Add an ability to set the SSL read buffer size

This capability is required for read pipelining. We will only read in as
many records as will fit in the read buffer (and the network can provide
in one go). The bigger the buffer the more records we can process in
parallel.

Reviewed-by: Tim Hudson <tjh@openssl.org>

6 files changed, 24 insertions, 7 deletions

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 91b8205ee9..83f5cf56db 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -241,6 +241,16 @@ int ssl3_pending(const SSL *s)
     return num;
 }
 
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+    ctx->default_read_buf_len = len;
+}
+
+void SSL_set_default_read_buffer_len(SSL *s, size_t len)
+{
+    SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
+}
+
 const char *SSL_rstate_string_long(const SSL *s)
 {
     const char *str;
diff --git a/ssl/record/record.h b/ssl/record/record.h
index 000fc85621..a1febc5551 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -118,6 +118,8 @@
 typedef struct ssl3_buffer_st {
     /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
     unsigned char *buf;
+    /* default buffer size (or 0 if no default set) */
+    size_t default_len;
     /* buffer size */
     size_t len;
     /* where to 'copy from' */
diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h
index e5d2784f26..f1f5bbcbcc 100644
--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -162,6 +162,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
 #define SSL3_BUFFER_set_offset(b, o)        ((b)->offset = (o))
 #define SSL3_BUFFER_add_offset(b, o)        ((b)->offset += (o))
 #define SSL3_BUFFER_is_initialised(b)       ((b)->buf != NULL)
+#define SSL3_BUFFER_set_default_len(b, l)   ((b)->default_len = (l))
 
 void SSL3_BUFFER_clear(SSL3_BUFFER *b);
 void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n);
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 576533c31e..53ae0f490d 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -120,16 +120,13 @@ void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n)
 }
 
 /*
- * Clear the contents of an SSL3_BUFFER but retain any memory allocated
+ * Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
+ * retains the default_len setting
  */
 void SSL3_BUFFER_clear(SSL3_BUFFER *b)
 {
-    unsigned char *buf = b->buf;
-    size_t len = b->len;
-
-    memset(b, 0, sizeof(*b));
-    b->buf = buf;
-    b->len = len;
+    b->offset = 0;
+    b->left = 0;
 }
 
 void SSL3_BUFFER_release(SSL3_BUFFER *b)
@@ -162,6 +159,8 @@ int ssl3_setup_read_buffer(SSL *s)
         if (ssl_allow_compression(s))
             len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 #endif
+        if (b->default_len > len)
+            len = b->default_len;
         if ((p = OPENSSL_malloc(len)) == NULL)
             goto err;
         b->buf = p;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 92734ea937..4df8339979 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -674,6 +674,8 @@ SSL *SSL_new(SSL_CTX *ctx)
     s->max_pipelines = ctx->max_pipelines;
     if (s->max_pipelines > 1)
         RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+    if (ctx->default_read_buf_len > 0)
+        SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
 
     CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
     s->ctx = ctx;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index aa3e0a307e..064c22c25a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -843,6 +843,9 @@ struct ssl_ctx_st {
     /* Up to how many pipelines should we use? If 0 then 1 is assumed */
     unsigned int max_pipelines;
 
+    /* The default read buffer length to use (0 means not set) */
+    size_t default_read_buf_len;
+
 #  ifndef OPENSSL_NO_ENGINE
     /*
      * Engine to pass requests for client certs to