what is the difference between BIO_read/BIO_write and SSL_read/SSL_write when the BIOs are memory BIOs and not socket BIOs?

Question

I am confused about the difference between the BIO routines BIO_read()/BIO_write() and the SSL_read()/SSL_write() when the BIOs are memory BIOs and not socket BIOs.

I am trying to code a WebRTC server using libnice for the ICE stack and OpenSSL for the DTLS stack. The ICE stack has the socket connection to the client so I cannot use the socket-based BIOs in OpenSSL. Instead, I am using the memory BIOs.

So the high level procedure I am using is that, when I receive the DTLS messages from the client on the ICE socket, I write that message to the DTLS stack using BIO_write(). Then when the DTLS stack has a message to send to the client I get that message using the BIO_read() and send it to the client using the ICE socket.

I have seen some examples of source code that does essentially this procedure, but they also call the SSL_read() routine after the BIO_write() call. This makes no sense to me. Why is the call to SSL_read() necessary after I essentially have written the client message into the DTLS stack using the BIO_write() call? If I do not call SSL_read() after the BIO_write() my code does not work. But when I call SSL_read() after the BIO_write(), this is indeed exchanging the handshake messages with the browser client.

Question: Using memory BIOs, what is the difference between BIO_read() and SSL_read()?

Question: Using memory BIOs, what is the difference between BIO_write() and SSL_write()?

Question: Is the default memory BIO blocking or non-blocking? I am assuming it is non-blocking since it is a memory-based BIO and not a socket-base BIO.

Thanks,
-Andres

Answer 1

I stumbled upon the same problem with understanding how the whole thing works. I can provide you with some useful links and cites.

"The SSL layer is setup to work in buffer mode. So doing SSL_write means we're sending unencrypted bytes to the SSL library, so that it can encrypt these bytes and put the resulting encrypted bytes in a buffer. Then we read from the buffer using BIO_read. Same thing in reverse for reading. We ACTUALLY do BIO_write then SSL_read in that case."

Source: https://groups.google.com/forum/#!topic/grpc-io/8Ulf_G5kpyA

OpenSSL data handling - check this part from link below. It might give you some useful information. https://famellee.wordpress.com/2013/02/20/use-openssl-with-io-completion-port-and-certificate-signing/

BIOs - check this part from link below. It might give you some useful information. http://www.roxlu.com/2014/042/using-openssl-with-memory-bios