Re: SSL Communication using BIO

Sun, 22 May 2011 20:08:24 -0700 

On 5/22/2011 5:10 PM, Harshvir Sidhu wrote:


    Previously I have used SSL_XXX functions for performing SSL
operations. Now i have am working on an application which is written in
Managed C++ using callback functions(BeginReceive and EndReceive), and
SSL_Read function is not working for that. So i tried using BIO_
functions to create a bio pair for internal and network bio and then
using them to encrypt/decrypt data before sending using normal socket,
but when i try to use that my handshake is not getting completed, i do
not see any error on s_server, but it dont seem to work when i try to
enter something on server side, my callback dont get called.
    Can someone point me to some example code for this in which BIO is
used to encrypt and decrypt data and then using normal sockets for
send/receive? I am not able to find anything in openssl source exmple or
on google.



You are thinking about the problem wrong. You are thinking "I need to 
send some data. So I send it to OpenSSL. OpenSSL encrypts it, so then I 
need to get that encrypted data from OpenSSL and write it to the socket. 
Then, the other end will reply, so I need to read some encrypted data 
from the socket, give it to OpenSSL, and then OpenSSL will decrypt it 
and give it to me." This attempt to "look through" the OpenSSL engine 
will produce broken code and pain.



Instead, treat the OpenSSL engine as a black box whose internals are 
wholly unknown to you. If you receive some data from the socket, give it 
to OpenSSL. If OpenSSL wants to send some data on the socket, send it. 
If you want to send some data to the other side, give it to OpenSSL. If 
OpenSSL has some plaintext for you, take it and process it. But make no 
assumptions about the sequence or interactions between these things.



For example, a typical mistake is to wait for data to be received on the 
socket before calling SSL_Read. This is completely broken behavior. Data 
received on the socket is encrypted. Data received from SSL_Read is 
decrypted. These are two distinct streams that, as far as your 
application should be concerned, are totally unrelated. (Except when 
SSL_Read specifically returns a WANT_READ, of course, and then only 
until some other event invalidates the WANT_READ indication.)


DS

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to