Hello,
I believe we are triggering a bug in s3_pkt.c in OpenSSL 0.9.8b:
--snip--
* 171 if (n > max) /* does not happen */*
* 172 {*
* 173 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);*
* 174 return -1;*
* 175 }*
--snip--
I checked OpenSSL 1.0.0d release and the same comment is there "does not
happen". If it does not happen why is it being checked? I am trying to
determine under what conditions this would occur so I can determine why it
is occurring with our SSL service.
Any insight would be appreciated.
Thanks
Michael
--snip-- Whole function below from s3_pkt.c
123 int ssl3_read_n(SSL *s, int n, int max, int extend)
124 {
125 /* If extend == 0, obtain new n-byte packet; if extend == 1,
increase
126 * packet by another n bytes.
127 * The packet will be in the sub-array of s->s3->rbuf.buf
specified
128 * by s->packet and s->packet_length.
129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
130 * [plus s->packet_length bytes if extend == 1].)
131 */
132 int i,off,newb;
133
134 if (!extend)
135 {
136 /* start with empty packet ... */
137 if (s->s3->rbuf.left == 0)
138 s->s3->rbuf.offset = 0;
139 s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
140 s->packet_length = 0;
141 /* ... now we can act as if 'extend' was set */
142 }
143
144 /* extend reads should not span multiple packets for DTLS */
145 if ( SSL_version(s) == DTLS1_VERSION &&
146 extend)
147 {
148 if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
149 n = s->s3->rbuf.left;
150 }
151
152 /* if there is enough in the buffer from a previous read, take
some */
153 if (s->s3->rbuf.left >= (int)n)
154 {
155 s->packet_length+=n;
156 s->s3->rbuf.left-=n;
157 s->s3->rbuf.offset+=n;
158 return(n);
159 }
160
161 /* else we need to read more data */
162 if (!s->read_ahead)
163 max=n;
164
165 {
166 /* avoid buffer overflow */
167 int max_max = s->s3->rbuf.len - s->packet_length;
168 if (max > max_max)
169 max = max_max;
170 }
* 171 if (n > max) /* does not happen */*
* 172 {*
* 173 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);*
* 174 return -1;*
* 175 }*
176
177 off = s->packet_length;
178 newb = s->s3->rbuf.left;
179 /* Move any available bytes to front of buffer:
180 * 'off' bytes already pointed to by 'packet',
181 * 'newb' extra ones at the end */
182 if (s->packet != s->s3->rbuf.buf)
183 {
184 /* off > 0 */
185 memmove(s->s3->rbuf.buf, s->packet, off+newb);
186 s->packet = s->s3->rbuf.buf;
187 }
188
189 while (newb < n)
190 {
191 /* Now we have off+newb bytes at the front of
s->s3->rbuf.buf and need
192 * to read in more until we have off+n (up to off+max
if possible) */
193
194 clear_sys_error();
195 if (s->rbio != NULL)
196 {
197 s->rwstate=SSL_READING;
198 i=BIO_read(s->rbio,
&(s->s3->rbuf.buf[off+newb]), max-newb);
199 }
200 else
201 {
202
SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
203 i = -1;
204 }
205
206 if (i <= 0)
207 {
208 s->s3->rbuf.left = newb;
209 return(i);
210 }
211 newb+=i;
212 }
213
214 /* done reading, now the book-keeping */
215 s->s3->rbuf.offset = off + n;
216 s->s3->rbuf.left = newb - n;
217 s->packet_length += n;
218 s->rwstate=SSL_NOTHING;
219 return(n);
220 }
221
On Mon, May 9, 2011 at 10:18 AM, Michael Gale <[email protected]>wrote:
> Hello,
>
> I am experiencing an SSL bug however I am not able to determine if the
> issue is on the Python SSL module side or the OpenSSL side.
>
> I am using Python 2.7.1 and OpenSSL 0.9.8b (CentOS / RedHat) and the Python
> server is using non-blocking sockets.
>
> The following traceback is found when certain connections are made, this
> happens regularly however I am having trouble finding the exact client and
> cause, the clients are connecting over a satellite link. Here is the output
> gathered from an strace:
>
> write(2, "ERROR:root:Exception in I/O handler for fd 9533
> Traceback (most recent call last):
> File \"/hub/switchboard/lib/ioloop.py\", line 253, in start
> self._handlers[fd](fd, events)
> File \"/hub/switchboard/lib/stack_context.py\", line 127, in wrapped
> callback(*args, **kwargs)
> File \"/hub/switchboard/lib/iostream.py\", line 168, in _handle_events
> self._handle_read()
> File \"/hub/switchboard/lib/iostream.py\", line 360, in _handle_read
> super(SSLIOStream, self)._handle_read()
> File \"/hub/switchboard/lib/iostream.py\", line 210, in _handle_read
> chunk = self.socket.recv(self.read_chunk_size)
> * File \"/hub/apps/Python-2.7/lib/python2.7/ssl.py\", line 217, in recv*
> * return self.read(buflen)*
> * File \"/hub/apps/Python-2.7/lib/python2.7/ssl.py\", line 138, in read*
> * return self._sslobj.read(len)*
> *SSLError: [Errno 1] _ssl.c:1347: error:14095044:SSL
> routines:SSL3_READ_N:internal error\n", 896) = 896*
>
> If this is an SSL error can you provide some information as to a possible
> cause? That way I can try and ensure our app handles this case.
>
> FYI - Sending this again as I do not see my first post.
>
> Thanks
> Michael
>
>
--
Ecclesiastes 1:18
18 For with much wisdom comes much sorrow;
the more knowledge, the more grief.
