> I'm trying (with no success) to detach SSL from a socket, and use it > to crypt/decrypt using a mem BIO. Instead of using SSL_write, I want > to write the encrypted data to a mem BIO (or just a buffer) and send > it by myself (and do the reverse operation on receive). I will do this > just after the initial negotiation. > > All the information will be encrypted, I just need to do the send/recv > by myself. I need to change an existing application to use SSL. I'll > need to put the already encrypted buffer in a queue, to be sent by > another thread. The encryption thread doesn't have control over the > socket. How can I do this?
You need to use BIO pairs. There is an example in the OpenSSL distribution, ssltest.c contains BIO pair code. One very important tip on using BIO pairs. You have *4* things to do: 1) When the application wants to send some data, you have to give the plaintext to the SSL engine. 2) When you receive encrypted data from the socket, you need to give it to the SSL engine. 3) When the SSL engine wants to send encrypted data, you have to send it over the socket. 4) When the SSL engine has plaintext that it has decrypted, you have to take it from the engine and process it. Do not try to simplify this into two things by combining the above. Think of them as four separate, unrelated things that all need to be done. Do not assume that receiving encrypted data from the socket will result in receiving unencrypted data from the SSL engine. It might or might not. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]