1 Topic by carlo (edited by carlo 2020-06-21 16:52:56)

  • Registered: 2020-06-15
  • Posts: 21

Topic: Thread safety?

My approach is currently to use, after the initial initialization,

wolfSSL_connect(ssl)
wolfSSL_write(ssl, data, sz)
wolfSSL_read(ssl, data, sz)

Depending on whether or not `wolfSSL_connect(ssl)` already returned SSL_SUCCESS, indicating
the end of the handshake, I either call `wolfSSL_connect(ssl)` OR `wolfSSL_write(ssl, data, sz)`
whenever the socket fs is writable - and I was monitoring the socket for writability of course.

And I either call `wolfSSL_connect(ssl)` OR `wolfSSL_read(ssl, data, sz)` whenever there is
something to read on the socket fd.

One of the problems here is to know when to monitor the fd for writability: we only want to do
that when we have something to write, nl.,

  • 1. Immediately after initialization: this is when the client HELLO message needs to be written.
    2. When the last call to `wolfSSL_connect(ssl)`  returned WANT_WRITE.
    3. When the last call to `wolfSSL_write(ssl, data, sz)` returned WANT_WRITE.
    4. When the handshake is finished and I have application data in the plain text buffer that I want to write.

Monitoring the fd for readability is basically always on, as it doesn't hurt.

However, my library (that I'm integrating with wolfssl) is able to read and write the same socket
at the same time, using two different threads (and separate input/output buffers).

So, it can happen that the socket becomes readable or writable while I'm already calling
one the mentioned functions.

In the ideal case, wolfsll would be able to deal with this. Not by blocking(!) but by having reading
and writing totally separated.

But is this the case?

For example, can I call `wolfSSL_write(ssl, data, sz)` and `wolfSSL_read(ssl, data, sz)` at
the same time (with the same ssl) in parallel?

Or, what if I'm calling `wolfSSL_connect(ssl)` from the write thread (because it was in the
state WANT_WRITE) and while doing so I'm receiving a message from the server (could
be anything - an ssl alert - or whatever, we can't rule it out), then what is the right action
to take?

On that note, does wolfSLL handle ssl alerts? How?

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: Thread safety?

Hi Carlo,

Thanks for your questions and feedback. Doing a wolfSSL read/write for the same WOLFSSL object at the same time is not thread safe by efault. The WOLFSSL object should only be used from a single thread. However we do have a build-time feature you can enable to allow read and write on separate threads. This feature is enabled using the `HAVE_WRITE_DUP` build option.

You can find an example for this feature here:
https://github.com/wolfSSL/wolfssl-exam … writedup.c

This allows creation of a second WOLFSSL object for writing only. The existing WOLFSSL object is flagged as read-only.

/* Duplicate read_ssl, setting it to read-only, creating write_ssl, which is write-only */
if ((write_ssl = wolfSSL_write_dup(read_ssl)) == NULL) {
    fprintf(stderr, "ERROR: failed write dup\n");
    return -1;
}

Thanks,
David Garske, wolfSSL

Share