[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    RE: Is full-duplex socket use possible with OpenSSL?
From:       "David Schwartz" <davids () webmaster ! com>
Date:       2009-10-30 11:21:10
Message-ID: 012c01ca5953$15c39fa0$414adee0$ () com
[Download RAW message or body]


Mark wrote:

> I may be making a wrong assumption but if the cypher used is a block
> cypher does it not wait until a full block of data is ready before it
> can encrypt and send the data?  If a message does not consist of enough
> data to fill a block, could there be unencrypted data left in a buffer
> somewhere?  The peer would see that a whole message has not been
> received
> an wait for the rest of it ... which never comes.

No, that cannot happen. SSL does not permit the properties of the underlying
cipher it happens to be using to change the properties of SSL itself. That
would be horribly broken design. SSL presents a bidirectional byte-stream
that does not preserve message boundaries to the application layer,
regardless of the underlying cipher.

SSL does not encrypt and decrypt application data. It uses the underlying
cipher to encrypt and decrypt SSL protocol data that includes the
application data, among other things. It is the SSL protocol data that has
to be adapted to the underlying cipher.

DS



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]