Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-04 Thread Wayming Zhang via RT 
You need to run "ldd -v" on your executable to check why your binary has 
dependency on libptcorsdk.so.2, and then check your linking command if 
the dependency could be removed.

A workaround you could give a try is to set LD_PRELOAD to forcibly load 
libssl before libptcoresdk if the dependency on libptcorsdk could not be 
removed.

Wayming

On 02/10/15 04:55, Viktor Dukhovni wrote:
> On Thu, Oct 01, 2015 at 06:43:17PM +, Tiantian Liu via RT wrote:
>
>> #3  0x004c5e98 in tls1_new (s=0xb4964ec8) at t1_lib.c:154
>> #4  0x00300376 in SSL_new () from /usr/lib/libptcoresdk.so.2
>>
>> I found my application called SSL_new from /usr/lib/libptcoresdk.so.2, which 
>> is third party library.
>>
>> I think it should call the SSL_new from your Openssl library, like 
>> /usr/lib/libssl.so.1.0.0. right?
> Yes, this is an instance of "DLL hell".  You need to link with the
> right libssl.  If libptcoresdk conflicts with the OpenSSL API, you
> can't use both OpenSSL and that library.
>


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-04 Thread Wayming Zhang 
You need to run "ldd -v" on your executable to check why your binary has 
dependency on libptcorsdk.so.2, and then check your linking command if 
the dependency could be removed.


A workaround you could give a try is to set LD_PRELOAD to forcibly load 
libssl before libptcoresdk if the dependency on libptcorsdk could not be 
removed.


Wayming

On 02/10/15 04:55, Viktor Dukhovni wrote:

On Thu, Oct 01, 2015 at 06:43:17PM +, Tiantian Liu via RT wrote:


#3  0x004c5e98 in tls1_new (s=0xb4964ec8) at t1_lib.c:154
#4  0x00300376 in SSL_new () from /usr/lib/libptcoresdk.so.2

I found my application called SSL_new from /usr/lib/libptcoresdk.so.2, which is 
third party library.

I think it should call the SSL_new from your Openssl library, like 
/usr/lib/libssl.so.1.0.0. right?

Yes, this is an instance of "DLL hell".  You need to link with the
right libssl.  If libptcoresdk conflicts with the OpenSSL API, you
can't use both OpenSSL and that library.



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-04 Thread Wayming Zhang 
You need to run "ldd -v" on your executable to check why your binary has 
dependency on libptcorsdk.so.2, and then check your linking command if 
the dependency could be removed.


A workaround you could give a try is to set LD_PRELOAD to forcibly load 
libssl before libptcoresdk if the dependency on libptcorsdk could not be 
removed.


Wayming
On 02/10/15 04:55, Viktor Dukhovni wrote:

On Thu, Oct 01, 2015 at 06:43:17PM +, Tiantian Liu via RT wrote:


#3  0x004c5e98 in tls1_new (s=0xb4964ec8) at t1_lib.c:154
#4  0x00300376 in SSL_new () from /usr/lib/libptcoresdk.so.2

I found my application called SSL_new from /usr/lib/libptcoresdk.so.2, which is 
third party library.

I think it should call the SSL_new from your Openssl library, like 
/usr/lib/libssl.so.1.0.0. right?

Yes, this is an instance of "DLL hell".  You need to link with the
right libssl.  If libptcoresdk conflicts with the OpenSSL API, you
can't use both OpenSSL and that library.



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-01 Thread Matt Caswell via RT 


On 01/10/15 15:18, Tiantian Liu via RT wrote:
> Hi,
> 
> Good morning! Thanks for your response.
> 
> I configured my OpenSSL with '-d' option to enable the debugging information. 
> Where I don't know how to use it during my application running.

Which version of OpenSSL did you download? My version 1.0.1p doesn't
match up with the line numbers in your backtrace below, i.e. line 209 in
s3_clnt.c is not 'SSL_clear(s);' as it appears to be for you.

> Loaded symbols for /usr/lib/libkrb5.so.3
> Loaded symbols for /usr/lib/libk5crypto.so.3
> Loaded symbols for /usr/lib/libptcoresdk.so.2
> Loaded symbols for /lib/libcom_err.so.2
> Loaded symbols for /usr/lib/libstdc++.so.6
> Loaded symbols for /usr/lib/libssl.so.1.0.0
> Loaded symbols for /usr/lib/libcrypto.so.1.0.0

Where did you install the version of OpenSSL that you compiled? Did you
replace the system supplied version in `/usr/lib`? If so that was
probably not a good idea.



> Loaded symbols for /lib/libdl.so.2
> Loaded symbols for /lib/i686/nosegneg/libpthread.so.0
> Loaded symbols for /lib/i686/nosegneg/libc.so.6
> Loaded symbols for /usr/lib/libkrb5support.so.0
> Loaded symbols for /lib/libresolv.so.2
> Loaded symbols for /lib/libgcc_s.so.1
> Loaded symbols for /lib/i686/nosegneg/libm.so.6
> Loaded symbols for /lib/ld-linux.so.2
> 0x009e6402 in __kernel_vsyscall ()
> (gdb) c
> Continuing.
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1231422576 (LWP 3480)]
> 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
> 219 if (s->renegotiate) {

There is something not quite right about that. There is no way that line
should seg fault. The deref of `s` has already occurred several times by
the time it gets to that line so `s` should be sound. Either there is
some memory corruption going on, or that's not really the line we're on.

Matt


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-01 Thread Tiantian Liu via RT 
That is ok. Just a test card.
Thanks for your remainder.

While, I am sure installed the OpenSSL1.01p to /usr/lib. Because I configured 
it with --prefix=/usr/.
I can -redo it and confirm. And I will keep updating the ticket.
Thanks,
Tyler 


-Original Message-
From: Richard Moore via RT [mailto:r...@openssl.org] 
Sent: October-01-15 10:58 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
inside SSL_Connect function

You have just leaked your credit card number to the internet. I'd suggest you 
cancel your card unless it is a test account.

Rich.


On 1 October 2015 at 15:18, Tiantian Liu via RT <r...@openssl.org> wrote:

> Hi,
>
> Good morning! Thanks for your response.
>
> I configured my OpenSSL with '-d' option to enable the debugging 
> information. Where I don't know how to use it during my application running.
>
> So I used gcc GDB function to debug.
>
> My application is a multi-process program. I started my application 
> and attached GDB to on process which will call SSL methods.
> I got the segmentation fault and dumped the calling stack like:
>
>
> (gdb)
> (gdb) Working Directory: /MCM_Red_Hat_Enterprise5_4_2_16old/
> Home Directory: /MCM_Red_Hat_Enterprise5_4_2_16old/
>
> (gdb) attach 3477
> Attaching to program: /MCM_Red_Hat_Enterprise5_4_2_16old/mlt_serv4,
> process 3477
> `system-supplied DSO at 0x9e6000' has disappeared; keeping its symbols.
> [Thread debugging using libthread_db enabled] [New Thread -1208351024 
> (LWP 3477)] [New Thread -1241924720 (LWP 3484)] [New Thread 
> -1239299184 (LWP 3483)] [New Thread -1236673648 (LWP 3482)] [New 
> Thread -1234048112 (LWP 3481)] [New Thread -1231422576 (LWP 3480)] 
> Loaded symbols for /usr/lib/libkrb5.so.3 Loaded symbols for 
> /usr/lib/libk5crypto.so.3 Loaded symbols for 
> /usr/lib/libptcoresdk.so.2 Loaded symbols for /lib/libcom_err.so.2 
> Loaded symbols for /usr/lib/libstdc++.so.6 Loaded symbols for 
> /usr/lib/libssl.so.1.0.0 Loaded symbols for 
> /usr/lib/libcrypto.so.1.0.0 Loaded symbols for /lib/libdl.so.2 Loaded 
> symbols for /lib/i686/nosegneg/libpthread.so.0
> Loaded symbols for /lib/i686/nosegneg/libc.so.6 Loaded symbols for 
> /usr/lib/libkrb5support.so.0 Loaded symbols for /lib/libresolv.so.2 
> Loaded symbols for /lib/libgcc_s.so.1 Loaded symbols for 
> /lib/i686/nosegneg/libm.so.6 Loaded symbols for /lib/ld-linux.so.2
> 0x009e6402 in __kernel_vsyscall ()
> (gdb) c
> Continuing.
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1231422576 (LWP 3480)]
> 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
> 219 if (s->renegotiate) {
> (gdb) where
> #0  0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
> #1  0x00db211f in ssl3_connect (s=0xb4a03ec8) at s3_clnt.c:209
> #2  0x0810bf05 in ConnectSSL_ex (ssl=0xb4a03ec8, sock=8, 
> error=0xb698f13c "072410333.qrl", diag=0xb699ac7c 
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg", isDiag=2 '\002',
> timeout=15) at ../multi_client/source_Host_C_Code/ssl_open.c:556
> #3  0x0810c26f in SSL_connect_tr_ex (sslc=0xb698f670, msg=0xb698f13c 
> "072410333.qrl", pssl=0xb698ef10, diag=0xb699ac7c 
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg", isDiag=2 '\002') at
> ../multi_client/source_Host_C_Code/ssl_open.c:693
> #4  0x081088e1 in Givex_doSSLConnect (sslc=0xb698f670, dsp=0xb698f647 
> "¶ô\217\204", CCi=0xb699ab14, IPind=1, ind2=0xb698f208, 
> DiagFile=0xb699ac7c
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg")
> at ../multi_client/source_Host_C_Code/openssl.c:1075
> #5  0x08101441 in Givex_ConnectSSL (sslc=0xb698f670, dsp=0xb698f647 
> "¶ô\217\204", CCi=0xb699ab14, Flg=0, DiagFile=0xb699ac7c
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg") at
> ../multi_client/source_Host_C_Code/GIFT.c:213
> #6  0x08103abc in sendtoGivex (TransType=68 'D', CCrq=0xb698fd6c, 
> CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08, OperatorId=0xb699c534 
> "", DiagFile=0xb699ac7c "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg")
> at ../multi_client/source_Host_C_Code/GIFT.c:2166
> #7  0x08105041 in GIFT_Authorize_cd (TransType=68 'D', 
> AuthNum=0xb699c4af "", SecurityCode=0xb699c612 "", 
> PromoCode=0xb699c528 "",
> OperatorId=0xb699c534 "", CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08)
> at ../multi_client/source_Host_C_Code/GIFT.c:3013
> #8  0x080b7849 in CCm_Authorize_cd (PosNum=0xb699c490 "11", 
> CardNo=0xb699c45b "60362846581210140", ExpDate=0xb698ffaa "", 
> AuthNum=0xb699c4af "", Amount=0, TransType=68 'D', CardType=51 '3',
>

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-01 Thread Tiantian Liu via RT 
om /lib/i686/nosegneg/libc.so.6
(gdb) up
#1  0x00db211f in ssl3_connect (s=0xb4a03ec8) at s3_clnt.c:209
209 SSL_clear(s);
(gdb) down
#0  0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
219 if (s->renegotiate) {
(gdb)

The above message shows my application crash when it tried to refer the 
‘renegotiate’ value?
I used the print command

(gdb) print s->renegotiate
And I got the value is :
$1 = 0/* this means the ‘s->renegotiate’ is 0 */

Could you help me to figure out what happened?
Thanks,
Tyler




-Original Message-
From: Wayming Zhang via RT [mailto:r...@openssl.org]
Sent: September-30-15 9:48 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
inside SSL_Connect function

Is your process terminated or still alive after printing the last trace message?

" Going to call SSL_connect() 15"

If it is terminated already, is there any core dump file generated? If it is 
still alive, pstack command could help you to see what is happening.

I don't see turning on debug could print any trace in SSL_Connect() funciton. 
If you want to see what happens inside the function, run your program under 
debugger and set break point in SSL_Connect(), then run it step by step.

Wayming


On 30/09/15 03:32, Tiantian Liu via RT wrote:
> I downloaded the OpenSSL-1.0.1p.
>
> I configured it as :
>
> [root@lin5ent openssl-1.0.1p]# ./config -d --prefix=/usr/ shared
> threads
>
> /
> **The configuration result
> as
>
> Operating system: i686-whatever-linux2 Configuring for debug-linux-elf
> Configuring for debug-linux-elf
>  no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
> dir)
>  no-gmp  [default]  OPENSSL_NO_GMP (skip dir)
>  no-jpake[experimental] OPENSSL_NO_JPAKE (skip dir)
>  no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
>  no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
>  no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
>  no-rfc3779  [default]  OPENSSL_NO_RFC3779 (skip dir)
>  no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
>  no-store[experimental] OPENSSL_NO_STORE (skip dir)
>  no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
>  no-zlib [default]
>  no-zlib-dynamic [default]
> IsMK1MF=0
> CC=gcc
> CFLAG =-fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
> -DHAVE_DLFCN_H -Wa,--noexecstack -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG 
> -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall 
> -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
> -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
> -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
> EX_LIBS   =-lefence -ldl
> CPUID_OBJ =x86cpuid.o
> BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
> DES_ENC   =des-586.o crypt586.o
> AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
> BF_ENC=bf-586.o
> CAST_ENC  =c_enc.o
> RC4_ENC   =rc4-586.o
> RC5_ENC   =rc5-586.o
> MD5_OBJ_ASM   =md5-586.o
> SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
> RMD160_OBJ_ASM=rmd-586.o
> CMLL_ENC  =cmll-x86.o
> MODES_OBJ =ghash-x86.o
> ENGINES_OBJ   =
> PROCESSOR =
> RANLIB=/usr/bin/ranlib
> ARFLAGS   =
> PERL  =/usr/bin/perl
> THIRTY_TWO_BIT mode
> DES_PTR used
> DES_RISC1 used
> DES_UNROLL used
> BN_LLONG mode
> RC4_INDEX mode
> RC4_CHUNK is undefined
> e_os2.h => include/openssl/e_os2.h
> making links in crypto...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto'
> crypto.h => ../include/openssl/crypto.h opensslv.h =>
> ../include/openssl/opensslv.h opensslconf.h =>
> ../include/openssl/opensslconf.h ebcdic.h =>
> ../include/openssl/ebcdic.h symhacks.h =>
> ../include/openssl/symhacks.h ossl_typ.h =>
> ../include/openssl/ossl_typ.h constant_time_test.c =>
> ../test/constant_time_test.c making links in crypto/objects...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/objects'
> objects.h => ../../include/openssl/objects.h obj_mac.h =>
> ../../include/openssl/obj_mac.h
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/objects'
> making links in crypto/md4...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/md4'
> md4.h => ../../include/openssl/md4.h
> md4test.c => ../../test/md4test.c
> md4.c => ../../apps/md4.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/md4'
> making links in crypto/

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-01 Thread Viktor Dukhovni 
On Thu, Oct 01, 2015 at 06:43:17PM +, Tiantian Liu via RT wrote:

> #3  0x004c5e98 in tls1_new (s=0xb4964ec8) at t1_lib.c:154
> #4  0x00300376 in SSL_new () from /usr/lib/libptcoresdk.so.2
> 
> I found my application called SSL_new from /usr/lib/libptcoresdk.so.2, which 
> is third party library.
> 
> I think it should call the SSL_new from your Openssl library, like 
> /usr/lib/libssl.so.1.0.0. right?

Yes, this is an instance of "DLL hell".  You need to link with the
right libssl.  If libptcoresdk conflicts with the OpenSSL API, you
can't use both OpenSSL and that library.

-- 
Viktor.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-10-01 Thread Tiantian Liu via RT 
Hi,

I did another debug.

I found one strange issue, and post the trace information below:



Loaded symbols for /usr/lib/libcrypto.so.1.0.0

Loaded symbols for /lib/libdl.so.2

Loaded symbols for /lib/i686/nosegneg/libpthread.so.0

Loaded symbols for /lib/i686/nosegneg/libc.so.6

Loaded symbols for /usr/lib/libkrb5support.so.0

Loaded symbols for /lib/libresolv.so.2

Loaded symbols for /lib/libgcc_s.so.1

Loaded symbols for /lib/i686/nosegneg/libm.so.6

Loaded symbols for /lib/ld-linux.so.2

0x00cea402 in __kernel_vsyscall ()

(gdb) c

Continuing.



Program received signal SIGSEGV, Segmentation fault.

[Switching to Thread -1232073840 (LWP 17217)]

0x004ba332 in ssl3_clear (s=0xb4964ec8) at s3_lib.c:3069

3069if (s->next_proto_negotiated) {

(gdb) list

3064s->s3->num_renegotiations = 0;

3065s->s3->in_read_app_data = 0;

3066s->version = SSL3_VERSION;

3067

3068#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

3069if (s->next_proto_negotiated) {

3070OPENSSL_free(s->next_proto_negotiated);

3071s->next_proto_negotiated = NULL;

3072s->next_proto_negotiated_len = 0;

3073}

(gdb) where

#0  0x004ba332 in ssl3_clear (s=0xb4964ec8) at s3_lib.c:3069

#1  0x004c5f31 in tls1_clear (s=0xb4964ec8) at t1_lib.c:172

#2  0x004b9f08 in ssl3_new (s=0xb4964ec8) at s3_lib.c:2950

#3  0x004c5e98 in tls1_new (s=0xb4964ec8) at t1_lib.c:154

#4  0x00300376 in SSL_new () from /usr/lib/libptcoresdk.so.2

#5  0x0144 in ?? ()

#6  0x00a2edf0 in _dl_runtime_resolve () from /lib/ld-linux.so.2

#7  0x0810c1a9 in SSL_connect_tr_ex (sslc=0x1, msg=0x6d2d326c , pssl=0xc, diag=0x2d336c73 , isDiag=-56 'È') at ../multi_client/source_Host_C_Cod

Previous frame inner to this frame (corrupt stack?)

(gdb) quit

The program is running.  Quit anyway (and detach it)? (y or n) y



I found my application called SSL_new from /usr/lib/libptcoresdk.so.2, which is 
third party library.

I think it should call the SSL_new from your Openssl library, like 
/usr/lib/libssl.so.1.0.0. right?



Thanks,

Tyler







-Original Message-
From: Matt Caswell via RT [mailto:r...@openssl.org]
Sent: October-01-15 10:52 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
inside SSL_Connect function







On 01/10/15 15:18, Tiantian Liu via RT wrote:

> Hi,

>

> Good morning! Thanks for your response.

>

> I configured my OpenSSL with '-d' option to enable the debugging information. 
> Where I don't know how to use it during my application running.



Which version of OpenSSL did you download? My version 1.0.1p doesn't match up 
with the line numbers in your backtrace below, i.e. line 209 in s3_clnt.c is 
not 'SSL_clear(s);' as it appears to be for you.



> Loaded symbols for /usr/lib/libkrb5.so.3 Loaded symbols for

> /usr/lib/libk5crypto.so.3 Loaded symbols for

> /usr/lib/libptcoresdk.so.2 Loaded symbols for /lib/libcom_err.so.2

> Loaded symbols for /usr/lib/libstdc++.so.6 Loaded symbols for

> /usr/lib/libssl.so.1.0.0 Loaded symbols for

> /usr/lib/libcrypto.so.1.0.0



Where did you install the version of OpenSSL that you compiled? Did you replace 
the system supplied version in `/usr/lib`? If so that was probably not a good 
idea.







> Loaded symbols for /lib/libdl.so.2

> Loaded symbols for /lib/i686/nosegneg/libpthread.so.0

> Loaded symbols for /lib/i686/nosegneg/libc.so.6 Loaded symbols for

> /usr/lib/libkrb5support.so.0 Loaded symbols for /lib/libresolv.so.2

> Loaded symbols for /lib/libgcc_s.so.1 Loaded symbols for

> /lib/i686/nosegneg/libm.so.6 Loaded symbols for /lib/ld-linux.so.2

> 0x009e6402 in __kernel_vsyscall ()

> (gdb) c

> Continuing.

>

> Program received signal SIGSEGV, Segmentation fault.

> [Switching to Thread -1231422576 (LWP 3480)]

> 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219

> 219 if (s->renegotiate) {



There is something not quite right about that. There is no way that line should 
seg fault. The deref of `s` has already occurred several times by the time it 
gets to that line so `s` should be sound. Either there is some memory 
corruption going on, or that's not really the line we're on.



Matt





___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-30 Thread Wayming Zhang 
../../include/openssl/cmac.h
make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/cmac'
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto'
making links in ssl...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/ssl'
ssl.h => ../include/openssl/ssl.h
ssl2.h => ../include/openssl/ssl2.h
ssl3.h => ../include/openssl/ssl3.h
ssl23.h => ../include/openssl/ssl23.h
tls1.h => ../include/openssl/tls1.h
dtls1.h => ../include/openssl/dtls1.h
kssl.h => ../include/openssl/kssl.h
srtp.h => ../include/openssl/srtp.h
ssltest.c => ../test/ssltest.c
heartbeat_test.c => ../test/heartbeat_test.c
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/ssl'
making links in engines...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/engines'
making links in engines/ccgost...
make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
make[2]: Nothing to be done for `links'.
make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines'
making links in apps...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/apps'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/apps'
making links in test...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
making links in tools...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/tools'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/tools'
generating dummy tests (if needed)...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
make[1]: Nothing to be done for `generate'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'

Configured for debug-linux-elf.

***/



Then I make it and got  the ERROR message
Told me undefined reference to 'pthread_mutex_trylock'
Then I added '-lpthread' into the FLAG in Makefile. Then I went through and 
compiled successfully.

Then I will ran my application again to see how SSL_connect() crash
Any requirement for me to start my application with OpenSSL (with debug 
enabled)? I mean to show me more information inside SSL_connect()

Thanks,
Tyler





-Original Message-
From: Matt Caswell via RT [mailto:r...@openssl.org]
Sent: September-29-15 10:55 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
inside SSL_Connect function



On 29/09/15 15:45, Tiantian Liu via RT wrote:

Hi Matt,
Thanks for prompt response!
While I confirm with you that my application crashed INSIDE the SSL_connect() 
function.

Your previous email indicated it was not crashing with SSLv23_method():
"While the above code didn't work. I couldn't reach the server. Though the 
SSL_connect() didn't crash, it returned as..."

So my advice was meant for that scenario.


So SSL_connect has no chance to return the 'res' value to me for analysis.
Because I inserted a debug message before and after SSL_connect(). You can see 
it in the following code.

/*
 My debug statement wrote the " Going to call SSL_connect() 15" 
into my trace file
 And this message string is THE LAST message in my trace file.
   */   
 if (isDiag) {
SerialWriteTestLine_int_Time("Going to call SSL_connect()", 
timeout, diag);
 }
res = SSL_connect(ssl);
   /*
Oooop!!! The following statement was not executed! No debug message 
in my trace file anymore.
   */
 if (isDiag) {
SerialWriteTestLine_int_Time("SSL_connect res ", res, diag);
 }
if (res <= 0) {
sslerror = SSL_get_error(ssl, res);
if (sslerror == SSL_ERROR_WANT_READ) {
isexp = is_expired(exptime);
if (isexp == 1) {
if (isDiag) {

SerialWriteTestLine_int_Time("ConnectSSL [SSL_connect(ssl)] failed Timeout", 
timeout, diag);
}
strcpy(error, "SSL connect error");
return 0;
}
continue;
}

So, do you have any idea to get more information inside the SSL_connect?

If its actually crashing then we need to see a backtrace and a wireshark packet 
capture.


Should I re-compile and re-install OpenSSL lib?
I tried to configure OpenSSL with option '-d' to enable the debug featur

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-30 Thread Wayming Zhang via RT 
dc2test.c => ../../test/mdc2test.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/mdc2'
> making links in crypto/hmac...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/hmac'
> hmac.h => ../../include/openssl/hmac.h
> ..
> srptest.c => ../../test/srptest.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/srp'
> making links in crypto/cmac...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/cmac'
> cmac.h => ../../include/openssl/cmac.h
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/cmac'
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto'
> making links in ssl...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/ssl'
> ssl.h => ../include/openssl/ssl.h
> ssl2.h => ../include/openssl/ssl2.h
> ssl3.h => ../include/openssl/ssl3.h
> ssl23.h => ../include/openssl/ssl23.h
> tls1.h => ../include/openssl/tls1.h
> dtls1.h => ../include/openssl/dtls1.h
> kssl.h => ../include/openssl/kssl.h
> srtp.h => ../include/openssl/srtp.h
> ssltest.c => ../test/ssltest.c
> heartbeat_test.c => ../test/heartbeat_test.c
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/ssl'
> making links in engines...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/engines'
> making links in engines/ccgost...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
> make[2]: Nothing to be done for `links'.
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines'
> making links in apps...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/apps'
> make[1]: Nothing to be done for `links'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/apps'
> making links in test...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
> make[1]: Nothing to be done for `links'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
> making links in tools...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/tools'
> make[1]: Nothing to be done for `links'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/tools'
> generating dummy tests (if needed)...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
> make[1]: Nothing to be done for `generate'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
>
> Configured for debug-linux-elf.
>
> ***/
>
>
>
> Then I make it and got  the ERROR message
> Told me undefined reference to 'pthread_mutex_trylock'
> Then I added '-lpthread' into the FLAG in Makefile. Then I went through and 
> compiled successfully.
>
> Then I will ran my application again to see how SSL_connect() crash
> Any requirement for me to start my application with OpenSSL (with debug 
> enabled)? I mean to show me more information inside SSL_connect()
>
> Thanks,
> Tyler
>
>
>
>
>
> -Original Message-
> From: Matt Caswell via RT [mailto:r...@openssl.org]
> Sent: September-29-15 10:55 AM
> To: Tiantian Liu
> Cc: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
> inside SSL_Connect function
>
>
>
> On 29/09/15 15:45, Tiantian Liu via RT wrote:
>> Hi Matt,
>> Thanks for prompt response!
>> While I confirm with you that my application crashed INSIDE the 
>> SSL_connect() function.
> Your previous email indicated it was not crashing with SSLv23_method():
> "While the above code didn't work. I couldn't reach the server. Though the 
> SSL_connect() didn't crash, it returned as..."
>
> So my advice was meant for that scenario.
>
>> So SSL_connect has no chance to return the 'res' value to me for analysis.
>> Because I inserted a debug message before and after SSL_connect(). You can 
>> see it in the following code.
>>
>> /*
>>  My debug statement wrote the " Going to call SSL_connect() 15" 
>> into my trace file
>>  And this message string is THE LAST message in my trace file.
>>*/
>>  if (isDiag) {
>>  SerialWriteTestLine_int_Time("Going to call SSL_connect()", 
>> timeout, diag);
>>  }
>>  res = SSL_connect(ssl);
>>/*
>> Oooop!!! The following statement was not executed! No debug 
>> message in my trace file anymore.
>>*/
>>  if (isDiag) {
>>  SerialWriteTestLine_int_Time("SSL_connect res ", res, di

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-29 Thread Matt Caswell via RT 
I agree with everything Viktor said. In particular that you should
continue to use SSLv23_method. Some additional comments below:

On 28/09/15 16:31, Tiantian Liu via RT wrote:

>   sslerror = SSL_get_error(ssl, res);
>   if (sslerror == SSL_ERROR_WANT_READ) {
>   isexp = is_expired(exptime);
>   if (isexp == 1) {
>   strcpy(error, "SSL connect error");
>   return 0;
>   }
>   continue;
>   }
>   strcpy(error, "SSL connect error");
>   return 0;

You need to handle more that just SSL_ERROR_WANT_READ here. You should
also handle SSL_ERROR_WANT_WRITE. You could get either returned from a
call to SSL_connect.

Please can you supply a backtrace from your crash? Also a packet capture
between your application and the server would be useful.

Matt


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-29 Thread Matt Caswell via RT 


On 29/09/15 14:56, Tiantian Liu via RT wrote:
> Hi Matt & Vi
> 
> I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. 
> I only enabled the TLSv1.2 by SSL_CTX_set_option().
> You can see my previous code:  
> 
> /*setup up by SSLv23_method*/
> meth = SSLv23_method();
> ctx = SSL_CTX_new(meth);
> 
> 
> /*Only allow TLSv1.2 protocol*/
> SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 
> SSL_OP_NO_TLSv1);
> 
> 
> While the above code didn't work. I couldn't reach the server. Though the 
> SSL_connect() didn't crash, it returned as:
> 
> 17:49:12.939 [5499]- SSL_connect res : -1

What is the result of SSL_get_error()? Also check the OpenSSL error
queue (see ERR_print_errors or ERR_print_errors_fp).

Matt


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-29 Thread Tiantian Liu via RT 
Hi Matt & Vi

I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. I 
only enabled the TLSv1.2 by SSL_CTX_set_option().
You can see my previous code:  

/*setup up by SSLv23_method*/
meth = SSLv23_method();
ctx = SSL_CTX_new(meth);


/*Only allow TLSv1.2 protocol*/
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 
SSL_OP_NO_TLSv1);


While the above code didn't work. I couldn't reach the server. Though the 
SSL_connect() didn't crash, it returned as:

17:49:12.939 [5499]- SSL_connect res : -1

17:49:12.939 [5499]- Going to call SSL_connect(): 15

17:49:12.939 [5499]- SSL_connect res : -1

17:49:12.939 [5499]- Going to call SSL_connect(): 15

17:49:12.939 [5499]- SSL_connect res : -1

17:49:12.939 [5499]- Going to call SSL_connect(): 15

17:49:12.940 [5499]- SSL_connect res : -1

17:49:12.940 [5499]- Going to call SSL_connect(): 15

17:49:12.940 [5499]- SSL_connect res : -1

17:49:12.940 [5499]- Going to call SSL_connect(): 15

17:49:12.940 [5499]- SSL_connect res : -1

17:49:12.940 [5499]- Going to call SSL_connect(): 15

17:49:12.940 [5499]- SSL_connect res : -1

17:49:12.940 [5499]- Going to call SSL_connect(): 15

17:49:12.940 [5499]- SSL_connect res : -1

17:49:12.941 [5499]- Going to call SSL_connect(): 15

17:49:12.941 [5499]- SSL_connect res : -1

17:49:12.941 [5499]- Going to call SSL_connect(): 15

17:49:12.941 [5499]- SSL_connect res : -1

17:49:12.941 [5499]- Going to call SSL_connect(): 15

I will continue to investigate, and keep updating the ticket. I will adopt your 
idea to see if I can obtain more information during crash.
Thanks,
Tyler 

-Original Message-
From: Matt Caswell via RT [mailto:r...@openssl.org] 
Sent: September-29-15 4:25 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
inside SSL_Connect function

I agree with everything Viktor said. In particular that you should continue to 
use SSLv23_method. Some additional comments below:

On 28/09/15 16:31, Tiantian Liu via RT wrote:

>   sslerror = SSL_get_error(ssl, res);
>   if (sslerror == SSL_ERROR_WANT_READ) {
>   isexp = is_expired(exptime);
>   if (isexp == 1) {
>   strcpy(error, "SSL connect error");
>   return 0;
>   }
>   continue;
>   }
>   strcpy(error, "SSL connect error");
>   return 0;

You need to handle more that just SSL_ERROR_WANT_READ here. You should also 
handle SSL_ERROR_WANT_WRITE. You could get either returned from a call to 
SSL_connect.

Please can you supply a backtrace from your crash? Also a packet capture 
between your application and the server would be useful.

Matt



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-29 Thread Matt Caswell via RT 


On 29/09/15 15:45, Tiantian Liu via RT wrote:
> Hi Matt,
> Thanks for prompt response!
> While I confirm with you that my application crashed INSIDE the SSL_connect() 
> function.

Your previous email indicated it was not crashing with SSLv23_method():
"While the above code didn't work. I couldn't reach the server. Though
the SSL_connect() didn't crash, it returned as..."

So my advice was meant for that scenario.

> So SSL_connect has no chance to return the 'res' value to me for analysis. 
> Because I inserted a debug message before and after SSL_connect(). You can 
> see it in the following code.  
> 
>/*
> My debug statement wrote the " Going to call SSL_connect() 15" 
> into my trace file
> And this message string is THE LAST message in my trace file.
>   */  
> if (isDiag) {
>   SerialWriteTestLine_int_Time("Going to call SSL_connect()", 
> timeout, diag);
> }
>   res = SSL_connect(ssl);
>   /*
>Oooop!!! The following statement was not executed! No debug 
> message in my trace file anymore.
>   */
> if (isDiag) {
>   SerialWriteTestLine_int_Time("SSL_connect res ", res, diag);
> }
>   if (res <= 0) {
>   sslerror = SSL_get_error(ssl, res);
>   if (sslerror == SSL_ERROR_WANT_READ) {
>   isexp = is_expired(exptime);
>   if (isexp == 1) {
>   if (isDiag) {
>   
> SerialWriteTestLine_int_Time("ConnectSSL [SSL_connect(ssl)] failed Timeout", 
> timeout, diag);
>   }
>   strcpy(error, "SSL connect error");
>   return 0;
>   }
>   continue;
>   }
> 
> So, do you have any idea to get more information inside the SSL_connect?

If its actually crashing then we need to see a backtrace and a wireshark
packet capture.

> Should I re-compile and re-install OpenSSL lib?
> I tried to configure OpenSSL with option '-d' to enable the debug feature, 
> while I got compilation error.
> 

You should not get a compilation error. Please post the steps you took
to compile the library and the compilation error you received.


Matt


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-29 Thread Tiantian Liu via RT 
=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave 
Organization Validation SHA256 CA, Level 1/emailAddress=c...@trustwave.com
---
No client certificate CA names sent
---
SSL handshake has read 2946 bytes and written 615 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1.2
Cipher: AES256-GCM-SHA384
Session-ID: A6FF6BD6DA9406A8C6148FDDA74E5603FAF8272A5ECFDF1679BA1939F8FC3B25
Session-ID-ctx:
Master-Key: 
822DCFBFB88F2B4B2BBB9093CE490F8868A0B24BCDAAD0BEB3C717C2EA54DECA4196817E1C5D4C16457B4054C24132C6
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
 - 03 c4 85 89 59 05 ee ec-07 ba 65 5d 5c 06 c1 cf   Y.e]\...
0010 - 11 bc b4 48 3e 8c b1 a8-18 ca 33 57 3e b9 36 c2   ...H>.3W>.6.
0020 - 7a 1a 97 d1 54 ec ab 64-51 08 77 9d 5c b1 1a 10   z...T..dQ.w.\...
0030 - ce 51 a2 12 6b 49 df 32-ec b3 ac d9 dd 54 ba 51   .Q..kI.2.T.Q
0040 - 78 ac a8 8d 84 09 3f a6-fe bf 9c 97 21 d9 32 ec   x.?.!.2.
0050 - 4a 55 8f 14 c2 56 d6 0c-26 47 b8 fa fe c5 7f 9d   JU...V..
0060 - 1d cc 22 ec 43 2c 5e ab-48 52 fd 99 04 11 ba 5c   ..".C,^.HR.\
0070 - 20 0a ef ed 18 02 08 97-7e 75 99 88 7d 73 9f d5...~u..}s..
0080 - 9b 96 a1 d5 20 44 02 cc-3e 71 e2 6f b6 41 71 a7    D..>q.o.Aq.
0090 - 8d 82 a4 a8 3e 08 5f 2e-d1 fe c1 44 c4 13 aa 32   >._D...2

Start Time: 1443544275
Timeout   : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
closed



Thanks,
Tyler 


-Original Message-
From: Matt Caswell via RT [mailto:r...@openssl.org] 
Sent: September-29-15 10:05 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
inside SSL_Connect function



On 29/09/15 14:56, Tiantian Liu via RT wrote:
> Hi Matt & Vi
> 
> I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. 
> I only enabled the TLSv1.2 by SSL_CTX_set_option().
> You can see my previous code:  
> 
> /*setup up by SSLv23_method*/
> meth = SSLv23_method();
> ctx = SSL_CTX_new(meth);
> 
> 
> /*Only allow TLSv1.2 protocol*/
> SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | 
> SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
> 
> 
> While the above code didn't work. I couldn't reach the server. Though the 
> SSL_connect() didn't crash, it returned as:
> 
> 17:49:12.939 [5499]- SSL_connect res : -1

What is the result of SSL_get_error()? Also check the OpenSSL error queue (see 
ERR_print_errors or ERR_print_errors_fp).

Matt



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-29 Thread Tiantian Liu via RT 
=> ../test/ssltest.c
heartbeat_test.c => ../test/heartbeat_test.c
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/ssl'
making links in engines...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/engines'
making links in engines/ccgost...
make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
make[2]: Nothing to be done for `links'.
make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines'
making links in apps...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/apps'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/apps'
making links in test...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
making links in tools...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/tools'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/tools'
generating dummy tests (if needed)...
make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
make[1]: Nothing to be done for `generate'.
make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'

Configured for debug-linux-elf.

***/



Then I make it and got  the ERROR message
Told me undefined reference to 'pthread_mutex_trylock'
Then I added '-lpthread' into the FLAG in Makefile. Then I went through and 
compiled successfully.

Then I will ran my application again to see how SSL_connect() crash
Any requirement for me to start my application with OpenSSL (with debug 
enabled)? I mean to show me more information inside SSL_connect()

Thanks,
Tyler  





-Original Message-
From: Matt Caswell via RT [mailto:r...@openssl.org] 
Sent: September-29-15 10:55 AM
To: Tiantian Liu
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened 
inside SSL_Connect function



On 29/09/15 15:45, Tiantian Liu via RT wrote:
> Hi Matt,
> Thanks for prompt response!
> While I confirm with you that my application crashed INSIDE the SSL_connect() 
> function.

Your previous email indicated it was not crashing with SSLv23_method():
"While the above code didn't work. I couldn't reach the server. Though the 
SSL_connect() didn't crash, it returned as..."

So my advice was meant for that scenario.

> So SSL_connect has no chance to return the 'res' value to me for analysis. 
> Because I inserted a debug message before and after SSL_connect(). You can 
> see it in the following code.  
> 
>/*
> My debug statement wrote the " Going to call SSL_connect() 15" 
> into my trace file
> And this message string is THE LAST message in my trace file.
>   */  
> if (isDiag) {
>   SerialWriteTestLine_int_Time("Going to call SSL_connect()", 
> timeout, diag);
> }
>   res = SSL_connect(ssl);
>   /*
>Oooop!!! The following statement was not executed! No debug 
> message in my trace file anymore.
>   */
> if (isDiag) {
>   SerialWriteTestLine_int_Time("SSL_connect res ", res, diag);
> }
>   if (res <= 0) {
>   sslerror = SSL_get_error(ssl, res);
>   if (sslerror == SSL_ERROR_WANT_READ) {
>   isexp = is_expired(exptime);
>   if (isexp == 1) {
>   if (isDiag) {
>   
> SerialWriteTestLine_int_Time("ConnectSSL [SSL_connect(ssl)] failed Timeout", 
> timeout, diag);
>   }
>   strcpy(error, "SSL connect error");
>   return 0;
>   }
>   continue;
>   }
> 
> So, do you have any idea to get more information inside the SSL_connect?

If its actually crashing then we need to see a backtrace and a wireshark packet 
capture.

> Should I re-compile and re-install OpenSSL lib?
> I tried to configure OpenSSL with option '-d' to enable the debug feature, 
> while I got compilation error.
> 

You should not get a compilation error. Please post the steps you took to 
compile the library and the compilation error you received.


Matt



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-28 Thread Tiantian Liu via RT 
Hi,
I updated the ticket [openssl.org #4060] with some code and log file.
I have to tell you, the previous SSLv23_method, I commented it out this time, 
worked fine with me and SSL server. I just changed that line to TLSv1_2_method. 
Now my application always crash when I call SSL_connect().


At first, I created the SSL context by the function below (the function looked 
returned successfully, because it returned the SSL_CTX boject):


SSL_CTX *initialize_ctx_ex(char *keyfile, char *password, char *ca_list,
   char *random, char *error, char *diag, char 
isDiag) {
SSL_METHOD *meth;
SSL_CTX *ctx;


 /* Create our context*/
//meth = SSLv3_method();/*I previously applied 
the SSLv23 method, and it worked fine for me.*/
 meth = TLSv1_2_method();   /*Now I switch to TLSv1.2, I 
just changed this one line in my code*/

if (isDiag && meth) {
SerialWriteTestLine_Time("initialize_ctx_ex Call 
TLSv1_2_method(meth) done.", diag);
 }
ctx = SSL_CTX_new(meth);

 /* Load the CAs we trust*/
if(!(SSL_CTX_load_verify_locations(ctx, ca_list, 0))) {
sprintf(error, "Couldn't read CA list: %s", ca_list);
if (isDiag) {
SerialWriteTestLine_Time(error, diag);
}
return NULL;
}

SSL_CTX_set_verify_depth(ctx, 1);

 /* Load randomness */
if (random && *random)
{
if(!(RAND_load_file(random, 1024*1024))) {
strcpy(error, "Couldn't load randomness");
if (isDiag) {
SerialWriteTestLine_Time(error, diag);
}
return NULL;
}
}

if (isDiag) {
SerialWriteTestLine_Time("Exit initialize_ctx_ex", diag);
}

return ctx;
}

/*The above initialize_ctx_ex () is invoked inside the following function 
SSL_connect_tr_ex ()*/

int SSL_connect_tr_ex(pTSSL_connect sslc, char *msg, pTSSL_params pssl,
char *diag, char isDiag) {
BIO *sbio;
int res;

/* Build our SSL context*/
memset(sslc, 0, sizeof(TSSL_connect));
if (isDiag) {
SerialWriteTestLine_Time("initialize_ctx", diag);
SerialWriteTestLine_string_Time("initialize_ctx ipADdress ", 
pssl->ipaddress, diag);
SerialWriteTestLine_int_Time("initialize_ctx ipADdress ", 
pssl->ipport, diag);

}
  
   /* the function initialize_ctx_ex ()  looked returned 
successfully, because it returned the SSL_CTX boject */
sslc->ctx = initialize_ctx_ex(pssl->keyfile, pssl->password, 
pssl->ca_list,

pssl->random, msg, diag, isDiag);
if (!sslc->ctx) {
if (isDiag) {
SerialWriteTestLine_Time("tcp_connect !ssl->ctx", diag);
}
return 0;
}

/*Then I continue to setup TCP socket to server*/

/* Connect the TCP socket*/
if (isDiag) {
SerialWriteTestLine_Time("tcp_connect", diag);
}
sslc->sock = tcp_connect_timeout_ex(pssl->ipaddress, pssl->ipport, 
pssl->timeout,

msg, diag, isDiag);
if (sslc->sock == -1) return 0;

/* Connect the SSL socket */
if (isDiag) {
SerialWriteTestLine_Time("Connect the SSL socket 
[SSL_new(ctx)]", diag);
}
sslc->ssl = SSL_new(sslc->ctx);
if (isDiag) {
SerialWriteTestLine_Time("Connect the SSL socket 
[BIO_new_socket(sock, BIO_NOCLOSE)]", diag);
}
sbio = BIO_new_socket(sslc->sock, BIO_NOCLOSE);
if (isDiag) {
SerialWriteTestLine_Time("Connect the SSL socket 
[SSL_set_bio(ssl, sbio, sbio)]", diag);
}
SSL_set_bio(sslc->ssl, sbio, sbio);

if (isDiag) {
SerialWriteTestLine_Time("Connect the SSL socket 
[ConnectSSL(ssl, sock, msg)]", diag);
}

/*Now I am going  to connect, and I got crash in the following 
function*/
res = ConnectSSL_ex(sslc->ssl, sslc->sock, msg, diag, isDiag, 
pssl->timeout);
if (!res) {
return 0;
}

return 1;
}

/*My ConnectSSL_ex () is defined*/
int ConnectSSL_ex(SSL *ssl, int sock, char *error, char *diag, char isDiag, int 
timeout) {
int flag;
int res;
int sslerror;
time_t exptime;
int isexp;
if (isDiag) {
SerialWriteTestLine_Time("ConnectSSL [ioctlsocket(socket, 
FIONBIO, )]", diag);
}
if (timeout > 15) {
timeout -= 5;

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-28 Thread Tiantian Liu via RT 
Hi,
Good morning! 
I want to know how it's going with the ticket [openssl.org #4060]?

The ticket is :
"a crash happened inside SSL_Connect function"

Thanks,
Tyler 



-Original Message-
From: The default queue via RT [mailto:r...@openssl.org] 
Sent: September-24-15 12:08 PM
To: Tiantian Liu
Subject: [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect 
function


Greetings,

This message has been automatically generated in response to the creation of a 
trouble ticket regarding:
"a crash happened inside SSL_Connect function", a summary of which 
appears below.

There is no need to reply to this message right now.  Your ticket has been 
assigned an ID of [openssl.org #4060].

Please include the string:

 [openssl.org #4060]

in the subject line of all future correspondence about this issue. To do so, 
you may reply to this message.

Thank you,
r...@openssl.org

-
Hi,

I am a software developer who is struggling on an application development based 
on OpenSSL 1.0.1 (released on 2012-03-14) under Linux (32-bit Redhat).

I used to use the SSL functions from OpenSSL 0.9.8, and my application worked 
fine.  I applied the SSLv23_method() to setup the SSL context and communicate 
with customer's server over various SSL/TLS protocols.

While, recently my customer required me to upgrade my OpenSSL library, because 
their server only support TLS1.2. So I downloaded OpenSSL 1.0.1 source package, 
then complied and installed successfully.
I configured the OpenSSL as:
#./config -prefix=/usr shared //I have to generate the 
shared library like libssl.so, libcrypto.so

Then I found my SSL context, setup by SSLv23_method(), stopped working, I can't 
reach their server anymore.  It looked like they didn't understand my handshake 
message when I called SSL_Connect().

So I switched to the TLSv1_2_method()  to build SSL context. However, my 
program crashed every time when I called SSL_Connect(), I mean crash happened 
inside the SSL_Connect(), and it didn't return at all.

Now I have tried 2 methods:

1.   SSLv23_method() to build SSL context

SSL_METHOD *meth;
SSL_CTX *ctx;
..
meth = SSLv23_method();
ctx = SSL_CTX_new(meth);

//Only allow TLSv1_1 or higher
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 
SSL_OP_NO_TLSv1);

..

The SSL_Connect() resulted in:
ConnectSSL [SSL_connect(ssl)] failed: 5
SSL_ERROR_SYSCALL: 5



2.   TLSv1_2_method() to build SSL context

SSL_METHOD *meth;
SSL_CTX *ctx;
..
meth = TLSv1_2_method();
ctx = SSL_CTX_new(meth);


then, the SSL_connect() crashed when I invoked it.

Currently, I don't know how to attack this issue, all the code worked fine 
before. I just changed the SSLv23_method  to TLSv1_2_method.  Is there any 
difference between that 2 functions? What I should do if I want to use the 
TLSv1_2_method?

I am very pleased if anyone of you have any idea to help me.
Thanks,
Tyler



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-28 Thread Salz, Rich via RT 
> I want to know how it's going with the ticket [openssl.org #4060]?

Nobody's looked at it yet.

You need to include a backtrace.  And a way to reproduce it (sample code) 
before anyone will really be interested.


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function

2015-09-28 Thread Viktor Dukhovni 
On Mon, Sep 28, 2015 at 03:31:40PM +, Tiantian Liu via RT wrote:

> I updated the ticket [openssl.org #4060] with some code and log file.
> I have to tell you, the previous SSLv23_method, I commented it out this
> time, worked fine with me and SSL server. I just changed that line to
> TLSv1_2_method. Now my application always crash when I call SSL_connect().

You SHOULD NOT switch to TLSv1_2_method().  Keep using SSLv23_method().  Just
disable SSLv2 and SSLv3 via something like:

SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);

> SSL_CTX *initialize_ctx_ex(char *keyfile, char *password, char *ca_list,
>  char *random, char *error, char *diag, char 
> isDiag) {
>   SSL_METHOD *meth;
>   SSL_CTX *ctx;
>
> 
> 
>/* Create our context*/
>   //meth = SSLv3_method();/*I previously applied 
> the SSLv23 method, and it worked fine for me.*/
>meth = TLSv1_2_method();   /*Now I switch to 
> TLSv1.2, I just changed this one line in my code*/

Is the library initialization code elsewhere?

>   SSL_CTX_set_verify_depth(ctx, 1);

That's much too restrictive, is the peer's certificate always signed
directly by a trusted root?

>   if (random && *random)
>   {
>   if(!(RAND_load_file(random, 1024*1024))) {
>   strcpy(error, "Couldn't load randomness");
>   if (isDiag) {
>   SerialWriteTestLine_Time(error, diag);
>   }
>   return NULL;
>   }
>   }

This looks bogus.


> If my code doesn't help you, could you please give some
> instructions/technical doc to tell me how to use TLSv1.2 for SSL
> communication. If you can offer me some simple code to setup SSL
> communication channel with TLSv1.2, that's helpful! Thanks!

You don't need to make any changes to your code to use TLS 1.2,
just recompile the same code with OpenSSL 1.0.1 or later.  To
disable SSLv2 and SSLv3, see above.

You have still provided no information as to what you mean by "crash".

-- 
Viktor.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev