diff options
| author | Matt Caswell <matt@openssl.org> | 2015-09-22 11:12:50 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-03-07 21:39:27 +0000 |
| commit | d102d9df8625cb6f75c537b7f2a696bb5f305ff2 (patch) | |
| tree | 905ded5ae4a3c44de312bf87f5d7b91b949b0eb5 /ssl/ssl_locl.h | |
| parent | 98ee75439d7e844de6c063a4be5bd09b3cc9db53 (diff) | |
Implement write pipeline support in libssl
Use the new pipeline cipher capability to encrypt multiple records being
written out all in one go. Two new SSL/SSL_CTX parameters can be used to
control how this works: max_pipelines and split_send_fragment.
max_pipelines defines the maximum number of pipelines that can ever be used
in one go for a single connection. It must always be less than or equal to
SSL_MAX_PIPELINES (currently defined to be 32). By default only one
pipeline will be used (i.e. normal non-parallel operation).
split_send_fragment defines how data is split up into pipelines. The number
of pipelines used will be determined by the amount of data provided to the
SSL_write call divided by split_send_fragment. For example if
split_send_fragment is set to 2000 and max_pipelines is 4 then:
SSL_write called with 0-2000 bytes == 1 pipeline used
SSL_write called with 2001-4000 bytes == 2 pipelines used
SSL_write called with 4001-6000 bytes == 3 pipelines used
SSL_write_called with 6001+ bytes == 4 pipelines used
split_send_fragment must always be less than or equal to max_send_fragment.
By default it is set to be equal to max_send_fragment. This will mean that
the same number of records will always be created as would have been
created in the non-parallel case, although the data will be apportioned
differently. In the parallel case data will be spread equally between the
pipelines.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/ssl_locl.h')
| -rw-r--r-- | ssl/ssl_locl.h | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6c7f47d711..aa3e0a307e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -830,11 +830,19 @@ struct ssl_ctx_st { # endif /* + * If we're using more than one pipeline how should we divide the data + * up between the pipes? + */ + unsigned int split_send_fragment; + /* * Maximum amount of data to send in one fragment. actual record size can * be more than this due to padding and MAC overheads. */ unsigned int max_send_fragment; + /* Up to how many pipelines should we use? If 0 then 1 is assumed */ + unsigned int max_pipelines; + # ifndef OPENSSL_NO_ENGINE /* * Engine to pass requests for client certs to @@ -1085,8 +1093,21 @@ struct ssl_st { int first_packet; /* what was passed, used for SSLv3/TLS rollback check */ int client_version; + + /* + * If we're using more than one pipeline how should we divide the data + * up between the pipes? + */ + unsigned int split_send_fragment; + /* + * Maximum amount of data to send in one fragment. actual record size can + * be more than this due to padding and MAC overheads. + */ unsigned int max_send_fragment; + /* Up to how many pipelines should we use? If 0 then 1 is assumed */ + unsigned int max_pipelines; + /* TLS extension debug callback */ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg); @@ -1635,8 +1656,8 @@ struct tls_sigalgs_st { * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, int); - int (*mac) (SSL *, unsigned char *, int); + int (*enc) (SSL *, SSL3_RECORD *, unsigned int, int); + int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); int (*setup_key_block) (SSL *); int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, int); |