> I am using OpenSSL purely as an "encryption/decryption library".
> By this I mean that I use BIO chains to en/decrypt data that is
> then returned to me. This data is received/sent using a
> transport exterior to OpenSSL. For example, imagine me passing
> data to OpenSSL, it passes encrypted data back and then I call
> "send()" directly to send this encrypted data.
>
> Similar processing occurs on the receive side; "recv()" data,
> pass to OpenSSL for decryption, receive back data and carry on.
I use OpenSSL this way.
> As one example of the problems I need to address, my transport
> may receive either a complete OpenSSL frame, a partial OpenSSL
> frame , more than one complete OpenSSL frame or a mix of complete
> and partial frames which means that I have to give the data to
> OpenSSL then ask "any decrypted data yet?".
Right, in fact, don't even think of that as a problem. As far as you are
concerned, there is no connection whatsoever between the five things that
you have to do.
1) If there's plaintext data to be sent, you need to get it to OpenSSL.
2) If there's decrypted plaintext from OpenSSL, you need to get it to the
application.
3) If there's encrypted data from OpenSSL, you have to get it to the
connection.
4) If there's data received from the connection, you have to get it to
OpenSSL.
5) You have to monitor the connection/negotiation state from the
application, the connection, and OpenSSL and handle any errors or state
changes appropriately.
Trust me, it helps if you don't think of these five things as connected in
any way.
> Similarly, at connection initialization, I need to ask "handshake
> completed yet and if so, OK or failed?".
>
> The problem is that the documentation for this mode of operation
> is poor and although I have a more-or-less working system, there
> are definitely holes which I want to plug. So my question is...
>
> Anyone use OpenSSL in this manner and/or able to point me at some
> clear documentation of the correct interfaces to use and how to
> use them?
>
> Thanks for any help you can offer.
The best documentation I found is the BIO pairs example code in
'ssltest.c'.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
