Security Basics mailing list archives
Re: a problem about openssl lib:SSL_connect()
From: "berg" <zealberg () 163 com>
Date: Fri, 8 Sep 2006 09:10:25 +0800
I resolved this problem, use something named BIO. But I still do not know why SSL_connect() causes buf overflow....
the code below, use nonblock socket.
int https_check(unsigned long dip, unsigned short dport, unsigned int timeout, char *url)
{
int status = -1;
SSL *ssl = NULL;
SSL_CTX *ctx = NULL;
BIO *sbio = NULL;
unsigned long ndip = htonl(dip);
int ret;
struct timeval tv;
gettimeofday(&tv, NULL);
tv.tv_sec += timeout;
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
ctx = SSL_CTX_new(SSLv23_client_method());
if (ctx == NULL)
{
dbg_mon_err("SSL_CTX_new");
goto RET;
}
sbio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(sbio, &ssl);
if (ssl == NULL)
{
dbg_mon_err("SSL_new");
goto RET;
}
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_ip(sbio, &ndip);
BIO_set_conn_int_port(sbio, &dport);
BIO_set_nbio(sbio, 1);
do
{
if (ck_timeout(&tv)) // own function, check if time out
{
dbg_mon_err("timeout"); // own debug function
goto RET;
}
ret = BIO_do_connect(sbio);
if (ret == 0)
{
dbg_mon_err("connect_failed");
goto RET;
}
else if (ret < 0 && !BIO_should_retry(sbio))
{
dbg_mon_err("BIO_do_connect_retry");
goto RET;
}
usleep(10);
}while (ret < 0);
do
{
if (ck_timeout(&tv))
{
dbg_mon_err("timeout");
goto RET;
}
ret = BIO_do_handshake(sbio);
if (ret == 0)
{
dbg_mon_err("connect_failed");
goto RET;
}
else if (ret < 0 && !BIO_should_retry(sbio))
{
dbg_mon_err("BIO_do_connect_retry");
goto RET;
}
usleep(10);
} while (ret < 0);
// own function, send and recv https packets, use BIO_read() and BIO_write()
if ( (status=send_https_request(sbio, dip, url)) > 0)
{
status = recv_https_response(sbio, &tv);
}
RET:
BIO_free_all(sbio);
return status;
}
Best Regards
Berg
----- Original Message -----
From: "berg" <zealberg () 163 com>
To: <security-basics () securityfocus com>
Sent: Thursday, September 07, 2006 4:33 PM
Subject: a problem about openssl lib:SSL_connect()
Hello, everyone
I met a problem while using the function SSL_connect(), it always returns -1, and output some chaotic characters
to the console(It seems that memory overflow). And I did not capture the ssl handshake packets. Does anyone knows the
reason, and how to use it?
Thanks for any advise.
My codes as follow:
............
int sd;
int ret;
SSL *ssl;
SSL_CTX *ctx;
// initial ssl library
SSL_library_init();
SSL_load_error_strings();
// create ssl context
ctx = SSL_CTX_new(SSLv23_client_method());
if (ctx == NULL)
{
return -1;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
// create ssl
ssl = SSL_new(ctx);
if (ssl == NULL)
{
return -1;
}
// the function below returns a normal tcp connection socket description
sd = create_https_socket(dip, dport);
if (sd <= 0)
{
return -1;
}
ret = SSL_set_fd(ssl, sd);
if (ret == 0)
{
close(sd);
return -1;
}
RAND_poll();
while (RAND_status() == 0)
{
unsigned short rand_ret = rand() % 65536;
RAND_seed(&rand_ret, sizeof(rand_ret));
}
// error occur
ret = SSL_connect(ssl);
printf("ret=%d\n", ret); // the value of ret is -1
if( ret != 1 )
{
close(sd);
return -1;
}
...........
Best Regards
BergCurrent thread:
- a problem about openssl lib:SSL_connect() berg (Sep 07)
- Re: a problem about openssl lib:SSL_connect() berg (Sep 08)