David Schwartz wrote:
Well that wouldn't work as stated. How would OpenSSL know when it was time
to call WriteSocket? You will have to call into OpenSSL when you want to
see if has any data it needs to write to the socket.
In fact, you will have to manage *four* I/O streams to and from OpenSSL.
When you receive encrypted data from the socket, you will have to hand it
to OpenSSL. When you know it is safe to write to the socket, you will need
to check if OpenSSL has any encrypted data to send and if so, read it from
OpenSSL and send it to the other side. When anything changes, you will
also need to check if OpenSSL has any decrypted plaintext to deliver to
your application. And you will have to pass any plaintext your application
wish to send to OpenSSL.
Ok. I'll try to explain my idea in details. Generally we'll need 4 main and
3 additional functions. One of 4 main functions is callback function that is
calling by OpenSSL library itself. There are two types of "socket IO". The
first is that OpenSSL Library making by itself and programmer don't know
about this IO, and must not to know, it's like a blackbox - SSL-TLS protocol
specific IO. For this IO we need 2 functions SysWriteToSocket and
SSL_ReadArrivedFromSocketData. SysWriteSocket is implemented by programmer,
it is an asynchronous function and may be defined so:
int SysWriteToSocket(char *buf,int buf_len);
and incorporates with OpenSSL by means of the following function:
typedef int (*FSysWriteToSocket)(char *,int);
void SSL_SetSysWriteToSocketFunction(FSysWriteToSocket fun);
When OpenSSL want to write some data to the socket it calls asynchronous
SysWriteToSocket function.
When I(programmer) receive any data from socket I must call
SSL_ReadArrivedFromSocketData and OpenSSL can process the arrived data. It
may be defined so:
int SSL_ReadArrivedFromSocketData(char *buf, int buf_len)
One of the returning values of this function may be the flag that indicates
about existing decrypted application data that could be read.
After that and also at any time I can call SSL_GetApplicationData to read
application data or determine if any application data is available for
reading:
int SSL_GetApplicationDataSize();
int SSL_GetApplicationData(char *buf, int buf_len,int *need_buf_len);
The result of these functions is number of bytes of available and written
application data accordingly, if success.
[need_buf_len] - the necessary size of the buffer if buf_len is not enough
to contain all data
The fourth function is SSL_EncryptUserData, which encrypt our own
application data before we can send their to secure channel:
int SSL_EncryptApplicationData(char *buf_in, int buf_in_len, char
buf_out, int buf_out_len, int *need_buf_out_len);
The result of this function is number of bytes written to the buf_out
buffer, if success.
[need_buf_out_len] - the necessary size of the output buffer if buf_out_len
is not enough to contain all data
When I(programmer) need to send any data to the secure socket I am calling
SSL_EncryptUserData and after this I send encrypted data from buf_out to the
socket.
Also we need to define one status function SSL_GetCurrentSocketIOState:
int SSL_GetCurrentIOState();
This function would return such values as:
SSL_SYS_DATA_WRITING
SSL_SYS_WAITING_DATA_READING
SSL_SYS_DATA_READING
SSL_SYS_OPERATION_TIMEOUT
SSL_APPLICATION_DATA_READING
SSL_READY_TO_TRANSFER_APPLICATION_DATA
... and so on, all what we need.
These functions let us manipulate with sockets ourself, as we want.
David Schwartz wrote:
Look at the example code that uses BIO pairs.
Please say where can I find this example code? What is the name of c-file?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
