First of all, I think you should ask this question on
openssl-us...@openssl.org.
In my opinion you can mix SSL_write() and SSL_read() operations when
they return WANTS_X.
According to documentation of SSL_read() says "The calling process then
must repeat the call after taking appropriate action to satisfy the
needs of SSL_read(). The action depends on the underlying BIO.". So you
must repeat (in order for handshake to finish), but it doesn't mean that
you can not do something else (like calling SSL_read/write()) in
between.
At least this is what I do in mine code also and never seen any
problems.
On 2014-06-05 18:48, Barbe, Charles wrote:
Just a bit of clarification on my question... I am fully aware that
if the OpenSSL library tells me it NEEDS_READ or NEES_WRITE in
response to an SSL_read I should then issue that same SSL_read
command
again with the same parameters when the associated resource is ready
for whichever operation OpenSSL requested before issuing another
SSL_read and likewise with SSL_write (unless options are set to allow
partial writes and/or moving buffers). My question is specifically
about whether a NEED_X response from SSL_read means that I cannot
call
SSL_write until SSL_read succeeds and likewise with SSL_write.
________________________________________
From: owner-openssl-...@openssl.org [owner-openssl-...@openssl.org]
on behalf of Barbe, Charles [charles.ba...@allworx.com]
Sent: Thursday, June 05, 2014 12:03 PM
To: openssl-dev@openssl.org
Subject: Conflicting information regarding non-blocking sockets
Hello,
I have implemented an SSL server on the ecos platform and it seems to
be working well however I am a tiny bit unclear about the
requirements
around whether or not calls to SSL_read and SSL_write need to be
syncrhonized and I want to avoid doing something incorrect. The
specific question I have is this:
If I call SSL_read() and openSSL tells me that it NEEDS_WRITE or
NEEDS_READ, do I need to then hold off calls to SSL_write until I
have
called SSL_read again and it is succeeds? And then same question but
with SSL_write.
I am asking because I have seen conflicting information. Here is
where I'm getting the conflicting information:
From the "calls must be synchronized" camp:
In chapter 5, pages 159-166 of "Network Security with OpenSSL" by
John Viega, Matt Messier & Pravir Chandra, 2002 they state very
clearly that "once we've made a call to an SSL I/O function, and it
requires a retry, we should not call other I/O functions until the
original call has succeeded." It even gives a code example that
achieves this synchronization.
From the "calls to SSL_read and SSL_write can be treated
independently" camp:
In this thread from the openssl-dev mailing list:
http://marc.info/?l=openssl-dev&m=124308191325560&w=2
A gentleman named David Schwartz states, "I'm not sure where you see
that, but that is obviously bogus. Suppose we have a protocol that
permits either side to read or write at any time. We call SSL_read in
case the other side sent something, it returns WANT_READ, because the
other side didn't send anything. Are you seriously arguing that we
now
can't send anything until the other side does? Isn't that obviously
an
impossible requirement?"
In response to this statement by somebody else "Because the
documentation appears in several places to state that when I receive
WANT_X from _any_ OpenSSL API operation in non-blocking mode, the
next
API operation I issue on that SSL * must be the exact same API
operation, with the same parameters."
Can somebody please tell me which of these two sources are correct or
if I am mis-reading them?
Thanks!
CHAD
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
Development Mailing List
openssl-dev@openssl.org
Automated List Manager
majord...@openssl.org
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
Development Mailing List
openssl-dev@openssl.org
Automated List Manager
majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
