On Thu, Oct 26, 2000 at 12:01:58PM -0700, David Schwartz wrote:
> [...](this is the code I would call _after_ any case where I did a BIO_write
> to the SSL code):
>
> bool done;
> char buf[768];
>
> done=false;
> while(!done)
> {
> done=true;
>
> // Does the SSL library want to send any encrypted data
> r=BIO_read(bio_io, buf, 768);
> if(r>0)
> {
> done=false;
> PutOutbound(buf, r);
> }
>
> // Does the SSL library want to hand off any cleartext
> r=BIO_read(ssl_bio, buf, 768);
> if(r>0)
> {
> done=false;
> PutInbound(buf, r);
> }
> }
>
> However, this deadlocked during setup!
You have to include that BIO_write(bio_io, ...) in this loop!
Either check if data is available from the network and the call
BIO_write() (but don't try to write more the
BIO_get_write_guarantee(bio_io) bytes because that's all the buffer
can take), or use BIO_get_read_request(bio_io) to find out if the SSL
library actually wants data and look for the appropriate number of
network bytes only when this is the case. Of course you should set
'done' to 'false' whenever you moved some bytes this way.
The call to BIO_read(ssl_bio, ...) will trigger any pending
handshake actions, i.e. if your BIO_write() fed new handshake
data to the SSL library, then BIO_read(ssl_bio) will process them
and either request more data or send back its own handshake
messages, which then will be picked up by your next call to
BIO_read(bio_io, ...).
Note that while usually there's just one handshake at the
beginning, the peer always can request a new handshake!
Thus, even later on in the protocol, your call to BIO_read(bio_ssl)
may try to write data to the network. (For this reason, your
code variation with the 'init_complete' flag has the
same problem as your original code.)
If you include BIO_write(bio_io, ...), then the deadlock should go
away. Of course there will still be conditions when the SSL library
needs network data to continue, but that data has not yet arrived.
--
Bodo M�ller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
