diff options
author | Matt Caswell <matt@openssl.org> | 2015-09-22 11:12:50 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-03-07 21:39:27 +0000 |
commit | d102d9df8625cb6f75c537b7f2a696bb5f305ff2 (patch) | |
tree | 905ded5ae4a3c44de312bf87f5d7b91b949b0eb5 /ssl/ssl_lib.c | |
parent | 98ee75439d7e844de6c063a4be5bd09b3cc9db53 (diff) |
Implement write pipeline support in libssl
Use the new pipeline cipher capability to encrypt multiple records being
written out all in one go. Two new SSL/SSL_CTX parameters can be used to
control how this works: max_pipelines and split_send_fragment.
max_pipelines defines the maximum number of pipelines that can ever be used
in one go for a single connection. It must always be less than or equal to
SSL_MAX_PIPELINES (currently defined to be 32). By default only one
pipeline will be used (i.e. normal non-parallel operation).
split_send_fragment defines how data is split up into pipelines. The number
of pipelines used will be determined by the amount of data provided to the
SSL_write call divided by split_send_fragment. For example if
split_send_fragment is set to 2000 and max_pipelines is 4 then:
SSL_write called with 0-2000 bytes == 1 pipeline used
SSL_write called with 2001-4000 bytes == 2 pipelines used
SSL_write called with 4001-6000 bytes == 3 pipelines used
SSL_write_called with 6001+ bytes == 4 pipelines used
split_send_fragment must always be less than or equal to max_send_fragment.
By default it is set to be equal to max_send_fragment. This will mean that
the same number of records will always be created as would have been
created in the non-parallel case, although the data will be apportioned
differently. In the parallel case data will be spread equally between the
pipelines.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5dfb0fdbc7..f27f6ff34c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -170,8 +170,8 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { * evil casts, but these functions are only called if there's a library * bug */ - (int (*)(SSL *, int))ssl_undefined_function, - (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, + (int (*)(SSL *, SSL3_RECORD *, unsigned int, int))ssl_undefined_function, + (int (*)(SSL *, SSL3_RECORD *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, (int (*)(SSL *, unsigned char *, unsigned char *, int)) ssl_undefined_function, @@ -670,6 +670,8 @@ SSL *SSL_new(SSL_CTX *ctx) X509_VERIFY_PARAM_inherit(s->param, ctx->param); s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; + s->split_send_fragment = ctx->split_send_fragment; + s->max_pipelines = ctx->max_pipelines; CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->ctx = ctx; @@ -1680,7 +1682,18 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; s->max_send_fragment = larg; + if (s->max_send_fragment < s->split_send_fragment) + s->split_send_fragment = s->max_send_fragment; + return 1; + case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: + if (larg > s->max_send_fragment || larg == 0) + return 0; + s->split_send_fragment = larg; return 1; + case SSL_CTRL_SET_MAX_PIPELINES: + if (larg < 1 || larg > SSL_MAX_PIPELINES) + return 0; + s->max_pipelines = larg; case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) return s->s3->send_connection_binding; @@ -1820,7 +1833,18 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; ctx->max_send_fragment = larg; + if (ctx->max_send_fragment < ctx->split_send_fragment) + ctx->split_send_fragment = ctx->split_send_fragment; return 1; + case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: + if (larg > ctx->max_send_fragment || larg == 0) + return 0; + ctx->split_send_fragment = larg; + return 1; + case SSL_CTRL_SET_MAX_PIPELINES: + if (larg < 1 || larg > SSL_MAX_PIPELINES) + return 0; + ctx->max_pipelines = larg; case SSL_CTRL_CERT_FLAGS: return (ctx->cert->cert_flags |= larg); case SSL_CTRL_CLEAR_CERT_FLAGS: @@ -2370,6 +2394,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->comp_methods = SSL_COMP_get_compression_methods(); ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; + ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; /* Setup RFC4507 ticket keys */ if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0) |