OpenSSL 0.9.7 - HMAC_cleanup
The HMAC_cleanup() function is defined in the current SNAP but must not be implemented. Calling this function will compile correctly but will result in link errors. Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-560-9170 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
re[2]: .NET version of OpenSSL
Paul, I know, I am an old Unix Programmer that now loves .NET ! As a matter of fact I was programming before Unix was around ! I have seen a lot of old Unix programmers end up in the unemployment line because they failed to change with the times and I am afraid this is just another case ! I looks like OpenSSL will stay a mostly Unix product, which means it won't be an integral part of the Desktop since Microsoft own 95% of the desktop ! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SV: .NET version of OpenSSL
-Oprindelig meddelelse- Fra: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]] Sendt: 14. marts 2002 14:26 Til: [EMAIL PROTECTED]; [EMAIL PROTECTED] Emne: Re: .NET version of OpenSSL Let's see, you're saying that a true .NET component must (or is it only should?) be written in C#, and at the same time you mention the Common Language Runtime, which suggests that the language isn't really that important (at least that's how I understand the words in that name). So which is it, is there a CLR that means that components can be built in any language or not. If I'm guessing correctly, it would be possible to create a .NET DLL from C source, no? I doubt, just as everyone else, that the C# language will have that much of an impact, there just is wy too much written in C or C++ that people will want to keep. Also, trying to predict the death of anything non-M$ has been attempted for the last xx years (I can recall about 11 such years), and still the Unixly platforms exist today and are growing. Even OpenVMS, which was pronounced dead by everyone not in the VMS community about 5 years ago, still lives and goes on strongly in it's sector. So please, don't even try to tell us the same bullshit that has been fed down our throats for so long, you won't be more credible than your predecessors (sp?). Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 I don't know much about .NET yet, but I'm pretty sure that old C/C++ code can still be compiled with Visual Studio 7 (.NET). It's correct that MS recommends (not requires) that new applications should be written i C#, but Visual Studio also comes with a VB .NET and a C++ .NET compiler. In C# .NET there are no pointers, no explicit memory allocation (like malloc) and therefore no explicit freeing of memory, so everything is managed by the .NET garbage collector. For an old C/C++ programmer like me, this is a terrible thought :-) When compiling using C++ .NET you are still allowed to write pointer based code like you normally would, but according to MS, the performance is better when code is written in C# and taking advantage of the garbage collector. Kim Hellan KMD / KMD-CA http://www.kmd-ca.dk Mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: .NET version of OpenSSL
Regarding C# / .NET Watch C# closely. It was designed by Anders Hjielsburg. Anders designed Turbo Pascal, Delphi, and now C#. I can't imagine the M$ .NET being desirable as a whole, but C# looks very good. The really nice thing is that is seems to be a lot like Delphi. The beauty of Delphi is the speed with which you can develope - much faster than C/C++. I'm not talking about RAD stuff either. I'm talking device drivers, high-speed communications etc. *After* a project is done, then if it needs to run on something beside Wintel/Lintel, then convert it to C++. That may sound weird, but we actually get much better code in a shorter period of time. FWIW, David The M$ .NET stuff will pro From: Richard Levitte - VMS Whacker I doubt, just as everyone else, that the C# language will have that much of an impact, there just is wy too much written in C or C++ that people will want to keep. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL application problem , urgent
All, My program building with SSL library run ok under debug mode,But dump under release build when produce PRNG.Using the Purify integration, it report that DUMP when calling RAND_screen(). When I use the Purify to check the memory leak of my SSL project,which in debug build,once I call RAND_screen() to generate PRNG(same like s_server.c).The purify report errors like below: -- [W] PAR: UnmapViewOfFile(0x3120001) arg #1 (lpBaseAddress) not identical to value returned by MapViewOfFile (312) {1 occurrence} Call location UnmapViewOfFile [KERNEL32.dll] DllUnregisterServer [rsaenh.dll] DllUnregisterServer [rsaenh.dll] CPReleaseContext [rsaenh.dll] DllUnregisterServer [rsaenh.dll] RtlCharToInteger [ntdll.dll] RtlCharToInteger [ntdll.dll] LdrLoadDll [ntdll.dll] LoadLibraryExA [KERNEL32.dll] LoadLibraryA [KERNEL32.dll] CryptAcquireContextA [advapi32.dll] RAND_poll [LIBEAY32.dll] app_RAND_load_file [app_rand.c:133] #ifdef WINDOWS BIO_printf(bio_e,Loading 'screen' into random state -); BIO_flush(bio_e); = RAND_screen(); BIO_printf(bio_e, done\n); #endif InitSSL[gextern.cpp:1130] if(WinSocket_init() 0) { return -2; } = if (!app_RAND_load_file(NULL, bio_err, 1) !RAND_status()){ fprintf(stderr,warning, not much extra random data, consider using the -rand option\n); goto err; } main [main.cpp:120] -- I see the problem is RAND_screen().So my first question is whether SSL only using in debug build,and the purify tool is right? Can anyone help me about it ? Another,I have read lot of problem about memory leak in openssl-users forum. I think I had comply some experienced conduct ,such as noticing session cache mode,call some free function like ERR_remove_state(0),SSL_CTX_flush_sessions(ctx,time(NULL)) when end the SSL session. When debug in Solaris ,the memory states show that, after successed handshaking and data packet delivering continued dozens times, the heap occupancy grows 8k regular when create a new handshake. And the test application act as SSL client, session cache mode is OFF, a new handshake used a new SSL_CTX freed it when end. My application code have been checked with Boundschecker tool. I am bewildered with what happened. #top PID USERNAME THR PRI NICE SIZE RESSTATE TIMECPU COMMAND 2275 root 5 480 2944K 2064K sleep 6:46 0.12% pa #memlook PID IMAGE RSS HEAPSTACK 22753014656 2113536 262696 40960 Thanks. Stevens.Wang [EMAIL PROTECTED] 2002-03-14 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: re[2]: .NET version of OpenSSL
Thus spake Jeff Roberts: Paul, I know, I am an old Unix Programmer that now loves .NET ! As a matter of fact I was programming before Unix was around ! I seriously doubt someone as naive as yourself has been programming for more than 32 years. I have seen a lot of old Unix programmers end up in the unemployment line because they failed to change with the times and I am afraid this is just another case ! .NET is an interesting way for different applications and different companies to communicate; XML is an excellent low-performance data interchange format. Don't think this means every application or library will benefit from being rewritten to .NET (and in C#). You have a shiny new hammer; that doesn't make the wrench and screwdriver in your toolbox less useful. Learn to use all of your tools at the appropriate time and you will be more successful. I looks like OpenSSL will stay a mostly Unix product, which means it won't be an integral part of the Desktop since Microsoft own 95% of the desktop ! Again, you are free to write a C#/.NET wrapper around the OpenSSL DLL, but don't expect us to rewrite the entire source in C# just because you've fallen for MS's marketing material. S -- Stephen Sprunk So long as they don't get violent, I want to CCIE #3723 let everyone say what they wish, for I myself have K5SSSalways said exactly what pleased me. --Albert Einstein __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
re[4]: .NET version of OpenSSL
your right, only for 27 years ! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: re[2]: .NET version of OpenSSL
I have seen a lot of old Unix programmers end up in the unemployment line because they failed to change with the times and I am afraid this is just another case ! Unix programming guru's are impossible to find. Again, I seriously doubt your information, and wonder if you don't work for Microsoft's PR firm. Please, do us all a favor, if you are THAT good with your skills in C#/.NET/whatever, I challenge YOU to write the code. I seriously doubt you have the skills. I will no longer read your bantering until you've done so... * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Memory Leak
I have an application which creates and destroys many SSL objects using SSL_new and SSL_free. The SSL objects are bound to memory BIOs rather than sockets. Here is a brief annotation of the relevent sections of code (with error checks removed): ks-ssl = SSL_new (ssl_ctx); ks-ssl_bio = BIO_new (BIO_f_ssl()); ks-ciphertext_in = BIO_new (BIO_s_mem ()); ks-ciphertext_out = BIO_new (BIO_s_mem ()); if (server) SSL_set_accept_state (ks-ssl); else SSL_set_connect_state (ks-ssl); SSL_set_bio (ks-ssl, ks-ciphertext_in, ks-ciphertext_out); BIO_set_ssl (ks-ssl_bio, ks-ssl, BIO_NOCLOSE); /* DO SOMETHING */ SSL_free (ks-ssl); The problem is that each of these iterations causes OpenSSL to leak 10K or more. At first I thought that maybe the BIOs returned by BIO_new need to be explicitly freed, but then I saw that OpenSSL is freeing them on the SSL_free call. 98212 file=buffer.c, line=67, number=12, address=0815D738 71750 file=bio_ssl.c, line=108, number=24, address=081B3AB8 32120 file=buffer.c, line=110, number=1868, address=08199A50 72332 file=bio_lib.c, line=73, number=64, address=08170740 701884 bytes leaked in 1960 chunks After many iterations, the amount of memory leaked is substantial. All of the leaks are occurring at one of these 4 locations (above) in the code (openssl-0.9.6c) which I obtained by building OpenSSL with CRYPTO_MDEBUG defined. Any ideas? Thanks, James Yonan Boulder, Colorado, USA __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Memory Leak
James Yonan wrote: I have an application which creates and destroys many SSL objects using SSL_new and SSL_free. The SSL objects are bound to memory BIOs rather than sockets. Here is a brief annotation of the relevent sections of code (with error checks removed): ks-ssl = SSL_new (ssl_ctx); ks-ssl_bio = BIO_new (BIO_f_ssl()); ks-ciphertext_in = BIO_new (BIO_s_mem ()); ks-ciphertext_out = BIO_new (BIO_s_mem ()); if (server) SSL_set_accept_state (ks-ssl); else SSL_set_connect_state (ks-ssl); SSL_set_bio (ks-ssl, ks-ciphertext_in, ks-ciphertext_out); BIO_set_ssl (ks-ssl_bio, ks-ssl, BIO_NOCLOSE); /* DO SOMETHING */ SSL_free (ks-ssl); The problem is that each of these iterations causes OpenSSL to leak 10K or more. At first I thought that maybe the BIOs returned by BIO_new need to be explicitly freed, but then I saw that OpenSSL is freeing them on the SSL_free call. 98212 file=buffer.c, line=67, number=12, address=0815D738 71750 file=bio_ssl.c, line=108, number=24, address=081B3AB8 32120 file=buffer.c, line=110, number=1868, address=08199A50 72332 file=bio_lib.c, line=73, number=64, address=08170740 701884 bytes leaked in 1960 chunks After many iterations, the amount of memory leaked is substantial. All of the leaks are occurring at one of these 4 locations (above) in the code (openssl-0.9.6c) which I obtained by building OpenSSL with CRYPTO_MDEBUG defined. If you are just iterating that code then you aren't freeing those BIOs you created. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL_pending() and SSL_ERROR_WANT_READ
John Hughes [EMAIL PROTECTED]: I can confirm: There is a discrepancy between the SSL_pending() manpage and the source. SSL_pending() returns rrec.length in ssl3_pending() (as of 0.9.6a, we also verify that the SSL record being processed is application data, else zero is returned). This variable is updated in ssl3_get_record() when an SSL record header is processed. If the remainder of that SSL record has not yet been received, SSL_pending() will return a non-zero value even though there may not be that amount of data ready. This contradicts the SSL_pending() manpage, which indicates that its return value represents the amount of data immediately available. I haven't yet examined whether SSLv2 connections experience the same problem. This patch should fix the bug: diff -u -r1.57 s3_lib.c --- s3_lib.c2001/10/20 17:56:35 1.57 +++ s3_lib.c2002/03/14 19:20:58 @@ -943,6 +943,9 @@ int ssl3_pending(SSL *s) { + if (s-rstate == SSL_ST_READ_BODY) + return 0; + return (s-s3-rrec.type == SSL3_RT_APPLICATION_DATA) ? s-s3-rrec.length : 0; } -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SSL_pending() and SSL_ERROR_WANT_READ
Title: RE: SSL_pending() and SSL_ERROR_WANT_READ Bodo, Since s-rstate is set to SSL_ST_READ_HEADER prior to record decryption and decompression, wouldn't SSL_pending() still incorrectly indicate that there is data ready to be read in cases where either of these fail? John Hughes Software Engineer F5 Networks, Inc. www.f5.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 11:25 AM To: John Hughes Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: SSL_pending() and SSL_ERROR_WANT_READ John Hughes [EMAIL PROTECTED]: I can confirm: There is a discrepancy between the SSL_pending() manpage and the source. SSL_pending() returns rrec.length in ssl3_pending() (as of 0.9.6a, we also verify that the SSL record being processed is application data, else zero is returned). This variable is updated in ssl3_get_record() when an SSL record header is processed. If the remainder of that SSL record has not yet been received, SSL_pending() will return a non-zero value even though there may not be that amount of data ready. This contradicts the SSL_pending() manpage, which indicates that its return value represents the amount of data immediately available. I haven't yet examined whether SSLv2 connections experience the same problem. This patch should fix the bug: diff -u -r1.57 s3_lib.c --- s3_lib.c 2001/10/20 17:56:35 1.57 +++ s3_lib.c 2002/03/14 19:20:58 @@ -943,6 +943,9 @@ int ssl3_pending(SSL *s) { + if (s-rstate == SSL_ST_READ_BODY) + return 0; + return (s-s3-rrec.type == SSL3_RT_APPLICATION_DATA) ? s-s3-rrec.length : 0; } -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036
Re: Memory Leak
- Original Message - From: Dr S N Henson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 14, 2002 5:39 PM Subject: Re: Memory Leak James Yonan wrote: I have an application which creates and destroys many SSL objects using SSL_new and SSL_free. The SSL objects are bound to memory BIOs rather than sockets. Here is a brief annotation of the relevent sections of code (with error checks removed): ks-ssl = SSL_new (ssl_ctx); ks-ssl_bio = BIO_new (BIO_f_ssl()); ks-ciphertext_in = BIO_new (BIO_s_mem ()); ks-ciphertext_out = BIO_new (BIO_s_mem ()); if (server) SSL_set_accept_state (ks-ssl); else SSL_set_connect_state (ks-ssl); SSL_set_bio (ks-ssl, ks-ciphertext_in, ks-ciphertext_out); BIO_set_ssl (ks-ssl_bio, ks-ssl, BIO_NOCLOSE); /* DO SOMETHING */ SSL_free (ks-ssl); The problem is that each of these iterations causes OpenSSL to leak 10K or more. At first I thought that maybe the BIOs returned by BIO_new need to be explicitly freed, but then I saw that OpenSSL is freeing them on the SSL_free call. 98212 file=buffer.c, line=67, number=12, address=0815D738 71750 file=bio_ssl.c, line=108, number=24, address=081B3AB8 32120 file=buffer.c, line=110, number=1868, address=08199A50 72332 file=bio_lib.c, line=73, number=64, address=08170740 701884 bytes leaked in 1960 chunks After many iterations, the amount of memory leaked is substantial. All of the leaks are occurring at one of these 4 locations (above) in the code (openssl-0.9.6c) which I obtained by building OpenSSL with CRYPTO_MDEBUG defined. If you are just iterating that code then you aren't freeing those BIOs you created. This code from SSL_free appears to free the BIOs which are associated with the SSL object through a call to SSL_set_bio. SSL_set_bio sets the wbio and rbio members of the SSL structure then SSL_free tries to free them. In fact, if I try to explicitly free those BIOs, the program crashes. if (s-bbio != NULL) { /* If the buffering BIO is in place, pop it off */ if (s-bbio == s-wbio) { s-wbio=BIO_pop(s-wbio); } BIO_free(s-bbio); s-bbio=NULL; } if (s-rbio != NULL) BIO_free_all(s-rbio); if ((s-wbio != NULL) (s-wbio != s-rbio)) BIO_free_all(s-wbio); * James Yonan __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]