[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Matt Caswell
matt at openssl.org
Tue Jan 27 14:39:49 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 53e652ae447fd4eafb7763ca6e1d1254609af206 (commit)
via 131d3fdfe2deae6c7ff180c561c088e3e11dd659 (commit)
via 1895583835239bc44c3f6584e48f0279ad884f3b (commit)
from 5226c62b7632dfaf38480919d406307318a7d145 (commit)
- Log -----------------------------------------------------------------
commit 53e652ae447fd4eafb7763ca6e1d1254609af206
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 26 23:28:31 2015 +0000
Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.
Reviewed-by: Andy Polyakov <appro at openssl.org>
(cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583)
commit 131d3fdfe2deae6c7ff180c561c088e3e11dd659
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 26 16:46:49 2015 +0000
Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.
Reviewed-by: Andy Polyakov <appro at openssl.org>
(cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe)
Conflicts:
apps/s_client.c
apps/s_server.c
commit 1895583835239bc44c3f6584e48f0279ad884f3b
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 26 16:47:36 2015 +0000
Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.
RT#3657
Reviewed-by: Andy Polyakov <appro at openssl.org>
(cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 6 -----
apps/s_server.c | 12 ---------
doc/ssl/SSL_CTX_set_read_ahead.pod | 51 ++++++++++++++++++++++++++++++++++++
doc/ssl/SSL_pending.pod | 8 +++---
doc/ssl/ssl.pod | 7 +++++
ssl/s3_pkt.c | 3 ++-
6 files changed, 65 insertions(+), 22 deletions(-)
create mode 100644 doc/ssl/SSL_CTX_set_read_ahead.pod
diff --git a/apps/s_client.c b/apps/s_client.c
index 0bbc065..758fb25 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1149,12 +1149,6 @@ int MAIN(int argc, char **argv)
if (clr)
SSL_CTX_clear_options(ctx, clr);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.data)
diff --git a/apps/s_server.c b/apps/s_server.c
index 0cac749..70ee5c3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1541,12 +1541,6 @@ int MAIN(int argc, char *argv[])
if (hack)
SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
SSL_CTX_set_options(ctx, off);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);
if (state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1614,12 +1608,6 @@ int MAIN(int argc, char *argv[])
if (hack)
SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
SSL_CTX_set_options(ctx2, off);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx2, 1);
if (state)
SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
new file mode 100644
index 0000000..527164b
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead,
+SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
+- manage whether to read as many input bytes as possible
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_read_ahead(const SSL *s);
+ void SSL_set_read_ahead(SSL *s, int yes);
+
+ #define SSL_CTX_get_default_read_ahead(ctx)
+ #define SSL_CTX_set_default_read_ahead(ctx,m)
+ #define SSL_CTX_get_read_ahead(ctx)
+ #define SSL_CTX_set_read_ahead(ctx,m)
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as
+many input bytes as possible (for non-blocking reads) or not. For example if
+B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from
+the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes
+into its buffer (providing that the buffer is large enough) if reading ahead is
+on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
+reading ahead is off, or non zero otherwise.
+
+SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and
+SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead.
+
+SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
+ahead has been set or not.
+
+=head1 NOTES
+
+These functions have no impact when used with DTLS. The return values for
+SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS.
+
+=head1 RETURN VALUES
+
+SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
+and non zero otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
index 43f2874..9dd071b 100644
--- a/doc/ssl/SSL_pending.pod
+++ b/doc/ssl/SSL_pending.pod
@@ -29,8 +29,9 @@ The number of bytes pending is returned.
SSL_pending() takes into account only bytes from the TLS/SSL record
that is currently being processed (if any). If the B<SSL> object's
-I<read_ahead> flag is set, additional protocol bytes may have been
-read containing more TLS/SSL records; these are ignored by
+I<read_ahead> flag is set (see
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>), additional protocol
+bytes may have been read containing more TLS/SSL records; these are ignored by
SSL_pending().
Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
@@ -38,6 +39,7 @@ of pending data is application data.
=head1 SEE ALSO
-L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+L<SSL_read(3)|SSL_read(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, L<ssl(3)|ssl(3)>
=cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 6d3ee24..660489a 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -229,6 +229,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
+
=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
@@ -237,6 +239,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
+=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
+
=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
@@ -325,6 +329,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
+
=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
@@ -703,6 +709,7 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 5644dd8..d422abf 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -217,7 +217,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
return -1;
}
- if (!s->read_ahead)
+ /* We always act like read_ahead is set for DTLS */
+ if (!s->read_ahead && !SSL_IS_DTLS(s))
/* ignore max parameter */
max = n;
else {
More information about the openssl-commits
mailing list