[openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as to keep us all safe (from infinite loop & zombification bugs)!

[Tinker]

Hi Graham,

Thank you a lot for your response! -

Just to merge this properly with your previous response to another 
thread this past Sat the 21:st in 
https://mta.openssl.org/pipermail/openssl-users/2015-February/000608.html 
,

It's not just “I want to read during SSL_write, are you ok with me doing 
this?” but rather "I want to read during SSL_write [nevermind if I tried 
already or not]. Please invoke me next time when there's actual input 
data available, thank you." -

SSL_ERROR_WANTS_READ/WRITE is how OpenSSL says that it needs more data 
on the socket ie asks user to select() with the socket in readfds and 
reinvoke when there is more data, or it wants to write for the socket 
and it's not writable anymore now, so it asks the user to select() with 
the socket in writefds and reinvoke when it's writable, right?


I.e. the if_ready_to_read/if_ready_to_write you suggested below would 
generally be implemented in terms of a select() call.

And then of course, as a caller I'm not obliged to do a select() and 
reiterate but I may do anything, or do another SSL operation such as 
another SSL_read or SSL_shutdown (though supposedly also that one would 
return with the same SSL_ERROR_WANTS_READ/WRITE so that would just be to 
postpone the problem) right?


..And also I suppose this means you confirm that all the points in my 
previous email were correct.

Thanks :)

On 2015-02-24 20:48, Graham Leggett wrote:
> On 22 Feb 2015, at 11:22 PM, Tinker <tinkr at openmailbox.org> wrote:
> 
>> I need your authoritative answer on the following question.
> 
> [snip stuff that is too long]
> 
> You are totally overthinking this.
> 
> The SSL protocol involves negotiation, during which the sender and the
> receiver exchange data with each other. What this means is that during
> either SSL_read, or SSL_write, openssl might try to write or read
> respectively. If your non-blocking code isn’t geared to handle this,
> you might end up either hanging or spinning as you wait for the wrong
> event.
> 
> The SSL_WANTS_READ response code is a warning that means “I want to
> read during SSL_write, are you ok with me doing this?”.
> 
> The SSL_WANTS_WRITE response code is a warning that means “I want to
> write during SSL_read, are you ok with me doing this?”.
> 
> In both cases, once you have determined that it is ok to read, or ok
> to write, you simply retry SSL_write() or SSL_read() again.
> 
> For example, a read loop:
> 
> sense = READ;
> while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
>     rc = SSL_read();
>     if (rc == SSL_WANT_WRITE) {
>         sense = WRITE;
>     } else {
>         sense = READ;
>     }
>     // do stuff with what you read (you may have read nothing, but
> that’s fine too)
> }
> 
> Regards,
> Graham
> —
> 
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users