Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
 
 
 
Krzysztof Kwiatkowski c4a98d6155 Merge branch 'master' of https://github.com/flowher/buggy_openssl_with_fullduplex 11 anni fa
..
etc epoll init 11 anni fa
Makefile epoll init 11 anni fa
README.md Merge branch 'master' of https://github.com/flowher/buggy_openssl_with_fullduplex 11 anni fa
client.cpp epoll init 11 anni fa
client.h epoll init 11 anni fa
defs.h epoll init 11 anni fa
out epoll init 11 anni fa
server.cpp epoll init 11 anni fa
server.h epoll init 11 anni fa
ssl_process.cpp epoll init 11 anni fa
ssl_process.h epoll init 11 anni fa

README.md

buggy_openssl_with_fullduplex

Toy code which shows problems with non-blocking, fullduplex I/O & renegotiation in OpenSSL

What is it: This code shows that it is not possible to use SSL_write() and SSL_read() functions in the same way as ::send() and ::recv(). The main difference between SSL_write/read functions and send/recv system calls is that SSL_write function may in fact read data from the socket in some situations (similary SSL_read may need to write data to the socket).

How it works:

Client & Server:
- it has two threads - sender & receiver
- writes and reads are mutexed

Client:
- I/O is blocking (but can be non-blocking)

Server:
- I/O is non-blocking
- each thread runs it's own select()

1. After client & server are connected (and SSL handshake done) client sender
thread starts sending first message (in a loop).

2. When server receives first query it starts sending string EXCHANGE_STRING for
SEND_ITERATIONS number of times. So now we have 4 threads that are sending
and receiving traffic at the same time ( 2 send/receive threads on each
server and client side )

3. When client receives RENEG_INIT_LEN number of characters it starts
renegotiation ( if other one is not pending ). Bug starts to occure here

BUG:
Client side: client starts to report SSL_ERROR_SYSCALL
Server side: server reports SSL_ERROR_WANT_READ when receive function is called

TCP:
In TCP exchange we can see that transfer between client & server is OK until
client sends "Client Hello" packet. This packet is sent when SSL_renegotiate
is called