1 (edited by Nitay 2013-06-13 06:33:35)

Topic: Using wolfSSL embedded SSL with an asynchronous socket

Hello,

I have tcp server which uses multiple threads for reading through an IO Completion Port. I want to add SSL to this server.

What, in your opinion, is the best way to do so?
The writes are less of a problem, but how do I decrypt a SSL packet without calling read?

For now, I've set the write and read callbacks using wolfSSL_SetIORecv / wolfSSL_SetIOSend.
I didn't implement the reads yet.
Also, the accept could be done to a new client before attaching it to the IOCP, so its not really a non-blocking IO...

What do you think?

EDIT: The reads are done through IOCP, so the threads are not blocked on recv() or select(), but on GetQueuedCompletionStatus()

Thanks
Nitay

Share

Re: Using wolfSSL embedded SSL with an asynchronous socket

Hi Nitay,

Section 9.4 of the wolfSSL Manual (http://www.yassl.com/yaSSL/Docs-cyassl- … esign.html) talks a little about wolfSSL's thread safety.  Have you looked through that?

wolfSSL is generally thread safe, but reading from or writing to the same WOLFSSL object with multiple threads at one time is not supported.  You'll need to protect calls to wolfSSL_read() and wolfSSL_write() on the same WOLFSSL object with a mutex or similar to avoid more than one thread trying to call it simultaneously.

Best Regards,
Chris

3 (edited by Nitay 2013-06-13 08:56:30)

Re: Using wolfSSL embedded SSL with an asynchronous socket

Hi,

I'm less concerned about thread safety since I can limit thread access per session. I'm just not sure about how can I use wolfSSL if my reads are done outside the library, and not through the SSL_Read function

Thanks
Nitay

Share

Re: Using wolfSSL embedded SSL with an asynchronous socket

Nitay,

It sounds like you're on the right track with registering your own I/O callbacks.  The callbacks were designed to allow applications to control how they read/write data to/from wolfSSL.  For your Recv callback, you'll just need to pass the encrypted data buffer received over your transport medium to wolfSSL through the provided buffer, "buf", in your callback.  For an example, you can reference the EmbedReceive() function in <wolfssl_root>/src/io.c.

I'm not familiar with IOCP myself, so if I'm misunderstanding what you are trying to do, please correct me.

Best Regards,
Chris

Re: Using wolfSSL embedded SSL with an asynchronous socket

Hello,

The problem is - The callback is only being called if the SSL_Read function is called. The threads that are reading are receiving messages asynchronously, meaning I don't know when a message will be received...

One way I can think of is inserting the newly received message into a queue, and then calling to SSL_Read explicitly, overriding the read callback to get the message from the queue.
But that seems kind of crooked (And needs to be well designed thread-safety-wise)

The higher levels (i.e. the Business Logic that uses the TCP server) are built based on asynchronous messaging as well, so I'd like to keep the reading method as it is

Thanks
Nitay

Share

Re: Using wolfSSL embedded SSL with an asynchronous socket

I'm in a similar situation as the OP. Has this ever been resolved?

Thanks

Share