Re: large data read error
Hello > I have some doubts over the ssl buffer. Let I put my questions below > > 1. What happens when the server keeps on writing and no data has been > read from the client?, Is there any possibility of buffer overflow?. > Please explain this senarion briefly. This depends on protocol that caries SSL record rather than SSL. If server sends SSL records over TCP and client is not reading this data then operating system network buffers collect this data until has free space. Next action depends on TCP layer how for example client TCP stack will inform server TCP stack to not send more data. There are some algorithms in TCP to avoid congesting the network which may mean: avoid send data faster than the host on the other end can utilize it. > 2. Assume that during the ssl handshake we have some un read data in > the ssl buffer. When the application is crashed or closed in the > middle of the transacion will that the buffer(which holds the un read > data ) will lead to memory leaking. Memory buffers ale allocated on initializing SSL object and are used for reading/writing SSL records. When process is terminated all memory allocated by this process (maybe without shared memory) are returned to system. In general if you free SSL object after successful or failed handshake there should be no memory leak. (remember of error stack free in threads). > 3. Where the ssl have its default buffer?, either in stack or heap > locations? Dynamically allocated in SSL object which means in heap. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: large data read error
Hi Marek, I have some doubts over the ssl buffer. Let I put my questions below 1. What happens when the server keeps on writing and no data has been read from the client?, Is there any possibility of buffer overflow?. Please explain this senarion briefly. 2. Assume that during the ssl handshake we have some un read data in the ssl buffer. When the application is crashed or closed in the middle of the transacion will that the buffer(which holds the un read data ) will lead to memory leaking. 3. Where the ssl have its default buffer?, either in stack or heap locations? - Original Message From: Marek Marcola <[EMAIL PROTECTED]>To: openssl-users@openssl.orgSent: Saturday, 7 October, 2006 12:22:13 AMSubject: RE: large data read error Hello,> Is there a way to overcome the 16k limit besides breaking down the> message/response? Try to set SSL_CTX option SSL_OP_MICROSOFT_BIG_SSLV3_BUFFERto extend SSL buffer to 32k.Best regards,-- Marek Marcola <[EMAIL PROTECTED]>__OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: large data read error
Hi, Thanks for your reply and really it helped to fix our bug. Still I have some questions over ssl buffer. Let I put my questions below 1. What happens when the server keeps on writing and no data has been read from the client?, Is there any possibility of buffer overflow(16K)?. Please explain this senarion briefly. 2. Assume that during the ssl handshake we have some un read data in the ssl buffer. When the application is crashed or closed in the middle of the transacion will that the buffer(which holds the un read data ) will lead to memory leaking?. 3. Where the ssl have its default buffer?, either in stack or heap locations? - Original Message From: Krishna M Singh <[EMAIL PROTECTED]>To: openssl-users@openssl.orgSent: Thursday, 24 August, 2006 3:08:44 PMSubject: Re: large data read error Hi SendilI am not sure but I haven't seen any such limit of 5K in my usage ofthe OpenSSL.. OpenSSL record size is around 16K i remember. Canproblem be with ur server of client code (not OpenSSL) where somebuffer size is hardcoded to 5K and than return values are ntoapproapriately handled.Just a wild guess..-KrishnaFlextronics, IndiaOn 8/20/06, Sendil kumar <[EMAIL PROTECTED]> wrote:>>> Hi,>> I've got some code that seems to work, except when the server responds with> a 'large' amount of data.>> When the server sends 5000 bytes of data to the client ,the client was able> to read it and> every thing goes fine.But when the server passes more than 5000 bytes of> data to the client,the client> crashes and SSL_read() gives SSL_ERROR_SSL error but no data returned.I> tried but couldn't find any solution. please give me any solution this seems> to be a headdacke for me.>> Thanks,__OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine
RE: large data read error
Hello, > Thanks, I will. What's the largest value this can be set to? Or is it > better to do chunked reads? For SSL maximum record data size is 2^14 which may be extended two times by setting SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. But this is logical size of SSL record which means that to real data MAC code is added, then padding is added, all this is encrypted and this size can not be bigger that 2^14 (or two times 2^14). Of course SSL works over TCP (mostly) and you should always be prepared to read or write data in chunks. Next, SSL sends data in packets and buffers unread data in SSL layer. If for example in SSL layer you have already 10 bytes and you want to read 8kb, SSL_read() will return only 10 bytes and you should retry SSL_read() to read more data. To check if SSL layer has already buffered data you may use SSL_pending(). Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: large data read error
Thanks, I will. What's the largest value this can be set to? Or is it better to do chunked reads? Carlo Agopian [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Friday, October 06, 2006 11:52 AM To: openssl-users@openssl.org Subject: RE: large data read error Hello, > Is there a way to overcome the 16k limit besides breaking down the > message/response? Try to set SSL_CTX option SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER to extend SSL buffer to 32k. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: large data read error
Hello, > Is there a way to overcome the 16k limit besides breaking down the > message/response? Try to set SSL_CTX option SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER to extend SSL buffer to 32k. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: large data read error
Is there a way to overcome the 16k limit besides breaking down the message/response? Carlo Agopian [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Krishna M Singh Sent: Thursday, August 24, 2006 2:39 AM To: openssl-users@openssl.org Subject: Re: large data read error Hi Sendil I am not sure but I haven't seen any such limit of 5K in my usage of the OpenSSL.. OpenSSL record size is around 16K i remember. Can problem be with ur server of client code (not OpenSSL) where some buffer size is hardcoded to 5K and than return values are nto approapriately handled. Just a wild guess.. -Krishna Flextronics, India On 8/20/06, Sendil kumar <[EMAIL PROTECTED]> wrote: > > > Hi, > > I've got some code that seems to work, except when the server responds > with a 'large' amount of data. > > When the server sends 5000 bytes of data to the client ,the client was > able to read it and every thing goes fine.But when the server passes > more than 5000 bytes of data to the client,the client crashes and > SSL_read() gives SSL_ERROR_SSL error but no data returned.I tried but > couldn't find any solution. please give me any solution this seems to > be a headdacke for me. > > Thanks, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: large data read error
Hi Sendil I am not sure but I haven't seen any such limit of 5K in my usage of the OpenSSL.. OpenSSL record size is around 16K i remember. Can problem be with ur server of client code (not OpenSSL) where some buffer size is hardcoded to 5K and than return values are nto approapriately handled. Just a wild guess.. -Krishna Flextronics, India On 8/20/06, Sendil kumar <[EMAIL PROTECTED]> wrote: Hi, I've got some code that seems to work, except when the server responds with a 'large' amount of data. When the server sends 5000 bytes of data to the client ,the client was able to read it and every thing goes fine.But when the server passes more than 5000 bytes of data to the client,the client crashes and SSL_read() gives SSL_ERROR_SSL error but no data returned.I tried but couldn't find any solution. please give me any solution this seems to be a headdacke for me. Thanks, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: large data read error
--- Sendil kumar <[EMAIL PROTECTED]> wrote: > Hi, > > I've got some code that seems to work, except when > the server responds with > a 'large' amount of data. > > When the server sends 5000 bytes of data to the > client ,the client was able to read it and > every thing goes fine.But when the server passes > more than 5000 bytes of data to the client,the > client > crashes and SSL_read() gives SSL_ERROR_SSL error but > no data returned.I tried but couldn't find any > solution. please give me any solution this seems to > be a headdacke for me. It is impossible to suggest anything since you have not given enough detail. What is it that you are trying to do? Please send the code snippet. If the client is crashing it could be a simple buffer overflow issue. Most crashes are caused by this. I don't want to speculate. Give details. regards, Girish > > Thanks, __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]