Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t
Wait, On 2015-02-24 20:48, Graham Leggett wrote: [..] sense = READ; while (sense == READ ? if_ready_to_read() : if_ready_to_write()) { rc = SSL_read(); if (rc == SSL_WANT_WRITE) { sense = WRITE; } else { sense = READ; } // do stuff with what you read (you may have read nothing, but that’s fine too) } Just to clarify and extend your pseudocode example a bit, this is absolutely correct right?: int my_flexible_read_routine(SSL* ssl, int socket,int bytes_needed,int bytes_accepted,void* to) { reiterate: rc = SSL_read(ssl,socket,...); if (rc -- SSL_ERROR_WANT_READ) { if (i actually need more data from SSL_read ie bytes_needed bytes haven't been read yet) { // OpenSSL needed more input data from the socket to proceed, and it wasn't available. Therefore wait for it to drop in, and then reiterate SSL_read(); select(socket for readability indefinitely); if (select said we got new data) goto reiterate; else return error; } } else if (rc -- SSL_ERROR_WANT_WRITE) { if (i actually need more data from SSL_read ie bytes_needed bytes haven't been read yet) { // OpenSSL needed to write more data to socket to proceed, than the OS allowed it to do right now. Therefore wait for the socket to become writable, and then reiterate SSL_read(); select(socket for writability indefinitely); if (select said the socket is now writable) goto reiterate; else return error; } } if (bytes_needed bytes read) goto reiterate; return bytes read; } ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t
Hi Graham, Thank you a lot for your response! - Just to merge this properly with your previous response to another thread this past Sat the 21:st in https://mta.openssl.org/pipermail/openssl-users/2015-February/000608.html , It's not just “I want to read during SSL_write, are you ok with me doing this?” but rather I want to read during SSL_write [nevermind if I tried already or not]. Please invoke me next time when there's actual input data available, thank you. - SSL_ERROR_WANTS_READ/WRITE is how OpenSSL says that it needs more data on the socket ie asks user to select() with the socket in readfds and reinvoke when there is more data, or it wants to write for the socket and it's not writable anymore now, so it asks the user to select() with the socket in writefds and reinvoke when it's writable, right? I.e. the if_ready_to_read/if_ready_to_write you suggested below would generally be implemented in terms of a select() call. And then of course, as a caller I'm not obliged to do a select() and reiterate but I may do anything, or do another SSL operation such as another SSL_read or SSL_shutdown (though supposedly also that one would return with the same SSL_ERROR_WANTS_READ/WRITE so that would just be to postpone the problem) right? ..And also I suppose this means you confirm that all the points in my previous email were correct. Thanks :) On 2015-02-24 20:48, Graham Leggett wrote: On 22 Feb 2015, at 11:22 PM, Tinker ti...@openmailbox.org wrote: I need your authoritative answer on the following question. [snip stuff that is too long] You are totally overthinking this. The SSL protocol involves negotiation, during which the sender and the receiver exchange data with each other. What this means is that during either SSL_read, or SSL_write, openssl might try to write or read respectively. If your non-blocking code isn’t geared to handle this, you might end up either hanging or spinning as you wait for the wrong event. The SSL_WANTS_READ response code is a warning that means “I want to read during SSL_write, are you ok with me doing this?”. The SSL_WANTS_WRITE response code is a warning that means “I want to write during SSL_read, are you ok with me doing this?”. In both cases, once you have determined that it is ok to read, or ok to write, you simply retry SSL_write() or SSL_read() again. For example, a read loop: sense = READ; while (sense == READ ? if_ready_to_read() : if_ready_to_write()) { rc = SSL_read(); if (rc == SSL_WANT_WRITE) { sense = WRITE; } else { sense = READ; } // do stuff with what you read (you may have read nothing, but that’s fine too) } Regards, Graham — ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t
On 22 Feb 2015, at 11:22 PM, Tinker ti...@openmailbox.org wrote: I need your authoritative answer on the following question. [snip stuff that is too long] You are totally overthinking this. The SSL protocol involves negotiation, during which the sender and the receiver exchange data with each other. What this means is that during either SSL_read, or SSL_write, openssl might try to write or read respectively. If your non-blocking code isn’t geared to handle this, you might end up either hanging or spinning as you wait for the wrong event. The SSL_WANTS_READ response code is a warning that means “I want to read during SSL_write, are you ok with me doing this?”. The SSL_WANTS_WRITE response code is a warning that means “I want to write during SSL_read, are you ok with me doing this?”. In both cases, once you have determined that it is ok to read, or ok to write, you simply retry SSL_write() or SSL_read() again. For example, a read loop: sense = READ; while (sense == READ ? if_ready_to_read() : if_ready_to_write()) { rc = SSL_read(); if (rc == SSL_WANT_WRITE) { sense = WRITE; } else { sense = READ; } // do stuff with what you read (you may have read nothing, but that’s fine too) } Regards, Graham — ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t
(This is a resubmit of the same post with the numbered list represented better here in text format, as the previous mail got the numbered list presented well only in the HTML version.) Dear OpenSSL list, I need your authoritative answer on the following question. Guaranteedly, this same question has been voiced on this mailing list already, in less or more similar wording. My question is: Please help me to get clear on *exactly* what my program needs to do in response to a SSL_WANTS_READ or SSL_WANTS_WRITE return value, from either of SSL_read, SSL_write and SSL_shutdown. This is for use of OpenSSL in the Nonblocking IO mode on a socket. I will also use the BIO mode later, so let's include this in the question too; The reason I ask, is that if my understanding of how this should be handled is not *ABSOLUTELY CORRECT*, then because of my incorrect understanding I will be at risk of implementing the select() calls in my program incorrectly, and that would lead to risk of either *INFINITE LOOP* or *ZOMBIFICATION* (because of doing a select() too little or too much), which would be *ABOUT AS BAD AS A PROGRAM BUG COULD EVER BE*. I humbly ask you to help me get clear on this, simply by confirming to me that the understanding expressed in each the following points is *ABSOLUTELY CORRECT*. With your clear confirmation that each of these points are indeed correct, perhaps maybe the last word needed to be voiced on this topic will have been said - thank you very much!! The points that I kindly ask you to confirm that they are absolutely correct are: ## 1 By giving me an SSL_WANTS_READ return value to an SSL_read call, OpenSSL tells me that it cannot do any more SSL_read work for me i.e. any more reading from the SSL channel for me, without that I re-invoke SSL_read, *and before that re-invocation* performed a select() for *readability* on this socket (so that is, include this socket in the *readfds* argument to the select() call) as to get a confirmation that more data has arrived on this socket and then having acquired this confirmation. ## 2 By giving me an SSL_WANTS_READ return value to an SSL_write call, OpenSSL tells me that it cannot do any more SSL_write work for me i.e. any more writing to the SSL channel for me, without that I re-invoke SSL_write, *and before that re-invocation* performed a select() for *readability* on this socket (so that is, include this socket in the *readfds* argument to the select() call) as to get a confirmation that more data has arrived on this socket and then having acquired this confirmation. ## 3 By giving me an SSL_WANTS_READ return value to an SSL_shutdown call, OpenSSL tells me that it cannot do any more SSL_shutdown work for me i.e. any more pushing forward of the clean closure of the SSL channel for me, without that I re-invoke SSL_shutdown, *and before that re-invocation* performed a select() for *readability* on this socket (so that is, include this socket in the *readfds* argument to the select() call) as to get a confirmation that more data has arrived on this socket and then having acquired this confirmation. ## 4 Thus in all points 1)-3), SSL_WANTS_READ is essentially OpenSSL's way to say that it ran out of input data on the socket, and that it needs more input data in order to proceed with the respective operation at hand. ## 5 By giving me an SSL_WANTS_WRITE return value to an SSL_read call, OpenSSL tells me that it cannot do any more SSL_read work for me i.e. any more reading from the SSL channel for me, without that I re-invoke SSL_read, *and before that re-invocation* performed a select() for *writability* on this socket (so that is, include this socket in the *writefds* argument to the select() call) as to get a confirmation that the next SSL_read call performed will be able to write more data to the socket, than the SSL_read call that returned SSL_WANTS_WRITE could. ## 6 By giving me an SSL_WANTS_WRITE return value to an SSL_write call, OpenSSL tells me that it cannot do any more SSL_write work for me i.e. any more writing to the SSL channel for me, without that I re-invoke SSL_write, *and before that re-invocation* performed a select() for *writability* on this socket (so that is, include this socket in the *writefds* argument to the select() call) as to get a confirmation that the next SSL_write call performed will be able to write more data to the socket, than the SSL_write call that returned SSL_WANTS_WRITE could. ## 7 By giving me an SSL_WANTS_WRITE return value to an SSL_shutdown call, OpenSSL tells me that it cannot do any more SSL_shutdown work for me i.e. any more pushing forward of the clean closure of the SSL channel for me, without that I re-invoke SSL_shutdown, *and before that re-invocation* performed a select() for *writability* on this socket (so that is, include this socket in the *writefds* argument to the select() call) as to get a