Bio's creation and application
--- Translation according to OpenSSL DOC / CRYPTO / BIO / BIO_NEW_BIO_PAIR.POD and its own understanding
(Author: DragonKing Mail: wzhah@263.net Posted: http: //gdwzh.126.com of openssl professional forum)
BIO is a pair of cache BIOs that are specifically created in the BIO. To create a BIO pair, call the following definitions (OpenSSL / BIO.H):
INT BIO_NEW_BIO_PAIR (Bio ** Bio1, Size_t WriteBuf1, Bio ** Bio2, Size_t WriteBuf2);
This function is successfully returned after success, this time BIO1 and BIO2 are valid; otherwise it returns 0, and BiO1 and BiO2 will be set to NULL, which is after the wrong stack is detected to get more error messages.
This BIO can be created after the creation, it can be used as the input and output of the data buffer. A typical application is one end and SSL IO connection, while the other end is applied, so that the application does not need to be dealt with directly with the network connection.
These two BIO pairs are completely symmetrical, and their buffer is determined by the parameters WriteBuf1 and WriteBuf2. If the given size is 0, then the function will use the default cache size. Bio_New_BIO_PAIR does not check if Bio1 and Bio2 don't really point to other BIOs, BIO1, and BIO2 are rewritten, but the BIO_FREE () function will not be called until this time. So, before using BIO1 and BIO2, you must guarantee that both variables are empty, otherwise the memory can be leaked.
It is worth noting that although these two BIOs are created together, they must be released separately. The reason why this is an important reason, because some SSL functions, such as SSL_SET_BIO or BIO_FREE hidden to call the BIO_FREE function, so this time the other end BIO can only be released separately.
In order to let everyone have an inductive understanding of the application model of BIO, the following will give a simple example of explanation.
The BIO pairs can give the fully controlled power to network processing in the application, and the program can call the SOKET's SELECT () function as needed, but can avoid direct processing SSL interfaces. Here is a simple code model using BIO_NEW_BIO_PAIR:
BIO * INTERNAL_BIO, * NETWORK_BIO;
...
BIO_NEW_BIO_PAIR (INTERNAL_BIO, 0, Network_BIO, 0);
SSL_SET_BIO (SSL, INTERNAL_BIO);
SSL_OPERATIONS ();
...
Application | TLS-ENGINE
| | |
--------> SSL_Operations ()
| // ||
| || //
| BIO-PAIR (Internal_BIO)
-------- | | | Socket | ... SSL_FREE (SSL); / * Implicit release infinal_bio * / BIO_FREE (NetWork_BIO); / * Explicitly release network_bio * / ... Because BIO pairs will only simply cache data without directly involving connections, it seems to be non-blocking interface, if the write is full or slower, the call IO function will return immediately. That is, the application must perform a FLUSH operation on the write cache or perform Fill operations on the read cache. You can use the BIO_CTRL_PENDING function previously introduced to see if there is data in the cache and need to be transferred to the network; The above two functions ensure the correct SSL operation. It should be noted that the call of SSL_OPERATION may have returned an error_ssl_want_read value, but the write cache has data, so the application cannot be simply determined according to this error code, but must guarantee writing caches and perform Flush operations. Otherwise, it will cause death lock, because the other end may know that there is data will continue the following operations.
