Re: Running SSL on own socket code
Yes it was as straightforward as you mentioned. Thanks to those who responded. jeff On 11-06-02 05:47 AM, Neo Liu wrote: On Wed, Jun 1, 2011 at 10:22 PM, Victor Duchovni victor.ducho...@morganstanley.com mailto:victor.ducho...@morganstanley.com wrote: On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote: I'd like to know the feasibility or complexity around using my own socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of BIOs to read and write would that be sufficient? How tightly integrated the code is with bio_connect and bio_socket? thanks jeff man BIO_new_bio_pair Look at the example. As Victor pointed that you can use BIO pair to handle data transmission and separate data transmission procedure from SSL handshake and encrypt/decrypt procedure. Using BIO pair, the SSL structure only handle the data in SSL Record layer but not any lower layer. -- Viktor. __ OpenSSL Project http://www.openssl.org http://console.mxlogic.com/redir/?nS6mkQm4PrapEVssoo76M0llLxix_00jt-psLuZXTLsTsTkN3UBWHv2B3OXtfzg5lm-5a7Y01dKc9zzqbdNRXL8Kf6Sm3obZ8Qg0JK49g8Cy0o60Gq8aMd45j43h1iJyLPd45GEurDUvf5zZB0SyrhdIFCzBNNdNwSXjFrmHp User Support Mailing List openssl-users@openssl.org mailto:openssl-users@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Running SSL on own socket code
On Wed, Jun 1, 2011 at 10:22 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote: I'd like to know the feasibility or complexity around using my own socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of BIOs to read and write would that be sufficient? How tightly integrated the code is with bio_connect and bio_socket? thanks jeff man BIO_new_bio_pair Look at the example. As Victor pointed that you can use BIO pair to handle data transmission and separate data transmission procedure from SSL handshake and encrypt/decrypt procedure. Using BIO pair, the SSL structure only handle the data in SSL Record layer but not any lower layer. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Running SSL on own socket code
I'd like to know the feasibility or complexity around using my own socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of BIOs to read and write would that be sufficient? How tightly integrated the code is with bio_connect and bio_socket? thanks jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Running SSL on own socket code
On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote: I'd like to know the feasibility or complexity around using my own socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of BIOs to read and write would that be sufficient? How tightly integrated the code is with bio_connect and bio_socket? thanks jeff man BIO_new_bio_pair Look at the example. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Running SSL on own socket code
The way I do things like this is to slightly modify OpenSSL (and keep track of the mods!) 1) Hunt down the socket code 2) Set a new variable, a pointer to a function (for each function you replace) (fptr in my example) 3) rename the routine to release_function 4) make a new function() which has the exact same args and a few lines of code int function() { If (!fptr) fptr = (int(*)())(release_function); return(*ftpr()); } In my code I put in the initialization routine: extern int (*fptr)(); fptr = (int(*)())(my_function); Note that is pseudo code and needs fleshing out. This is because often these functions are VERY tightly coupled including handshaking and things I don't really understand -- so I replace a low-level routine I do understand. And with new releases it only takes moments to re-do the 3-4 functions I do this with. It means that the OpenSSL code will still work as intended in all cases except where you chose to override. Using function pointers does have weird/odd/goofy syntax but works well. I primarily use this to override error logging as I have my own logging functions and I need to use syslog() for the version 1.2 PCI/PA-DSS compliance. I have also replaced low-level TCP code on occasion. In fact I would argue that all the logging functions should be released with this capability built in as that is one area I think a lot of people would like to customize, and if there is any interest I will modify the code and send it through channels to be included. Error handling is tightly coupled -- everywhere -- in the code, so my system makes using my own logging very easy. Eric At 07:22 AM 6/1/2011, Victor Duchovni wrote: On Tue, May 31, 2011 at 09:05:29AM -0400, Jeff Saremi wrote: I'd like to know the feasibility or complexity around using my own socket code with OpenSSL's ssl code. If I provide OpenSSL with a pair of BIOs to read and write would that be sufficient? How tightly integrated the code is with bio_connect and bio_socket? thanks jeff man BIO_new_bio_pair Look at the example. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Running SSL on own socket code
On Wed, Jun 01, 2011 at 10:56:47AM -0700, Eric S. Eberhard wrote: The way I do things like this is to slightly modify OpenSSL (and keep track of the mods!) Completely unnecessary, OpenSSL supports custom I/O layers via BIO pairs. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Running SSL on own socket code
Depends exactly what the person wants to do and also if he wants to use existing code and if he is familiar with the bio pairs. My point was not specific to his needs as there was not a lot of detail, only that making changes to the code is better and easier when you override functions -- such as I must do with the error handling (and anyone else writing PCI compliant code BTW -- MUST MUST -- do). In the old days I was stupid and inserted my code in to open source code ... making updates a nightmare. This externalizes changes and makes updates a cinch. Eric At 11:09 AM 6/1/2011, Victor Duchovni wrote: On Wed, Jun 01, 2011 at 10:56:47AM -0700, Eric S. Eberhard wrote: The way I do things like this is to slightly modify OpenSSL (and keep track of the mods!) Completely unnecessary, OpenSSL supports custom I/O layers via BIO pairs. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org