libeap/eap_tls.c eaptls_process details
Hi, I have a question about the following code fragment found in eaptls_process in rlm_eap/libeap/eap_tls.c: /* * Decrypt the complete record. */ BIO_write(tls_session->into_ssl, tls_session->dirty_in.data, tls_session->dirty_in.used); /* * Clear the dirty buffer now that we are done with it * and init the clean_out buffer to store decrypted data */ (tls_session->record_init)(&tls_session->dirty_in); (tls_session->record_init)(&tls_session->clean_out); /* * Read (and decrypt) the tunneled data from the * SSL session, and put it into the decrypted * data buffer. */ err = SSL_read(tls_session->ssl, tls_session->clean_out.data, sizeof(tls_session->clean_out.data)); I think, BIO_write sends data out to the peer and SSL_read receives data from the peer here, but the comments suggest something else (like piping the data through decryption within the server). Which version is correct? ;-) Thanks in advance Carolin
Carolin Latze wrote:
I think, BIO_write sends data out to the peer and SSL_read receives data from the peer here, but the comments suggest something else (like piping the data through decryption within the server). Which version is correct? ;-)
BIO_write writes to the BIO. SSL_read reads from somewhere, decrypts the data, and returns the cleartext. The BIOs are in-memory buffers that abstract the interface to SSL. The SSL_read function can be pointed directly at a socket (via a set of helper functions), OR, it can be pointed at an in-memory buffer. The buffer allows FreeRADIUS to convert EAP-Message attributes into something more recognizable for OpenSSL. Alan DeKok.
participants (2)
-
Alan DeKok -
Carolin Latze