Add stream crypto status for exposing OSSL WANT_READ / WANT_WRITE#22193
Open
bukka wants to merge 1 commit into
Open
Add stream crypto status for exposing OSSL WANT_READ / WANT_WRITE#22193bukka wants to merge 1 commit into
bukka wants to merge 1 commit into
Conversation
On a non-blocking stream, stream_socket_enable_crypto() returns 0 and fread()/fwrite() return an empty result when the TLS engine needs more I/O, but there was no way to tell whether OpenSSL was waiting to read or to write. Callers therefore could not reliably decide which direction to poll for with stream_select(), which is required to drive a non-blocking handshake or renegotiation correctly (e.g. SSL_read() wanting a write). This tracks the last SSL_ERROR_WANT_READ/WANT_WRITE on the stream and exposes it via a new stream_socket_get_crypto_status() function and three constants: STREAM_CRYPTO_STATUS_NONE STREAM_CRYPTO_STATUS_WANT_READ STREAM_CRYPTO_STATUS_WANT_WRITE The status is updated during the handshake (php_openssl_enable_crypto()) and during reads/writes (php_openssl_sockop_io()), reset to NONE before each operation, and retrieved through a new STREAM_XPORT_CRYPTO_OP_GET_STATUS transport op. It is meaningful immediately after an operation that returned 0/false on a non-blocking stream; a completed operation reports NONE. Tests cover the status during a non-blocking handshake, a non-blocking read with no application data pending, and the constant values.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On a non-blocking stream,
stream_socket_enable_crypto()returns 0 and fread()/fwrite() return an empty result when the TLS engine needs more I/O, but there was no way to tell whether OpenSSL was waiting to read or to write. Callers therefore could not reliably decide which direction to poll for withstream_select(), which is required to drive a non-blocking handshake or renegotiation correctly (e.g.SSL_read()wanting a write).This tracks the last SSL_ERROR_WANT_READ/WANT_WRITE on the stream and exposes it via a new
stream_socket_get_crypto_status()function and three constants:The status is updated during the handshake (
php_openssl_enable_crypto()) and during reads / writes (php_openssl_sockop_io()), reset to NONE before each operation, and retrieved through a newSTREAM_XPORT_CRYPTO_OP_GET_STATUStransport op. It is meaningful immediately after an operation that returned 0/false on a non-blocking stream.Tests cover the status during a non-blocking handshake, a non-blocking read with no application data pending, and the constant values.