Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-05-03 Thread Michael Sierchio 
On Tue, May 2, 2017 at 8:27 AM, Michael Wojcik <
michael.woj...@microfocus.com

> wrote:

It may be worth noting that nearly all well-written UNIX applications
> should set the disposition of SIGPIPE to SIG_IGN. SIGPIPE is a hack. It
> exists only to terminate poorly-written programs that could otherwise block
> a pipeline. See Bach, *The Design of the UNIX Operating System*; if
> memory serves, Bach quotes Dennis Ritchie on this point. SIGPIPE was
> introduced because some poorly-written programs did not check the return
> code from write.[1]
>
...

This is excellent advice. In principle, I am in complete agreement. We
should not write code that depends on this artifact. We should treat it as
deprecated.

However ... ;-)

It's probably also true that there is a lot of code that depends on it.
True to form for "deprecated"

- M

-- 
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-05-02 Thread Michael Wojcik 
It may be worth noting that nearly all well-written UNIX applications should 
set the disposition of SIGPIPE to SIG_IGN. (Preferably using sigaction, simply 
because that's now the preferred API, but doing it with signal is essentially 
equivalent in this case.)

SIGPIPE is a hack. It exists only to terminate poorly-written programs that 
could otherwise block a pipeline. See Bach, The Design of the UNIX Operating 
System; if memory serves, Bach quotes Dennis Ritchie on this point. SIGPIPE was 
introduced because some poorly-written programs did not check the return code 
from write.[1]

Catching SIGPIPE in a custom handler is nearly always the Wrong Thing. The 
correct approach, 99.9% of the time, is to set the disposition to SIG_IGN and 
check the results of each system call.

Personally, I think it's completely acceptable for a library to note in its 
documentation that the calling program MUST ignore SIGPIPE, or the library may 
not function properly. It's arguably OK for a library to check the disposition 
of SIGPIPE and if it's SIG_DFL, change it to SIG_IGN, on the grounds that the 
calling program is not well-written so it doesn't deserve to govern its own 
signal handling; but it's probably better to just fail in that case, either 
immediately (with a diagnostic that tells the user that the developer forgot to 
set the disposition of SIGPIPE) or when a SIGPIPE occurs.

Libraries can't accommodate all forms of invalid behavior. You can do a certain 
amount of defensive coding, but at some point you're diminishing functionality 
for well-behaved applications in order to coddle bad ones. Don't do that.

[1] There were no send, sendto, or sendmsg calls at the time. Now the argument 
applies equally to them.

Michael Wojcik
Distinguished Engineer, Micro Focus



From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
mahesh gs
Sent: Monday, May 01, 2017 23:59
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write


Yes, ours is a library and we do not wish to ignore the signal process wide 
because the consumer of our library (application) might want to handle the 
SIGPIPE for there own socket handling.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-05-02 Thread Viktor Dukhovni 

> On May 2, 2017, at 5:06 AM, Matt Caswell  wrote:
> 
>> Yes, ours is a library and we do not wish to ignore the signal process
>> wide because the consumer of our library (application) might want to
>> handle the SIGPIPE for there own socket handling.
> 
> Could you use pthread_sigmask() to only block SIGPIPE for the current
> thread (perhaps unblocking it again before returning control back to the
> caller of your library)?

Presumably, the signal will be delivered as soon as it unblocked, and likely
before "returning control to the caller".  So I think this just delays the
problem, but does not fix it.  Blocking a signal is not the same as ignoring
it.  Multi-threaded programs should avoid having signals delivered to some
random thread that happens to be "on CPU", by blocking signals permanently
in all but a single signal-handling thread, but such design decisions are
made in main() and not in libraries.

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-05-02 Thread mahesh gs 
On Tue, May 2, 2017 at 2:36 PM, Matt Caswell  wrote:

>
>
> On 02/05/17 06:59, mahesh gs wrote:
> > Hi Matt,
> >
> > Sorry for delayed response. I was on leave.
> >
> > Yes, ours is a library and we do not wish to ignore the signal process
> > wide because the consumer of our library (application) might want to
> > handle the SIGPIPE for there own socket handling.
>
> Could you use pthread_sigmask() to only block SIGPIPE for the current
> thread (perhaps unblocking it again before returning control back to the
> caller of your library)?
>



> Thanks for your suggestion. We will try to adapt this work around.
>
>
> >
> > Thanks,
> > Mahesh G S
> >
> > On Thu, Apr 27, 2017 at 4:36 PM, Matt Caswell  > > wrote:
> >
> >
> >
> > On 27/04/17 11:56, mahesh gs wrote:
> > > Hi,
> > >
> > > We are using Openssl for establish a secure communications for both
> > > TCP/SCTP connections.
> > >
> > > In our application it is possible that remote end forcefully
> disconnect
> > > the connection due to which
> > >
> > > SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
> > >
> > > provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP
> socket
> > > layer) ?
> >
> > No, there is no option to do that at the moment.
> >
> > >
> > > Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as
> it is
> > > not supported by LINUX
> > >
> > > and also we are unable to stop the SIGPIPE with function call
> > > signal(SIGPIPE, SIG_IGN).
> >
> > Unable because you want SIGPIPE for other areas of your application?
> Or
> > for some other reason?
> >
> > Matt
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > 
> >
> >
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-05-02 Thread Matt Caswell 


On 02/05/17 06:59, mahesh gs wrote:
> Hi Matt,
> 
> Sorry for delayed response. I was on leave.
> 
> Yes, ours is a library and we do not wish to ignore the signal process
> wide because the consumer of our library (application) might want to
> handle the SIGPIPE for there own socket handling.

Could you use pthread_sigmask() to only block SIGPIPE for the current
thread (perhaps unblocking it again before returning control back to the
caller of your library)?

Matt

> 
> Thanks,
> Mahesh G S
> 
> On Thu, Apr 27, 2017 at 4:36 PM, Matt Caswell  > wrote:
> 
> 
> 
> On 27/04/17 11:56, mahesh gs wrote:
> > Hi,
> >
> > We are using Openssl for establish a secure communications for both
> > TCP/SCTP connections.
> >
> > In our application it is possible that remote end forcefully disconnect
> > the connection due to which
> >
> > SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
> >
> > provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
> > layer) ?
> 
> No, there is no option to do that at the moment.
> 
> >
> > Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
> > not supported by LINUX
> >
> > and also we are unable to stop the SIGPIPE with function call
> > signal(SIGPIPE, SIG_IGN).
> 
> Unable because you want SIGPIPE for other areas of your application? Or
> for some other reason?
> 
> Matt
> --
> openssl-users mailing list
> To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> 
> 
> 
> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-05-02 Thread mahesh gs 
Hi Matt,

Sorry for delayed response. I was on leave.

Yes, ours is a library and we do not wish to ignore the signal process wide
because the consumer of our library (application) might want to handle the
SIGPIPE for there own socket handling.

Thanks,
Mahesh G S

On Thu, Apr 27, 2017 at 4:36 PM, Matt Caswell  wrote:

>
>
> On 27/04/17 11:56, mahesh gs wrote:
> > Hi,
> >
> > We are using Openssl for establish a secure communications for both
> > TCP/SCTP connections.
> >
> > In our application it is possible that remote end forcefully disconnect
> > the connection due to which
> >
> > SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
> >
> > provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
> > layer) ?
>
> No, there is no option to do that at the moment.
>
> >
> > Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
> > not supported by LINUX
> >
> > and also we are unable to stop the SIGPIPE with function call
> > signal(SIGPIPE, SIG_IGN).
>
> Unable because you want SIGPIPE for other areas of your application? Or
> for some other reason?
>
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Viktor Dukhovni 
On Thu, Apr 27, 2017 at 04:32:33PM +0100, Matt Caswell wrote:

> >>> Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying 
> >>> TCP/IP socket layer) ?
> >>
> >> No.  You will have to modify the code yourself.
> > 
> > Actually, it is possible to do the I/O in application code, using
> > any "write some data down a socket" API of the application's choice.
> 
> The OP is using SCTP (which uses DTLS). The above approach is
> problematic in DTLS. ...

Thanks, I missed the SCTP part of the requirements.

On Thu, Apr 27, 2017 at 04:26:22PM +0530, mahesh gs wrote:

> We are using Openssl for establish a secure communications for both
> TCP/SCTP connections.

The approach I suggested will only work for TLS with TCP.  For DTLS
with SCTP you'll need something else.  Does SCTP also raise SIGPIPE
on write() when the remote end is closed?

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Ryan Murray 
Great article. Who is the author?

Sent from Mail for Windows 10

From: Viktor Dukhovni
Sent: Thursday, April 27, 2017 11:54 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

On Thu, Apr 27, 2017 at 12:32:42PM +, Salz, Rich via openssl-users wrote:

> > Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying 
> > TCP/IP socket layer) ?
> 
> No.  You will have to modify the code yourself.

Actually, it is possible to do the I/O in application code, using
any "write some data down a socket" API of the application's choice.

https://www.openssl.org/docs/man1.0.2/crypto/BIO_s_bio.html

In particular, the OP could use sendmsg() to move data between the
SSL layer and the network.

For a complete example, see network_biopair_interop() function in
Postfix 2.3 (recent Postfix releases no longer use this approach).


https://github.com/vdukhovni/postfix/blob/postfix-2.3/postfix/src/tls/tls_bio_ops.c

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Matt Caswell 


On 27/04/17 15:53, Viktor Dukhovni wrote:
> On Thu, Apr 27, 2017 at 12:32:42PM +, Salz, Rich via openssl-users wrote:
> 
>>> Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying 
>>> TCP/IP socket layer) ?
>>
>> No.  You will have to modify the code yourself.
> 
> Actually, it is possible to do the I/O in application code, using
> any "write some data down a socket" API of the application's choice.
> 
> https://www.openssl.org/docs/man1.0.2/crypto/BIO_s_bio.html
> 
> In particular, the OP could use sendmsg() to move data between the
> SSL layer and the network.
> 
> For a complete example, see network_biopair_interop() function in
> Postfix 2.3 (recent Postfix releases no longer use this approach).
> 
> 
> https://github.com/vdukhovni/postfix/blob/postfix-2.3/postfix/src/tls/tls_bio_ops.c
> 

The OP is using SCTP (which uses DTLS). The above approach is
problematic in DTLS. The DTLS code assumes that the BIO will provide a
set of datagram related ctrls (which are of course available if you use
a straight BIO_s_datagram()). BIO pairs don't support those ctrls.
Additionally they don't respect datagram boundaries.

You could use a custom filter BIO for a similar effect which can pass on
the ctrls down to the final source/sink BIO - and just use it to
intercept the "write" calls and plug in your own custom call of
sendmsg(). That would probably work with straight DTLS over UDP.

Unfortunately the libssl SCTP code is even more restrictive than normal
DTLS. It tests whether you are using SCTP by calling BIO_dgram_is_sctp()
on the read or write BIO:

int BIO_dgram_is_sctp(BIO *bio)
{
return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
}

If you plug in your own custom BIO it fails to detect SCTP :-(

The code also calls a number of other BIO specific functions such as
BIO_dgram_sctp_wait_for_dry() and BIO_dgram_sctp_msg_waiting().

In other words the libssl SCTP code is tightly coupled to the SCTP BIO
implementation - which effectively rules out custom BIOs.

The code could do with an overhaul, but not that many people use SCTP so
it hasn't really been a priority :-(

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Viktor Dukhovni 
On Thu, Apr 27, 2017 at 12:32:42PM +, Salz, Rich via openssl-users wrote:

> > Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying 
> > TCP/IP socket layer) ?
> 
> No.  You will have to modify the code yourself.

Actually, it is possible to do the I/O in application code, using
any "write some data down a socket" API of the application's choice.

https://www.openssl.org/docs/man1.0.2/crypto/BIO_s_bio.html

In particular, the OP could use sendmsg() to move data between the
SSL layer and the network.

For a complete example, see network_biopair_interop() function in
Postfix 2.3 (recent Postfix releases no longer use this approach).


https://github.com/vdukhovni/postfix/blob/postfix-2.3/postfix/src/tls/tls_bio_ops.c

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Salz, Rich via openssl-users 
> Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying 
> TCP/IP socket layer) ?

No.  You will have to modify the code yourself.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Wouter Verhelst 
On 27-04-17 13:01, Wouter Verhelst wrote:
> On 27-04-17 12:56, mahesh gs wrote:
>> Hi,
>>
>> We are using Openssl for establish a secure communications for both
>> TCP/SCTP connections.
>>
>> In our application it is possible that remote end forcefully disconnect
>> the connection due to which 
>>
>> SSL_Write raises a SIGPIPE which we want to suppress. Does openssl 
>>
>> provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
>> layer) ?
>>
>> Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
>> not supported by LINUX 
> 
> You want to set the socket to nonblocking:
> 
> flags = fcntl(socket, F_GETFL, 0);
> flags |= O_NONBLOCK
> fcntl(socket, F_SETFL, flags);
> 
> (You'll need to add error checking for the fcntl() calls)

Actually, I confused two different issues here. Ignore me :-)

-- 
Wouter Verhelst
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Matt Caswell 


On 27/04/17 11:56, mahesh gs wrote:
> Hi,
> 
> We are using Openssl for establish a secure communications for both
> TCP/SCTP connections.
> 
> In our application it is possible that remote end forcefully disconnect
> the connection due to which 
> 
> SSL_Write raises a SIGPIPE which we want to suppress. Does openssl 
> 
> provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
> layer) ?

No, there is no option to do that at the moment.

> 
> Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
> not supported by LINUX 
> 
> and also we are unable to stop the SIGPIPE with function call
> signal(SIGPIPE, SIG_IGN).

Unable because you want SIGPIPE for other areas of your application? Or
for some other reason?

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Wouter Verhelst 
On 27-04-17 12:56, mahesh gs wrote:
> Hi,
> 
> We are using Openssl for establish a secure communications for both
> TCP/SCTP connections.
> 
> In our application it is possible that remote end forcefully disconnect
> the connection due to which 
> 
> SSL_Write raises a SIGPIPE which we want to suppress. Does openssl 
> 
> provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
> layer) ?
> 
> Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
> not supported by LINUX 

You want to set the socket to nonblocking:

flags = fcntl(socket, F_GETFL, 0);
flags |= O_NONBLOCK
fcntl(socket, F_SETFL, flags);

(You'll need to add error checking for the fcntl() calls)

-- 
Wouter Verhelst
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread mahesh gs 
Hi,

We are using Openssl for establish a secure communications for both
TCP/SCTP connections.

In our application it is possible that remote end forcefully disconnect the
connection due to which

SSL_Write raises a SIGPIPE which we want to suppress. Does openssl

provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
layer) ?

Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is not
supported by LINUX

and also we are unable to stop the SIGPIPE with function call
signal(SIGPIPE, SIG_IGN).


Thanks,
Mahesh G S
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users