David, So are you suggesting that i change the approach in my Code. My application is for Windows and in Managed C++. In that i am using Callback function for receive, when the callback function is called, and when i call SSL_read in that, it hangs at recv call in the OpenSSL code, my assumption is that data was already read from socket, when callback was called. Another thing i would like to mention is I am using Sockets Managed Class, not the native sockets.
// Harshvir On Sun, May 22, 2011 at 10:06 PM, David Schwartz <dav...@webmaster.com>wrote: > On 5/22/2011 5:10 PM, Harshvir Sidhu wrote: > > Previously I have used SSL_XXX functions for performing SSL >> operations. Now i have am working on an application which is written in >> Managed C++ using callback functions(BeginReceive and EndReceive), and >> SSL_Read function is not working for that. So i tried using BIO_ >> functions to create a bio pair for internal and network bio and then >> using them to encrypt/decrypt data before sending using normal socket, >> but when i try to use that my handshake is not getting completed, i do >> not see any error on s_server, but it dont seem to work when i try to >> enter something on server side, my callback dont get called. >> Can someone point me to some example code for this in which BIO is >> used to encrypt and decrypt data and then using normal sockets for >> send/receive? I am not able to find anything in openssl source exmple or >> on google. >> > > You are thinking about the problem wrong. You are thinking "I need to send > some data. So I send it to OpenSSL. OpenSSL encrypts it, so then I need to > get that encrypted data from OpenSSL and write it to the socket. Then, the > other end will reply, so I need to read some encrypted data from the socket, > give it to OpenSSL, and then OpenSSL will decrypt it and give it to me." > This attempt to "look through" the OpenSSL engine will produce broken code > and pain. > > Instead, treat the OpenSSL engine as a black box whose internals are wholly > unknown to you. If you receive some data from the socket, give it to > OpenSSL. If OpenSSL wants to send some data on the socket, send it. If you > want to send some data to the other side, give it to OpenSSL. If OpenSSL has > some plaintext for you, take it and process it. But make no assumptions > about the sequence or interactions between these things. > > For example, a typical mistake is to wait for data to be received on the > socket before calling SSL_Read. This is completely broken behavior. Data > received on the socket is encrypted. Data received from SSL_Read is > decrypted. These are two distinct streams that, as far as your application > should be concerned, are totally unrelated. (Except when SSL_Read > specifically returns a WANT_READ, of course, and then only until some other > event invalidates the WANT_READ indication.) > > DS > >
