Hello.
We're operating the network by using the function of OpenSSL.
If taskmanager of Windows is seen during the network communication,
the amount of the memory used will increase gradually.
Is this normal workings?
In addition, it checked that the increase in the memory is not a memory leak by using
"Purify".
The environment of operation is as follows:
Openssl Version :Openssl-0.9.6g
Operation System :Windows2000 sp3
Please give me a reply.
The results of an investigation of memory necessary quantity and sample program are
indicated below.
+------------+--------------------------------------+
| Windows | DES:@STRENGHTH |
| 2000 +------------+------------+------------+
| | Before | After | Difference |
+============+============+============+============+
| 100 times | 1032 | 2444 | 1412 |
+------------+------------+------------+------------+
| 1000 times | 1028 | 2780 | 1752 |
+------------+------------+------------+------------+
| 2000 times | 1032 | 3044 | 2012 |
+------------+------------+------------+------------+
| 3000 times | 1028 | 3096 | 2068 |
+------------+------------+------------+------------+
#include <stdio.h>
#include <memory.h>
#include <string.h>
#ifdef WIN32
#include <winsock2.h>
#include <io.h>
#else
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#define CIPHER_LIST_STR "ALL:@STRENGTH"
*/
#define CIPHER_LIST_STR "DES:@STRENGTH"
#define SERVER_IP "255.255.255.255"
#define _SERVER_PORT 5963
#define HELLO_MESSAGE "Hello, World!"
#define QUIT_REQUEST "Shut you down."
#define SEND_FILE_1000KB "./SKDDL.cpp" // about 100kb
int main(int argc, char **argv)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
SSL_SESSION *session = NULL;
struct sockaddr_in sa;
int sd = -1;
int ret;
int err;
int len;
char buf[4096];
int exit_count = 1;
FILE *fp = NULL;
char *server_ip = SERVER_IP;
int server_port = _SERVER_PORT;
if (argc > 1) {
server_ip = *(argv + 1);
if (argc > 2) {
sscanf(*(argv + 2), "%d", &server_port);
}
}
fprintf(stdout,"Ready...\n");
getchar();/* 0 */
//////////////////////////////////////
SSL_library_init();
fprintf(stdout,"SSL_library_init\n");
//////////////////////////////////////
SSL_load_error_strings();
fprintf(stdout,"SSL_load_error_strings\n");
//////////////////////////////////////
while (RAND_status() == 0) {
int rnd = rand();
RAND_seed(&rnd, sizeof(rnd));
}
fprintf(stdout,"RAND_status\n");
//////////////////////////////////////
ctx = SSL_CTX_new(TLSv1_client_method());
fprintf(stdout,"SSL_CTX_new");
if (ctx == NULL) {
fprintf(stderr, "SSL_CTX_new() failed\n");
goto cleanup;
}
//////////////////////////////////////
SSL_CTX_set_cipher_list(ctx, CIPHER_LIST_STR);
fprintf(stdout,"SSL_CTX_set_cipher_list");
//////////////////////////////////////
ssl = SSL_new(ctx);
fprintf(stdout,"SSL_new");
if (ssl == NULL) {
fprintf(stderr, "SSL_new() failed\n");
goto cleanup;
}
#ifdef WIN32
//////////////////////////////////////
WORD wVersionRequested;
WSADATA wsaData;
wVersionRequested = MAKEWORD(2, 2);
if (WSAStartup(wVersionRequested, &wsaData) != 0) {
fprintf(stderr,"WSAStartup failed\n");
goto cleanup;
}
#endif
fprintf(stdout,"WSAStartup");
start_connect:
fprintf(stdout,"\n********** %d **********\n", exit_count);
//////////////////////////////////////
if (sd != -1) {
close(sd);
}
fprintf(stdout,"close\n");
sd = socket(AF_INET, SOCK_STREAM, 0);
if (sd == -1) {
// fprintf(stderr, "socket() failed\n");
goto cleanup;
}
fprintf(stdout,"socket\n");
//////////////////////////////////////
memset (&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr(server_ip);
sa.sin_port = htons(server_port);
ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
fprintf(stdout,"connect\n");
if (ret != 0) {
// fprintf(stderr, "connect() failed\n");
goto cleanup;
}
//////////////////////////////////////
SSL_set_fd(ssl, sd);
fprintf(stdout,"SSL_set_fd\n");
//////////////////////////////////////
ret = SSL_connect(ssl);
fprintf(stdout,"SSL_connect\n");
if (ret != 1) {
err = SSL_get_error(ssl, ret);
ERR_error_string(err, buf);
fprintf(stderr, "SSL_connect() failed: %s\n", buf);
goto cleanup;
}
// printf("SSL connection established.\n");
//////////////////////////////////////
if(session != NULL){
SSL_SESSION_free(session);
session = NULL;
}
session = SSL_get1_session(ssl);
fprintf(stdout,"SSL_get1_session\n");
if (session) {
// printf("Session ID: ");
for (unsigned int i = 0; i < session->session_id_length; i++) {
if (i % 16 == 0) {
// printf("\n");
}
// printf("%02x ", session->session_id[i]);
}
// printf("\n");
}
//////////////////////////////////////
{
SSL_CIPHER *cipher;
const char *name;
const char *version;
const char* proversion;
int bits;
proversion = SSL_get_version(ssl);
fprintf(stdout,"SSL_get_version");
cipher = SSL_get_current_cipher(ssl);
name = SSL_CIPHER_get_name(cipher);
version = SSL_CIPHER_get_version(cipher);
bits = SSL_CIPHER_get_bits(cipher, NULL);
// printf ("Cipher Name %s\nVersion %s\nBits %d\n",
// name, version, bits);
/******************************************************************************/
//printf("protcol version %s\n", proversion);
/******************************************************************************/
}
//////////////////////////////////////
{
X509 *cert = SSL_get_peer_certificate (ssl);
fprintf(stdout,"SSL_get_peer_certificate\n");
if (cert != NULL) {
unsigned char *bytes;
len = i2d_X509(cert, NULL);
if ((bytes = (unsigned char *)malloc(len)) != NULL) {
unsigned char *p = bytes;
i2d_X509(cert, &p);
FILE *fp = fopen("peer_cert.dat", "wb");
if (fp) {
fwrite(bytes, 1, len, fp);
fclose(fp);
}
free(bytes);
}
// printf ("Server certificate:\n");
char *str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
fprintf(stdout,"X509_NAME_oneline\n");
if (str) {
// printf ("subject: %s\n", str);
OPENSSL_free(str);
}
str = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
fprintf(stdout,"X509_NAME_oneline_2\n");
if (str) {
// printf ("issuer: %s\n", str);
OPENSSL_free(str);
}
X509_free(cert);
}
else {
// printf ("Server does not have certificate.\n");
}
}
//////////////////////////////////////
buf[0] = 1;
if (buf[0] == '2') {
strcpy(buf, QUIT_REQUEST);
}
else {
strcpy(buf, HELLO_MESSAGE);
}
len = strlen(buf);
/*
if ((fp = fopen(SEND_FILE_1000KB, "rb")) != NULL) {
len = fread(buf, 1, sizeof(buf), fp);
fclose(fp);
if (len <= 0) {
fprintf(stderr, "file \"" SEND_FILE_1000KB "\" read error\n");
goto cleanup;
}
}
else {
fprintf(stderr, "file \"" SEND_FILE_1000KB "\" open error\n");
goto cleanup;
}
*/
ret = SSL_write(ssl, buf, len);
fprintf(stdout,"SSL_write\n");
if (ret <= 0) {
err = SSL_get_error(ssl, ret);
ERR_error_string(err, buf);
// fprintf(stderr, "SSL_write() failed: %s\n", buf);
goto cleanup;
}
// printf("%d bytes sent to server.\n", ret);
//////////////////////////////////////
ret = SSL_read(ssl, buf, sizeof(buf) - 1);
fprintf(stdout,"SSL_read\n");
if (ret <= 0) {
err = SSL_get_error(ssl, ret);
ERR_error_string(err, buf);
// fprintf(stderr, "SSL_read() failed: %s\n", buf);
goto cleanup;
}
// printf ("%d bytes received from server.\n", ret);
buf[ret] = '\0';
// printf ("%s\n", buf);
//////////////////////////////////////
SSL_shutdown(ssl);
fprintf(stdout,"SSL_shutdown\n");
// printf("shutdown alert was sent to server.\n");
//////////////////////////////////////
// printf("Reconnect with current SESSION ?");
SSL_set_session(ssl, session);
fprintf(stdout,"SSL_set_session\n");
if(exit_count == 3000){
goto cleanup;
}else{
exit_count++;
goto start_connect;
}
cleanup:
//////////////////////////////////////
if (session != NULL) {
SSL_SESSION_free(session);
}
fprintf(stdout,"SSL_SESSION_free\n");
//////////////////////////////////////
if (sd != -1) {
close (sd);
}
fprintf(stdout,"close\n");
#ifdef WIN32
WSACleanup();
#endif
//////////////////////////////////////
if (ssl != NULL) {
SSL_free (ssl);
}
fprintf(stdout,"SSL_free\n");
//////////////////////////////////////
if (ctx != NULL) {
SSL_CTX_free (ctx);
}
fprintf(stdout,"SSL_CTX_free\n");
//////////////////////////////////////
ERR_free_strings();
fprintf(stdout,"ERR_free_strings\n");
printf("Hit Return Key\n");
getchar();
return 0;
}
A.Nishiyama
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
