Yes, please forgive my previous post as something was wrong with my web mail and I was unable to edit the subject. I am using overlapped IO in order to transfer the chunks of data back and forth between a client thread and a client application. Implementing overlapped transport was much more convenient for me as the data to be sent to the client can be posted to the send queue from other components connected to the custom server. The data flow between the client and server is continuous. After looking for some posts online I did realize that the way to implement openssl with overlapped IO would be through use of BIOs and possibly bio pairs, but I was not able to get it working completely. The client and server have the SSL connection established and I do receive the data on request/response, but I am facing several issues:
Obviously I receive an encrypted data from the client and I need to sent out the encrypted data back to the client. This is how I send the data out from server to the client and this piece is working, however I doubt I am doing it correctly because I cannot seem to find a way to clear the data within the write bio: class members and how they are initialized: BIO* buf_bio_write = BIO_new(BIO_s_mem()); BIO *buf_bio_read = BIO_new(BIO_s_mem()); BIO* ssl_bio = BIO_new(BIO_f_ssl()); SSL_set_bio(this->ssl_contex, buf_bio_read, buf_bio_write); BIO_set_ssl(ssl_bio, this->ssl_context, BIO_NOCLOSE); // to encrypt regular stream I do the following: int ssl_write = 0; ssl_write = BIO_write(ssl_bio, response_data->data, response_data->len); BIO_flush(buf_bio_write); // response_data is a small buffer implementation, just contains char* and len int original_size = response_data->len; int new_size = buf_bio_write->num_write; BUF_MEM *bio_mem_write; BIO_get_mem_ptr(buf_bio_write, &bio_mem_write); // set the string STR_SET(response_data, (char*) bio_mem_write->data, new_size);// so I set the stream to encrypted stream, with new length this->bytes_to_transmit -= original_size; this->bytes_to_transmit += new_size; BIO_reset(buf_bio_write);// this doesn't do anything to the BIO, I still have buf_bio_write->num_write set to what it was // I do not know how to clear the data from the BIO after the call to BIO_write was called. // After this the application sends the response_data and it successfully gets to the client application, the only problem here is that I do not know how to clear what I have written to ssl_bio When I receive data I receive it encrypted (unreadable characters) but here I do not know how to retrieve it using the structures I have setup at the top. Basically I tried first writing that encypted data to ssl_bio and then reading it with no luck. I believe I am doing it incorrectly. I was not able to find an example or explanation that was clear to me (I've also looked at ssltest.c file which comes with openssl and I do not find how I can related that to my application as I already have an established ssl connection between the server and the client). Any help would be greatly appreciated. Thanks all, ----- Forwarded Message ---- From: Darryl Miles <darryl-mailingli...@netbauds.net> To: openssl-users@openssl.org Sent: Mon, October 26, 2009 4:22:04 PM Subject: Re: Is full-duplex socket use possible with OpenSSL? Konstantin Ivanov wrote: > I am developing a server application which is based on Windows IO Completion > ports which basically means that the reads and write to the socket are > asynchronous. This also means that I cannot use the SSL_read and SSL_write > functions which are tied to the socket fd if I am correct. So I tried to use > the BIO_read and BIO_write, but I am having difficulty in using it. Basically > what I would like to do is to read the content passed from the client over > SSL connection into the buffer, which I can decrypt using, parse, and then > issue another read command on the completion port. For send, I would like to > write data into an encrypted buffer and then post a send command to the > completion port with the pointer to encrypted data. Can someone please > comment on how I could implement such functionality as I believe I am suing > the BIO_read and BIO_write incorrect (this was the tutorial that I referred > to: http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html) > Thanks, BIOs should be used for overlapped IO. Your BIO layer is responsible for allocating and pinning chunks of memory while the OS has the IO in progress and then getting IO completion signals and unpinning/deallocating that memory. Like all good programs your BIO should track the total amount of memory in use by a single socket and place arbitrary limits so that the correct soft-error returns can be provided to effect flow-control. Of course you _CAN_ still use SSL_read() and SSL_write(). Those two functions are for managing clear-text (aka application data) in relation to the SSL communications stream. The API from the point-of-view should work in a useful way even with overlapped IO. With overlapped IO you create your own BIO layer (which is the buffering layer underneath the OpenSSL library. You then use this instead of the default "BIO socket" implementation. Your BIO is only handling cypher-text data and its job is to effect flow-control, buffering and conveyance of the cypher-text data to the other end of the connection. If you really want assistance with overlapped IO then I suggest you create a new thread for it. If you are having major problems with overlapped IO why don't you used regular sockets first get your code working on that. You can upgrade your code to use overlapped IO later but all of the code that handlers clear-text can remain the same (you won't need to re-work it). Overlapped IO is the Windows performance networking solution does your application even need that find of performance ? Are you moving large amounts of bulk-data around ? Darryl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
