SSL wrapper stream in C

Question

I have a simple stream_t type in C with your basic read/write operations, and support for multiple underlying implementations using function pointers. So a stream could be backed by a file, a char buffer, etc.

One stream type is a standard POSIX socket, and I would like to code a wrapper stream that will add SSL support to an existing stream, similar to .NET's SslStream. So I could write something like this:

stream_t *socket = something();

// wrap existing stream and perform handshake as client
stream_t *ssl_stream = ssl_stream_create(socket);
ssl_stream_authenticate_as_user(ssl_stream);

// now all read/writes are encrypted and passed through to the wrapped stream

I have written some SSL socket code before using OpenSSL's BIO_new_connect(...) etc. but this is a higher level API than what I need. Does OpenSSL expose the functions I would need to manually perform the handshake and encryption? Or is there some other library I can use?

Answer 1

I have used a BIO_s_mem as a cover for SSL socket operations. I would read from and write to the socket myself (rather than giving the handle to OpenSSL and having it do the reading/writing). The handshake is done when you call SSL_accept (on the server side) or SSL_connect (on the client side). Other than that, just call SSL_read and SSL_write to do the reading and writing.

Answer 2

I don't know any libraries you can use but you can find plenty of samples. Most applications in C would have to do the same for their TCP code so SSL and raw socket versions don't differ too much.

For example, check out ssl_unix.c from Pine IMAP,

https://svn.cac.washington.edu/public/alpine/snapshots/imap/src/osdep/unix/

It does exactly what you are describing with OpenSSL.