kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Document a few more miscellaneous things.

Browse Source 
Change-Id: Ib4829bf9344341e3d4fe90c7cea66e217366fe97
Reviewed-on: https://boringssl-review.googlesource.com/6091
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-10-03 10:44:30 -04:00 committed by Adam Langley
parent 9f4913f4a8
commit 9f85949baf
2 changed files with 67 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
include/openssl/ssl.h
View File

@ -272,6 +272,10 @@ OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num);
/* SSL_peek behaves like |SSL_read| but does not consume any bytes returned. */ /* SSL_peek behaves like |SSL_read| but does not consume any bytes returned. */
OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num);
/* SSL_pending returns the number of bytes available in |ssl|. It does not read
* from the transport. */
OPENSSL_EXPORT int SSL_pending(const SSL *ssl);
/* SSL_write writes up to |num| bytes from |buf| into |ssl|. It implicitly runs /* SSL_write writes up to |num| bytes from |buf| into |ssl|. It implicitly runs
* any pending handshakes, including renegotiations when enabled. On success, it * any pending handshakes, including renegotiations when enabled. On success, it
* returns the number of bytes read. Otherwise, it returns <= 0. The caller * returns the number of bytes read. Otherwise, it returns <= 0. The caller
@ -317,6 +321,24 @@ OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num);
* it? */ * it? */
OPENSSL_EXPORT int SSL_shutdown(SSL *ssl); OPENSSL_EXPORT int SSL_shutdown(SSL *ssl);
/* SSL_CTX_set_quiet_shutdown sets quiet shutdown on |ctx| to |mode|. If
* enabled, |SSL_shutdown| will not send a close_notify alert or wait for one
* from the peer. It will instead synchronously return one. */
OPENSSL_EXPORT void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
/* SSL_CTX_get_quiet_shutdown returns whether quiet shutdown is enabled for
* |ctx|. */
OPENSSL_EXPORT int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
/* SSL_set_quiet_shutdown sets quiet shutdown on |ssl| to |mode|. If enabled,
* |SSL_shutdown| will not send a close_notify alert or wait for one from the
* peer. It will instead synchronously return one. */
OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode);
/* SSL_get_quiet_shutdown returns whether quiet shutdown is enabled for
* |ssl|. */
OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl);
/* SSL_get_error returns a |SSL_ERROR_*| value for the most recent operation on /* SSL_get_error returns a |SSL_ERROR_*| value for the most recent operation on
* |ssl|. It should be called after an operation failed to determine. */ * |ssl|. It should be called after an operation failed to determine. */
OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code); OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
@ -2388,6 +2410,41 @@ enum ssl_renegotiate_mode_t {
OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl, OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl,
enum ssl_renegotiate_mode_t mode); enum ssl_renegotiate_mode_t mode);
/* SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer
* certificate chain. */
#define SSL_MAX_CERT_LIST_DEFAULT 1024 * 100
/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer
* certificate chain accepted by |ctx|. */
OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx);
/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer
* certificate chain to |max_cert_list|. This affects how much memory may be
* consumed during the handshake. */
OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx,
size_t max_cert_list);
/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer
* certificate chain accepted by |ssl|. */
OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer
* certificate chain to |max_cert_list|. This affects how much memory may be
* consumed during the handshake. */
OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
* sent by |ctx|. Beyond this length, handshake messages and application data
* will be split into multiple records. */
OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
size_t max_send_fragment);
/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
* sent by |ssl|. Beyond this length, handshake messages and application data
* will be split into multiple records. */
OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
size_t max_send_fragment);
/* Underdocumented functions. /* Underdocumented functions.
* *
@ -2467,8 +2524,6 @@ OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu);
struct ssl_aead_ctx_st; struct ssl_aead_ctx_st;
typedef struct ssl_aead_ctx_st SSL_AEAD_CTX; typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
#define SSL_MAX_CERT_LIST_DEFAULT 1024 * 100 /* 100k max cert list */
/* ssl_early_callback_ctx is passed to certain callbacks that are called very /* ssl_early_callback_ctx is passed to certain callbacks that are called very
* early on during the server handshake. At this point, much of the SSL* hasn't * early on during the server handshake. At this point, much of the SSL* hasn't
* been filled out and only the ClientHello can be depended on. */ * been filled out and only the ClientHello can be depended on. */
@ -2659,7 +2714,6 @@ OPENSSL_EXPORT int SSL_want(const SSL *s);
OPENSSL_EXPORT int SSL_get_fd(const SSL *s); OPENSSL_EXPORT int SSL_get_fd(const SSL *s);
OPENSSL_EXPORT int SSL_get_rfd(const SSL *s); OPENSSL_EXPORT int SSL_get_rfd(const SSL *s);
OPENSSL_EXPORT int SSL_get_wfd(const SSL *s); OPENSSL_EXPORT int SSL_get_wfd(const SSL *s);
OPENSSL_EXPORT int SSL_pending(const SSL *s);
OPENSSL_EXPORT int SSL_set_fd(SSL *s, int fd); OPENSSL_EXPORT int SSL_set_fd(SSL *s, int fd);
OPENSSL_EXPORT int SSL_set_rfd(SSL *s, int fd); OPENSSL_EXPORT int SSL_set_rfd(SSL *s, int fd);
OPENSSL_EXPORT int SSL_set_wfd(SSL *s, int fd); OPENSSL_EXPORT int SSL_set_wfd(SSL *s, int fd);
@ -2679,10 +2733,6 @@ OPENSSL_EXPORT const char *SSL_alert_type_string(int value);
OPENSSL_EXPORT const char *SSL_alert_desc_string_long(int value); OPENSSL_EXPORT const char *SSL_alert_desc_string_long(int value);
OPENSSL_EXPORT const char *SSL_alert_desc_string(int value); OPENSSL_EXPORT const char *SSL_alert_desc_string(int value);
OPENSSL_EXPORT void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
OPENSSL_EXPORT int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode);
OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl);
OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode); OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode);
OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl); OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl);
OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
@ -2694,37 +2744,6 @@ OPENSSL_EXPORT void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,
int type, int val); int type, int val);
OPENSSL_EXPORT int SSL_state(const SSL *ssl); OPENSSL_EXPORT int SSL_state(const SSL *ssl);
/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer
* certificate chain accepted by |ctx|. */
OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx);
/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer
* certificate chain to |max_cert_list|. This affects how much memory may be
* consumed during the handshake. */
OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx,
size_t max_cert_list);
/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer
* certificate chain accepted by |ssl|. */
OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer
* certificate chain to |max_cert_list|. This affects how much memory may be
* consumed during the handshake. */
OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
* sent by |ctx|. Beyond this length, handshake messages and application data
* will be split into multiple records. */
OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
size_t max_send_fragment);
/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
* sent by |ssl|. Beyond this length, handshake messages and application data
* will be split into multiple records. */
OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
size_t max_send_fragment);
/* SSL_CTX_set_dos_protection_cb sets a callback that is called once the /* SSL_CTX_set_dos_protection_cb sets a callback that is called once the
* resumption decision for a ClientHello has been made. It can return 1 to * resumption decision for a ClientHello has been made. It can return 1 to
* allow the handshake to continue or zero to cause the handshake to abort. */ * allow the handshake to continue or zero to cause the handshake to abort. */

18
ssl/ssl_lib.c
View File

@ -1238,9 +1238,11 @@ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
void SSL_set_read_ahead(SSL *s, int yes) { } void SSL_set_read_ahead(SSL *s, int yes) { }
int SSL_pending(const SSL *s) { int SSL_pending(const SSL *ssl) {
return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) {
: 0; return 0;
}
return ssl->s3->rrec.length;
} }
/* Fix this so it checks all the valid key/cert options */ /* Fix this so it checks all the valid key/cert options */
@ -2096,15 +2098,15 @@ int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) {
return ctx->quiet_shutdown; return ctx->quiet_shutdown;
} }
void SSL_set_quiet_shutdown(SSL *s, int mode) { s->quiet_shutdown = mode; } void SSL_set_quiet_shutdown(SSL *ssl, int mode) { ssl->quiet_shutdown = mode; }
int SSL_get_quiet_shutdown(const SSL *s) { return s->quiet_shutdown; } int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; }
void SSL_set_shutdown(SSL *s, int mode) { s->shutdown = mode; } void SSL_set_shutdown(SSL *ssl, int mode) { ssl->shutdown = mode; }
int SSL_get_shutdown(const SSL *s) { return s->shutdown; } int SSL_get_shutdown(const SSL *ssl) { return ssl->shutdown; }
int SSL_version(const SSL *s) { return s->version; } int SSL_version(const SSL *ssl) { return ssl->version; }
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; } SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }