Quantcast

Query regarding MSG_NOSIGNAL with SSL_Write

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Query regarding MSG_NOSIGNAL with SSL_Write

mahesh gs
Hi,

We are using Openssl for establish a secure communications for both TCP/SCTP connections.

In our application it is possible that remote end forcefully disconnect the connection due to which 

SSL_Write raises a SIGPIPE which we want to suppress. Does openssl 

provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket layer) ?

Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is not supported by LINUX 

and also we are unable to stop the SIGPIPE with function call signal(SIGPIPE, SIG_IGN). 


Thanks,
Mahesh G S

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Verhelst Wouter (Consultant)
On 27-04-17 12:56, mahesh gs wrote:

> Hi,
>
> We are using Openssl for establish a secure communications for both
> TCP/SCTP connections.
>
> In our application it is possible that remote end forcefully disconnect
> the connection due to which
>
> SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
>
> provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
> layer) ?
>
> Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
> not supported by LINUX

You want to set the socket to nonblocking:

flags = fcntl(socket, F_GETFL, 0);
flags |= O_NONBLOCK
fcntl(socket, F_SETFL, flags);

(You'll need to add error checking for the fcntl() calls)

--
Wouter Verhelst
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Verhelst Wouter (Consultant)
On 27-04-17 13:01, Wouter Verhelst wrote:

> On 27-04-17 12:56, mahesh gs wrote:
>> Hi,
>>
>> We are using Openssl for establish a secure communications for both
>> TCP/SCTP connections.
>>
>> In our application it is possible that remote end forcefully disconnect
>> the connection due to which
>>
>> SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
>>
>> provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
>> layer) ?
>>
>> Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
>> not supported by LINUX
>
> You want to set the socket to nonblocking:
>
> flags = fcntl(socket, F_GETFL, 0);
> flags |= O_NONBLOCK
> fcntl(socket, F_SETFL, flags);
>
> (You'll need to add error checking for the fcntl() calls)

Actually, I confused two different issues here. Ignore me :-)

--
Wouter Verhelst
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Matt Caswell-2
In reply to this post by mahesh gs


On 27/04/17 11:56, mahesh gs wrote:

> Hi,
>
> We are using Openssl for establish a secure communications for both
> TCP/SCTP connections.
>
> In our application it is possible that remote end forcefully disconnect
> the connection due to which
>
> SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
>
> provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
> layer) ?

No, there is no option to do that at the moment.

>
> Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
> not supported by LINUX
>
> and also we are unable to stop the SIGPIPE with function call
> signal(SIGPIPE, SIG_IGN).

Unable because you want SIGPIPE for other areas of your application? Or
for some other reason?

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

OpenSSL - User mailing list
In reply to this post by mahesh gs
> Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket layer) ?

No.  You will have to modify the code yourself.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Viktor Dukhovni
On Thu, Apr 27, 2017 at 12:32:42PM +0000, Salz, Rich via openssl-users wrote:

> > Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket layer) ?
>
> No.  You will have to modify the code yourself.

Actually, it is possible to do the I/O in application code, using
any "write some data down a socket" API of the application's choice.

    https://www.openssl.org/docs/man1.0.2/crypto/BIO_s_bio.html

In particular, the OP could use sendmsg() to move data between the
SSL layer and the network.

For a complete example, see network_biopair_interop() function in
Postfix 2.3 (recent Postfix releases no longer use this approach).

    https://github.com/vdukhovni/postfix/blob/postfix-2.3/postfix/src/tls/tls_bio_ops.c

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Matt Caswell-2


On 27/04/17 15:53, Viktor Dukhovni wrote:

> On Thu, Apr 27, 2017 at 12:32:42PM +0000, Salz, Rich via openssl-users wrote:
>
>>> Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket layer) ?
>>
>> No.  You will have to modify the code yourself.
>
> Actually, it is possible to do the I/O in application code, using
> any "write some data down a socket" API of the application's choice.
>
>     https://www.openssl.org/docs/man1.0.2/crypto/BIO_s_bio.html
>
> In particular, the OP could use sendmsg() to move data between the
> SSL layer and the network.
>
> For a complete example, see network_biopair_interop() function in
> Postfix 2.3 (recent Postfix releases no longer use this approach).
>
>     https://github.com/vdukhovni/postfix/blob/postfix-2.3/postfix/src/tls/tls_bio_ops.c
>

The OP is using SCTP (which uses DTLS). The above approach is
problematic in DTLS. The DTLS code assumes that the BIO will provide a
set of datagram related ctrls (which are of course available if you use
a straight BIO_s_datagram()). BIO pairs don't support those ctrls.
Additionally they don't respect datagram boundaries.

You could use a custom filter BIO for a similar effect which can pass on
the ctrls down to the final source/sink BIO - and just use it to
intercept the "write" calls and plug in your own custom call of
sendmsg(). That would probably work with straight DTLS over UDP.

Unfortunately the libssl SCTP code is even more restrictive than normal
DTLS. It tests whether you are using SCTP by calling BIO_dgram_is_sctp()
on the read or write BIO:

int BIO_dgram_is_sctp(BIO *bio)
{
    return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
}

If you plug in your own custom BIO it fails to detect SCTP :-(

The code also calls a number of other BIO specific functions such as
BIO_dgram_sctp_wait_for_dry() and BIO_dgram_sctp_msg_waiting().

In other words the libssl SCTP code is tightly coupled to the SCTP BIO
implementation - which effectively rules out custom BIOs.

The code could do with an overhaul, but not that many people use SCTP so
it hasn't really been a priority :-(

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Ryan Murray
In reply to this post by Viktor Dukhovni

Great article. Who is the author?

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, April 27, 2017 11:54 AM
To: [hidden email]
Subject: Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

 

On Thu, Apr 27, 2017 at 12:32:42PM +0000, Salz, Rich via openssl-users wrote:

 

> > Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket layer) ?

>

> No.  You will have to modify the code yourself.

 

Actually, it is possible to do the I/O in application code, using

any "write some data down a socket" API of the application's choice.

 

    https://www.openssl.org/docs/man1.0.2/crypto/BIO_s_bio.html

 

In particular, the OP could use sendmsg() to move data between the

SSL layer and the network.

 

For a complete example, see network_biopair_interop() function in

Postfix 2.3 (recent Postfix releases no longer use this approach).

 

    https://github.com/vdukhovni/postfix/blob/postfix-2.3/postfix/src/tls/tls_bio_ops.c

 

--

                Viktor.

--

openssl-users mailing list

To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Viktor Dukhovni
In reply to this post by mahesh gs
On Thu, Apr 27, 2017 at 04:32:33PM +0100, Matt Caswell wrote:

> >>> Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket layer) ?
> >>
> >> No.  You will have to modify the code yourself.
> >
> > Actually, it is possible to do the I/O in application code, using
> > any "write some data down a socket" API of the application's choice.
>
> The OP is using SCTP (which uses DTLS). The above approach is
> problematic in DTLS. ...

Thanks, I missed the SCTP part of the requirements.

On Thu, Apr 27, 2017 at 04:26:22PM +0530, mahesh gs wrote:

> We are using Openssl for establish a secure communications for both
> TCP/SCTP connections.

The approach I suggested will only work for TLS with TCP.  For DTLS
with SCTP you'll need something else.  Does SCTP also raise SIGPIPE
on write() when the remote end is closed?

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

mahesh gs
In reply to this post by Matt Caswell-2
Hi Matt,

Sorry for delayed response. I was on leave.

Yes, ours is a library and we do not wish to ignore the signal process wide because the consumer of our library (application) might want to handle the SIGPIPE for there own socket handling.

Thanks,
Mahesh G S

On Thu, Apr 27, 2017 at 4:36 PM, Matt Caswell <[hidden email]> wrote:


On 27/04/17 11:56, mahesh gs wrote:
> Hi,
>
> We are using Openssl for establish a secure communications for both
> TCP/SCTP connections.
>
> In our application it is possible that remote end forcefully disconnect
> the connection due to which
>
> SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
>
> provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
> layer) ?

No, there is no option to do that at the moment.

>
> Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
> not supported by LINUX
>
> and also we are unable to stop the SIGPIPE with function call
> signal(SIGPIPE, SIG_IGN).

Unable because you want SIGPIPE for other areas of your application? Or
for some other reason?

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Matt Caswell-2


On 02/05/17 06:59, mahesh gs wrote:
> Hi Matt,
>
> Sorry for delayed response. I was on leave.
>
> Yes, ours is a library and we do not wish to ignore the signal process
> wide because the consumer of our library (application) might want to
> handle the SIGPIPE for there own socket handling.

Could you use pthread_sigmask() to only block SIGPIPE for the current
thread (perhaps unblocking it again before returning control back to the
caller of your library)?

Matt

>
> Thanks,
> Mahesh G S
>
> On Thu, Apr 27, 2017 at 4:36 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 27/04/17 11:56, mahesh gs wrote:
>     > Hi,
>     >
>     > We are using Openssl for establish a secure communications for both
>     > TCP/SCTP connections.
>     >
>     > In our application it is possible that remote end forcefully disconnect
>     > the connection due to which
>     >
>     > SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
>     >
>     > provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
>     > layer) ?
>
>     No, there is no option to do that at the moment.
>
>     >
>     > Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
>     > not supported by LINUX
>     >
>     > and also we are unable to stop the SIGPIPE with function call
>     > signal(SIGPIPE, SIG_IGN).
>
>     Unable because you want SIGPIPE for other areas of your application? Or
>     for some other reason?
>
>     Matt
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

mahesh gs


On Tue, May 2, 2017 at 2:36 PM, Matt Caswell <[hidden email]> wrote:


On 02/05/17 06:59, mahesh gs wrote:
> Hi Matt,
>
> Sorry for delayed response. I was on leave.
>
> Yes, ours is a library and we do not wish to ignore the signal process
> wide because the consumer of our library (application) might want to
> handle the SIGPIPE for there own socket handling.

Could you use pthread_sigmask() to only block SIGPIPE for the current
thread (perhaps unblocking it again before returning control back to the
caller of your library)?

 
Thanks for your suggestion. We will try to adapt this work around.


>
> Thanks,
> Mahesh G S
>
> On Thu, Apr 27, 2017 at 4:36 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 27/04/17 11:56, mahesh gs wrote:
>     > Hi,
>     >
>     > We are using Openssl for establish a secure communications for both
>     > TCP/SCTP connections.
>     >
>     > In our application it is possible that remote end forcefully disconnect
>     > the connection due to which
>     >
>     > SSL_Write raises a SIGPIPE which we want to suppress. Does openssl
>     >
>     > provide any way to set MSG_NOSIGNAL on sendmsg (Underlying TCP/IP socket
>     > layer) ?
>
>     No, there is no option to do that at the moment.
>
>     >
>     > Unfortunately we cannot use "setsockopt" with "SO_NOSIGPIPE"  as it is
>     > not supported by LINUX
>     >
>     > and also we are unable to stop the SIGPIPE with function call
>     > signal(SIGPIPE, SIG_IGN).
>
>     Unable because you want SIGPIPE for other areas of your application? Or
>     for some other reason?
>
>     Matt
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Viktor Dukhovni
In reply to this post by Matt Caswell-2

> On May 2, 2017, at 5:06 AM, Matt Caswell <[hidden email]> wrote:
>
>> Yes, ours is a library and we do not wish to ignore the signal process
>> wide because the consumer of our library (application) might want to
>> handle the SIGPIPE for there own socket handling.
>
> Could you use pthread_sigmask() to only block SIGPIPE for the current
> thread (perhaps unblocking it again before returning control back to the
> caller of your library)?

Presumably, the signal will be delivered as soon as it unblocked, and likely
before "returning control to the caller".  So I think this just delays the
problem, but does not fix it.  Blocking a signal is not the same as ignoring
it.  Multi-threaded programs should avoid having signals delivered to some
random thread that happens to be "on CPU", by blocking signals permanently
in all but a single signal-handling thread, but such design decisions are
made in main() and not in libraries.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Michael Wojcik
In reply to this post by mahesh gs

It may be worth noting that nearly all well-written UNIX applications should set the disposition of SIGPIPE to SIG_IGN. (Preferably using sigaction, simply because that's now the preferred API, but doing it with signal is essentially equivalent in this case.)

 

SIGPIPE is a hack. It exists only to terminate poorly-written programs that could otherwise block a pipeline. See Bach, The Design of the UNIX Operating System; if memory serves, Bach quotes Dennis Ritchie on this point. SIGPIPE was introduced because some poorly-written programs did not check the return code from write.[1]

 

Catching SIGPIPE in a custom handler is nearly always the Wrong Thing. The correct approach, 99.9% of the time, is to set the disposition to SIG_IGN and check the results of each system call.

 

Personally, I think it's completely acceptable for a library to note in its documentation that the calling program MUST ignore SIGPIPE, or the library may not function properly. It's arguably OK for a library to check the disposition of SIGPIPE and if it's SIG_DFL, change it to SIG_IGN, on the grounds that the calling program is not well-written so it doesn't deserve to govern its own signal handling; but it's probably better to just fail in that case, either immediately (with a diagnostic that tells the user that the developer forgot to set the disposition of SIGPIPE) or when a SIGPIPE occurs.

 

Libraries can't accommodate all forms of invalid behavior. You can do a certain amount of defensive coding, but at some point you're diminishing functionality for well-behaved applications in order to coddle bad ones. Don't do that.

 

[1] There were no send, sendto, or sendmsg calls at the time. Now the argument applies equally to them.

 

Michael Wojcik
Distinguished Engineer, Micro Focus

 

 

 

From: openssl-users [mailto:[hidden email]] On Behalf Of mahesh gs
Sent: Monday, May 01, 2017 23:59
To: [hidden email]
Subject: Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

 

 

Yes, ours is a library and we do not wish to ignore the signal process wide because the consumer of our library (application) might want to handle the SIGPIPE for there own socket handling.

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Query regarding MSG_NOSIGNAL with SSL_Write

Michael Sierchio

On Tue, May 2, 2017 at 8:27 AM, Michael Wojcik <Michael.Wojcik@...> wrote:

It may be worth noting that nearly all well-written UNIX applications should set the disposition of SIGPIPE to SIG_IGN. SIGPIPE is a hack. It exists only to terminate poorly-written programs that could otherwise block a pipeline. See Bach, The Design of the UNIX Operating System; if memory serves, Bach quotes Dennis Ritchie on this point. SIGPIPE was introduced because some poorly-written programs did not check the return code from write.[1]

... 
 
This is excellent advice. In principle, I am in complete agreement. We should not write code that depends on this artifact. We should treat it as deprecated. 

However ... ;-)  

It's probably also true that there is a lot of code that depends on it. True to form for "deprecated"

- M

--
"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...