[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Jan 27 14:40:09 UTC 2015
The branch master has been updated
via 8507474564f3f743f5daa3468ca97a9b707b3583 (commit)
via f4002412518703d07fee321d4c88ee0bbe1694fe (commit)
via 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa (commit)
from 2a4af9478d0be41ea8c782c3c7adda00f7e20fbb (commit)
- Log -----------------------------------------------------------------
commit 8507474564f3f743f5daa3468ca97a9b707b3583
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 26 23:28:31 2015 +0000
Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit f4002412518703d07fee321d4c88ee0bbe1694fe
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 26 16:46:49 2015 +0000
Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 26 16:47:36 2015 +0000
Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.
RT#3657
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 6 -----
apps/s_server.c | 12 ---------
doc/ssl/SSL_CTX_set_read_ahead.pod | 51 ++++++++++++++++++++++++++++++++++++
doc/ssl/SSL_pending.pod | 8 +++---
doc/ssl/ssl.pod | 7 +++++
ssl/s3_pkt.c | 3 ++-
6 files changed, 65 insertions(+), 22 deletions(-)
create mode 100644 doc/ssl/SSL_CTX_set_read_ahead.pod
diff --git a/apps/s_client.c b/apps/s_client.c
index e30857f..0c4e6bd 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1299,12 +1299,6 @@ int MAIN(int argc, char **argv)
#endif
if (exc)
ssl_ctx_set_excert(ctx, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);
#if !defined(OPENSSL_NO_TLSEXT)
# if !defined(OPENSSL_NO_NEXTPROTONEG)
diff --git a/apps/s_server.c b/apps/s_server.c
index 4dae4d5..e07df85 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1722,12 +1722,6 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);
if (state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1806,12 +1800,6 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx2, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx2, 1);
if (state)
SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
new file mode 100644
index 0000000..527164b
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead,
+SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
+- manage whether to read as many input bytes as possible
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_read_ahead(const SSL *s);
+ void SSL_set_read_ahead(SSL *s, int yes);
+
+ #define SSL_CTX_get_default_read_ahead(ctx)
+ #define SSL_CTX_set_default_read_ahead(ctx,m)
+ #define SSL_CTX_get_read_ahead(ctx)
+ #define SSL_CTX_set_read_ahead(ctx,m)
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as
+many input bytes as possible (for non-blocking reads) or not. For example if
+B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from
+the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes
+into its buffer (providing that the buffer is large enough) if reading ahead is
+on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
+reading ahead is off, or non zero otherwise.
+
+SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and
+SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead.
+
+SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
+ahead has been set or not.
+
+=head1 NOTES
+
+These functions have no impact when used with DTLS. The return values for
+SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS.
+
+=head1 RETURN VALUES
+
+SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
+and non zero otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
index 43f2874..9dd071b 100644
--- a/doc/ssl/SSL_pending.pod
+++ b/doc/ssl/SSL_pending.pod
@@ -29,8 +29,9 @@ The number of bytes pending is returned.
SSL_pending() takes into account only bytes from the TLS/SSL record
that is currently being processed (if any). If the B<SSL> object's
-I<read_ahead> flag is set, additional protocol bytes may have been
-read containing more TLS/SSL records; these are ignored by
+I<read_ahead> flag is set (see
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>), additional protocol
+bytes may have been read containing more TLS/SSL records; these are ignored by
SSL_pending().
Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
@@ -38,6 +39,7 @@ of pending data is application data.
=head1 SEE ALSO
-L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+L<SSL_read(3)|SSL_read(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, L<ssl(3)|ssl(3)>
=cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index ceb9766..3634fa9 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -217,6 +217,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
+
=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
@@ -225,6 +227,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
+=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
+
=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
@@ -313,6 +317,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
+
=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
@@ -695,6 +701,7 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 85af629..07adf0f 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -231,7 +231,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
return -1;
}
- if (!s->read_ahead)
+ /* We always act like read_ahead is set for DTLS */
+ if (!s->read_ahead && !SSL_IS_DTLS(s))
/* ignore max parameter */
max = n;
else {
More information about the openssl-commits
mailing list