OpenSSL SSL_read malfunction

Question

I'm trying to write a c++ application connecting to a server with OpenSSL. I can send data, that arrives undamaged to the server, but the read operation reads just 1 byte.

The code :

char*           dest_url = "147.87.116.74";
X509                *cert = NULL;
X509_name_st    *certname = NULL;
const SSL_METHOD *method;
SSL_CTX *ctx;
SSL *ssl;
int server = 0;
int ret, i;

/* ---------------------------------------------------------- *
* These function calls initialize openssl for correct work.  *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();
SSL_load_error_strings();

/* ---------------------------------------------------------- *
* initialize SSL library and register algorithms             *
* ---------------------------------------------------------- */
SSL_library_init();

/* ---------------------------------------------------------- *
* Set SSLv2 client hello, also announce SSLv3 and TLSv1      *
* ---------------------------------------------------------- */
method = TLSv1_2_client_method();

/* ---------------------------------------------------------- *
* Try to create a new SSL context                            *
* ---------------------------------------------------------- */
ctx = SSL_CTX_new(method);

/* ---------------------------------------------------------- *
* SSL certificate checking      AND MY STUFF    
* thanks guys http://h71000.www7.hp.com/doc/83final/ba554_90007/ch05s03.html
* ---------------------------------------------------------- */
SSL_CTX_load_verify_locations(ctx, "ca.crt", nullptr);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 1);

/* ---------------------------------------------------------- *
* Create new SSL connection state object                     *
* ---------------------------------------------------------- */
ssl = SSL_new(ctx);

/* ---------------------------------------------------------- *
* Make the underlying TCP socket connection                  *
* ---------------------------------------------------------- */
server = create_socket(dest_url);

/* ---------------------------------------------------------- *
* Attach the SSL session to the socket descriptor            *
* ---------------------------------------------------------- */
SSL_set_fd(ssl, server);

/* ---------------------------------------------------------- *
* Try to SSL-connect here, returns 1 for success             *
* ---------------------------------------------------------- */
SSL_connect(ssl);

/* ---------------------------------------------------------- *
* send some text                                              *
* -----------------------------------------------------------*/
char* tSend = "testdata";
int sendSize = strlen(tSend);
int net_tSend = htonl(sendSize);

SSL_write(ssl, &net_tSend, 4);
SSL_write(ssl, tSend, sendSize);

long size = 0L;
int bytesread = SSL_read(ssl, &size, 4);

My questions : Is is imperative to use a BIO object ? Why is the read() function reading just 1 byte ? How can i retrieve/read errors ?

Answer 1

The number of bytes read is arbitrary. If you know exactly how many bytes you should receive, you can use a function that reads exactly that number.

This function is a drop in replacement for SSL_read that always reads exactly the number of bytes specified unless there is an error. It returns <0 on error (call SSL_get_error). It returns 0 if the connection is shut down. On success, it returns the number of bytes read, which will always be the same as the number asked for.

int SSL_read_all(SSL *ssl, void* buf, int num)
{
    char* ptr = reinterpret_cast<char*>(buf);
    int read_bytes = 0;
    while (read_bytes < num)
    {
         int r = SSL_read(ssl, ptr + read_bytes, num - read_bytes);
         if (r <= 0)
             return r;
         read_bytes += r;
    }
    return read_bytes;
}

You do not need to use a BIO explicitly if OpenSSL is talking directly to the socket.