TERMIO? I have
rt> tried setting the TERMIOS parameter in util/pl/linux.pl to no avail. I am
rt> currently changing all the linux configurations in the 'Configure' script
rt> and this seems to work, but it's messy.
There's some preprocessor code in crypto/ui/ui_openssl.c that forces
TERMIO for Linux. You might want to disable that, or make it force
TERMIOS instead.
rt> 2. Since this fixes the problem, can this setting please be used as the
rt> default in future?
Will it work on all Linux variants, including somewhat aged Linux
systems?
rt> 3. Why use TERMIO when TERMIOS is available on Linux?
Because once upon a time, when the original code was constructed,
there was only TERMIO, I assume. Noone has complained since, so...
rt> ... and yes, the current stat of the port is available as a source code
rt> patch at http://www.eracom-tech.com/downloads/downloads.php
I think "available" depends on who you are. I just tried, and was
redirected to http://www.eracom-tech.com/login/userlogin.php...
Anyhow, whenever it really becomes available, I think I can take a
look and see if I can spot something.
--
Richard Levitte \ Tunnlandsv�gen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
