merge documentation for SSL_read_ex(3), SSL_peek_ex(3), and SSL_write_ex(3)

from the OpenSSL 1.1.1 branch, which is still under a free license
author: schwarze <> 2021-10-24 15:10:13 +0000
committer: schwarze <> 2021-10-24 15:10:13 +0000
commit: 86484520bb9fdf67e7e47b29f0fed6ff22b63378 (patch)
tree: ab6e4a6859e452d35eeb3e6b83e50360a070a7e0 /src/lib/libssl/man/SSL_write.3
parent: 05ad4b612f5c1f984f5d2f34e62751408dfaea72 (diff)
download: openbsd-86484520bb9fdf67e7e47b29f0fed6ff22b63378.tar.gz
openbsd-86484520bb9fdf67e7e47b29f0fed6ff22b63378.tar.bz2
openbsd-86484520bb9fdf67e7e47b29f0fed6ff22b63378.zip
1 files changed, 75 insertions, 50 deletions
diff --git a/src/lib/libssl/man/SSL_write.3 b/src/lib/libssl/man/SSL_write.3
index 16be55f259..2c6fbcef08 100644
--- a/src/lib/libssl/man/SSL_write.3
+++ b/src/lib/libssl/man/SSL_write.3
@@ -1,8 +1,11 @@
-.\"     $OpenBSD: SSL_write.3,v 1.6 2020/10/08 16:02:38 tb Exp $
+.\" $OpenBSD: SSL_write.3,v 1.7 2021/10/24 15:10:13 schwarze Exp $
-.\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
+.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
-.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project.  All rights reserved.
+.\" and Matt Caswell <matt@openssl.org>.
+.\" Copyright (c) 2000, 2001, 2002, 2016 The OpenSSL Project.
+.\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -48,59 +51,67 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 8 2020 $
+.Dd $Mdocdate: October 24 2021 $
 .Dt SSL_WRITE 3
 .Os
 .Sh NAME
+.Nm SSL_write_ex ,
 .Nm SSL_write
-.Nd write bytes to a TLS/SSL connection
+.Nd write bytes to a TLS connection
 .Sh SYNOPSIS
 .In openssl/ssl.h
 .Ft int
+.Fn SSL_write_ex "SSL *ssl" "const void *buf" "size_t num" "size_t *written"
+.Ft int
 .Fn SSL_write "SSL *ssl" "const void *buf" "int num"
 .Sh DESCRIPTION
+.Fn SSL_write_ex
+and
 .Fn SSL_write
-writes
+write
 .Fa num
 bytes from the buffer
 .Fa buf
 into the specified
 .Fa ssl
 connection.
+On success
+.Fn SSL_write_ex
+stores the number of bytes written in
+.Pf * Fa written .
 .Pp
-If necessary,
+In the following,
+.Fn SSL_write_ex
+and
 .Fn SSL_write
-will negotiate a TLS/SSL session, if not already explicitly performed by
+are called
+.Dq write functions .
+.Pp
+If necessary, a write function negotiates a TLS session,
+if not already explicitly performed by
 .Xr SSL_connect 3
 or
 .Xr SSL_accept 3 .
 If the peer requests a re-negotiation,
 it will be performed transparently during the
-.Fn SSL_write
+write function operation.
-operation.
+The behaviour of the write functions depends on the underlying
-The behaviour of
-.Fn SSL_write
-depends on the underlying
 .Vt BIO .
 .Pp
 For the transparent negotiation to succeed, the
 .Fa ssl
 must have been initialized to client or server mode.
-This is being done by calling
+This is done by calling
 .Xr SSL_set_connect_state 3
 or
 .Xr SSL_set_accept_state 3
-before the first call to an
+before the first call to a write function.
-.Xr SSL_read 3
-or
-.Fn SSL_write
-function.
 .Pp
 If the underlying
 .Vt BIO
 is
 .Em blocking ,
-.Fn SSL_write
+the write function
 will only return once the write operation has been finished or an error
 occurred, except when a renegotiation takes place, in which case a
 .Dv SSL_ERROR_WANT_READ
@@ -115,26 +126,19 @@ If the underlying
 .Vt BIO
 is
 .Em non-blocking ,
-.Fn SSL_write
+the write function will also return when the underlying
-will also return when the underlying
 .Vt BIO
-could not satisfy the needs of
+could not satisfy the needs of the function to continue the operation.
-.Fn SSL_write
-to continue the operation.
 In this case a call to
 .Xr SSL_get_error 3
-with the return value of
+with the return value of the write function will yield
-.Fn SSL_write
-will yield
 .Dv SSL_ERROR_WANT_READ
 or
 .Dv SSL_ERROR_WANT_WRITE .
 As at any time a re-negotiation is possible, a call to
-.Fn SSL_write
+a write function can also cause read operations.
-can also cause read operations!
 The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of
+to satisfy the needs of the write function.
-.Fn SSL_write .
 The action depends on the underlying
 .Vt BIO .
 When using a non-blocking socket, nothing is to be done, but
@@ -147,7 +151,7 @@ like a
 pair, data must be written into or retrieved out of the BIO before being able
 to continue.
 .Pp
-.Fn SSL_write
+The write functions
 will only return with success when the complete contents of
 .Fa buf
 of length
@@ -157,23 +161,15 @@ This default behaviour can be changed with the
 .Dv SSL_MODE_ENABLE_PARTIAL_WRITE
 option of
 .Xr SSL_CTX_set_mode 3 .
-When this flag is set,
+When this flag is set, the write functions will also return with
-.Fn SSL_write
+success when a partial write has been successfully completed.
-will also return with success when a partial write has been successfully
+In this case the write function operation is considered completed.
-completed.
+The bytes are sent and a new write call with a new buffer (with the
-In this case the
+already sent bytes removed) must be started.
-.Fn SSL_write
-operation is considered completed.
-The bytes are sent and a new
-.Fn SSL_write
-operation with a new buffer (with the already sent bytes removed) must be
-started.
 A partial write is performed with the size of a message block,
 which is 16kB.
 .Pp
-When an
+When a write function call has to be repeated because
-.Fn SSL_write
-operation has to be repeated because
 .Xr SSL_get_error 3
 returned
 .Dv SSL_ERROR_WANT_READ
@@ -186,12 +182,37 @@ When calling
 with
 .Fa num Ns =0
 bytes to be sent, the behaviour is undefined.
+.Fn SSL_write_ex
+can be called with
+.Fa num Ns =0 ,
+but will not send application data to the peer.
 .Sh RETURN VALUES
-The following return values can occur:
+.Fn SSL_write_ex
+returns 1 for success or 0 for failure.
+Success means that all requested application data bytes have been
+written to the TLS connection or, if
+.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
+is in use, at least one application data byte has been written
+to the TLS connection.
+Failure means that not all the requested bytes have been written yet (if
+.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
+is not in use) or no bytes could be written to the TLS connection (if
+.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
+is in use).
+Failures can be retryable (e.g. the network write buffer has temporarily
+filled up) or non-retryable (e.g. a fatal network error).
+In the event of a failure, call
+.Xr SSL_get_error 3
+to find out the reason
+which indicates whether the call is retryable or not.
+.Pp
+For
+.Fn SSL_write ,
+the following return values can occur:
 .Bl -tag -width Ds
 .It >0
 The write operation was successful.
-The return value is the number of bytes actually written to the TLS/SSL
+The return value is the number of bytes actually written to the TLS
 connection.
 .It 0
 The write operation was not successful.
@@ -222,3 +243,7 @@ with the return value to find out the reason.
 .Fn SSL_write
 appeared in SSLeay 0.4 or earlier and has been available since
 .Ox 2.4 .
+.Pp
+.Fn SSL_write_ex
+first appeared in OpenSSL 1.1.1 and has been available since
+.Ox 7.1 .
author	schwarze <>	2021-10-24 15:10:13 +0000
committer	schwarze <>	2021-10-24 15:10:13 +0000
commit	86484520bb9fdf67e7e47b29f0fed6ff22b63378 (patch)
tree	ab6e4a6859e452d35eeb3e6b83e50360a070a7e0 /src/lib/libssl/man/SSL_write.3
parent	05ad4b612f5c1f984f5d2f34e62751408dfaea72 (diff)
download	openbsd-86484520bb9fdf67e7e47b29f0fed6ff22b63378.tar.gz openbsd-86484520bb9fdf67e7e47b29f0fed6ff22b63378.tar.bz2 openbsd-86484520bb9fdf67e7e47b29f0fed6ff22b63378.zip

diff --git a/src/lib/libssl/man/SSL_write.3 b/src/lib/libssl/man/SSL_write.3 index 16be55f259..2c6fbcef08 100644 --- a/src/lib/libssl/man/SSL_write.3 +++ b/src/lib/libssl/man/SSL_write.3
@@ -1,8 +1,11 @@
1	.\" $OpenBSD: SSL_write.3,v 1.6 2020/10/08 16:02:38 tb Exp $	1	.\" $OpenBSD: SSL_write.3,v 1.7 2021/10/24 15:10:13 schwarze Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
		3	.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
3	.\"	4	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.	5	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
5	.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project. All rights reserved.	6	.\" and Matt Caswell <matt@openssl.org>.
		7	.\" Copyright (c) 2000, 2001, 2002, 2016 The OpenSSL Project.
		8	.\" All rights reserved.
6	.\"	9	.\"
7	.\" Redistribution and use in source and binary forms, with or without	10	.\" Redistribution and use in source and binary forms, with or without
8	.\" modification, are permitted provided that the following conditions	11	.\" modification, are permitted provided that the following conditions
@@ -48,59 +51,67 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	53	.\"
51	.Dd $Mdocdate: October 8 2020 $	54	.Dd $Mdocdate: October 24 2021 $
52	.Dt SSL_WRITE 3	55	.Dt SSL_WRITE 3
53	.Os	56	.Os
54	.Sh NAME	57	.Sh NAME
		58	.Nm SSL_write_ex ,
55	.Nm SSL_write	59	.Nm SSL_write
56	.Nd write bytes to a TLS/SSL connection	60	.Nd write bytes to a TLS connection
57	.Sh SYNOPSIS	61	.Sh SYNOPSIS
58	.In openssl/ssl.h	62	.In openssl/ssl.h
59	.Ft int	63	.Ft int
		64	.Fn SSL_write_ex "SSL ssl" "const void buf" "size_t num" "size_t *written"
		65	.Ft int
60	.Fn SSL_write "SSL ssl" "const void buf" "int num"	66	.Fn SSL_write "SSL ssl" "const void buf" "int num"
61	.Sh DESCRIPTION	67	.Sh DESCRIPTION
		68	.Fn SSL_write_ex
		69	and
62	.Fn SSL_write	70	.Fn SSL_write
63	writes	71	write
64	.Fa num	72	.Fa num
65	bytes from the buffer	73	bytes from the buffer
66	.Fa buf	74	.Fa buf
67	into the specified	75	into the specified
68	.Fa ssl	76	.Fa ssl
69	connection.	77	connection.
		78	On success
		79	.Fn SSL_write_ex
		80	stores the number of bytes written in
		81	.Pf * Fa written .
70	.Pp	82	.Pp
71	If necessary,	83	In the following,
		84	.Fn SSL_write_ex
		85	and
72	.Fn SSL_write	86	.Fn SSL_write
73	will negotiate a TLS/SSL session, if not already explicitly performed by	87	are called
		88	.Dq write functions .
		89	.Pp
		90	If necessary, a write function negotiates a TLS session,
		91	if not already explicitly performed by
74	.Xr SSL_connect 3	92	.Xr SSL_connect 3
75	or	93	or
76	.Xr SSL_accept 3 .	94	.Xr SSL_accept 3 .
77	If the peer requests a re-negotiation,	95	If the peer requests a re-negotiation,
78	it will be performed transparently during the	96	it will be performed transparently during the
79	.Fn SSL_write	97	write function operation.
80	operation.	98	The behaviour of the write functions depends on the underlying
81	The behaviour of
82	.Fn SSL_write
83	depends on the underlying
84	.Vt BIO .	99	.Vt BIO .
85	.Pp	100	.Pp
86	For the transparent negotiation to succeed, the	101	For the transparent negotiation to succeed, the
87	.Fa ssl	102	.Fa ssl
88	must have been initialized to client or server mode.	103	must have been initialized to client or server mode.
89	This is being done by calling	104	This is done by calling
90	.Xr SSL_set_connect_state 3	105	.Xr SSL_set_connect_state 3
91	or	106	or
92	.Xr SSL_set_accept_state 3	107	.Xr SSL_set_accept_state 3
93	before the first call to an	108	before the first call to a write function.
94	.Xr SSL_read 3
95	or
96	.Fn SSL_write
97	function.
98	.Pp	109	.Pp
99	If the underlying	110	If the underlying
100	.Vt BIO	111	.Vt BIO
101	is	112	is
102	.Em blocking ,	113	.Em blocking ,
103	.Fn SSL_write	114	the write function
104	will only return once the write operation has been finished or an error	115	will only return once the write operation has been finished or an error
105	occurred, except when a renegotiation takes place, in which case a	116	occurred, except when a renegotiation takes place, in which case a
106	.Dv SSL_ERROR_WANT_READ	117	.Dv SSL_ERROR_WANT_READ
@@ -115,26 +126,19 @@ If the underlying
115	.Vt BIO	126	.Vt BIO
116	is	127	is
117	.Em non-blocking ,	128	.Em non-blocking ,
118	.Fn SSL_write	129	the write function will also return when the underlying
119	will also return when the underlying
120	.Vt BIO	130	.Vt BIO
121	could not satisfy the needs of	131	could not satisfy the needs of the function to continue the operation.
122	.Fn SSL_write
123	to continue the operation.
124	In this case a call to	132	In this case a call to
125	.Xr SSL_get_error 3	133	.Xr SSL_get_error 3
126	with the return value of	134	with the return value of the write function will yield
127	.Fn SSL_write
128	will yield
129	.Dv SSL_ERROR_WANT_READ	135	.Dv SSL_ERROR_WANT_READ
130	or	136	or
131	.Dv SSL_ERROR_WANT_WRITE .	137	.Dv SSL_ERROR_WANT_WRITE .
132	As at any time a re-negotiation is possible, a call to	138	As at any time a re-negotiation is possible, a call to
133	.Fn SSL_write	139	a write function can also cause read operations.
134	can also cause read operations!
135	The calling process then must repeat the call after taking appropriate action	140	The calling process then must repeat the call after taking appropriate action
136	to satisfy the needs of	141	to satisfy the needs of the write function.
137	.Fn SSL_write .
138	The action depends on the underlying	142	The action depends on the underlying
139	.Vt BIO .	143	.Vt BIO .
140	When using a non-blocking socket, nothing is to be done, but	144	When using a non-blocking socket, nothing is to be done, but
@@ -147,7 +151,7 @@ like a
147	pair, data must be written into or retrieved out of the BIO before being able	151	pair, data must be written into or retrieved out of the BIO before being able
148	to continue.	152	to continue.
149	.Pp	153	.Pp
150	.Fn SSL_write	154	The write functions
151	will only return with success when the complete contents of	155	will only return with success when the complete contents of
152	.Fa buf	156	.Fa buf
153	of length	157	of length
@@ -157,23 +161,15 @@ This default behaviour can be changed with the
157	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE	161	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
158	option of	162	option of
159	.Xr SSL_CTX_set_mode 3 .	163	.Xr SSL_CTX_set_mode 3 .
160	When this flag is set,	164	When this flag is set, the write functions will also return with
161	.Fn SSL_write	165	success when a partial write has been successfully completed.
162	will also return with success when a partial write has been successfully	166	In this case the write function operation is considered completed.
163	completed.	167	The bytes are sent and a new write call with a new buffer (with the
164	In this case the	168	already sent bytes removed) must be started.
165	.Fn SSL_write
166	operation is considered completed.
167	The bytes are sent and a new
168	.Fn SSL_write
169	operation with a new buffer (with the already sent bytes removed) must be
170	started.
171	A partial write is performed with the size of a message block,	169	A partial write is performed with the size of a message block,
172	which is 16kB.	170	which is 16kB.
173	.Pp	171	.Pp
174	When an	172	When a write function call has to be repeated because
175	.Fn SSL_write
176	operation has to be repeated because
177	.Xr SSL_get_error 3	173	.Xr SSL_get_error 3
178	returned	174	returned
179	.Dv SSL_ERROR_WANT_READ	175	.Dv SSL_ERROR_WANT_READ
@@ -186,12 +182,37 @@ When calling
186	with	182	with
187	.Fa num Ns =0	183	.Fa num Ns =0
188	bytes to be sent, the behaviour is undefined.	184	bytes to be sent, the behaviour is undefined.
		185	.Fn SSL_write_ex
		186	can be called with
		187	.Fa num Ns =0 ,
		188	but will not send application data to the peer.
189	.Sh RETURN VALUES	189	.Sh RETURN VALUES
190	The following return values can occur:	190	.Fn SSL_write_ex
		191	returns 1 for success or 0 for failure.
		192	Success means that all requested application data bytes have been
		193	written to the TLS connection or, if
		194	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
		195	is in use, at least one application data byte has been written
		196	to the TLS connection.
		197	Failure means that not all the requested bytes have been written yet (if
		198	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
		199	is not in use) or no bytes could be written to the TLS connection (if
		200	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
		201	is in use).
		202	Failures can be retryable (e.g. the network write buffer has temporarily
		203	filled up) or non-retryable (e.g. a fatal network error).
		204	In the event of a failure, call
		205	.Xr SSL_get_error 3
		206	to find out the reason
		207	which indicates whether the call is retryable or not.
		208	.Pp
		209	For
		210	.Fn SSL_write ,
		211	the following return values can occur:
191	.Bl -tag -width Ds	212	.Bl -tag -width Ds
192	.It >0	213	.It >0
193	The write operation was successful.	214	The write operation was successful.
194	The return value is the number of bytes actually written to the TLS/SSL	215	The return value is the number of bytes actually written to the TLS
195	connection.	216	connection.
196	.It 0	217	.It 0
197	The write operation was not successful.	218	The write operation was not successful.
@@ -222,3 +243,7 @@ with the return value to find out the reason.
222	.Fn SSL_write	243	.Fn SSL_write
223	appeared in SSLeay 0.4 or earlier and has been available since	244	appeared in SSLeay 0.4 or earlier and has been available since
224	.Ox 2.4 .	245	.Ox 2.4 .
		246	.Pp
		247	.Fn SSL_write_ex
		248	first appeared in OpenSSL 1.1.1 and has been available since
		249	.Ox 7.1 .