[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri May 11 09:30:03 UTC 2018

The branch master has been updated
       via  c3114a7732f423ec42a86392e12c8c3783c53aae (commit)
      from  13f6857db107b1b6f68daa7fc4a6dd1293428bb1 (commit)

- Log -----------------------------------------------------------------
commit c3114a7732f423ec42a86392e12c8c3783c53aae
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 10 15:31:00 2018 +0100

    Set the ossl_shim to auto retry if not running asynchronously
    In certain circumstances in the DTLS code we have to drop a record (e.g. if
    it is a stale retransmit). We then have to move on to try and read the next
    record. Some applications using blocking sockets (e.g. s_server/s_client
    will hang if there isn't actually any data to be read from the socket yet).
    Others can tolerate this. Therefore SSL_read()/SSL_write() can sometimes
    return SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE even when using blocking
    sockets. Applications can use the mode SSL_MODE_AUTO_RETRY, to switch this
    behaviour off so that we never return unless we have read the data we
    wanted to.
    Commit ad96225285 fixed a DTLS problem where we always retried even if
    SSL_MODE_AUTO_RETRY was not set. However that fix caused the Boring
    ossl_shim to fail in some tests because it was relying on the previous
    (buggy) behaviour. The ossl_shim should be set into SSL_MODE_AUTO_RETRY if
    it is not operating asynchronously to avoid this problem.
    [extended tests]
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6216)


Summary of changes:
 test/ossl_shim/ossl_shim.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index 739d1bd..b1067e8 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -985,6 +985,10 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
     SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
+  if (!config->async) {
+    SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY);
+  }
   int sock = Connect(config->port);
   if (sock == -1) {
     return false;

More information about the openssl-commits mailing list