SSL_CTX_new() returns null

[Divakar Reddy]

Hi,

I'm writing a client code using boringssl on trusty platform(tee).

When i'm calling SSL_CTX_new() with TLSv1.2 method it's returning null.

Further investigation revealed that the null is because of cipher_list is null.

Do we need to call any initialization API to load the ciphers as in openssl.

BR,

Divakar Reddy

[Adam Langley]

You're calling SSL_CTX_new(TLSv1_2_method()) and it's returning NULL?

You don't need to call any init functions with BoringSSL and I'm not sure how that call could return NULL (other than a malloc failure). You would need to step though the code I'm afraid and see what's failing, or else use something like ERR_print_errors_cb to see if any errors have been recorded.

Cheers

AGL

[David Benjamin]

sk_SSL_CIPHER_push will only fail on allocation failure. If you're in so constrained an environment that a list of 70 pointers is expensive, I don't think you'll be able to run most TLS stacks. A TLS stack must be prepared to buffer up to 16k from the peer for the record layer alone.

On Sat, Oct 1, 2016 at 4:23 AM Divakar Reddy <n.divak...@gmail.com> wrote:

Thanks Adam for the reply. I've investigated further and found that the sk_SSL_CIPHER_push() method is failing in ssl_create_cipher_list().By default we've 70+ ciphers.

Is it because of memory allocation failure. Why i got this doubt is in trusty(running on ThreadX) we'll start a thread rather than process.

BR,

Divakar Reddy

[Divakar Reddy]

Thanks for your info David. I figured it out as realloc was not implemented on the trusty side..