I have written a client/server programs using OpenSSL for sending simple ASN1 structure, which is DER encoded.
rclient1.c ---> rserver.c
1. Client asks an user to enter data: a number and a short text.
2. It creates a simple ASN1 structure containing INTEGER and IA5STRING.
typedef struct { // asn1 structure for message
ASN1_INTEGER *cislo; // integer number
ASN1_IA5STRING *str; // text
} ZPRAVA;
ASN1_SEQUENCE(ZPRAVA) = {
ASN1_SIMPLE(ZPRAVA, cislo, ASN1_INTEGER),
ASN1_SIMPLE(ZPRAVA, str, ASN1_IA5STRING)
} ASN1_SEQUENCE_END(ZPRAVA)
3. Client connects to a server, sends ASN1 structure in DER format
using BIO routines, it calls
i2d_ZPRAVA_bio(io, z)
which is declared by macro
#define i2d_ZPRAVA_bio(b, zprava) \
ASN1_i2d_bio(i2d_ZPRAVA, b, (unsigned char *) zprava)
and closes the connection.
4. Server reads the DER encoding message and decodes it from BIO
object using
d2i_ZPRAVA_bio(io, z)
which is declared by macro
#define d2i_ZPRAVA_bio(b, zprava) \
(ZPRAVA*) ASN1_d2i_bio((char *(*)()) ZPRAVA_new, \
(char *(*)()) d2i_ZPRAVA, (b), (unsigned char **)(zprava))
It prints fields of ZPRAVA to stdout and closes connection.
I was interested what happens if client send incomplete DER encoded
message. I modified rclient1.c into rclient2.c.
rclient2.c --> rserver.c
Steps 1, 2 are identical. In step 3 client converts ASN1 structure to
an unsigned char field. The field contains DER encoded data. The field is
disparts into two fields.
bisect(z, 10, str1, str2);
First part is send to server calling
BIO_write(io, (void *) str1, strlen((char *) str1))
Second part isn't send
// BIO_write(io, (void *) str2, strlen((char *) str2)
and connection is closed.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Server ,which prints incoming messages, doesn't recognize that incoming
message is incomplete, prints shortered message and doesn't report
any OpenSSL error.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Try on yourself. Unpack ssl4e.tar.gz and build. There is a snapshot from
my shell.
jhofmann@monkey:~/ssl4e$ ./rserver &
[1] 8893
jhofmann@monkey:~/ssl4e$ ./rclient1
Cislo: 123
Text: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa
--------------------
Zprava
Cislo: 123
Text: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa
jhofmann@monkey:~/ssl4e$ ./rclient2
Cislo: 788
Text: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
--------------------
Zprava
Cislo: 788
Text: AA
jhofmann@monkey:~/ssl4e$
I would like to know if it is a bug or isn't. Is there any way how to
determine that received ASN1 structure is unfinished (incomplete)?
Notes:
1. I use openssl-0.9.7-beta4.
2. I based my programs on examples and tutorial written by Eric Rescorla
(http://www.rtfm.com/openssl-examples).
Thanks
Jan Hofmann
ssl4e.tar.gz
Description: Binary data
