From d102d9df8625cb6f75c537b7f2a696bb5f305ff2 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 22 Sep 2015 11:12:50 +0100
Subject: Implement write pipeline support in libssl

Use the new pipeline cipher capability to encrypt multiple records being
written out all in one go. Two new SSL/SSL_CTX parameters can be used to
control how this works: max_pipelines and split_send_fragment.

max_pipelines defines the maximum number of pipelines that can ever be used
in one go for a single connection. It must always be less than or equal to
SSL_MAX_PIPELINES (currently defined to be 32). By default only one
pipeline will be used (i.e. normal non-parallel operation).

split_send_fragment defines how data is split up into pipelines. The number
of pipelines used will be determined by the amount of data provided to the
SSL_write call divided by split_send_fragment. For example if
split_send_fragment is set to 2000 and max_pipelines is 4 then:
SSL_write called with 0-2000 bytes == 1 pipeline used
SSL_write called with 2001-4000 bytes == 2 pipelines used
SSL_write called with 4001-6000 bytes == 3 pipelines used
SSL_write_called with 6001+ bytes == 4 pipelines used

split_send_fragment must always be less than or equal to max_send_fragment.
By default it is set to be equal to max_send_fragment. This will mean that
the same number of records will always be created as would have been
created in the non-parallel case, although the data will be apportioned
differently. In the parallel case data will be spread equally between the
pipelines.

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/ssl_err.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ssl/ssl_err.c')

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index c2d4bf3017..88f6c73cfe 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -290,6 +290,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
      "tls1_check_duplicate_extensions"},
     {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),
      "TLS1_CHECK_SERVERHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_TLS1_ENC), "tls1_enc"},
     {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),
      "tls1_export_keying_material"},
     {ERR_FUNC(SSL_F_TLS1_GET_CURVELIST), "tls1_get_curvelist"},
@@ -570,6 +571,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "peer did not return a certificate"},
     {ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX), "pem name bad prefix"},
     {ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
+    {ERR_REASON(SSL_R_PIPELINE_FAILURE), "pipeline failure"},
     {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
     {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
     {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
-- 
cgit v1.2.3