Friday, October 30, 2009

OpenSSL-Net

After my post yesterday, my next task was to do the same in .Net. Boy was I rewarded when I used Google to search for "OpenSSL Net". I was presented with "OpenSSL-NET", a managed wrapper for OpenSSL! Interestingly enough, this wasn't the first time I have looked for such a project. In the past, the most I found was people looking for the same. What a reward, I don't have to implement a C# wrapper for OpenSSL :). Now on to the good stuff, I took the work I did yesterday and converted into a C# object oriented sample. To reproduce my efforts, I have packaged all my work here. For simplicity, I've included an OpenSSL-NET dll. One caveat, the current distribution of OpenSSL.NET won't work with the binary, I had to make a few tweaks, such as making the Ssl, SslContext, and some Enums linkable (i.e. internal to public) and then I added a couple of additional Ssl functions to the library. I've sent a patch to the manager and hopefully the changes get imported into the official library.

What does that leave next? Figuring out how to distribute OpenSSL with our libraries for Windows support. Windows presents an interesting problem as it apparently lacks an up-to-date OpenSSL distribution. So with that in mind, I'll probably attempt to integrate our current security stack and have OpenSSL DTLS as an option instead. That way, users who just want a simple to install system don't have to worry about installing OpenSSL and configuring our application to properly link to it.

Also another booger about OpenSSL is that the library names differ between Windows and Linux and there are a TON of functions called by the library. As such, the author has a library for Linux and Windows. One option to resolve this is to use a Windows version and created symbolic links in the local directory from the Linux ssl libraries to Windows ssl names.

I'm really looking forward to removing dependency of our system from our own security stack. It means that we don't have to worry (as much) about something so critical. I don't regret writing the original security stack, because I learned SO much and much of the framework or at least the ideas will be kept from the transition of the old stack to the new. Also I suspect the transition from managed security code to unmanaged will create a much faster system.

To assist in keeping track of my changes to the OpenSSL.NET code, I've put up a git repository at github.

5 comments:

  1. Hi David
    I am looking for a sample code for using OpenSSL.Net to encrypt data using a public key that was generated using MS RSACryptoServiceProvider. Can this be done? Can you refer me to somewhere that will help me solve this issue?

    ReplyDelete
  2. Wow, so sorry I never saw this. I think you need to look at converting the key into DER / PEM format and then importing it into an OpenSSL.net type, but it has been far too long since I've worked on this.

    ReplyDelete
  3. Hi David,

    I wanted to open your example, but unfortunately the URL is not available any more. Please could you update the link? I was looking for an example usage of DTLS in OpenSSL Net but did not find it anywhere. It would help me a lot.

    ReplyDelete
  4. I know this is a long shot since it seems this blog has been abandoned, but would you mind updating the link for your example? I am trying to use openssl-net and have found it very difficult given the little documentation and very few examples I could find. It would be a HUGE help to see how you worked it out.

    Thank you!

    ReplyDelete