[openssl-users] Async engine and BIOs

Matt Caswell matt at openssl.org
Tue Sep 6 22:47:01 UTC 2016

On 06/09/16 17:10, Nicolas Brunie wrote:
> Hi Everyone,
>    I am trying to mix an application with a buffer BIO over a SSL BIO
> which uses an asynchronous engine for offloading.
>    I had a quick look at the SSL BIO (ssl/bio_ssl.c) and it does not
> seem to care about the error SSL_ERROR_WANT_ASYNC coming from a
> SSL_write or a SSL_read. Does this means that this error is silently
> ignored ?
> Does it means the BIO chains will retry automatically to call the
> SSL_write ou SSL_read with the same arguments to make it finish ? Does
> it mean my call to BIO_write/BIO_read will return directly when the
> engine call ASYNC_pause_job without fnishing the job and I have to call
> BIO_write / BIO_read until the sum or return value equals the amount of
> data I was expected it to proceed ?

The SSL BIO does not directly support async. You should not set an SSL
object wrapped in an SSL BIO into async mode because the SSL BIO will
not handle the SSL_ERROR_WANT_ASYNC response correctly. If you want to
handle async events you have two options:

1) Call SSL_read()/SSL_write() directly (after setting the SSL object
into ASYNC mode) and handle SSL_ERROR_WANT_ASYNC without using an SSL BIO

2) Use the ASYNC_start_job() interface directly.

In the latter case you should not set the SSL object into async mode at
all - because your code will be interfacing directly with the async API.

If you really have to do it via BIOs you could implement your own async
BIO filter that uses ASYNC_start_job() and translates ASYNC_PAUSE events
into standard non-blocking IO events.


More information about the openssl-users mailing list