[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Matt Caswell matt at openssl.org
Tue Jan 27 14:39:49 UTC 2015


The branch OpenSSL_1_0_1-stable has been updated
       via  53e652ae447fd4eafb7763ca6e1d1254609af206 (commit)
       via  131d3fdfe2deae6c7ff180c561c088e3e11dd659 (commit)
       via  1895583835239bc44c3f6584e48f0279ad884f3b (commit)
      from  5226c62b7632dfaf38480919d406307318a7d145 (commit)


- Log -----------------------------------------------------------------
commit 53e652ae447fd4eafb7763ca6e1d1254609af206
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 26 23:28:31 2015 +0000

    Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
    functions.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583)

commit 131d3fdfe2deae6c7ff180c561c088e3e11dd659
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 26 16:46:49 2015 +0000

    Remove explicit setting of read_ahead for DTLS. It never makes sense not to
    use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
    to be the default.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe)
    
    Conflicts:
    	apps/s_client.c
    	apps/s_server.c

commit 1895583835239bc44c3f6584e48f0279ad884f3b
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 26 16:47:36 2015 +0000

    Make DTLS always act as if read_ahead is set. The actual value of read_ahead
    is ignored for DTLS.
    
    RT#3657
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c                    |    6 -----
 apps/s_server.c                    |   12 ---------
 doc/ssl/SSL_CTX_set_read_ahead.pod |   51 ++++++++++++++++++++++++++++++++++++
 doc/ssl/SSL_pending.pod            |    8 +++---
 doc/ssl/ssl.pod                    |    7 +++++
 ssl/s3_pkt.c                       |    3 ++-
 6 files changed, 65 insertions(+), 22 deletions(-)
 create mode 100644 doc/ssl/SSL_CTX_set_read_ahead.pod

diff --git a/apps/s_client.c b/apps/s_client.c
index 0bbc065..758fb25 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1149,12 +1149,6 @@ int MAIN(int argc, char **argv)
 
     if (clr)
         SSL_CTX_clear_options(ctx, clr);
-    /*
-     * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
-     * read ahead solves this problem.
-     */
-    if (socket_type == SOCK_DGRAM)
-        SSL_CTX_set_read_ahead(ctx, 1);
 
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
     if (next_proto.data)
diff --git a/apps/s_server.c b/apps/s_server.c
index 0cac749..70ee5c3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1541,12 +1541,6 @@ int MAIN(int argc, char *argv[])
     if (hack)
         SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
     SSL_CTX_set_options(ctx, off);
-    /*
-     * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
-     * read ahead solves this problem.
-     */
-    if (socket_type == SOCK_DGRAM)
-        SSL_CTX_set_read_ahead(ctx, 1);
 
     if (state)
         SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1614,12 +1608,6 @@ int MAIN(int argc, char *argv[])
         if (hack)
             SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
         SSL_CTX_set_options(ctx2, off);
-        /*
-         * DTLS: partial reads end up discarding unread UDP bytes :-(
-         * Setting read ahead solves this problem.
-         */
-        if (socket_type == SOCK_DGRAM)
-            SSL_CTX_set_read_ahead(ctx2, 1);
 
         if (state)
             SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
new file mode 100644
index 0000000..527164b
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead,
+SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
+- manage whether to read as many input bytes as possible
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_read_ahead(const SSL *s);
+ void SSL_set_read_ahead(SSL *s, int yes);
+
+ #define SSL_CTX_get_default_read_ahead(ctx)
+ #define SSL_CTX_set_default_read_ahead(ctx,m)
+ #define SSL_CTX_get_read_ahead(ctx)
+ #define SSL_CTX_set_read_ahead(ctx,m)
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as
+many input bytes as possible (for non-blocking reads) or not. For example if
+B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from
+the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes
+into its buffer (providing that the buffer is large enough) if reading ahead is
+on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
+reading ahead is off, or non zero otherwise.
+
+SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and
+SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead.
+
+SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
+ahead has been set or not.
+
+=head1 NOTES
+
+These functions have no impact when used with DTLS. The return values for
+SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS.
+
+=head1 RETURN VALUES
+
+SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
+and non zero otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
index 43f2874..9dd071b 100644
--- a/doc/ssl/SSL_pending.pod
+++ b/doc/ssl/SSL_pending.pod
@@ -29,8 +29,9 @@ The number of bytes pending is returned.
 
 SSL_pending() takes into account only bytes from the TLS/SSL record
 that is currently being processed (if any).  If the B<SSL> object's
-I<read_ahead> flag is set, additional protocol bytes may have been
-read containing more TLS/SSL records; these are ignored by
+I<read_ahead> flag is set (see
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>), additional protocol
+bytes may have been read containing more TLS/SSL records; these are ignored by
 SSL_pending().
 
 Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
@@ -38,6 +39,7 @@ of pending data is application data.
 
 =head1 SEE ALSO
 
-L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+L<SSL_read(3)|SSL_read(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, L<ssl(3)|ssl(3)>
 
 =cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 6d3ee24..660489a 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -229,6 +229,8 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
 
+=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
+
 =item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
 
 =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
@@ -237,6 +239,8 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
 
+=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
+
 =item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
 
 =item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
@@ -325,6 +329,8 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
 
+=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
+
 =item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
 
 =item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
@@ -703,6 +709,7 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
 L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
 L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
 L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>,
 L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
 L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 5644dd8..d422abf 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -217,7 +217,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
         return -1;
     }
 
-    if (!s->read_ahead)
+    /* We always act like read_ahead is set for DTLS */
+    if (!s->read_ahead && !SSL_IS_DTLS(s))
         /* ignore max parameter */
         max = n;
     else {


More information about the openssl-commits mailing list