[openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as to keep us all safe (from infinite loop & zombification bugs)!
Tinker
tinkr at openmailbox.org
Wed Feb 25 11:56:56 UTC 2015
Wait,
On 2015-02-24 20:48, Graham Leggett wrote:
[..]
> sense = READ;
> while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
> rc = SSL_read();
> if (rc == SSL_WANT_WRITE) {
> sense = WRITE;
> } else {
> sense = READ;
> }
> // do stuff with what you read (you may have read nothing, but
> that’s fine too)
> }
Just to clarify and extend your pseudocode example a bit, this is
absolutely correct right?:
int my_flexible_read_routine(SSL* ssl, int socket,int bytes_needed,int
bytes_accepted,void* to) {
reiterate:
rc = SSL_read(ssl,socket,...);
if (rc -- SSL_ERROR_WANT_READ) {
if (i actually need more data from SSL_read ie bytes_needed
bytes haven't been read yet) {
// OpenSSL needed more input data from the socket to
proceed, and it wasn't available. Therefore wait for it to drop in, and
then reiterate SSL_read();
select(socket for readability indefinitely);
if (select said we got new data) goto reiterate; else return
error;
}
} else if (rc -- SSL_ERROR_WANT_WRITE) {
if (i actually need more data from SSL_read ie bytes_needed
bytes haven't been read yet) {
// OpenSSL needed to write more data to socket to proceed,
than the OS allowed it to do right now. Therefore wait for the socket to
become writable, and then reiterate SSL_read();
select(socket for writability indefinitely);
if (select said the socket is now writable) goto reiterate;
else return error;
}
}
if (bytes_needed > bytes read) goto reiterate;
return bytes read;
}
More information about the openssl-users
mailing list