A bio pairs question...
Hi*! I am implementing IOCP server (for Windows OS) supporting SSL. For SSL part i am trying to use OpenSSL's bio pairs. I have looked at the example in ssltest.c. As i understand (please correct me if i am wrong) of the three bios (s_ssl_bio, server, server_io) that get created in doit_biopair function, the server_io bio is used to read/write Encrypted data the s_ssl_bio is used to read/write UNEncrypted data. I have setup my code according to this principle. Now when the client connects, it sends some ssl-handshake (Encrypted) data I have to write it server_io. Here is how my function looks for writing to server_io BIO. bool CSSLSession::OnRecv(const std::string RecvData) { bool bRet = false; char *pData = NULL; int nRet = -1; int nLen = -1; nLen = BIO_ctrl_get_read_request(m_SessionInfo.ioBio); if( !nLen ) { bRet = true; return bRet; } nRet = BIO_nwrite0(m_SessionInfo.ioBio, pData); if( 0 = nRet || nLen nRet || !pData ) { return bRet; } nRet = nLen; #pragma warning (disable : 4018) if( nRet RecvData.size() ) { nRet = RecvData.size(); } #pragma warning (default: 4018) memcpy(pData, RecvData.data(), nRet); nRet = BIO_nwrite(m_SessionInfo.ioBio, pData, nRet); BIO_flush(m_SessionInfo.ioBio); bRet = true; return bRet; } I am for the time being not handling the retry options (will implement later). Now the problem is this call nLen = BIO_ctrl_get_read_request(m_SessionInfo.ioBio); always return 0 the function returns after that. Shouldn't the SSL engine be wating for some data on start of server side session?? since its the client who always sends the handshake data first. Can anyone help me solve this problem??? I check the return values while setting up ssl context and SSL objects and they all are retuning success. Thanks in Advance, Regards, Usman. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: A bio pairs question...
Hi there, You might have missed one thing in ssltest.c... there is a first call to BIO_read on the server side before any data is available. Before that call, the read request on server_io is actaully 0. After the call to BIO_read, then some data is requested. So if you're using read request, the trick would be to first attempt a read before any data is available. You can also try using write_guarantee. This basically would allow more data than requested to be available on the network BIO. In either case, be careful not to drop data that you have received from the network but that couldn't be fed into the network BIO right away. Since SSL uses a reliable transport layer, the other end can rightfully assume that this data has been received and it has no obligation to resend it. In your code it seems that this would be what is contained at the end in pData, beyond offset nRet - I think you should buffer this for future use... I hope this makes sense and helps :) Usman Riaz wrote: Hi*! I am implementing IOCP server (for Windows OS) supporting SSL. For SSL part i am trying to use OpenSSL's bio pairs. I have looked at the example in ssltest.c. As i understand (please correct me if i am wrong) of the three bios (s_ssl_bio, server, server_io) that get created in doit_biopair function, the server_io bio is used to read/write Encrypted data the s_ssl_bio is used to read/write UNEncrypted data. I have setup my code according to this principle. Now when the client connects, it sends some ssl-handshake (Encrypted) data I have to write it server_io. Here is how my function looks for writing to server_io BIO. bool CSSLSession::OnRecv(const std::string RecvData) { bool bRet = false; char *pData = NULL; int nRet = -1; int nLen = -1; nLen = BIO_ctrl_get_read_request(m_SessionInfo.ioBio); if( !nLen ) { bRet = true; return bRet; } nRet = BIO_nwrite0(m_SessionInfo.ioBio, pData); if( 0 = nRet || nLen nRet || !pData ) { return bRet; } nRet = nLen; #pragma warning (disable : 4018) if( nRet RecvData.size() ) { nRet = RecvData.size(); } #pragma warning (default: 4018) memcpy(pData, RecvData.data(), nRet); nRet = BIO_nwrite(m_SessionInfo.ioBio, pData, nRet); BIO_flush(m_SessionInfo.ioBio); bRet = true; return bRet; } I am for the time being not handling the retry options (will implement later). Now the problem is this call nLen = BIO_ctrl_get_read_request(m_SessionInfo.ioBio); always return 0 the function returns after that. Shouldn't the SSL engine be wating for some data on start of server side session?? since its the client who always sends the handshake data first. Can anyone help me solve this problem??? I check the return values while setting up ssl context and SSL objects and they all are retuning success. Thanks in Advance, Regards, Usman. -- Alain Damiral, Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: A bio pairs question...
Thanks for the reply Alain, I have changed as you mentioned by placing a call to do a read on s_ssl_bio (for reading/writing UNEncrypted Data). Here is how that function looks like... bool CSSLSession::GetData(std::string RecvData) { /*The RecvData WILL contain UN-ENCRYPTED-DATA that was received earlier*/ bool bRet = false; int nRet = -1; char RecvBuffer[BUF_LEN * 2] = {0, }; memset(RecvBuffer, 0, sizeof(char) * (BUF_LEN * 2)); nRet = BIO_read(m_SessionInfo.SSLBio, RecvBuffer, sizeof(char) * (BUF_LEN * 2)); if( 0 nRet ) { if( !BIO_should_retry(m_SessionInfo.SSLBio) ) { return bRet; } /* Ignore BIO_should_retry for the time being */ nRet = 1; } else { if( nRet ) { RecvData.assign(RecvBuffer, nRet); } } if( nRet ) { bRet = true; } return bRet; } Now, in the above function, BIO_should_retry returns true or 1 so afterwards i call the function (the one mentioned in my first post) to write data to server_io BIO (that was received from the client socket). This time BIO_ctrl_get_read_request(m_SessionInfo.ioBio); returns 5, and i write 5 bytes to the BIO and return (even though i always get something like 105 bytes in the beginning from the client). Now what should be done next with those remaining bytes??? Should try to write on the server_io BIO again (i tried that but the second time BIO_ctrl_get_read_request returns 0. Can you please help me sort this out. Thanks in Advance, Regards, Usman. My mail server crashed just before I could send this reply to the list so I'm using another email to send it directly to you. You can reply to the list if there are further questions... Hi there, You might have missed one thing in ssltest.c... there is a first call to BIO_read on the server side before any data is available. Before that call, the read request on server_io is actaully 0. After the call to BIO_read, then some data is requested. So if you're using read request, the trick would be to first attempt a read before any data is available. You can also try using write_guarantee. This basically would allow more data than requested to be available on the network BIO. In either case, be careful not to drop data that you have received from the network but that couldn't be fed into the network BIO right away. Since SSL uses a reliable transport layer, the other end can rightfully assume that this data has been received and it has no obligation to resend it. In your code it seems that this would be what is contained at the end in pData, beyond offset nRet - I think you should buffer this for future use... I hope this makes sense and helps :) _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]