BIO pairs SourceSink BIOs
4.3.1.4 BIO pairs
The final type of sourcesink BIO that well discuss is a BIO pair. A BIO pair is similar to an anonymous pipe, [1] but does have one important difference. In a BIO pair, two sourcesink BIOs are bound together as peers so that anything written to one can be read from the other. Similarly, an anonymous pipe creates two endpoints, but only one can be written to, and the other is read from. Both endpoints of a BIO pair can be read to and written from. [1] An anonymous pipe is a common operating system construct in which two file descriptors are created, but no file is created or socket opened. The two descriptors are connected to each other where one can be written to and the other read from. The data written to one half of the pipe can be read from the other half of the pipe. A BIO pair can be formed by joining two already existing BIO objects, or two new BIO objects can be created in a joined state. The function BIO_make_bio_pair will join two existing BIO objects created using the BIO_METHOD object returned from the BIO_s_bio function. It accepts two parameters, each one a BIO that will be an endpoint in the resultant pair. When a BIO is created using BIO_s_bio to obtain a BIO_METHOD suitable for use with BIO_new , it must be assigned a buffer with a call to BIO_set_write_buf_size , which accepts two parameters. The first is the BIO to assign the buffer to, and the second is the size in bytes of the buffer to be assigned. New BIO objects can be created already joined with the convenience function BIO_new_bio_pair , which accepts four parameters. The first and third parameters are pointers to BIO objects that will receive a pointer to each newly created BIO object. The second and fourth parameters are the sizes of the buffers to be assigned to each half of the BIO pair. If an error occurs, such as an out of memory condition, the function will return zero; otherwise, it will return nonzero. The function BIO_destroy_bio_pair will sever the pairing of the two endpoints in a BIO pair. This function is useful when you want to break up a pair and reassign one or both of the endpoints to other potential endpoints. The function accepts one parameter, which is one of the endpoints in a pair. It should only be called on one half of a pair, not both. Calling BIO_free will also cleanly sever a pair, but will only free the one endpoint of the pair that is passed to it. One of the useful features of BIO pairs is their ability to use the SSL engine which requires the use of BIO objects while maintaining control over the low-level IO primitives. For example, you could provide an endpoint of a BIO pair to the SSL engine for reading and writing, and then use the other end of the endpoint to read and write the data however you wish. In other words, if the SSL engine writes to the BIO, you can read that data from the other endpoint and do what you wish with it. Likewise, when the SSL engine needs to read data, you write to the other endpoint, and the SSL engine will read it. Included in the OpenSSL distribution is a test application the source file is sslssltest.c that is a good example of how to use BIO pairs. It implements a client and a server in the same application. The client and the server talk to each other within the same application without requiring sockets or some other low-level communication mechanism. Example 4-7 demonstrates how BIO pairs can be created, detached, and reattached. Example 4-7. Creating BIO pairs a = BIO_newBIO_s_bio; BIO_set_write_buf_sizea, 4096; 79 b = BIO_newBIO_s_bio; BIO_set_write_buf_sizeb, 4096; BIO_make_bio_paira, b; BIO_new_bio_paira, 8192, b, 8192; c = BIO_newBIO_s_bio; BIO_set_write_buf_sizec, 1024; BIO_destroy_bio_paira; disconnect a from b BIO_make_bio_paira, c;4.3.2 Filter BIOs
Parts
» Network Security With OpenSSL 2002
» Goals of Cryptography Cryptography for the Rest of Us
» Symmetric key encryption Cryptographic Algorithms
» Public key encryption Cryptographic Algorithms
» Cryptographic hash functions and Message Authentication Codes
» Overview of SSL Introduction
» Cryptographic acceleration hardware Load balancing
» Bad Server Credentials Problems with SSL
» Certificate Validation Problems with SSL
» Poor Entropy Problems with SSL
» Insecure Cryptography Problems with SSL
» Other Transport Layer Protocols Non-Repudiation Protection Against Software Flaws
» Server-Side Proxies Securing Third-Party Software
» Client-Side Proxies Securing Third-Party Software
» Configuration Files The Basics
» Passwords and Passphrases Command-Line Interface
» Seeding the Pseudorandom Number Generator
» Private Certification Authorities Public Certification Authorities
» Certificate Revocation Lists Certificates
» Online Certificate Status Protocol
» Personal Certificates Obtaining a Certificate
» Code-Signing Certificates Obtaining a Certificate
» Web Site Certificates Obtaining a Certificate
» Creating an Environment for Your Certification Authority
» Building an OpenSSL Configuration File
» Creating a Self-Signed Root Certificate
» Revoking Certificates Setting Up a Certification Authority
» Static Locking Callbacks Multithread Support
» Dynamic Locking Callbacks Multithread Support
» Manipulating Error Queues Internal Error Handling
» Human-Readable Error Messages Internal Error Handling
» Threading and Practical Applications
» Memory sourcessinks File sourcessinks
» Socket sourcessinks SourceSink BIOs
» Filter BIOs Abstract InputOutput
» Seeding the PRNG Random Number Generation
» Using an Alternate Entropy Source
» The Basics Arbitrary Precision Math
» Mathematical Operations Arbitrary Precision Math
» Generating Prime Numbers Arbitrary Precision Math
» Using Engines Support Infrastructure
» Background Step 1: SSL Version Selection and Certificate Preparation
» Certificate preparation Step 1: SSL Version Selection and Certificate Preparation
» Our example extended Step 1: SSL Version Selection and Certificate Preparation
» Background Incorporating trusted certificates
» Certificate verification Step 2: Peer Authentication
» Incorporating certificate revocation lists
» Post-connection assertions Step 2: Peer Authentication
» Further extension of the examples
» Setting SSL options Step 3: SSL Options and Cipher Suites
» Ephemeral keying Step 3: SSL Options and Cipher Suites
» Cipher suite selection Step 3: SSL Options and Cipher Suites
» The final product Step 3: SSL Options and Cipher Suites
» Beyond the example Step 3: SSL Options and Cipher Suites
» Client-side SSL sessions SSL Session Caching
» Server-side SSL sessions SSL Session Caching
» An on-disk, session caching framework
» Reading and writing functions
» Blocking IO IO on SSL Connections
» Non-blocking IO IO on SSL Connections
» Implementing renegotiations IO on SSL Connections
» Renegotiations in 0.9.7 IO on SSL Connections
» Further notes IO on SSL Connections
» Block Ciphers and Stream Ciphers
» AES Blowfish CAST5 Available Ciphers
» IDEA RC2™ RC4™ Available Ciphers
» Initializing Symmetric Ciphers Encrypting with the EVP API
» Specifying Key Length and Other Options
» Encryption Encrypting with the EVP API
» Decryption Encrypting with the EVP API
» Handling UDP Traffic with Counter Mode
» General Recommendations Symmetric Cryptography
» Secure HTTP Cookies Hashes and MACs
» When to Use Public Key Cryptography
» Generating and Exchanging Parameters
» Computing Shared Secrets Diffie-Hellman
» The Basics Digital Signature Algorithm DSA
» Generating Parameters and Keys
» Signing and Verifying Digital Signature Algorithm DSA
» Data Encryption, Key Agreement, and Key Transport
» Signing and Verifying The EVP Public Key Interface
» Encrypting and Decrypting The EVP Public Key Interface
» Writing and Reading DER-Encoded Objects
» Writing and Reading PEM-Encoded Objects
» Net::SSLeay Variables Net::SSLeay for Perl
» Net::SSLeay Error Handling Net::SSLeay Utility Functions
» Net::SSLeay Low-Level Bindings
» M2Crypto.SSL High-Level Classes
» Miscellaneous crypto High-Level Classes
» Extensions to httplib: httpslib
» Extensions to urllib: m2urllib Extensions to xmlrpclib: m2xmlrpclib
» General Functions OpenSSL Support in PHP
» Certificate Functions OpenSSL Support in PHP
» Encryption and Signing Functions
» PKCS7 SMIME Functions OpenSSL Support in PHP
» Object Stacks Advanced Programming Topics
» Configuration Files Advanced Programming Topics
» Subject name Generating Requests
» X.509 Version 3 extensions Putting it all together
» X.509 Certificate Checking X.509
» Signing and Verifying PKCS7 and SMIME
» Encrypting and Decrypting PKCS7 and SMIME
Show more