Add vectored io api: SSL_writev #27768
Conversation
openssl-machine
added
the
hold: cla required
alfaloo
force-pushed
the
ssl_writev
branch
6 times, most recently
from
5b335bf to
5257d5b
Compare
paulidale
added
branch: master
|
Please can you submit a CLA? |
Yup emailed it this morning, still pending approval c: |
github-actions
bot
added
severity: fips change
alfaloo
changed the title
|
Thank you everyone for your interest and time in reading through my code! I have implemented changes from most of the comments and I have responded to the rest. I would greatly appreciate it if you could kindly review the PR again for further improvements c: |
|
I'm wondering what the behavior of using SSL_MODE_ENABLE_PARTIAL_WRITE should be with this. Should we support this? If we support it, is it then up to the application to figure out which iovecs to remove in the next call, and how to update the data pointers in the iovec? |
|
So Linux has a pwritev(), that supports an additional offset. We should consider that for the combination with SSL_MODE_ENABLE_PARTIAL_WRITE. |
Sorry wanted to clarify, do you mean SSL_MODE_ENABLE_PARTIAL_WRITE or SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER? I thought SSL_MODE_ENABLE_PARTIAL_WRITE is currently supported for OSSL_IOVECs by storing an offset variable that keeps track of how much we have sent so far? Could I trouble you to expand a little bit on what is the issue we are trying to solve? Thanks in advance |
|
In case of SSL_MODE_ENABLE_PARTIAL_WRITE, you don't have to call it with data that was already processed, like in a call to write(). Since it's in an iovec, you might want to pass the same iovec again, but say how much of the data needs to be skipped. Otherwise, you will need to move data around, or at least update the pointer. But if you're updating the pointer, you might need to have a second copy of the pointer so you can delete it. It's probably easier that we can pass the value of |
|
@kroeckx I see what you mean now. I was under the impression that removing written data is the responsibility of the caller, I refer to the description of SSL_MODE_ENABLE_PARTIAL_WRITE from SSL_write.pod:
However, you make a good point that this can be quite troublesome. Can I clarify that you propose that if the flag is set, we use the value stored inside *written to indicate that the first *written bytes will be skipped during the write procedure? |
|
@kroeckx I have updated the SSL_writev such that if the flag is set, we use the value stored inside *written to indicate that the first *written bytes will be skipped during the write procedure. Let me know if this was what you meant. Thank you |
|
|
|
I was thinking that instead of using two arguments, the *written can first store the offset, but once the method returns, *written will return the new total amount that has been successfully sent. This way, the user can call SSL_writev repeatedly by passing the same *written variable. Using a separate argument for offset works as well. however, in this case when the SSL_writev returns, should *written contain the amount of bytes newly sent or contain the total number of bytes sent from the beginning of the iovec? |
As a general pattern, we have (mostly) moved away from having an in/out parameter for this sort of thing as much as possible so it is clear what is going on in the API calls when looking at the code. |
|
@mattcaswell @kroeckx @t-j-h @t8m Hi everyone, thank you for the feedback that you all have provided. I was hoping to get a status update for this PR. If there are any other requested improvements, please let me know. |
Checklist
Evident from the discussions in the linked issue page, I believe that the use case of SSL_writev is compelling enough that we can consider replacing/updating all those internal write calls to work for ssl_writev, then just change ssl_write to be a simplified wrapper to ssl_writev. the performance of the ssl_write use case will not be affected as we are just additionally iterating through the array of iovec structures.
With regards to the problem of iovec not available on all platforms, we can create a compatibility layer that abstracts away the differences.
Fixes #20918