Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t

[Tinker]

Wait,

On 2015-02-24 20:48, Graham Leggett wrote:
[..]

sense = READ;
while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
rc = SSL_read();
if (rc == SSL_WANT_WRITE) {
sense = WRITE;
} else {
sense = READ;
}
// do stuff with what you read (you may have read nothing, but
that’s fine too)
}


Just to clarify and extend your pseudocode example a bit, this is 
absolutely correct right?:


int my_flexible_read_routine(SSL* ssl, int socket,int bytes_needed,int 
bytes_accepted,void* to) {

reiterate:
rc = SSL_read(ssl,socket,...);

if (rc -- SSL_ERROR_WANT_READ) {

if (i actually need more data from SSL_read ie bytes_needed 
bytes haven't been read yet) {


// OpenSSL needed more input data from the socket to 
proceed, and it wasn't available. Therefore wait for it to drop in, and 
then reiterate SSL_read();

select(socket for readability indefinitely);
if (select said we got new data) goto reiterate; else return 
error;

}
} else if (rc -- SSL_ERROR_WANT_WRITE) {
if (i actually need more data from SSL_read ie bytes_needed 
bytes haven't been read yet) {


// OpenSSL needed to write more data to socket to proceed, 
than the OS allowed it to do right now. Therefore wait for the socket to 
become writable, and then reiterate SSL_read();

select(socket for writability indefinitely);
if (select said the socket is now writable) goto reiterate; 
else return error;

}
}

if (bytes_needed  bytes read) goto reiterate;

return bytes read;
}

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t

[Tinker]

Hi Graham,

Thank you a lot for your response! -

Just to merge this properly with your previous response to another 
thread this past Sat the 21:st in 
https://mta.openssl.org/pipermail/openssl-users/2015-February/000608.html 
,


It's not just “I want to read during SSL_write, are you ok with me doing 
this?” but rather I want to read during SSL_write [nevermind if I tried 
already or not]. Please invoke me next time when there's actual input 
data available, thank you. -


SSL_ERROR_WANTS_READ/WRITE is how OpenSSL says that it needs more data 
on the socket ie asks user to select() with the socket in readfds and 
reinvoke when there is more data, or it wants to write for the socket 
and it's not writable anymore now, so it asks the user to select() with 
the socket in writefds and reinvoke when it's writable, right?



I.e. the if_ready_to_read/if_ready_to_write you suggested below would 
generally be implemented in terms of a select() call.


And then of course, as a caller I'm not obliged to do a select() and 
reiterate but I may do anything, or do another SSL operation such as 
another SSL_read or SSL_shutdown (though supposedly also that one would 
return with the same SSL_ERROR_WANTS_READ/WRITE so that would just be to 
postpone the problem) right?



..And also I suppose this means you confirm that all the points in my 
previous email were correct.


Thanks :)

On 2015-02-24 20:48, Graham Leggett wrote:

On 22 Feb 2015, at 11:22 PM, Tinker ti...@openmailbox.org wrote:


I need your authoritative answer on the following question.


[snip stuff that is too long]

You are totally overthinking this.

The SSL protocol involves negotiation, during which the sender and the
receiver exchange data with each other. What this means is that during
either SSL_read, or SSL_write, openssl might try to write or read
respectively. If your non-blocking code isn’t geared to handle this,
you might end up either hanging or spinning as you wait for the wrong
event.

The SSL_WANTS_READ response code is a warning that means “I want to
read during SSL_write, are you ok with me doing this?”.

The SSL_WANTS_WRITE response code is a warning that means “I want to
write during SSL_read, are you ok with me doing this?”.

In both cases, once you have determined that it is ok to read, or ok
to write, you simply retry SSL_write() or SSL_read() again.

For example, a read loop:

sense = READ;
while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
rc = SSL_read();
if (rc == SSL_WANT_WRITE) {
sense = WRITE;
} else {
sense = READ;
}
// do stuff with what you read (you may have read nothing, but
that’s fine too)
}

Regards,
Graham
—

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t

[Graham Leggett]

On 22 Feb 2015, at 11:22 PM, Tinker ti...@openmailbox.org wrote:

 I need your authoritative answer on the following question.

[snip stuff that is too long]

You are totally overthinking this.

The SSL protocol involves negotiation, during which the sender and the receiver 
exchange data with each other. What this means is that during either SSL_read, 
or SSL_write, openssl might try to write or read respectively. If your 
non-blocking code isn’t geared to handle this, you might end up either hanging 
or spinning as you wait for the wrong event.

The SSL_WANTS_READ response code is a warning that means “I want to read during 
SSL_write, are you ok with me doing this?”.

The SSL_WANTS_WRITE response code is a warning that means “I want to write 
during SSL_read, are you ok with me doing this?”.

In both cases, once you have determined that it is ok to read, or ok to write, 
you simply retry SSL_write() or SSL_read() again.

For example, a read loop:

sense = READ;
while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
rc = SSL_read();
if (rc == SSL_WANT_WRITE) {
sense = WRITE;
} else {
sense = READ;
}
// do stuff with what you read (you may have read nothing, but that’s fine 
too)
}

Regards,
Graham
—

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t

[Tinker]

(This is a resubmit of the same post with the numbered list represented 
better here in text format, as the previous mail got the numbered list 
presented well only in the HTML version.)



Dear OpenSSL list,

I need your authoritative answer on the following question.

Guaranteedly, this same question has been voiced on this mailing list 
already, in less or more similar wording. My question is:




Please help me to get clear on *exactly* what my program needs to do in 
response to a SSL_WANTS_READ or SSL_WANTS_WRITE return value, from 
either of SSL_read, SSL_write and SSL_shutdown.


This is for use of OpenSSL in the Nonblocking IO mode on a socket. I 
will also use the BIO mode later, so let's include this in the question 
too;



The reason I ask, is that if my understanding of how this should be 
handled is not *ABSOLUTELY CORRECT*, then because of my incorrect 
understanding I will be at risk of implementing the select() calls in my 
program incorrectly, and that would lead to risk of either *INFINITE 
LOOP* or *ZOMBIFICATION* (because of doing a select() too little or too 
much), which would be *ABOUT AS BAD AS A PROGRAM BUG COULD EVER BE*.




I humbly ask you to help me get clear on this, simply by confirming to 
me that the understanding expressed in each the following points is 
*ABSOLUTELY CORRECT*.


With your clear confirmation that each of these points are indeed 
correct, perhaps maybe the last word needed to be voiced on this topic 
will have been said - thank you very much!!




The points that I kindly ask you to confirm that they are absolutely 
correct are:


 ## 1
By giving me an SSL_WANTS_READ return value to an SSL_read call, OpenSSL 
tells me that it cannot do any more SSL_read work for me i.e. any more 
reading from the SSL channel for me, without that I re-invoke SSL_read, 
*and before that re-invocation* performed a select() for *readability* 
on this socket (so that is, include this socket in the *readfds* 
argument to the select() call) as to get a confirmation that more data 
has arrived on this socket and then having acquired this confirmation.


 ## 2
By giving me an SSL_WANTS_READ return value to an SSL_write call, 
OpenSSL tells me that it cannot do any more SSL_write work for me i.e. 
any more writing to the SSL channel for me, without that I re-invoke 
SSL_write, *and before that re-invocation* performed a select() for 
*readability* on this socket (so that is, include this socket in the 
*readfds* argument to the select() call) as to get a confirmation that 
more data has arrived on this socket and then having acquired this 
confirmation.


 ## 3
By giving me an SSL_WANTS_READ return value to an SSL_shutdown call, 
OpenSSL tells me that it cannot do any more SSL_shutdown work for me 
i.e. any more pushing forward of the clean closure of the SSL channel 
for me, without that I re-invoke SSL_shutdown, *and before that 
re-invocation* performed a select() for *readability* on this socket (so 
that is, include this socket in the *readfds* argument to the select() 
call) as to get a confirmation that more data has arrived on this socket 
and then having acquired this confirmation.


 ## 4
Thus in all points 1)-3), SSL_WANTS_READ is essentially OpenSSL's way to 
say that it ran out of input data on the socket, and that it needs more 
input data in order to proceed with the respective operation at hand.



 ## 5
By giving me an SSL_WANTS_WRITE return value to an SSL_read call, 
OpenSSL tells me that it cannot do any more SSL_read work for me i.e. 
any more reading from the SSL channel for me, without that I re-invoke 
SSL_read, *and before that re-invocation* performed a select() for 
*writability* on this socket (so that is, include this socket in the 
*writefds* argument to the select() call) as to get a confirmation that 
the next SSL_read call performed will be able to write more data to the 
socket, than the SSL_read call that returned SSL_WANTS_WRITE could.


 ## 6
By giving me an SSL_WANTS_WRITE return value to an SSL_write call, 
OpenSSL tells me that it cannot do any more SSL_write work for me i.e. 
any more writing to the SSL channel for me, without that I re-invoke 
SSL_write, *and before that re-invocation* performed a select() for 
*writability* on this socket (so that is, include this socket in the 
*writefds* argument to the select() call) as to get a confirmation that 
the next SSL_write call performed will be able to write more data to the 
socket, than the SSL_write call that returned SSL_WANTS_WRITE could.


 ## 7
By giving me an SSL_WANTS_WRITE return value to an SSL_shutdown call, 
OpenSSL tells me that it cannot do any more SSL_shutdown work for me 
i.e. any more pushing forward of the clean closure of the SSL channel 
for me, without that I re-invoke SSL_shutdown, *and before that 
re-invocation* performed a select() for *writability* on this socket (so 
that is, include this socket in the *writefds* argument to the select() 
call) as to get a