RE: Need some help with bio pairs
> Need some help here. I initialize a connection with the > following chunk of > code (error checking removed for simplicity): [snip] > I thought that this meant that 'ssl_bio' would be the > decrypted side and > 'bio_io' would be the encrypted side. However, I send encrypted data to > 'bio_io' and that exact same data (still encrypted) is > immediately received > through 'ssl_bio'. > > What am I doing wrong? It seems to be working now. It just seems that I need to keep churning the SSL engine more than once, even if both BIO_read functions return -1. Go figure. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Need some help with bio pairs
Looks like you've solved your problem. I just wanted to point out one thing though. The ssl_bio is no side. Its ssl_read and ssl_write would produce plain text and encrypted text respectively. The sides that you talk about are actually the the 2 BIOs in the BIO pair. These act as buffers for ssl_read/write. I hope this is not misleading. Regards, Amit. David Schwartz wrote: > [snip] > > I thought that this meant that 'ssl_bio' would be the > > decrypted side and > > 'bio_io' would be the encrypted side. However, I send encrypted data to > > 'bio_io' and that exact same data (still encrypted) is > > immediately received > > through 'ssl_bio'. > [snip] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Need some help with bio pairs
> Looks like you've solved your problem. I just wanted to point out one > thing > though. > > The ssl_bio is no side. Its ssl_read and ssl_write would produce plain > text > and encrypted text respectively. Not so. BIO_read and BIO_write on ssl_bio allow me to get in and out plaintext. > The sides that you talk about are actually the the 2 BIOs in the BIO > pair. > These act as buffers for ssl_read/write. Yes, the two BIO interfaces are 'ssl_bio' and 'bio_io'. This leaves me with four operations: 1) Get decrypted plaintext (from SSL to server) = BIO_read(ssl_bio) 2) Get encrypted data (from SSL to socket) = BIO_read(bio_io) 3) Hand encrypted data (from socket to SSL) = BIO_write(bio_io) 4) Hand plaintext (from server to SSL) = BIO_write(ssl_bio) DS > David Schwartz wrote: > > > [snip] > > > I thought that this meant that 'ssl_bio' would be the > > > decrypted side and > > > 'bio_io' would be the encrypted side. However, I send > encrypted data to > > > 'bio_io' and that exact same data (still encrypted) is > > > immediately received > > > through 'ssl_bio'. > > > [snip] > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Need some help with bio pairs
> Not so. BIO_read and BIO_write on ssl_bio allow me to get in and out > plaintext. > > > The sides that you talk about are actually the the 2 BIOs in the BIO > > pair. > > These act as buffers for ssl_read/write. > > Yes, the two BIO interfaces are 'ssl_bio' and 'bio_io'. This leaves me with > four operations: > > 1) Get decrypted plaintext (from SSL to server) = BIO_read(ssl_bio) > 2) Get encrypted data (from SSL to socket) = BIO_read(bio_io) > 3) Hand encrypted data (from socket to SSL) = BIO_write(bio_io) > 4) Hand plaintext (from server to SSL) = BIO_write(ssl_bio) > > DS I was looking at it like this. Where do you get decrypted client data for server procseeing? >From one of the BIO in the BIO pair. Where do you get encrypted server data to send to client? >From the other BIO in the pair. I guess the difference is just in our way of looking at it. Regards, Amit. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Need some help with bio pairs
On Thu, Sep 07, 2000 at 08:53:47PM -0700, David Schwartz wrote: > It seems to be working now. It just seems that I need to keep churning the > SSL engine more than once, even if both BIO_read functions return -1. Go > figure. During the SSL handshake (which always occurs when the connection is new, and which may be repeated later), data must be sent in both directions a couple of times. So no application data will be transported at first, but there should either be protocol data at bio_io that must be sent over the network, or the SSL engine may need to receive data via bio_io in order to continue. You can check BIO_ctrl_get_read_request(bio_io) to test whether the SSL engine tried to read something, and you can use BIO_ctrl_pending(bio_io) to test whether there is data that has to be sent over the network. You also can check BIO_should_read(ssl_bio) to see if the SSL engine tried to read data from the network; however note that the similar test BIO_should_write(ssl_bio) often will return 0 even when there is still data that has to be transferred over the network -- the return value 0 just means that there was enough space in the buffer inside the BIO pair. So it's better to use BIO_ctrl_get_read_request and BIO_ctrl_pending to see what I/O operations have to be done, and then call BIO_read(ssl_bio, ...) or BIO_write(ssl_bio, ...) again if BIO_should_retry(ssl_bio) returns true, and repeat the process until BIO_should_retry finally returns 0. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
