diff options
| author | Vadim Fedorenko <vadimjunk@gmail.com> | 2020-05-04 13:46:04 +0300 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-06-08 11:13:53 +0100 |
| commit | a6d36303e91b79379da2e2ffaa608dba704d3eb8 (patch) | |
| tree | cbab959207878788434706cb10526f32d59ca0ce /doc | |
| parent | da4db1602d8f7f031f12ddc04de84129138c419c (diff) | |
TLSv1.3: additional checks in SSL_set_record_padding_callback
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/SSL_CTX_set_record_padding_callback.pod | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/doc/man3/SSL_CTX_set_record_padding_callback.pod b/doc/man3/SSL_CTX_set_record_padding_callback.pod index 3df66218fe..445953ef07 100644 --- a/doc/man3/SSL_CTX_set_record_padding_callback.pod +++ b/doc/man3/SSL_CTX_set_record_padding_callback.pod @@ -16,7 +16,7 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding #include <openssl/ssl.h> void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); - void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); + int SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); @@ -32,6 +32,8 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback() can be used to assign a callback function I<cb> to specify the padding for TLS 1.3 records. The value set in B<ctx> is copied to a new SSL by SSL_new(). +Kernel TLS is not possible if the record padding callback is set, and the callback +function cannot be set if Kernel TLS is already configured for the current SSL object. SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg() assign a value B<arg> that is passed to the callback when it is invoked. The value @@ -64,6 +66,9 @@ indicates no padding will be added. A return value that causes the record to exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the maximum record size. +The SSL_CTX_get_record_padding_callback_arg() function returns 1 on success or 0 if +the callback function is not set because Kernel TLS is configured for the SSL object. + =head1 NOTES The default behavior is to add no padding to the record. @@ -84,6 +89,9 @@ L<ssl(7)>, L<SSL_new(3)> The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1. +The return type of SSL_CTX_set_record_padding_callback() function was +changed to int in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. |