[openssl-dev] Questions about ASYNC API for engines and moving read buffer.

Matt Caswell matt at openssl.org
Mon Jun 5 08:26:16 UTC 2017



On 02/06/17 15:20, Emeric Brun wrote:

> 
> I've just read the code and I see it is not possible.
> 
> I'm disappointed because i think that a lot of applications which are using openssl in asynchronous mode
> also uses SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and have ephemeral/reused/circular buffers for
> both read and write operations.
> 
> As documented: SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER "make it possible to retry SSL_write() with changed buffer location"
> 
> SSL_read implicitly also support it, and since the support of openssl in our application (0.9.8), we never faced such issue. 
> 
> In my case, this is a dead end: Enabling the async mode on any engine (mine or qat), it looks good during the hanshake but it
> causes buffer overflows switching in the data stage.
> 
> Is there a way for the application to disable the async mode after the asymetric stuff (handshake)? At least we could use the
> new async api for that. 

Well I suppose in theory you could just switch the mode off:

SSL_clear_mode(s, SSL_MODE_ASYNC);

But I've not tested it so I don't know if there would be any unexpected
problems as a result.

Matt


More information about the openssl-dev mailing list