On 12 Aug 2013, at 3:36 AM, John Selbie wrote: > I'm upgrading a socket server written for non-blocking TCP sockets to use > OpenSSL in non-blocking mode. > > In the man page for SSL_read, the following is stated: > > "When an SSL_read() operation has to be repeated because of > SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with the > same arguments." > > There is no misunderstanding of that statement. It implies that the three > parameters passed to this function (SSL, buffer, and length) must be the same > each time. > > But can there be an explanation for this? > > I have a minor concern for converting many of the existing recv() calls to > use SSL_read(). I can guarantee the length parameter is the same, but given > the behavior of the code with regards to stack variables, it would be unsafe > to assume that the buffer address is the same.
I wonder if that warning is erroneously duplicated from the SSL_write() man page. From a glance at ssl3_read_bytes(), there's no reason that SSL_read() should care whether the read buffer is the same each time. SSL_write() can care, though. As I understand it, SSL_write()'s semantics don't really follow write()'s semantics unless you set the SSL_MODE_ENABLE_PARTIAL_WRITE flag. The default behavior of SSL_write() is that you pass the same buffer+length repeatedly and SSL_write() will consume parts of that buffer (maintaining a partial write pointer internally) until it's done. (I much prefer the PARTIAL_WRITE semantics. :) ) So, if you're using the non-PARTIAL_WRITE semantics, then SSL_write() checks that the arguments are the same on a retry, as a way of checking that its internal partial-write pointer is still valid. But SSL_read()'s semantics are read()-like whether you set that flag or not, and it doesn't look like it maintains any internal assumptions about the read buffer. All it does is memcpy() from the decryption buffer into the caller's buffer right before returning, as you'd expect it to. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
