headers
KThirumal | 2 Nov 2009 15:35
Picon
Favicon

Usage of BIO


All,
Am using "openssl-0.9.8a" for my development.
What is the real use of using BIO, or can i directly use ssl_write and ssl_read for my usage ?


------------------------------------------------------------------------------------
*** This Data is classified as : INTERNAL USE ONLY ***
------------------------------------------------------------------------------------

Thanks & Regards
________________________
Karthikeyan Thirumal
NXP Unix - India
iNautix Technologies India Private Limited, an affiliate of Pershing LLC, a subsidiary of The Bank of New York Mellon Corporation
http://www.inautix.co.in
Office: (+91) 44 2254 6000  Extn : 1029 VOIP : (612) - 5112
Email: kthirumal <at> inautix.co.in
Permalink | Reply | 0 comments |
headers
Martin Kaiser via RT | 3 Nov 2009 09:37
Picon
Favicon

[openssl.org #2090] [patch] NULL-pointer handling in asn1_multi()

Dear all,

another case where NULL should be handled is asn1_multi(). It looks like

   sk = sk_ASN1_TYPE_new_null();
   [...]
         sk_ASN1_TYPE_push(sk, typ);

sk_ASN1_TYPE_push() is defined as sk_push(), which dereferences sk. A
simple patch is attached.

Best regards,

   Martin
Attachment (asn1_multi.patch): text/x-diff, 359 bytes
Permalink | Reply | 0 comments |
headers
Martin Kaiser via RT | 3 Nov 2009 10:09
Picon
Favicon

[openssl.org #2091] [patch] NULL-pointer check in OBJ_obj2txt()

Dear all,

I think the following snippet from OBJ_obj2txt() is missing a NULL-pointer
check.

                s=OBJ_nid2ln(nid);
                if (s == NULL)
                        s=OBJ_nid2sn(nid);
                if (buf)
                        BUF_strlcpy(buf,s,buf_len);

OBJ_nid2sn() may return NULL, in this case BUF_strlcpy() dereferences
the NULL pointer. This problem can be triggered from an external test
application.

If the parameter has neither ln nor sn, I suggest that -1 is returned.

The attached short patch against today's snapshot fixes this problem

Best regards,

   Martin
Attachment (o2t.patch): text/x-diff, 659 bytes
Permalink | Reply | 0 comments |
headers
Martin Kaiser via RT | 3 Nov 2009 11:14
Picon
Favicon

Re: [openssl.org #2091] [patch] NULL-pointer check in OBJ_obj2txt()

On Tue, Nov 03, 2009 at 10:09:04AM +0100, Martin Kaiser via RT wrote:

> If the parameter has neither ln nor sn, I suggest that -1 is returned.
> 
> The attached short patch against today's snapshot fixes this problem
> 

Thinking about this again, would it make sense to add an error to the
queue like the patch below?

Best regards,

   Martin

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index e999ef7..fd98769 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
 <at>  <at>  -466,7 +466,7  <at>  <at>  ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
 int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
        int i,n=0,len,nid, first, use_bn;
-       BIGNUM *bl;
+       BIGNUM *bl=NULL;
        unsigned long l;
        const unsigned char *p;
        char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 <at>  <at>  -483,6 +483,11  <at>  <at>  int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *
                s=OBJ_nid2ln(nid);
                if (s == NULL)
                        s=OBJ_nid2sn(nid);
+               if (s == NULL)
+                       {
+                       OBJerr(OBJ_F_OBJ_OBJ2TXT,OBJ_R_UNKNOWN_NID_NAME);
+                       goto err;
+                       }
                if (buf)
                        BUF_strlcpy(buf,s,buf_len);
                n=strlen(s);
 <at>  <at>  -494,7 +499,6  <at>  <at>  int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a
        p=a->data;

        first = 1;
-       bl = NULL;

        while (len > 0)
                {
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
index bd0ee52..ab43d9d 100644
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
 <at>  <at>  -1127,10 +1127,12  <at>  <at>  void ERR_load_OBJ_strings(void);
 #define OBJ_F_OBJ_NID2LN                                102
 #define OBJ_F_OBJ_NID2OBJ                               103
 #define OBJ_F_OBJ_NID2SN                                104
+#define OBJ_F_OBJ_OBJ2TXT                               105

 /* Reason codes. */
 #define OBJ_R_MALLOC_FAILURE                            100
 #define OBJ_R_UNKNOWN_NID                               101
+#define OBJ_R_UNKNOWN_NID_NAME                          102

 #ifdef  __cplusplus
 }

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 0 comments |
headers
David Woodhouse via RT | 3 Nov 2009 22:20
Picon
Favicon

Re: [openssl.org #2089] [PATCH] DTLS Fragment size bug

On Fri, 2009-10-30 at 18:11 +0100, Robin Seggelmann via RT wrote:
> DTLS fragmentation doesn't consider the additional data required with  
> using encryption, so the packet size then exceeds the MTU when  
> fragmentation is performed. This patch subtracts the size of the mac  
> and the additional encryption bytes of the maximum possible length for  
> a fragment, if necessary.
> 
> Thanks to Daniel Mentz for finding this bug.
> 

... 

> +	if (s->write_hash)
> +		mac_size = EVP_MD_CTX_size(s->write_hash);
> +	else
> +		mac_size = 0;
> +

This was applied to the 0.9.8 branch too, where it causes a SEGV. It
should be EVP_MD_size() there.

Index: ssl/d1_both.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_both.c,v
retrieving revision 1.4.2.21
diff -u -p -r1.4.2.21 d1_both.c
--- ssl/d1_both.c	2 Nov 2009 13:36:56 -0000	1.4.2.21
+++ ssl/d1_both.c	3 Nov 2009 20:41:54 -0000
 <at>  <at>  -226,7 +226,7  <at>  <at>  int dtls1_do_write(SSL *s, int type)
 			(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);

 	if (s->write_hash)
-		mac_size = EVP_MD_CTX_size(s->write_hash);
+		mac_size = EVP_MD_size(s->write_hash);
 	else
 		mac_size = 0;

--

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse <at> intel.com                              Intel Corporation

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 0 comments |
headers
Peter Waltenberg via RT | 4 Nov 2009 05:02
Picon
Favicon

[openssl.org #2092] Updated AES-GCM/AES-CCM/CMAC patch


This is is an update to our previous contribution.

It should apply cleanly to openssl-1.0.0-beta3, that's been tested on a
couple of Unix'y platforms here.

There are some bug fixes which deal with corner cases in AES-GCM and
AES-CCM, and CMAC now works in DES modes.
Thanks to Paul Suhler for his testing of GCM which picked a couple of
subtle bugs there.

It should also build on Windows now - but I can't get beta3 to build
(unmodified) on Windows in my environment for some reason so I've only been
able to test that with a close cousin of this patch applied to older
OpenSSL variants..
Note that I had to drop some of the test cases to get this to build on
Windows, if you need the older/more comprehensive test cases, you'll have
to dig them out of earlier patches.

(See attached file: ibm4.patch)

Peter
Attachment (ibm4.patch): application/octet-stream, 156 KiB
Permalink | Reply | 0 comments |
headers
sandeep.kumar17 | 4 Nov 2009 12:00

SSL_write reurns SSL3_WRITE_PENDING

Hi,
 
I am getting some error in SSL_write(). Error is:
error:1409F07F:SSL routines: SSL3_WRITE_PENDING:bad write retry  
 
Can anyone help me to fix this. Any workaround is also appreciated.
I am using 0.9.8g openssl version
 
Thanks

Please do not print this email unless it is absolutely necessary.

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com

Permalink | Reply | 3 comments |
headers
Lou Picciano | 4 Nov 2009 14:46
Picon

OpenSSL hardware acceleration exploration...

OpenSSL Friends:

We're looking at implementing hardware acceleration for our OpenSSL environment.  Hardware would probably be PCI bus x86, though SPARC is not out of the question...

Does anyone have any strong opinions, recommendations, success/horror stories, preferred hardware sources they can share?
Permalink | Reply | 1 comment |
headers
Joe Kemp | 4 Nov 2009 15:46

Zlib compression

I am trying to verify compatibility between 0.9.7m and 0.9.8k with respect to zlib compression.  Will the two work together? I am getting SSL3_GET_RECORD:bad decompression errors on the 0.9.7m stunnel server. 

 

The current c_zlib.c file appears to have 3 different approaches to compression

Stateless -> Commented out with #ifdef 0

Stateful

Bio filters

 

Can some explain when Stateful and/or bio filters are used.  Would this depend on the hosting application, in this case stunnel?

 

Joe A. Kemp

CapWIN Senior Systems Architect

(O) 301-614-3727 (C) 301-502-1281

 

Permalink | Reply | 0 comments |
headers
David Schwartz | 4 Nov 2009 17:17
Favicon
Gravatar

RE: SSL_write reurns SSL3_WRITE_PENDING

 

                Did you forget to set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER? Or are you presenting an inconsistent view of the data stream to SSL? For example, if you go to send “foo” to an SSL connection and only one byte is sent, your next send *must* start with “oo”.

 

                DS

 

 

From: owner-openssl-users <at> openssl.org [mailto:owner-openssl-users <at> openssl.org] On Behalf Of sandeep.kumar17 <at> wipro.com
Sent: Wednesday, November 04, 2009 3:01 AM
To: openssl-users <at> openssl.org; openssl-dev <at> openssl.org
Subject: SSL_write reurns SSL3_WRITE_PENDING

 

Hi,

 

I am getting some error in SSL_write(). Error is:

error:1409F07F:SSL routines: SSL3_WRITE_PENDING:bad write retry  

 

Can anyone help me to fix this. Any workaround is also appreciated.

I am using 0.9.8g openssl version

 

Thanks

Please do not print this email unless it is absolutely necessary.

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com

Permalink | Reply | 2 comments |

Gmane