Retry on WANT_WRITE & WANT_READ in sendall()

This change introduces retries in `OpenSSL.SSL.Connection.sendall()` when `WANT_WRITE_ERROR` or `WANT_READ_ERROR` happen. It relies on `SSL_MODE_ENABLE_PARTIAL_WRITE` being set on the context, that changes the mode of `SSL_write()` to return errors only if zero bytes has been sent making it safe to retry in these cases. Ideally, the calling code is supposed to `poll()`/`select()` the socket to know when it's okay to attempt the next retry (hence it is readable or writable) but it's not available in the `sendall()` method and just retrying the operation is good enough. Fixes pyca#176 Refs: * http://openssl.6102.n7.nabble.com/SSL-MODE-ACCEPT-MOVING-WRITE-BUFFER-td6421.html * https://stackoverflow.com/a/28992313/595220 * https://www.openssl.org/docs/manmaster/man3/SSL_write.html * https://stackoverflow.com/a/20817394/595220
webknjaz · Jan 23, 2024 · 9836c42 · 9836c42
1 parent 7f3e4f9
commit 9836c42
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -225,6 +225,10 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+- Fixed the inability of ``OpenSSL.SSL.Connection.sendall()`` to
+  keep with sending data over the wire after ``SSL_ERROR_WANT_READ``
+  or ``SSL_ERROR_WANT_WRITE`` is returned by ``SSL_write()``.
+  `#176 <https://github.com/pyca/pyopenssl/pull/176>`_
 - Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``
   where additional untrusted certificates can be specified to help chain building.
   `#948 <https://github.com/pyca/pyopenssl/pull/948>`_

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -2053,7 +2053,14 @@ def sendall(self, buf, flags=0):
                 result = _lib.SSL_write(
                     self._ssl, data + total_sent, min(left_to_send, 2147483647)
                 )
-                self._raise_ssl_error(self._ssl, result)
+                try:
+                    self._raise_ssl_error(self._ssl, result)
+                except (WantReadError, WantWriteError):
+                    # NOTE: The use of SSL_MODE_ENABLE_PARTIAL_WRITE
+                    # NOTE: above guarantees that in case of failure
+                    # NOTE: no bytes have been written so we don't need
+                    # NOTE: to update the counters, just need to retry.
+                    continue
                 total_sent += result
                 left_to_send -= result