On 5/22/2011 5:10 PM, Harshvir Sidhu wrote:
Previously I have used SSL_XXX functions for performing SSL operations. Now i have am working on an application which is written in Managed C++ using callback functions(BeginReceive and EndReceive), and SSL_Read function is not working for that. So i tried using BIO_ functions to create a bio pair for internal and network bio and then using them to encrypt/decrypt data before sending using normal socket, but when i try to use that my handshake is not getting completed, i do not see any error on s_server, but it dont seem to work when i try to enter something on server side, my callback dont get called. Can someone point me to some example code for this in which BIO is used to encrypt and decrypt data and then using normal sockets for send/receive? I am not able to find anything in openssl source exmple or on google.
You are thinking about the problem wrong. You are thinking "I need to send some data. So I send it to OpenSSL. OpenSSL encrypts it, so then I need to get that encrypted data from OpenSSL and write it to the socket. Then, the other end will reply, so I need to read some encrypted data from the socket, give it to OpenSSL, and then OpenSSL will decrypt it and give it to me." This attempt to "look through" the OpenSSL engine will produce broken code and pain.
Instead, treat the OpenSSL engine as a black box whose internals are wholly unknown to you. If you receive some data from the socket, give it to OpenSSL. If OpenSSL wants to send some data on the socket, send it. If you want to send some data to the other side, give it to OpenSSL. If OpenSSL has some plaintext for you, take it and process it. But make no assumptions about the sequence or interactions between these things.
For example, a typical mistake is to wait for data to be received on the socket before calling SSL_Read. This is completely broken behavior. Data received on the socket is encrypted. Data received from SSL_Read is decrypted. These are two distinct streams that, as far as your application should be concerned, are totally unrelated. (Except when SSL_Read specifically returns a WANT_READ, of course, and then only until some other event invalidates the WANT_READ indication.)
DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org