Hi David, > > There is one added complication in that the protocol is a datagram > > protocol at a > > higher level (although it uses TCP). I am concerned that the whole > > protocol could > > block if there is not enough data to encrypt a whole > outgoing message > > but the peer cannot > > continue until it gets the message. > > What do you mean by "not enough data to encrypt a whole > outgoing message"? > The only way it can block is if each side is waiting for the > other, and if > that happens, the application protocol is broken anyway. > There is no way > this logic can cause one side to internally block.
I may be making a wrong assumption but if the cypher used is a block cypher does it not wait until a full block of data is ready before it can encrypt and send the data? If a message does not consist of enough data to fill a block, could there be unencrypted data left in a buffer somewhere? The peer would see that a whole message has not been received an wait for the rest of it ... which never comes. Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org