Hash: SHA1

Tomas Neme wrote:

| The documentation's poor at best, and I don't completely get the
| general concepts. From reading examples I figure that only the
| BIO_f_ssl does encryption-decryption when written into? so what should
| I do if I want to provide an api that has functions b_encrypt and
| encrypt_flush?

If you want to do SSL, you should stick with BIO_f_ssl.
If you want to do some other encryption, you can use BIO_f_cipher.

| I have to use OpenSSL with memory buffers, because I
| can't give it direct access to sockets, so I'm wondering how to handle
| the handshakes and whatnot in a non-blocking way.

How good is your C ?
you could look into bio_s_socket and implement your own bio.
After you understood the concept behind BIO, it is simple to do...

| Do I need 2
| BIO_f_ssls, one for imput and one for output, or what?

No. you treat it almost as a normal socket:
You write data to be encrypted (and sent to the peer) into it and
read decrypted data (received from the peer) from it.

| I don't want the SSL
| object to handle the sockets directly because this has to be portable,
| but I don't fully understand which kinds of BIOs do I need to model
| this data flow, and how do I handle the handshakes and the such.

The SSL bio is just a filter.
It relies on an underlying BIO to do the low level IO communication.
This way you can use different network implementations to transport
the encrypted data.


- --
DMCA: The greed of the few outweighs the freedom of the many
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org