Topic: Non-blocking IO in wolfSSL embedded ssl

2008-09-16 07:18:56 UTC
I am a newbie in using wolfSSL package.

I have an embedded environment without O.S., so I just use polling method to receive ethernet packets. I have just finish porting wolfSSL to this project, but I found one thing strange in cyassl_int.c, or that code will make the transffered file by wolfSSL incomplete.

In the function ReceiveData() of cyassl_int.c, I need do some modification as follows to avoid data loss:

int ReceiveData(SSL* ssl, byte* output, int sz)
... ...
-- if (!ssl->buffers.bufferedData.buffer)
if ( (ssl->error = ProcessReply(ssl)) < 0) {
if (ssl->error == SOCKET_ERROR_E)
if (ssl->options.connReset || ssl->options.isClosed)
return 0; /* peer reset or closed */
return ssl->error;
... ...

In my testing environment, the first encrypted TCP/IP packet contains the HTTP header and a part of HTTP content; if I don't remove the section of code, the part of HTTP header will be decrypted first, and the rest of content will be decrypted after all TCP/IP packets are received. But I will find the last piece of content will be lost finally. If I make that code modification, all HTTP data (include HTTP header and content) will be decrypted just after all TCP/IP packets are received.

I use wolfSSL package on linux as reference with blocking socket IO, and the pattern just looks like the code after modified.

Just want to make a check about the code modification to see if there is still some issue or not.

Thanks for all.
touskaProject Admin

2008-09-16 18:39:23 UTC
Are you sure all of the SSL records were received when you don't remove the line? What SSL error are you getting then or after? If you're not getting one then I can't imagine it wasn't processed. Say 2 SSL records are being sent by 20 tcp packets. If any of the 20 packets aren't processed in the right order there will be a decryption error.

There could be some interaction here between the TCP stack and how wolfSSL is processing SSL records compared to what you might expect. When wolfSSL decrypts an SSL record it puts any unrequested data in a buffer. On the next call to SSL_read (assuming the original code) read will return the buffered data. At this point there could be some TCP packets that have arrived but that wolfSSL hasn't tried to receive yet. Could that be the problem? Are you calling SSL_read again?

Without knowing the SSL_record size, packet size, and your SSL_read parameter size it's hard to say exactly what's happening. Can I access the server and can you show me the SSL_read code you're using?

You can contact me directly ( todd at ) if you don't wish to post the server information.