what is the difference between BIO_read/BIO_write and SSL_read/SSL_write when the BIOs are memory BIOs and not socket BIOs?

I am confused about the difference between the BIO routines BIO_read()/BIO_write() and the SSL_read()/SSL_write() when the BIOs are memory BIOs and not socket BIOs.

I am trying to code a WebRTC server using libnice for the ICE stack and OpenSSL for the DTLS stack. The ICE stack has the socket connection to the client so I cannot use the socket-based BIOs in OpenSSL. Instead, I am using the memory BIOs.

So the high level procedure I am using is that, when I receive the DTLS messages from the client on the ICE socket, I write that message to the DTLS stack using BIO_write(). Then when the DTLS stack has a message to send to the client I get that message using the BIO_read() and send it to the client using the ICE socket.

I have seen some examples of source code that does essentially this procedure, but they also call the SSL_read() routine after the BIO_write() call. This makes no sense to me. Why is the call to SSL_read() necessary after I essentially have written the client message into the DTLS stack using the BIO_write() call? If I do not call SSL_read() after the BIO_write() my code does not work. But when I call SSL_read() after the BIO_write(), this is indeed exchanging the handshake messages with the browser client.

Question: Using memory BIOs, what is the difference between BIO_read() and SSL_read()?

Question: Using memory BIOs, what is the difference between BIO_write() and SSL_write()?

Question: Is the default memory BIO blocking or non-blocking? I am assuming it is non-blocking since it is a memory-based BIO and not a socket-base BIO.

Thanks,
-Andres

1 Answer

I stumbled upon the same problem with understanding how the whole thing works. I can provide you with some useful links and cites.

"The SSL layer is setup to work in buffer mode. So doing SSL_write means we're sending unencrypted bytes to the SSL library, so that it can encrypt these bytes and put the resulting encrypted bytes in a buffer. Then we read from the buffer using BIO_read. Same thing in reverse for reading. We ACTUALLY do BIO_write then SSL_read in that case."

Source:

OpenSSL data handling - check this part from link below. It might give you some useful information.

BIOs - check this part from link below. It might give you some useful information.

0

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like