buggy_openssl_with_fullduplex/withselect
2013-12-26 21:00:52 +01:00
..
etc epoll init 2013-12-26 20:59:01 +01:00
client.cpp epoll init 2013-12-26 20:59:01 +01:00
client.h epoll init 2013-12-26 20:59:01 +01:00
defs.h epoll init 2013-12-26 20:59:01 +01:00
Makefile epoll init 2013-12-26 20:59:01 +01:00
out epoll init 2013-12-26 20:59:01 +01:00
README.md Merge branch 'master' of https://github.com/flowher/buggy_openssl_with_fullduplex 2013-12-26 21:00:52 +01:00
server.cpp epoll init 2013-12-26 20:59:01 +01:00
server.h epoll init 2013-12-26 20:59:01 +01:00
ssl_process.cpp epoll init 2013-12-26 20:59:01 +01:00
ssl_process.h epoll init 2013-12-26 20:59:01 +01:00

buggy_openssl_with_fullduplex

Toy code which shows problems with non-blocking, fullduplex I/O & renegotiation in OpenSSL

What is it: This code shows that it is not possible to use SSL_write() and SSL_read() functions in the same way as ::send() and ::recv(). The main difference between SSL_write/read functions and send/recv system calls is that SSL_write function may in fact read data from the socket in some situations (similary SSL_read may need to write data to the socket).

How it works:

Client & Server:
- it has two threads - sender & receiver
- writes and reads are mutexed

Client:
- I/O is blocking (but can be non-blocking)

Server:
- I/O is non-blocking
- each thread runs it's own select()

1. After client & server are connected (and SSL handshake done) client sender
thread starts sending first message (in a loop).

2. When server receives first query it starts sending string EXCHANGE_STRING for
SEND_ITERATIONS number of times. So now we have 4 threads that are sending
and receiving traffic at the same time ( 2 send/receive threads on each
server and client side )

3. When client receives RENEG_INIT_LEN number of characters it starts
renegotiation ( if other one is not pending ). Bug starts to occure here

BUG:
Client side: client starts to report SSL_ERROR_SYSCALL
Server side: server reports SSL_ERROR_WANT_READ when receive function is called

TCP:
In TCP exchange we can see that transfer between client & server is OK until
client sends "Client Hello" packet. This packet is sent when SSL_renegotiate
is called