> I am trying to use a memory BIO to decrypt data > from a TCP stream I am processing, > I have followed the following steps and for some reason > I am still not able to get the > SSL_READ function to return anything but -1? > I have looked at the archives and it > appears that this method has worked for others ?
> So I am guessing I am missing something > Simple (Hoping more like it J >SSL_library_init() >SSL_load_error_strings() >meth =SSLv23_method() >ctx = SSL_CTX_new(meth) >ssl = SSL_new(ctx) >SSL_CTX_use_PrivateKey_file() <- Returns 1 from what I can tell is success(PEM) >SSL_CTX_use_certificate_file() <- Returns 1 from what I can tell is success (PEM) >memBIO = BIO_new(BIO_s_mem()) >BIO_write(memBIO, data, datasize) >SSL_set_bio(ssl, memBIO, memBIO) >SSL_read(); I guess I don't understand what you're trying to do. Are you trying to make an SSL session or are you trying to decrypt some static data? It looks to me like you may have a fundamental misunderstanding of what SSL does. Is your thinking something like this: "I create an SSL session. Then I'll hand it some plaintext, it will encrypt it, and I'll send that to the server. When I get some encrypted data back, I'll give it to the SSL session, it will decrypt it, and give me that." If so, no. SSL is not a stream cipher or a block encryption/decryption engine. You need to think like this: "I create an SSL session. Sometimes it will give me data to send to the server, and I'll hand that data to the server. If I get any data from the socket, I'll give that to the SSL session. If I have any data I want to encrypt and send, I'll give it to the SSL session. If it has any plaintext for me, I'll process it." Because you might receive a partial record, from which SSL_read can't return anything. And SSL_write might need to read some data from the SSL connection in order to complete negotiation. Or a million things might happen. Also, SSL is an active process. You cannot reconstruct a stored SSL session the same way you run one end of a connection. (It's not clear whether that's what you're trying to do. Where did you 'data' and 'datasize' come from?) DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
