[openssl-dev] Questions about ASYNC API for engines and moving read buffer.
Matt Caswell
matt at openssl.org
Mon Jun 5 08:26:16 UTC 2017
On 02/06/17 15:20, Emeric Brun wrote:
>
> I've just read the code and I see it is not possible.
>
> I'm disappointed because i think that a lot of applications which are using openssl in asynchronous mode
> also uses SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and have ephemeral/reused/circular buffers for
> both read and write operations.
>
> As documented: SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER "make it possible to retry SSL_write() with changed buffer location"
>
> SSL_read implicitly also support it, and since the support of openssl in our application (0.9.8), we never faced such issue.
>
> In my case, this is a dead end: Enabling the async mode on any engine (mine or qat), it looks good during the hanshake but it
> causes buffer overflows switching in the data stage.
>
> Is there a way for the application to disable the async mode after the asymetric stuff (handshake)? At least we could use the
> new async api for that.
Well I suppose in theory you could just switch the mode off:
SSL_clear_mode(s, SSL_MODE_ASYNC);
But I've not tested it so I don't know if there would be any unexpected
problems as a result.
Matt
More information about the openssl-dev
mailing list