[openssl-users] OpenSSL Dragino Yun Issues

Nikola Milev nikola.n.milev at gmail.com
Thu Sep 1 11:36:02 UTC 2016


Dear OpenSSL community,

I have, because of Matt's suggestion of the origin of error, written a
small C server that uses the same configuration and it works. Can someone
tell me what's going on?
The code is next (fully copied from my editor):

"#include<string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <stdio.h>
#include <netinet/in.h>
#include <errno.h>

#define PROTOCOL IPPROTO_TCP
#define SERV_PORT 8080
#define LISTENQ 1
#define MAXLINE 100

void exit_msg(const char* msg) ;
void str_echo(int sockfd) ;
ssize_t writen(int fd, const void *vptr, size_t n) ;


int main(int argc, char **argv)
{
    int     listenfd, connfd;
    pid_t   childpid;
    socklen_t clilen;
    struct sockaddr_in cliaddr, servaddr;
    listenfd = socket (AF_INET, SOCK_STREAM, PROTOCOL);
    if(listenfd < 0)
    {
        exit_msg("socket() error");
    }
    printf("Created socket!\n");
    memset(&servaddr, 0, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_addr.s_addr = htonl (INADDR_ANY);
    servaddr.sin_port = htons (SERV_PORT);

    if(bind(listenfd, (const struct sockaddr *) &servaddr,
sizeof(servaddr)) < 0)
    {
        exit_msg("bind() error");
    }
    printf("Binded port/socket!\n");

    if(listen(listenfd, LISTENQ) < 0)
    {
        exit_msg("listen() error");
    }
    printf("Listening!\n");

    while(1)
    {
        clilen = sizeof(cliaddr);
        connfd = accept(listenfd, (struct sockaddr *) &cliaddr, &clilen);
        if(connfd < 0)
        {
            exit_msg("accept() error");
        }
        printf("Accepted!\n");
        str_echo(connfd);

        close(connfd);
    }
}

void str_echo(int sockfd)
{
    ssize_t n;
    char buf[MAXLINE];

    while(1)
    {
        while ( (n = read(sockfd, buf, MAXLINE)) > 0)
        {
            writen(sockfd, buf, n);
            buf[n]=0;
            printf("Echoing %lu bytes: %s\n", n, buf);
        }
        if (n < 0 && errno == EINTR)
        {
            continue;
        }
        else if (n < 0)
        {
            exit_msg("read() failure");
        }
        else if(n==0)
        {
            printf("Client ended!\nListening!\n");
            break;
        }
    }
}

ssize_t writen(int fd, const void *vptr, size_t n)
{
    size_t nleft;
    ssize_t nwritten;
    const char *ptr;
    ptr = vptr;
    nleft = n;
    while (nleft > 0)
    {
        if ( (nwritten = write(fd, ptr, nleft)) <= 0)
        {
            if (nwritten < 0 && errno == EINTR)
            {
                nwritten = 0;
            }
            else
            {
                return -1;
            }
        }
        nleft -= nwritten;
        ptr += nwritten;
    }
    return n;
}

void exit_msg(const char* msg)
{
    perror(msg);
    exit(EXIT_FAILURE);
}"

Best regards,
Nikola Milev

On 1 September 2016 at 00:16, Nikola Milev <nikola.n.milev at gmail.com> wrote:

> To whom it may concern,
>
> I have been experiencing issues with OpenSSL and DraginoYun. If you are
> not the person I should have contacted, please redirect me. Thank you!
>
> Recently, I have tried using OpenSSL to establish a simple server
> application on Dragino Yun version 2.4. First, I tested the code on my Acer
> Aspire 5750ZG running Ubuntu 14.04 and it worked fine. Afterwards, I used
> OpenWrt SDK to cross-compile the application. However, the application is
> unable to bind the socket; the BIO_do_accept function fails. Here is the
> error stack the code provided:
> "2006783048:error:0200407C:lib(2):func(4):reason(124):NA:0:port='5354'
> 2006783048:error:20069076:lib(32):func(105):reason(118):NA:0:"
>
> errstr returned these as answers:
> "$ openssl errstr 0200407C
> error:0200407C:system library:socket:Wrong medium type
> $ openssl errstr 20069076
> error:20069076:BIO routines:BIO_get_accept_socket:unable to create socket
> "
> I suppose that the second one is a product of the first one.
>
> I have checked iptables and I have checked ports that are currently in
> use, all seems to be in order.
>
> However, the OpenSSL s_server (in combination with s_client on the other
> side) works fine.
> May this be an OpenSSL bug? If not, do you have any suggestions?
>
> OpenSSL version on Acer is 1.0.1f 6 Jan 2014 and on Dragino 1.0.1h 5 Jun
> 2014.
>
> In the attachment, I am providing the code(though I am not sure if it is
> available on the list), mostly taken from O'Reilly "Network Security with
> OpenSSL".
>
> All the passkeys are "raspberry". (these certificates and keys were
> generated for testing purposes)
>
> Of course, should you need any additional information, I'd be happy to
> provide it.
>
> I originally addressed Matt Caswell regarding the issue and I am pasting
> his response to my question and my response to that.
>
> His response:
> "Hello,
>
> I'm not really the best person to ask about such low level stuff. The
> best place to raise these questions is on the openssl-users email list.
> It also means any questions/answers are publicly archived and available
> for other users. Details are here:
>
> https://mta.openssl.org
>
> However, I did have a quick look and discovered the following. The code
> that raises this error looks like this:
>
>     s = socket(server.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL);
>     if (s == INVALID_SOCKET) {
>         SYSerr(SYS_F_SOCKET, get_last_socket_error());
>         ERR_add_error_data(3, "port='", host, "'");
>         BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET)
> ;
>         goto err;
>     }
>
> So this is a call to the non-OpenSSL networking function "socket". In
> this context "server.sa.sa_family" has been set to AF_INET a few lines
> above, and "SOCKET_PROTOCOL" is a macro defined at the beginning of the
> file as follows:
>
> # define SOCKET_PROTOCOL IPPROTO_TCP
>
> In other words the function that is failing is doing this:
>
> socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
>
> This seems like a fairly fundamental failure, and might suggest that the
> platform in question has no TCP/IP support available for some reason?"
>
> My response to his:
> "
> Hi Matt,
>
> The platform supports TCP/IP, if I deduced correctly. I have programmed an
> application similar to the example in Unix Network Programming (a basic
> TCP/IP echo server) and it works without any issues. Also, openssl s_server
> works correctly; I tried using it with openssl s_client on the other
> machine.
> I will forward my question to the email list, including both of our
> responses.
> I am grateful for your quick response.
>
> Best regards,
> Nikola Milev
>
> "
>
> My original mail to him is almost the same as the first part of this mail.
>
> I am thankful for you support!
>
> Best regards,
> Nikola Milev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160901/dc3d4b22/attachment.html>


More information about the openssl-users mailing list