I've not looked at the OpenSSL code for a few years now. Last time I looked the only way to do things was via a "BIO" and the BIO functions did the crypto.
This is totally inappropriate for many server designs. I would like to ask if the crypto/bio functions have been factored apart so they are orthoganal. To my way of thinking we should have a way to basically do this: 1) define a single structure which will carry all data for a connection. This can be referenced from say an fd which is returned by fopen(). 2) define a single function which might for instance use a state flag and plug it into a case statement in order to call the appropriate step in the crypto pipeline. Thus the interface might work something like this: A packet comes in via say fread(). This packet is then passed into OpenSSL as follows: ierr=OpenSSL(control_code, fd, p_fd->OpenSSL_connection_data, &packet_in, &packet_out); In this case the control_code might be a constant which might have values like "initialize", "release", "abort", "establish_connection" (many steps), "encrypt", decrypt" and whatever else is appropriate. 3) with something like this the bio() functions I looked at before are easy to implement... but if the application needs to do the I/O then it can. 4) another thing that should be done if it is not already done is that all malloc()ing should be controlled such that malloc() takes place a page at a time and the needed space is allocated from the pages in a pool indexed by the fd number. If this is done then the memory for a connection can be released easily adn memory leaks cannot occur. The point here is that if a connection is lost we simply blow away all the data held in OpenSSL_connection_data and blow away all pages associated with the page pool holding allocated memory and we are done. The crypto functions don't even need to know it happened. I'm not looking for details at this point. I just want to know what the status of the code is. Thanx. Terrell ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
