Hi all,
I'm writing Windows clients and servers that don't allow access to the
bare socket so searched on the list and the web for help and have ended
up with some code that uses two memory BIO's and a filter BIO to push
data through the SSL.
Something like:
m_pIn = BIO_new(BIO_s_mem());
m_pOut = BIO_new(BIO_s_mem());
SSL_set_bio(m_pSSL, m_pIn, m_pOut);
m_pFilter = BIO_new(BIO_f_ssl());
BIO_set_ssl(m_pFilter, m_pSSL, BIO_NOCLOSE);
And I handle receieved data with something like:
BIO_write(m_pIn, pDataIn, dataSize);
BYTE buffer[BUFFER_SIZE];
int bytes = BIO_read(m_pFilter, (void*)buffer, BUFFER_SIZE);
// pull through SSL
if (bytes > 0)
GiveBytesToClient(buffer, bytes);
Sent data with:
BIO_write(m_pFilter, pDataOut, dataSize); // push
through SSL
And deal with the fact that reads and writes can both generate data to
send to the peer with something like:
while ((pending = BIO_ctrl_pending(m_pOut)) > 0)
{
int bytesToSend = BIO_read(m_pOut, (void*)buffer, BUFFER_SIZE);
if (bytesToSend > 0)
SendToPeer(buffer, bytesToSend);
This all seems to work fine, however the posters on the list always seem
to advise using a BIO_pair in this situation. I though that this would
be useful to me as it would allow the use of BIO_nread to access the
available data in place rather than copying it out and (in my case) then
copying it again in SendToPeer and GiveByteToClient...
So, I've done something like this:
if (!BIO_new_bio_pair(&m_pIn, 0, &m_pOut, 0))
throw "TODO";
SSL_set_bio(m_pSSL, m_pIn, m_pIn);
m_pFilter = BIO_new(BIO_f_ssl());
BIO_set_ssl(m_pFilter, m_pSSL, BIO_NOCLOSE);
The only change for receieved data is that:
BIO_write(m_pIn, pDataIn, dataSize);
Becomes (the less intuitive)
BIO_write(m_pOut, pDataIn, dataSize);
This works fine if I continue to use BIO_read() in both places. It also
works if I use BIO_nread() in the SendToPeer() scenario but it fails
completely if I try to use BIO_nread() in the GiveBytesToClient()
situation.
What seems to be happening is that at the point in the read where I want
to "pull the data through the SSL engine" in the GiveBytesToClient()
scenario BIO_nread() (on any of the BIOs involved) simply pulls the raw
data out and doesn't pull it through the SSL engine. So rather than
processing the data and returning the decrypted data it simply returns
the raw data.
I notice that the code in ssltest.c uses BIO_read() to pull the data out
in this scenario. Is there any way to cause the data to be processed but
still access it in place in the bio?
Len
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
