diff options
| author | Matt Caswell <matt@openssl.org> | 2015-09-22 11:12:50 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-03-07 21:39:27 +0000 |
| commit | d102d9df8625cb6f75c537b7f2a696bb5f305ff2 (patch) | |
| tree | 905ded5ae4a3c44de312bf87f5d7b91b949b0eb5 /include | |
| parent | 98ee75439d7e844de6c063a4be5bd09b3cc9db53 (diff) | |
Implement write pipeline support in libssl
Use the new pipeline cipher capability to encrypt multiple records being
written out all in one go. Two new SSL/SSL_CTX parameters can be used to
control how this works: max_pipelines and split_send_fragment.
max_pipelines defines the maximum number of pipelines that can ever be used
in one go for a single connection. It must always be less than or equal to
SSL_MAX_PIPELINES (currently defined to be 32). By default only one
pipeline will be used (i.e. normal non-parallel operation).
split_send_fragment defines how data is split up into pipelines. The number
of pipelines used will be determined by the amount of data provided to the
SSL_write call divided by split_send_fragment. For example if
split_send_fragment is set to 2000 and max_pipelines is 4 then:
SSL_write called with 0-2000 bytes == 1 pipeline used
SSL_write called with 2001-4000 bytes == 2 pipelines used
SSL_write called with 4001-6000 bytes == 3 pipelines used
SSL_write_called with 6001+ bytes == 4 pipelines used
split_send_fragment must always be less than or equal to max_send_fragment.
By default it is set to be equal to max_send_fragment. This will mean that
the same number of records will always be created as would have been
created in the non-parallel case, although the data will be apportioned
differently. In the parallel case data will be spread equally between the
pipelines.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/ssl.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e827214209..43d59a623b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -181,6 +181,9 @@ extern "C" { # define SSL_MAX_KEY_ARG_LENGTH 8 # define SSL_MAX_MASTER_KEY_LENGTH 48 +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + /* text strings for the ciphers */ /* These are used to specify which ciphers to use and not to use */ @@ -1233,6 +1236,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_EXTMS_SUPPORT 122 # define SSL_CTRL_SET_MIN_PROTO_VERSION 123 # define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1794,6 +1799,14 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) # define SSL_set_max_send_fragment(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) /* NB: the keylength is only applicable when is_export is true */ # ifndef OPENSSL_NO_DH @@ -2193,6 +2206,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 # define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 +# define SSL_F_TLS1_ENC 401 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 # define SSL_F_TLS1_GET_CURVELIST 338 # define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 @@ -2412,6 +2426,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 # define SSL_R_PEM_NAME_BAD_PREFIX 391 # define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 # define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 |