what is the difference between BIO_read/BIO_write and SSL_read/SSL_write when the BIOs are memory BIOs and not socket BIOs?

核能气质少年 提交于 2020-01-01 03:23:05

问题


I am confused about the difference between the BIO routines BIO_read()/BIO_write() and the SSL_read()/SSL_write() when the BIOs are memory BIOs and not socket BIOs.

I am trying to code a WebRTC server using libnice for the ICE stack and OpenSSL for the DTLS stack. The ICE stack has the socket connection to the client so I cannot use the socket-based BIOs in OpenSSL. Instead, I am using the memory BIOs.

So the high level procedure I am using is that, when I receive the DTLS messages from the client on the ICE socket, I write that message to the DTLS stack using BIO_write(). Then when the DTLS stack has a message to send to the client I get that message using the BIO_read() and send it to the client using the ICE socket.

I have seen some examples of source code that does essentially this procedure, but they also call the SSL_read() routine after the BIO_write() call. This makes no sense to me. Why is the call to SSL_read() necessary after I essentially have written the client message into the DTLS stack using the BIO_write() call? If I do not call SSL_read() after the BIO_write() my code does not work. But when I call SSL_read() after the BIO_write(), this is indeed exchanging the handshake messages with the browser client.

Question: Using memory BIOs, what is the difference between BIO_read() and SSL_read()?

Question: Using memory BIOs, what is the difference between BIO_write() and SSL_write()?

Question: Is the default memory BIO blocking or non-blocking? I am assuming it is non-blocking since it is a memory-based BIO and not a socket-base BIO.

Thanks,
-Andres


回答1:


I stumbled upon the same problem with understanding how the whole thing works. I can provide you with some useful links and cites.

"The SSL layer is setup to work in buffer mode. So doing SSL_write means we're sending unencrypted bytes to the SSL library, so that it can encrypt these bytes and put the resulting encrypted bytes in a buffer. Then we read from the buffer using BIO_read. Same thing in reverse for reading. We ACTUALLY do BIO_write then SSL_read in that case."

Source: https://groups.google.com/forum/#!topic/grpc-io/8Ulf_G5kpyA

OpenSSL data handling - check this part from link below. It might give you some useful information. https://famellee.wordpress.com/2013/02/20/use-openssl-with-io-completion-port-and-certificate-signing/

BIOs - check this part from link below. It might give you some useful information. http://www.roxlu.com/2014/042/using-openssl-with-memory-bios



来源:https://stackoverflow.com/questions/38516584/what-is-the-difference-between-bio-read-bio-write-and-ssl-read-ssl-write-when-th

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!