OpenSSL 0.9.7 - HMAC_cleanup
The HMAC_cleanup() function is defined in the current SNAP but must not be implemented. Calling this function will compile correctly but will result in link errors. Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-560-9170 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
re[2]: .NET version of OpenSSL
Paul, I know, I am an old Unix Programmer that now loves .NET ! As a matter of fact I was programming before Unix was around ! I have seen a lot of old Unix programmers end up in the unemployment line because they failed to change with the times and I am afraid this is just another case ! I looks like OpenSSL will stay a mostly Unix product, which means it won't be an integral part of the Desktop since Microsoft own 95% of the desktop ! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SV: .NET version of OpenSSL
-Oprindelig meddelelse- Fra: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]] Sendt: 14. marts 2002 14:26 Til: [EMAIL PROTECTED]; [EMAIL PROTECTED] Emne: Re: .NET version of OpenSSL Let's see, you're saying that a true .NET component must (or is it only should?) be written in C#, and at the same time you mention the Common Language Runtime, which suggests that the language isn't really that important (at least that's how I understand the words in that name). So which is it, is there a CLR that means that components can be built in any language or not. If I'm guessing correctly, it would be possible to create a .NET DLL from C source, no? I doubt, just as everyone else, that the C# language will have that much of an impact, there just is wy too much written in C or C++ that people will want to keep. Also, trying to predict the death of anything non-M$ has been attempted for the last xx years (I can recall about 11 such years), and still the Unixly platforms exist today and are growing. Even OpenVMS, which was pronounced dead by everyone not in the VMS community about 5 years ago, still lives and goes on strongly in it's sector. So please, don't even try to tell us the same bullshit that has been fed down our throats for so long, you won't be more credible than your predecessors (sp?). Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 I don't know much about .NET yet, but I'm pretty sure that old C/C++ code can still be compiled with Visual Studio 7 (.NET). It's correct that MS recommends (not requires) that new applications should be written i C#, but Visual Studio also comes with a VB .NET and a C++ .NET compiler. In C# .NET there are no pointers, no explicit memory allocation (like malloc) and therefore no explicit freeing of memory, so everything is managed by the .NET garbage collector. For an old C/C++ programmer like me, this is a terrible thought :-) When compiling using C++ .NET you are still allowed to write pointer based code like you normally would, but according to MS, the performance is better when code is written in C# and taking advantage of the garbage collector. Kim Hellan KMD / KMD-CA http://www.kmd-ca.dk Mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: .NET version of OpenSSL
Regarding C# / .NET Watch C# closely. It was designed by Anders Hjielsburg. Anders designed Turbo Pascal, Delphi, and now C#. I can't imagine the M$ .NET being desirable as a whole, but C# looks very good. The really nice thing is that is seems to be a lot like Delphi. The beauty of Delphi is the speed with which you can develope - much faster than C/C++. I'm not talking about RAD stuff either. I'm talking device drivers, high-speed communications etc. *After* a project is done, then if it needs to run on something beside Wintel/Lintel, then convert it to C++. That may sound weird, but we actually get much better code in a shorter period of time. FWIW, David The M$ .NET stuff will pro From: Richard Levitte - VMS Whacker I doubt, just as everyone else, that the C# language will have that much of an impact, there just is wy too much written in C or C++ that people will want to keep. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL application problem , urgent
All,
My program building with SSL library run ok under debug mode,But dump under
release build when produce PRNG.Using the Purify integration, it report that DUMP when
calling RAND_screen().
When I use the Purify to check the memory leak of my SSL project,which in
debug build,once I call RAND_screen() to generate PRNG(same like s_server.c).The
purify report errors like below:
--
[W] PAR: UnmapViewOfFile(0x3120001) arg #1 (lpBaseAddress) not identical to value
returned by MapViewOfFile (312) {1 occurrence}
Call location
UnmapViewOfFile [KERNEL32.dll]
DllUnregisterServer [rsaenh.dll]
DllUnregisterServer [rsaenh.dll]
CPReleaseContext [rsaenh.dll]
DllUnregisterServer [rsaenh.dll]
RtlCharToInteger [ntdll.dll]
RtlCharToInteger [ntdll.dll]
LdrLoadDll [ntdll.dll]
LoadLibraryExA [KERNEL32.dll]
LoadLibraryA [KERNEL32.dll]
CryptAcquireContextA [advapi32.dll]
RAND_poll [LIBEAY32.dll]
app_RAND_load_file [app_rand.c:133]
#ifdef WINDOWS
BIO_printf(bio_e,Loading 'screen' into random state -);
BIO_flush(bio_e);
= RAND_screen();
BIO_printf(bio_e, done\n);
#endif
InitSSL[gextern.cpp:1130]
if(WinSocket_init() 0) {
return -2;
}
= if (!app_RAND_load_file(NULL, bio_err, 1) !RAND_status()){
fprintf(stderr,warning, not much extra random data,
consider using the -rand option\n);
goto err;
}
main [main.cpp:120]
--
I see the problem is RAND_screen().So my first question is whether SSL only using
in debug build,and the purify tool is right? Can anyone help me about it ?
Another,I have read lot of problem about memory leak in openssl-users forum. I
think I had comply some experienced
conduct ,such as noticing session cache mode,call some free function like
ERR_remove_state(0),SSL_CTX_flush_sessions(ctx,time(NULL)) when end the SSL session.
When debug in Solaris ,the memory states show that, after successed
handshaking and data packet delivering continued dozens times, the heap occupancy
grows 8k regular when create a new handshake. And the test application act as SSL
client, session cache mode is OFF, a new handshake used a new SSL_CTX freed it when
end. My application code have been checked with Boundschecker tool. I am bewildered
with what happened.
#top
PID USERNAME THR PRI NICE SIZE RESSTATE TIMECPU COMMAND
2275 root 5 480 2944K 2064K sleep 6:46 0.12% pa
#memlook
PID IMAGE RSS HEAPSTACK
22753014656 2113536 262696 40960
Thanks.
Stevens.Wang
[EMAIL PROTECTED]
2002-03-14
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: re[2]: .NET version of OpenSSL
Thus spake Jeff Roberts: Paul, I know, I am an old Unix Programmer that now loves .NET ! As a matter of fact I was programming before Unix was around ! I seriously doubt someone as naive as yourself has been programming for more than 32 years. I have seen a lot of old Unix programmers end up in the unemployment line because they failed to change with the times and I am afraid this is just another case ! .NET is an interesting way for different applications and different companies to communicate; XML is an excellent low-performance data interchange format. Don't think this means every application or library will benefit from being rewritten to .NET (and in C#). You have a shiny new hammer; that doesn't make the wrench and screwdriver in your toolbox less useful. Learn to use all of your tools at the appropriate time and you will be more successful. I looks like OpenSSL will stay a mostly Unix product, which means it won't be an integral part of the Desktop since Microsoft own 95% of the desktop ! Again, you are free to write a C#/.NET wrapper around the OpenSSL DLL, but don't expect us to rewrite the entire source in C# just because you've fallen for MS's marketing material. S -- Stephen Sprunk So long as they don't get violent, I want to CCIE #3723 let everyone say what they wish, for I myself have K5SSSalways said exactly what pleased me. --Albert Einstein __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
re[4]: .NET version of OpenSSL
your right, only for 27 years ! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: re[2]: .NET version of OpenSSL
I have seen a lot of old Unix programmers end up in the unemployment line because they failed to change with the times and I am afraid this is just another case ! Unix programming guru's are impossible to find. Again, I seriously doubt your information, and wonder if you don't work for Microsoft's PR firm. Please, do us all a favor, if you are THAT good with your skills in C#/.NET/whatever, I challenge YOU to write the code. I seriously doubt you have the skills. I will no longer read your bantering until you've done so... * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Memory Leak
I have an application which creates and destroys many SSL objects using SSL_new and SSL_free. The SSL objects are bound to memory BIOs rather than sockets. Here is a brief annotation of the relevent sections of code (with error checks removed): ks-ssl = SSL_new (ssl_ctx); ks-ssl_bio = BIO_new (BIO_f_ssl()); ks-ciphertext_in = BIO_new (BIO_s_mem ()); ks-ciphertext_out = BIO_new (BIO_s_mem ()); if (server) SSL_set_accept_state (ks-ssl); else SSL_set_connect_state (ks-ssl); SSL_set_bio (ks-ssl, ks-ciphertext_in, ks-ciphertext_out); BIO_set_ssl (ks-ssl_bio, ks-ssl, BIO_NOCLOSE); /* DO SOMETHING */ SSL_free (ks-ssl); The problem is that each of these iterations causes OpenSSL to leak 10K or more. At first I thought that maybe the BIOs returned by BIO_new need to be explicitly freed, but then I saw that OpenSSL is freeing them on the SSL_free call. 98212 file=buffer.c, line=67, number=12, address=0815D738 71750 file=bio_ssl.c, line=108, number=24, address=081B3AB8 32120 file=buffer.c, line=110, number=1868, address=08199A50 72332 file=bio_lib.c, line=73, number=64, address=08170740 701884 bytes leaked in 1960 chunks After many iterations, the amount of memory leaked is substantial. All of the leaks are occurring at one of these 4 locations (above) in the code (openssl-0.9.6c) which I obtained by building OpenSSL with CRYPTO_MDEBUG defined. Any ideas? Thanks, James Yonan Boulder, Colorado, USA __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Memory Leak
James Yonan wrote: I have an application which creates and destroys many SSL objects using SSL_new and SSL_free. The SSL objects are bound to memory BIOs rather than sockets. Here is a brief annotation of the relevent sections of code (with error checks removed): ks-ssl = SSL_new (ssl_ctx); ks-ssl_bio = BIO_new (BIO_f_ssl()); ks-ciphertext_in = BIO_new (BIO_s_mem ()); ks-ciphertext_out = BIO_new (BIO_s_mem ()); if (server) SSL_set_accept_state (ks-ssl); else SSL_set_connect_state (ks-ssl); SSL_set_bio (ks-ssl, ks-ciphertext_in, ks-ciphertext_out); BIO_set_ssl (ks-ssl_bio, ks-ssl, BIO_NOCLOSE); /* DO SOMETHING */ SSL_free (ks-ssl); The problem is that each of these iterations causes OpenSSL to leak 10K or more. At first I thought that maybe the BIOs returned by BIO_new need to be explicitly freed, but then I saw that OpenSSL is freeing them on the SSL_free call. 98212 file=buffer.c, line=67, number=12, address=0815D738 71750 file=bio_ssl.c, line=108, number=24, address=081B3AB8 32120 file=buffer.c, line=110, number=1868, address=08199A50 72332 file=bio_lib.c, line=73, number=64, address=08170740 701884 bytes leaked in 1960 chunks After many iterations, the amount of memory leaked is substantial. All of the leaks are occurring at one of these 4 locations (above) in the code (openssl-0.9.6c) which I obtained by building OpenSSL with CRYPTO_MDEBUG defined. If you are just iterating that code then you aren't freeing those BIOs you created. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL_pending() and SSL_ERROR_WANT_READ
John Hughes [EMAIL PROTECTED]:
I can confirm: There is a discrepancy between the SSL_pending()
manpage and the source. SSL_pending() returns rrec.length in
ssl3_pending() (as of 0.9.6a, we also verify that the SSL record
being processed is application data, else zero is returned). This
variable is updated in ssl3_get_record() when an SSL record header
is processed. If the remainder of that SSL record has not yet been
received, SSL_pending() will return a non-zero value even though
there may not be that amount of data ready. This contradicts the
SSL_pending() manpage, which indicates that its return value
represents the amount of data immediately available. I haven't yet
examined whether SSLv2 connections experience the same problem.
This patch should fix the bug:
diff -u -r1.57 s3_lib.c
--- s3_lib.c2001/10/20 17:56:35 1.57
+++ s3_lib.c2002/03/14 19:20:58
@@ -943,6 +943,9 @@
int ssl3_pending(SSL *s)
{
+ if (s-rstate == SSL_ST_READ_BODY)
+ return 0;
+
return (s-s3-rrec.type == SSL3_RT_APPLICATION_DATA) ? s-s3-rrec.length : 0;
}
--
Bodo Möller [EMAIL PROTECTED]
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: SSL_pending() and SSL_ERROR_WANT_READ
Title: RE: SSL_pending() and SSL_ERROR_WANT_READ
Bodo,
Since s-rstate is set to SSL_ST_READ_HEADER prior to record decryption and decompression, wouldn't SSL_pending() still incorrectly indicate that there is data ready to be read in cases where either of these fail?
John Hughes
Software Engineer
F5 Networks, Inc.
www.f5.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 11:25 AM
To: John Hughes
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: SSL_pending() and SSL_ERROR_WANT_READ
John Hughes [EMAIL PROTECTED]:
I can confirm: There is a discrepancy between the SSL_pending()
manpage and the source. SSL_pending() returns rrec.length in
ssl3_pending() (as of 0.9.6a, we also verify that the SSL record
being processed is application data, else zero is returned). This
variable is updated in ssl3_get_record() when an SSL record header
is processed. If the remainder of that SSL record has not yet been
received, SSL_pending() will return a non-zero value even though
there may not be that amount of data ready. This contradicts the
SSL_pending() manpage, which indicates that its return value
represents the amount of data immediately available. I haven't yet
examined whether SSLv2 connections experience the same problem.
This patch should fix the bug:
diff -u -r1.57 s3_lib.c
--- s3_lib.c 2001/10/20 17:56:35 1.57
+++ s3_lib.c 2002/03/14 19:20:58
@@ -943,6 +943,9 @@
int ssl3_pending(SSL *s)
{
+ if (s-rstate == SSL_ST_READ_BODY)
+ return 0;
+
return (s-s3-rrec.type == SSL3_RT_APPLICATION_DATA) ?
s-s3-rrec.length : 0;
}
--
Bodo Möller [EMAIL PROTECTED]
PGP
http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
Re: Memory Leak
- Original Message -
From: Dr S N Henson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 14, 2002 5:39 PM
Subject: Re: Memory Leak
James Yonan wrote:
I have an application which creates and destroys many SSL objects using
SSL_new and SSL_free. The SSL objects are bound to memory BIOs rather
than sockets. Here is a brief annotation of the relevent sections of
code
(with error checks removed):
ks-ssl = SSL_new (ssl_ctx);
ks-ssl_bio = BIO_new (BIO_f_ssl());
ks-ciphertext_in = BIO_new (BIO_s_mem ());
ks-ciphertext_out = BIO_new (BIO_s_mem ());
if (server)
SSL_set_accept_state (ks-ssl);
else
SSL_set_connect_state (ks-ssl);
SSL_set_bio (ks-ssl, ks-ciphertext_in, ks-ciphertext_out);
BIO_set_ssl (ks-ssl_bio, ks-ssl, BIO_NOCLOSE);
/* DO SOMETHING */
SSL_free (ks-ssl);
The problem is that each of these iterations causes OpenSSL to leak 10K
or
more. At first I thought that maybe the BIOs returned by BIO_new need
to
be explicitly freed, but then I saw that OpenSSL is freeing them on the
SSL_free call.
98212 file=buffer.c, line=67, number=12, address=0815D738
71750 file=bio_ssl.c, line=108, number=24, address=081B3AB8
32120 file=buffer.c, line=110, number=1868, address=08199A50
72332 file=bio_lib.c, line=73, number=64, address=08170740
701884 bytes leaked in 1960 chunks
After many iterations, the amount of memory leaked is substantial. All
of
the leaks are occurring at one of these 4 locations (above) in the code
(openssl-0.9.6c) which I obtained by building OpenSSL with CRYPTO_MDEBUG
defined.
If you are just iterating that code then you aren't freeing those BIOs
you created.
This code from SSL_free appears to free the BIOs which are associated with
the SSL object through a call to SSL_set_bio. SSL_set_bio sets the wbio and
rbio members of the SSL structure then SSL_free tries to free them. In
fact, if I try to explicitly free those BIOs, the program crashes.
if (s-bbio != NULL)
{
/* If the buffering BIO is in place, pop it off */
if (s-bbio == s-wbio)
{
s-wbio=BIO_pop(s-wbio);
}
BIO_free(s-bbio);
s-bbio=NULL;
}
if (s-rbio != NULL)
BIO_free_all(s-rbio);
if ((s-wbio != NULL) (s-wbio != s-rbio))
BIO_free_all(s-wbio);
*
James Yonan
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
