RE: Need some help with bio pairs
Looks like you've solved your problem. I just wanted to point out one thing though. The ssl_bio is no side. Its ssl_read and ssl_write would produce plain text and encrypted text respectively. Not so. BIO_read and BIO_write on ssl_bio allow me to get in and out plaintext. The sides that you talk about are actually the the 2 BIOs in the BIO pair. These act as buffers for ssl_read/write. Yes, the two BIO interfaces are 'ssl_bio' and 'bio_io'. This leaves me with four operations: 1) Get decrypted plaintext (from SSL to server) = BIO_read(ssl_bio) 2) Get encrypted data (from SSL to socket) = BIO_read(bio_io) 3) Hand encrypted data (from socket to SSL) = BIO_write(bio_io) 4) Hand plaintext (from server to SSL) = BIO_write(ssl_bio) DS David Schwartz wrote: [snip] I thought that this meant that 'ssl_bio' would be the decrypted side and 'bio_io' would be the encrypted side. However, I send encrypted data to 'bio_io' and that exact same data (still encrypted) is immediately received through 'ssl_bio'. [snip] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Need some help with bio pairs
Not so. BIO_read and BIO_write on ssl_bio allow me to get in and out plaintext. The sides that you talk about are actually the the 2 BIOs in the BIO pair. These act as buffers for ssl_read/write. Yes, the two BIO interfaces are 'ssl_bio' and 'bio_io'. This leaves me with four operations: 1) Get decrypted plaintext (from SSL to server) = BIO_read(ssl_bio) 2) Get encrypted data (from SSL to socket) = BIO_read(bio_io) 3) Hand encrypted data (from socket to SSL) = BIO_write(bio_io) 4) Hand plaintext (from server to SSL) = BIO_write(ssl_bio) DS I was looking at it like this. Where do you get decrypted client data for server procseeing? From one of the BIO in the BIO pair. Where do you get encrypted server data to send to client? From the other BIO in the pair. I guess the difference is just in our way of looking at it. Regards, Amit. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Need some help with bio pairs
On Thu, Sep 07, 2000 at 08:53:47PM -0700, David Schwartz wrote: It seems to be working now. It just seems that I need to keep churning the SSL engine more than once, even if both BIO_read functions return -1. Go figure. During the SSL handshake (which always occurs when the connection is new, and which may be repeated later), data must be sent in both directions a couple of times. So no application data will be transported at first, but there should either be protocol data at bio_io that must be sent over the network, or the SSL engine may need to receive data via bio_io in order to continue. You can check BIO_ctrl_get_read_request(bio_io) to test whether the SSL engine tried to read something, and you can use BIO_ctrl_pending(bio_io) to test whether there is data that has to be sent over the network. You also can check BIO_should_read(ssl_bio) to see if the SSL engine tried to read data from the network; however note that the similar test BIO_should_write(ssl_bio) often will return 0 even when there is still data that has to be transferred over the network -- the return value 0 just means that there was enough space in the buffer inside the BIO pair. So it's better to use BIO_ctrl_get_read_request and BIO_ctrl_pending to see what I/O operations have to be done, and then call BIO_read(ssl_bio, ...) or BIO_write(ssl_bio, ...) again if BIO_should_retry(ssl_bio) returns true, and repeat the process until BIO_should_retry finally returns 0. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Need some help with bio pairs
Need some help here. I initialize a connection with the following chunk of code (error checking removed for simplicity): [snip] I thought that this meant that 'ssl_bio' would be the decrypted side and 'bio_io' would be the encrypted side. However, I send encrypted data to 'bio_io' and that exact same data (still encrypted) is immediately received through 'ssl_bio'. What am I doing wrong? It seems to be working now. It just seems that I need to keep churning the SSL engine more than once, even if both BIO_read functions return -1. Go figure. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Need some help with bio pairs
Looks like you've solved your problem. I just wanted to point out one thing though. The ssl_bio is no side. Its ssl_read and ssl_write would produce plain text and encrypted text respectively. The sides that you talk about are actually the the 2 BIOs in the BIO pair. These act as buffers for ssl_read/write. I hope this is not misleading. Regards, Amit. David Schwartz wrote: [snip] I thought that this meant that 'ssl_bio' would be the decrypted side and 'bio_io' would be the encrypted side. However, I send encrypted data to 'bio_io' and that exact same data (still encrypted) is immediately received through 'ssl_bio'. [snip] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]