[openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as to keep us all safe (from infinite loop & zombification bugs)!

[tinkr@xxxxxxxxxxxxxxx (Tinker)]

Wait,

On 2015-02-24 20:48, Graham Leggett wrote:
[..]
> sense = READ;
> while (sense == READ ? if_ready_to_read() : if_ready_to_write()) {
>     rc = SSL_read();
>     if (rc == SSL_WANT_WRITE) {
>         sense = WRITE;
>     } else {
>         sense = READ;
>     }
>     // do stuff with what you read (you may have read nothing, but
> that?s fine too)
> }

Just to clarify and extend your pseudocode example a bit, this is 
absolutely correct right?:

int my_flexible_read_routine(SSL* ssl, int socket,int bytes_needed,int 
bytes_accepted,void* to) {
     reiterate:
     rc = SSL_read(ssl,socket,...);

     if (rc -- SSL_ERROR_WANT_READ) {

         if (i actually need more data from SSL_read ie bytes_needed 
bytes haven't been read yet) {

             // OpenSSL needed more input data from the socket to 
proceed, and it wasn't available. Therefore wait for it to drop in, and 
then reiterate SSL_read();
             select(socket for readability indefinitely);
             if (select said we got new data) goto reiterate; else return 
error;
         }
     } else if (rc -- SSL_ERROR_WANT_WRITE) {
         if (i actually need more data from SSL_read ie bytes_needed 
bytes haven't been read yet) {

             // OpenSSL needed to write more data to socket to proceed, 
than the OS allowed it to do right now. Therefore wait for the socket to 
become writable, and then reiterate SSL_read();
             select(socket for writability indefinitely);
             if (select said the socket is now writable) goto reiterate; 
else return error;
         }
     }

     if (bytes_needed > bytes read) goto reiterate;

     return bytes read;
}