Re: Leak in BN_rand_range?
On Wed, Sep 24, 2014 at 1:04 PM, Mounir IDRASSI wrote: > > The leak comes from the fact that you are passing a NULL "value" > parameter to BN_rand_range. This is unexpected as this is where the > result is supposed to be written. Internally, because of this NULL > pointer, OpenSSL allocate temporary BIGNUM that gets lost (allocated in > the call to BN_bin2bn inside the function bnrand at line 199 of bn_rand.c). > > To avoid this leak, just allocate your "value" variable at the begining > and don't free it inside the loop because its value will be updated by > BN_rand_range. So just add value = BN_new(); at the begining and remove > the if block inside the loop. > Oh, that's interesting. I incorrectly tested for 0 as success (and not 1). And the program did not segfault... Thanks for the help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Leak in BN_rand_range?
Hi,
The leak comes from the fact that you are passing a NULL "value"
parameter to BN_rand_range. This is unexpected as this is where the
result is supposed to be written. Internally, because of this NULL
pointer, OpenSSL allocate temporary BIGNUM that gets lost (allocated in
the call to BN_bin2bn inside the function bnrand at line 199 of bn_rand.c).
To avoid this leak, just allocate your "value" variable at the begining
and don't free it inside the loop because its value will be updated by
BN_rand_range. So just add value = BN_new(); at the begining and remove
the if block inside the loop.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 9/24/2014 6:27 PM, Jeffrey Walton wrote:
> I've got a program that repeatedly calls BN_rand_range. Valgrind is
> reporting 2.4 MB of leaks.
>
> If I comment out the loop that generates the range value, then the
> leak summary drops to 0.
>
> Is there anything else I should be doing below?
>
> **
>
> Error checking was removed from the sample, but nothing fails.
>
> #include
> #include
> #include
>
> #include
>
> #define ITERATIONS 1000UL
>
> int main(int argc, char* argv[])
> {
> UNUSED(argc), UNUSED(argv);
>
> int rc = 0, err;
> BIGNUM *range = NULL, *value = NULL;
>
> range = BN_new();
> rc = BN_set_word(range, 3);
>
> for(size_t i = 0; i < ITERATIONS; i++)
> {
> if(value) {
> BN_free(value), value = NULL;
> }
>
> rc = BN_rand_range(value, range);
> }
>
> if(range) {
> BN_free(range), range = NULL;
> }
>
> if(value) {
> BN_free(value), value = NULL;
> }
>
> return 0;
> }
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Leak in BN_rand_range?
I've got a program that repeatedly calls BN_rand_range. Valgrind is
reporting 2.4 MB of leaks.
If I comment out the loop that generates the range value, then the
leak summary drops to 0.
Is there anything else I should be doing below?
**
Error checking was removed from the sample, but nothing fails.
#include
#include
#include
#include
#define ITERATIONS 1000UL
int main(int argc, char* argv[])
{
UNUSED(argc), UNUSED(argv);
int rc = 0, err;
BIGNUM *range = NULL, *value = NULL;
range = BN_new();
rc = BN_set_word(range, 3);
for(size_t i = 0; i < ITERATIONS; i++)
{
if(value) {
BN_free(value), value = NULL;
}
rc = BN_rand_range(value, range);
}
if(range) {
BN_free(range), range = NULL;
}
if(value) {
BN_free(value), value = NULL;
}
return 0;
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: X509 problem
I don't want to make a mistake again, but when you create you create your
client you still need to set the pointer m_ca to server
Client :: Client(Server* srv)
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
m_ca = srv; /* <- */
GenerateRSAKeyPair();
SetPublicKey();
}
int main()
{
Server servertest;
Client clientest (&servertest);
clientest.SetCert(clientest.MakeSignedCertReq(1,2,90));
return 0;
}
- Mail original -
De: "nicolas kox"
À: openssl-users@openssl.org
Envoyé: Mercredi 24 Septembre 2014 14:07:16
Objet: Re: X509 problem
my bad...
good luck anyway
- Mail original -
De: "Amir Reda"
À: openssl-users@openssl.org
Envoyé: Mercredi 24 Septembre 2014 13:53:30
Objet: Re: X509 problem
no sir it is defined i have a pointer from the server as an attribute in the
client side if it isn't defined it will give a syntax error and i don't have a
syntax error
thx for reply
On Wed, Sep 24, 2014 at 2:44 PM, < nicolas@free.fr > wrote:
it seems that function "CreateCertificate" is not defined in client.cc
Regards
- Mail original -
De: "Amir Reda" < amirale...@gmail.com >
À: openssl-users@openssl.org
Envoyé: Mercredi 24 Septembre 2014 13:37:13
Objet: X509 problem
dear all
i have problem in my code it is a client send a certificate request to server
which reply by the X509 certificate my problem is i have put in the client side
a function called
void
Client::SetCert(X509_REQ *req)
that set the certificate for the client also write it in a pem file so i can
make sure it has been created
i run the project but nothing created and no syntax error
i attached the code please i need help thx
i don't know what to do
Warmest regards and best wishes for a good health , urs sincerely
mero
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Warmest regards and best wishes for a good health , urs sincerely
mero
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: X509 problem
my bad... good luck anyway - Mail original - De: "Amir Reda" À: openssl-users@openssl.org Envoyé: Mercredi 24 Septembre 2014 13:53:30 Objet: Re: X509 problem no sir it is defined i have a pointer from the server as an attribute in the client side if it isn't defined it will give a syntax error and i don't have a syntax error thx for reply On Wed, Sep 24, 2014 at 2:44 PM, < nicolas@free.fr > wrote: it seems that function "CreateCertificate" is not defined in client.cc Regards - Mail original - De: "Amir Reda" < amirale...@gmail.com > À: openssl-users@openssl.org Envoyé: Mercredi 24 Septembre 2014 13:37:13 Objet: X509 problem dear all i have problem in my code it is a client send a certificate request to server which reply by the X509 certificate my problem is i have put in the client side a function called void Client::SetCert(X509_REQ *req) that set the certificate for the client also write it in a pem file so i can make sure it has been created i run the project but nothing created and no syntax error i attached the code please i need help thx i don't know what to do Warmest regards and best wishes for a good health , urs sincerely mero __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health , urs sincerely mero __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: X509 problem
no sir it is defined i have a pointer from the server as an attribute in the client side if it isn't defined it will give a syntax error and i don't have a syntax error thx for reply On Wed, Sep 24, 2014 at 2:44 PM, wrote: > it seems that function "CreateCertificate" is not defined in client.cc > > Regards > > - Mail original - > De: "Amir Reda" > À: openssl-users@openssl.org > Envoyé: Mercredi 24 Septembre 2014 13:37:13 > Objet: X509 problem > > > > dear all > i have problem in my code it is a client send a certificate request to > server which reply by the X509 certificate my problem is i have put in the > client side a function called > void > Client::SetCert(X509_REQ *req) > > > that set the certificate for the client also write it in a pem file so i > can make sure it has been created > > i run the project but nothing created and no syntax error > > i attached the code please i need help thx > > i don't know what to do > > > > Warmest regards and best wishes for a good health , urs sincerely > mero > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: X509 problem
it seems that function "CreateCertificate" is not defined in client.cc Regards - Mail original - De: "Amir Reda" À: openssl-users@openssl.org Envoyé: Mercredi 24 Septembre 2014 13:37:13 Objet: X509 problem dear all i have problem in my code it is a client send a certificate request to server which reply by the X509 certificate my problem is i have put in the client side a function called void Client::SetCert(X509_REQ *req) that set the certificate for the client also write it in a pem file so i can make sure it has been created i run the project but nothing created and no syntax error i attached the code please i need help thx i don't know what to do Warmest regards and best wishes for a good health , urs sincerely mero __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
X509 problem
dear all
i have problem in my code it is a client send a certificate request to
server which reply by the X509 certificate my problem is i have put in the
client side a function called
void
Client::SetCert(X509_REQ *req)
that set the certificate for the client also write it in a pem file so i
can make sure it has been created
i run the project but nothing created and no syntax error
i attached the code please i need help thx
i don't know what to do
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include
#include "server.h"
#include "client.h"
using namespace std;
int main()
{
Client clientest;
Server servertest;
clientest.SetCert(clientest.MakeSignedCertReq(1,2,90));
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include "client.h"
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
SetPublicKey();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
X509_NAME_free(m_name);
RSA_free(m_rsa_keyPair);
EVP_PKEY_free(m_puk);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
}
X509_REQ*
Client::MakeSignedCertReq(int bits, int serial, int days)
{
X509_REQ_set_pubkey(m_myCertReq,m_puk);
m_name=X509_REQ_get_subject_name(m_myCertReq);
//X509_NAME_add_entry_by_txt(name,"C",MBSTRING_ASC, "UK", -1, -1, 0);
//X509_NAME_add_entry_by_txt(name,"CN",MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
X509_REQ_sign(m_myCertReq,m_puk,EVP_md5());
return m_myCertReq;
}
void
Client::SetCert(X509_REQ *req)
{
FILE *mycert;
m_myCert = m_ca->CreateCertificate(m_myCertReq);
PEM_write_X509(mycert, m_myCert);
}
/*
* client.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef CLIENT_H_
#define CLIENT_H_
#include
#include
#include "openssl/rsa.h"
#include "openssl/conf.h"
#include "openssl/x509.h"
#include "server.h"
class Client
{
public:
Client();
~Client();
void GenerateRSAKeyPair ();
void SetPublicKey ();
X509_REQ *MakeSignedCertReq(int bits, int serial, int days);
void SetCert (X509_REQ *req);
private:
X509_REQ *m_myCertReq;
X509 *m_myCert;
X509_NAME *m_name;
RSA*m_rsa_keyPair;
EVP_PKEY *m_puk;
Server *m_ca;
};
#endif /* CLIENT_H_ */
#include "server.h"
Server::Server()
{
m_myCert = X509_new();
m_caKeyPairs = RSA_new();
m_pukey = EVP_PKEY_new();
GenerateMyKeyPairs();
CreateMyCertificate();
//SetPublicKey();
}
Server::~Server()
{
X509_free(m_myCert);
RSA_free(m_caKeyPairs);
}
X509*
Server::CreateCertificate(X509_REQ* req)
{
X509 *m_req_reply;
m_req_reply = X509_new();
X509_NAME *subject = NULL;
EVP_PKEY *pkey = NULL;
X509_NAME *issuerSubject = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_req_reply, issuerSubject);
//xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(m_req_reply, subject);
pkey = X509_REQ_get_pubkey(req);
//rv = X509_set_pubkey(reqreply, pkey);
X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0);
X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400);
X509_sign(m_req_reply, pkey, EVP_md5());
return m_req_reply;
}
void
Server::CreateMyCertificate()
{
EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs);
ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1);
X509_gmtime_adj(X509_get_notBefore(m_myCert), 0);
X509_gmtime_adj(X509_get_notAfter(m_myCert), 31536000L);
X509_set_pubkey(m_myCert, m_pukey);
X509_NAME * name;
name = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_myCert, name);
X509_sign(m_myCert, m_pukey, EVP_md5());
}
void
Server::GenerateMyKeyPairs()
{
m_caKeyPairs = RSA_generate_key(2048,RSA_F4 , NULL , NULL);
}
void
Server::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_pukey,m_caKeyPairs);
}
/*
* server.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
/*
* server.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef SERVER_H_
#define SERVER_H_
#include
#include
#include "openssl/asn1.h"
#include "openssl/ssl.h"
#include "openssl/rsa.h"
#include "openssl/conf.h"
#include "openssl/x509.h"
class Server
{
public:
Server();
~Server();
X509 *CreateCertificate (X509_REQ *req);
void CreateMyCertificate();
void GenerateMyKeyPairs ( );
void SetPublicKey ();
private:
