I have an application which uses a "push" data model - that is my code sits and gets called to either decrypt data from the network, or encrypt data to the network. It can buffer data, and return an indication that nothing was done (yet), but must not block.
So, I wrapped the encrypted side of an SSL engine using openssl with a BIO pair, and the decrypted side with a BIO wrapper. I thought I could use BIO_write_guarantee(), BIO_get_pending, and check for WANT_READ and WANT_WRITE errors, but this does not appear to be the case. Sometimes, calling BIO_write_guarantee() returns 0, so I can't write (plain text to the engine). Great, I think I need to read from the encrypted side, but BIO_get_pending() on the network BIO of the pair returns -1. And the SSL_error is not of the WANT_READ or WANT_WRITE variety. The only way I can get around the problem is to try to read from the network side blindly (which repeatedly returns no data, but does not block), and eventually it gets some encrypted data, and then I can push more on the decrypted side. Is there a more elegant way to handle this?
