[openssl.org #141] Error while writing zero-length string
[jaenicke - Fri Jul 19 13:58:12 2002]: [[EMAIL PROTECTED] - Fri Jul 19 11:04:22 2002]: On Fri, Jul 19, 2002 at 10:39:21AM +0200, Martin Sjögren via RT wrote: A warning in the man pages for SSL_write (and probably SSL_read too) would a good start for this. I agree. Actually it should be quite easy to change OpenSSL so that this problem is avoided (I just can't do this in the the 0.9.6 branch because I have to extend the SSL structure, which will destroy binary compatibility). I have added a warning to the SSL_write() manual page. I will move the milestone setting to 0.9.7 with respect to a change of the behaviour, as it won't be changed in 0.9.6x as stated above. If we consider this to be a bug, it should be fixed in the 0.9.7 tree now. Otherwise we should consider moving it further to 0.9.8 with respect to binary compatibility issues. Best regards, Lutz Considering current events, I believe the correct action is to move it to 0.9.8. I'll do that in a moment. -- Richard Levitte __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
tor 2002-07-18 klockan 13.04 skrev Bodo Moeller via RT: SSL_read() and SSL_write() are not really meant to be called with zero length. The return value cannot be larger than zero when this is done, so SSL_get_error() will interpret the return value as an error indication. Then the documentation should say this in large friendly letters :) We could change SSL_read() and SSL_write() to return an actual error when they are called with length 0, but this might break programs that do such calls but don't rely on SSL_get_error() for them. I suppose it should be possible to change the implementations behind SSL_read() and SSL_write() (i.e. ssl3_read() etc.) to use an extra flag for the special case of zero length parameters so that SSL_get_error() will indicate success unless there really was some kind of error, but I'm not convinced this is worth the effort -- why call the functions with length 0 anyway? Why? Perhaps because of mistakes in the coding. Perhaps because the author didn't think it was invalid and didn't want to add to the complexity of his code with Yet Another if. This bug bit us because the protocol framework we are using did exactly this and it took us a long time tracking it down. Note that it's perfectly valid to call write(2) with an empty string and that a zero return doesn't mean the connection was closed. A warning in the man pages for SSL_write (and probably SSL_read too) would a good start for this. Regards, Martin -- Martin Sjögren [EMAIL PROTECTED] ICQ : 41245059 Phone: +46 (0)31 7710870 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
On Fri, Jul 19, 2002 at 10:39:21AM +0200, Martin Sjögren via RT wrote: Note that it's perfectly valid to call write(2) with an empty string [...] This is true only for regular files. According to the The Single UNIX Specification, Version 2, and related write() manual pages on systems such as Solaris: If nbyte is 0, write() will return 0 and have no other results if the file is a regular file; otherwise, the results are unspecified. A warning in the man pages for SSL_write (and probably SSL_read too) would a good start for this. I agree. Actually it should be quite easy to change OpenSSL so that this problem is avoided (I just can't do this in the the 0.9.6 branch because I have to extend the SSL structure, which will destroy binary compatibility). -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
On Fri, Jul 19, 2002 at 10:39:21AM +0200, Martin Sjögren via RT wrote: tor 2002-07-18 klockan 13.04 skrev Bodo Moeller via RT: SSL_read() and SSL_write() are not really meant to be called with zero length. The return value cannot be larger than zero when this is done, so SSL_get_error() will interpret the return value as an error indication. Then the documentation should say this in large friendly letters :) We could change SSL_read() and SSL_write() to return an actual error when they are called with length 0, but this might break programs that do such calls but don't rely on SSL_get_error() for them. I suppose it should be possible to change the implementations behind SSL_read() and SSL_write() (i.e. ssl3_read() etc.) to use an extra flag for the special case of zero length parameters so that SSL_get_error() will indicate success unless there really was some kind of error, but I'm not convinced this is worth the effort -- why call the functions with length 0 anyway? Why? Perhaps because of mistakes in the coding. Perhaps because the author didn't think it was invalid and didn't want to add to the complexity of his code with Yet Another if. This bug bit us because the protocol framework we are using did exactly this and it took us a long time tracking it down. Note that it's perfectly valid to call write(2) with an empty string and that a zero return doesn't mean the connection was closed. Hmm. Manual pages between systems can be different. I cite from Linux now: read(2): ... On success, the number of bytes read is returned (zero indicates end of file), and the file position is advanced by this number. ... Therefore the case, that '0' bytes were read actually could not appear. Translated to the SSL_* case this means, that SSL_read() is behaving quite similar to that of read(2). With respect to write(2): ... On success, the number of bytes written are returned (zero indicates nothing was written). On error, -1 is returned, and errno is set appropriately. If count is zero and the file descriptor refers to a regular file, 0 will be returned without causing any other effect. For a special file, the results are not portable. ... Thus it seems, that writing an amount of 0 bytes is not that portable as it seems. What would be thinkable is that SSL_write() with a bytecount of 0 gets a shortcut returning 0 bytes written without actually doing anything. This however might conflict with SSL_get_error() and I do not think, that it would be a worthwhile addition. It seems that an appropriate addition to the SSL_write() manual page is the correct solution. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
tor 2002-07-18 klockan 13.04 skrev Bodo Moeller via RT: SSL_read() and SSL_write() are not really meant to be called with zero length. The return value cannot be larger than zero when this is done, so SSL_get_error() will interpret the return value as an error indication. Then the documentation should say this in large friendly letters :) We could change SSL_read() and SSL_write() to return an actual error when they are called with length 0, but this might break programs that do such calls but don't rely on SSL_get_error() for them. I suppose it should be possible to change the implementations behind SSL_read() and SSL_write() (i.e. ssl3_read() etc.) to use an extra flag for the special case of zero length parameters so that SSL_get_error() will indicate success unless there really was some kind of error, but I'm not convinced this is worth the effort -- why call the functions with length 0 anyway? Why? Perhaps because of mistakes in the coding. Perhaps because the author didn't think it was invalid and didn't want to add to the complexity of his code with Yet Another if. This bug bit us because the protocol framework we are using did exactly this and it took us a long time tracking it down. Note that it's perfectly valid to call write(2) with an empty string and that a zero return doesn't mean the connection was closed. A warning in the man pages for SSL_write (and probably SSL_read too) would a good start for this. Regards, Martin -- Martin Sjögren [EMAIL PROTECTED] ICQ : 41245059 Phone: +46 (0)31 7710870 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
Martin Sjögren via RT [EMAIL PROTECTED]: Bodo Moeller: Martin Sjögren: When you write a zero-length string with SSL_write, OpenSSL signals a protocol-violating EOF even though no such thing has happened. My guess is that a zero returned is misinterpreted somewhere though I have not had time to dig through the source. SSL_write() with length 0 will return 0, and this return value is always interpreted as protocol-violating EOF according to the SSL_get_error() manpage (SSL_get_error() returns SSL_ERROR_ZERO_RETURN). This is an inconsistency, but even if we change SSL_write() to return a different value, the program will not work -- we cannot return a positive value, and negative values would be interpreted as errors too. Uh, the example code I whipped up doesn't give you SSL_ERROR_ZERO_RETURN, it gives you SSL_ERROR_SYSCALL. Correct, my mistake. I actually meant SSL_ERROR_SYSCALL (SSL_ERROR_ZERO_RETURN means that the connection has been shut down cleanly, and this return value would be totally incorrect in this case). I'd say that the problem isn't as much in SSL_write as in SSL_get_error. The error codes and success codes overlap :( SSL_read() and SSL_write() are not really meant to be called with zero length. The return value cannot be larger than zero when this is done, so SSL_get_error() will interpret the return value as an error indication. We could change SSL_read() and SSL_write() to return an actual error when they are called with length 0, but this might break programs that do such calls but don't rely on SSL_get_error() for them. I suppose it should be possible to change the implementations behind SSL_read() and SSL_write() (i.e. ssl3_read() etc.) to use an extra flag for the special case of zero length parameters so that SSL_get_error() will indicate success unless there really was some kind of error, but I'm not convinced this is worth the effort -- why call the functions with length 0 anyway? -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
Martin Sjögren: When you write a zero-length string with SSL_write, OpenSSL signals a protocol-violating EOF even though no such thing has happened. My guess is that a zero returned is misinterpreted somewhere though I have not had time to dig through the source. SSL_write() with length 0 will return 0, and this return value is always interpreted as protocol-violating EOF according to the SSL_get_error() manpage (SSL_get_error() returns SSL_ERROR_ZERO_RETURN). This is an inconsistency, but even if we change SSL_write() to return a different value, the program will not work -- we cannot return a positive value, and negative values would be interpreted as errors too. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
fre 2002-07-12 klockan 09.36 skrev Bodo Moeller via RT: Martin Sjögren: When you write a zero-length string with SSL_write, OpenSSL signals a protocol-violating EOF even though no such thing has happened. My guess is that a zero returned is misinterpreted somewhere though I have not had time to dig through the source. SSL_write() with length 0 will return 0, and this return value is always interpreted as protocol-violating EOF according to the SSL_get_error() manpage (SSL_get_error() returns SSL_ERROR_ZERO_RETURN). This is an inconsistency, but even if we change SSL_write() to return a different value, the program will not work -- we cannot return a positive value, and negative values would be interpreted as errors too. Uh, the example code I whipped up doesn't give you SSL_ERROR_ZERO_RETURN, it gives you SSL_ERROR_SYSCALL. $ ./a.out rand: 1 accept: 1 connect: 1 ERR_get_error=0; ret=0; err=5; errno=0 where err is the result of SSL_get_error. I think you're losing me somewhere. I'd say that the problem isn't as much in SSL_write as in SSL_get_error. The error codes and success codes overlap :( Regards, Martin -- Martin Sjögren [EMAIL PROTECTED] ICQ : 41245059 Phone: +46 (0)31 7710870 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #141] Error while writing zero-length string
When you write a zero-length string with SSL_write, OpenSSL signals a protocol-violating EOF even though no such thing has happened. My guess is that a zero returned is misinterpreted somewhere though I have not had time to dig through the source. I attached a program that (at least on my machine) reproduces the problem. $ uname -a Linux ratthing-b3cf 2.4.18 #5 Thu Jul 4 12:01:50 CEST 2002 i686 unknown $ /tmp/openssl-0.9.7-beta2/bin/openssl version OpenSSL 0.9.7-beta2 16 Jun 2002 Regards, Martin -- Martin Sjögren [EMAIL PROTECTED] ICQ : 41245059 Phone: +46 (0)31 7710870 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #141] Error while writing zero-length string
Martin Sjögren: When you write a zero-length string with SSL_write, OpenSSL signals a protocol-violating EOF even though no such thing has happened. My guess is that a zero returned is misinterpreted somewhere though I have not had time to dig through the source. SSL_write() with length 0 will return 0, and this return value is always interpreted as protocol-violating EOF according to the SSL_get_error() manpage (SSL_get_error() returns SSL_ERROR_ZERO_RETURN). This is an inconsistency, but even if we change SSL_write() to return a different value, the program will not work -- we cannot return a positive value, and negative values would be interpreted as errors too. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]