[openssl.org #1206] FTP USER Authentication

[[EMAIL PROTECTED] via RT]

Hi

We have ported the openSSL code for our project.We use SSL to
authenticate the users who use FTP to the controller(which is basically
a printer). We have different groups such as developer, user, designer
etc. each will have access permissions

I am facing a problem with the DES encryption for a particular password.







Confidentiality Notice

The information contained in this electronic message and any attachments to 
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or 
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL 
PROTECTED] immediately
and destroy all copies of this message and any attachments.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #1196] [PATCH] openssl-0.9.8 - make test failure and fix for SunOS 4.1.4

[Russell Ruby via RT]

Regarding memcmp related changes found in snapshots:

  openssl-0.9.8-stable-SNAP-20050921.tar.gz
  and
  openssl-SNAP-20050921.tar.gz

Ahh, yes, clean, succinct, more general.  I like it.
Almost works, but for a small include glitch.

[SunOS 4.1.4]
making all in apps...
make[1]: Entering directory `.../openssl-0.9.8-stable-SNAP-20050921/apps'
gcc -DMONOLITH -I.. -I../include -O3 -mv8 -Dssize_t=int -c -o verify.o verify.c
In file included from apps.h:115,
 from verify.c:62:
../e_os.h:569: o_str.h: No such file or directory

Just need the following patch to make both of the above snapshots
build and run make test successfully on SunOS 4.1.4:

diff -Naur openssl-0.9.8-stable-SNAP-20050921-orig/e_os.h 
openssl-0.9.8-stable-SNAP-20050921-work/e_os.h
--- openssl-0.9.8-stable-SNAP-20050921-orig/e_os.h  2005-09-20 
14:02:52.0 -0700
+++ openssl-0.9.8-stable-SNAP-20050921-work/e_os.h  2005-09-21 
13:26:26.0 -0700
@@ -566,7 +566,7 @@
 # define strerror(errnum) \
(((errnum)0 || (errnum)=sys_nerr) ? NULL : sys_errlist[errnum])
   /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
-#include o_str.h
+#include crypto/o_str.h
 # define memcmp OPENSSL_memcmp
 #endif
 
Being an upstanding US redneck, I have swamped [EMAIL PROTECTED], [EMAIL 
PROTECTED],
[EMAIL PROTECTED] with a TSU notification including this patch.

Also have included above/same patch as an attachment.

russell ruby  -  russ at sludge.net

===

On Tue, 20 Sep 2005 22:16:02 +0200 (METDST) 
Andy Polyakov via RT [EMAIL PROTECTED] wrote:


 Failing step from make test_gen   test/gentest script:
 mfg(259) ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
 verify failure
 6901:error:04077064:rsa routines:RSA_verify:algorithm 
 mismatch:rsa_sign.c:211:
 6901:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 
 lib:a_verify.c:168:
 
 The culprit turns out to be memcmp.  In SunOS 4.x, memcmp implements
 a signed byte comparision implied by the native data type char.

Good catch!

 --- openssl-0.9.8-stable-SNAP-20050906-orig/e_os.h   2005-08-02 
 16:03:17.0 -0700
 +++ openssl-0.9.8-stable-SNAP-20050906-work/e_os.h   2005-09-06 
 10:28:21.0 -0700
 @@ -565,6 +565,13 @@
  extern char *sys_errlist[]; extern int sys_nerr;
  # define strerror(errnum) \
  (((errnum)0 || (errnum)=sys_nerr) ? NULL : sys_errlist[errnum])
 +  /* SunOS 4.x signed memcmp breaks table lookup of ASN1_OBJECT *obj_objs.
 + This replacement assumes gcc statement as expression extension. */
 +#define memcmp(s1,s2,n) ({int _ii,_uclim,_ucdiff=0; \
 +   unsigned char *_ucp1=(unsigned char *)(s1), *_ucp2=(unsigned char 
 *)(s2); \
 +   for (_ii=0,_uclim=(n); _ii_uclim; _ii++) \
 + if (_ucdiff=_ucp1[_ii] - _ucp2[_ii]) break; \
 +   _ucdiff; })
  #endif

I've chosen to #define memcmp OPENSLL_memcmp and implement 
OPENSSL_memcmp as real function. There is no guarantee that we don't run 
into this on some other platform and then it would be nice not to be 
dependent on GCC extention. Double-check tomorrow snapshots. Case is 
being dismissed. A.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]