I'm using a transport library that emulates Berkeley sockets API for working with it (complete with blocking and non-blocking modes). Needed to add TLS encryption to the data that I'm sending and can think of two ways:
Custom BIO: Found code for the Socket BIO, so thinking of making a copy of it and replacing all berkeley socket calls with the functions for that library. However, I can't find much info about Custom BIOs online, so wary of pitfalls I'd run into without getting much help.
Memory BIO: This approach has more followers and quite a few examples as well. Although, most warn that Memory BIO with non-blocking sockets is an order of magnitude more complicated than blocking route.
Regarding Memory BIO approach, The source code that I saw made sense to me but it was a simple echo client/server. The thing that's confusing me a lot is what to do when SSL_Read/SSL_Write return SSL_WANT_READ or SSL_WANT_WRITE. My understanding is that in case of Blocking Socket BIO, you just retry the call later, since underlying code will take care of things.
In case of Memory BIO + non-blocking sockets e.g. if SSL_Read returns SSL_WANT_WRITE, does that mean that my code should then read from output BIO (BIO_read) and send it to the socket and also don't allow any SSL_Read/SSL_Write until the original SSL_Read call succeeds? is it ok to allow SSL_Write during this time?
EDIT: I'll be using TLS 1.3 exclusively, just found out that it does Not support renegotiation. Does it mean that once connection is established I don't have to worry about WANT_WRITE on SSL_Read and WANT_READ on SSL_Write at all?
