merge documentation for SSL_read_ex(3), SSL_peek_ex(3), and SSL_write_ex(3)

from the OpenSSL 1.1.1 branch, which is still under a free license
author: schwarze <> 2021-10-24 15:10:13 +0000
committer: schwarze <> 2021-10-24 15:10:13 +0000
commit: cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e (patch)
tree: ab6e4a6859e452d35eeb3e6b83e50360a070a7e0 /src
parent: da942ee69e65b73b38b1ceaacc1dcf1a9b86e412 (diff)
download: openbsd-cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e.tar.gz
openbsd-cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e.tar.bz2
openbsd-cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e.zip
2 files changed, 130 insertions, 61 deletions
diff --git a/src/lib/libssl/man/SSL_read.3 b/src/lib/libssl/man/SSL_read.3
index ea181ce15c..bb72a8ed82 100644
--- a/src/lib/libssl/man/SSL_read.3
+++ b/src/lib/libssl/man/SSL_read.3
@@ -1,6 +1,6 @@
-.\" $OpenBSD: SSL_read.3,v 1.7 2020/05/26 19:45:58 schwarze Exp $
+.\" $OpenBSD: SSL_read.3,v 1.8 2021/10/24 15:10:13 schwarze Exp $
-.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
+.\" full merge up to: OpenSSL 5a2443ae Nov 14 11:37:36 2016 +0000
-.\" partial merge up to: OpenSSL 18bad535 Apr 9 15:13:55 2019 +0100
+.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
 .\" Matt Caswell <matt@openssl.org>.
@@ -51,38 +51,59 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 26 2020 $
+.Dd $Mdocdate: October 24 2021 $
 .Dt SSL_READ 3
 .Os
 .Sh NAME
+.Nm SSL_read_ex ,
 .Nm SSL_read ,
+.Nm SSL_peek_ex ,
 .Nm SSL_peek
 .Nd read bytes from a TLS connection
 .Sh SYNOPSIS
 .In openssl/ssl.h
 .Ft int
+.Fn SSL_read_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes"
+.Ft int
 .Fn SSL_read "SSL *ssl" "void *buf" "int num"
 .Ft int
+.Fn SSL_peek_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes"
+.Ft int
 .Fn SSL_peek "SSL *ssl" "void *buf" "int num"
 .Sh DESCRIPTION
+.Fn SSL_read_ex
+and
 .Fn SSL_read
-tries to read
+try to read
 .Fa num
 bytes from the specified
 .Fa ssl
 into the buffer
 .Fa buf .
+On success
+.Fn SSL_read_ex
+stores the number of bytes actually read in
+.Pf * Fa readbytes .
 .Pp
+.Fn SSL_peek_ex
+and
 .Fn SSL_peek
-is identical to
+are identical to
-.Fn SSL_read
+.Fn SSL_read_ex
+and
+.Fn SSL_read ,
+respectively,
 except that no bytes are removed from the underlying BIO during
 the read, such that a subsequent call to
+.Fn SSL_read_ex
+or
 .Fn SSL_read
 will yield at least the same bytes once again.
 .Pp
 In the following,
-.Fn SSL_read
+.Fn SSL_read_ex ,
+.Fn SSL_read ,
+.Fn SSL_peek_ex ,
 and
 .Fn SSL_peek
 are called
@@ -107,11 +128,11 @@ or
 .Xr SSL_set_accept_state 3
 before the first call to a read function.
 .Pp
-The read functions works based on the TLS records.
+The read functions work based on the TLS records.
 The data are received in records (with a maximum record size of 16kB).
 Only when a record has been completely received, it can be processed
 (decrypted and checked for integrity).
-Therefore data that was not retrieved at the last read call can
+Therefore, data that was not retrieved at the last read call can
 still be buffered inside the TLS layer and will be retrieved on the
 next read call.
 If
@@ -182,7 +203,24 @@ or
 .Dv SSL_ERROR_WANT_WRITE ,
 it must be repeated with the same arguments.
 .Sh RETURN VALUES
-The following return values can occur:
+.Fn SSL_read_ex
+and
+.Fn SSL_peek_ex
+return 1 for success or 0 for failure.
+Success means that one or more application data bytes
+have been read from the SSL connection.
+Failure means that no bytes could be read from the SSL connection.
+Failures can be retryable (e.g. we are waiting for more bytes to be
+delivered by the network) or non-retryable (e.g. a fatal network error).
+In the event of a failure, call
+.Xr SSL_get_error 3
+to find out the reason which indicates whether the call is retryable or not.
+.Pp
+For
+.Fn SSL_read
+and
+.Fn SSL_peek ,
+the following return values can occur:
 .Bl -tag -width Ds
 .It >0
 The read operation was successful.
@@ -232,3 +270,9 @@ appeared in SSLeay 0.4 or earlier.
 first appeared in SSLeay 0.6.6.
 Both functions have been available since
 .Ox 2.4 .
+.Pp
+.Fn SSL_read_ex
+and
+.Fn SSL_peek_ex
+first appeared in OpenSSL 1.1.1 and have been available since
+.Ox 7.1 .
diff --git a/src/lib/libssl/man/SSL_write.3 b/src/lib/libssl/man/SSL_write.3
index 16be55f259..2c6fbcef08 100644
--- a/src/lib/libssl/man/SSL_write.3
+++ b/src/lib/libssl/man/SSL_write.3
@@ -1,8 +1,11 @@
-.\"     $OpenBSD: SSL_write.3,v 1.6 2020/10/08 16:02:38 tb Exp $
+.\" $OpenBSD: SSL_write.3,v 1.7 2021/10/24 15:10:13 schwarze Exp $
-.\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
+.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
-.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project.  All rights reserved.
+.\" and Matt Caswell <matt@openssl.org>.
+.\" Copyright (c) 2000, 2001, 2002, 2016 The OpenSSL Project.
+.\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -48,59 +51,67 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 8 2020 $
+.Dd $Mdocdate: October 24 2021 $
 .Dt SSL_WRITE 3
 .Os
 .Sh NAME
+.Nm SSL_write_ex ,
 .Nm SSL_write
-.Nd write bytes to a TLS/SSL connection
+.Nd write bytes to a TLS connection
 .Sh SYNOPSIS
 .In openssl/ssl.h
 .Ft int
+.Fn SSL_write_ex "SSL *ssl" "const void *buf" "size_t num" "size_t *written"
+.Ft int
 .Fn SSL_write "SSL *ssl" "const void *buf" "int num"
 .Sh DESCRIPTION
+.Fn SSL_write_ex
+and
 .Fn SSL_write
-writes
+write
 .Fa num
 bytes from the buffer
 .Fa buf
 into the specified
 .Fa ssl
 connection.
+On success
+.Fn SSL_write_ex
+stores the number of bytes written in
+.Pf * Fa written .
 .Pp
-If necessary,
+In the following,
+.Fn SSL_write_ex
+and
 .Fn SSL_write
-will negotiate a TLS/SSL session, if not already explicitly performed by
+are called
+.Dq write functions .
+.Pp
+If necessary, a write function negotiates a TLS session,
+if not already explicitly performed by
 .Xr SSL_connect 3
 or
 .Xr SSL_accept 3 .
 If the peer requests a re-negotiation,
 it will be performed transparently during the
-.Fn SSL_write
+write function operation.
-operation.
+The behaviour of the write functions depends on the underlying
-The behaviour of
-.Fn SSL_write
-depends on the underlying
 .Vt BIO .
 .Pp
 For the transparent negotiation to succeed, the
 .Fa ssl
 must have been initialized to client or server mode.
-This is being done by calling
+This is done by calling
 .Xr SSL_set_connect_state 3
 or
 .Xr SSL_set_accept_state 3
-before the first call to an
+before the first call to a write function.
-.Xr SSL_read 3
-or
-.Fn SSL_write
-function.
 .Pp
 If the underlying
 .Vt BIO
 is
 .Em blocking ,
-.Fn SSL_write
+the write function
 will only return once the write operation has been finished or an error
 occurred, except when a renegotiation takes place, in which case a
 .Dv SSL_ERROR_WANT_READ
@@ -115,26 +126,19 @@ If the underlying
 .Vt BIO
 is
 .Em non-blocking ,
-.Fn SSL_write
+the write function will also return when the underlying
-will also return when the underlying
 .Vt BIO
-could not satisfy the needs of
+could not satisfy the needs of the function to continue the operation.
-.Fn SSL_write
-to continue the operation.
 In this case a call to
 .Xr SSL_get_error 3
-with the return value of
+with the return value of the write function will yield
-.Fn SSL_write
-will yield
 .Dv SSL_ERROR_WANT_READ
 or
 .Dv SSL_ERROR_WANT_WRITE .
 As at any time a re-negotiation is possible, a call to
-.Fn SSL_write
+a write function can also cause read operations.
-can also cause read operations!
 The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of
+to satisfy the needs of the write function.
-.Fn SSL_write .
 The action depends on the underlying
 .Vt BIO .
 When using a non-blocking socket, nothing is to be done, but
@@ -147,7 +151,7 @@ like a
 pair, data must be written into or retrieved out of the BIO before being able
 to continue.
 .Pp
-.Fn SSL_write
+The write functions
 will only return with success when the complete contents of
 .Fa buf
 of length
@@ -157,23 +161,15 @@ This default behaviour can be changed with the
 .Dv SSL_MODE_ENABLE_PARTIAL_WRITE
 option of
 .Xr SSL_CTX_set_mode 3 .
-When this flag is set,
+When this flag is set, the write functions will also return with
-.Fn SSL_write
+success when a partial write has been successfully completed.
-will also return with success when a partial write has been successfully
+In this case the write function operation is considered completed.
-completed.
+The bytes are sent and a new write call with a new buffer (with the
-In this case the
+already sent bytes removed) must be started.
-.Fn SSL_write
-operation is considered completed.
-The bytes are sent and a new
-.Fn SSL_write
-operation with a new buffer (with the already sent bytes removed) must be
-started.
 A partial write is performed with the size of a message block,
 which is 16kB.
 .Pp
-When an
+When a write function call has to be repeated because
-.Fn SSL_write
-operation has to be repeated because
 .Xr SSL_get_error 3
 returned
 .Dv SSL_ERROR_WANT_READ
@@ -186,12 +182,37 @@ When calling
 with
 .Fa num Ns =0
 bytes to be sent, the behaviour is undefined.
+.Fn SSL_write_ex
+can be called with
+.Fa num Ns =0 ,
+but will not send application data to the peer.
 .Sh RETURN VALUES
-The following return values can occur:
+.Fn SSL_write_ex
+returns 1 for success or 0 for failure.
+Success means that all requested application data bytes have been
+written to the TLS connection or, if
+.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
+is in use, at least one application data byte has been written
+to the TLS connection.
+Failure means that not all the requested bytes have been written yet (if
+.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
+is not in use) or no bytes could be written to the TLS connection (if
+.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
+is in use).
+Failures can be retryable (e.g. the network write buffer has temporarily
+filled up) or non-retryable (e.g. a fatal network error).
+In the event of a failure, call
+.Xr SSL_get_error 3
+to find out the reason
+which indicates whether the call is retryable or not.
+.Pp
+For
+.Fn SSL_write ,
+the following return values can occur:
 .Bl -tag -width Ds
 .It >0
 The write operation was successful.
-The return value is the number of bytes actually written to the TLS/SSL
+The return value is the number of bytes actually written to the TLS
 connection.
 .It 0
 The write operation was not successful.
@@ -222,3 +243,7 @@ with the return value to find out the reason.
 .Fn SSL_write
 appeared in SSLeay 0.4 or earlier and has been available since
 .Ox 2.4 .
+.Pp
+.Fn SSL_write_ex
+first appeared in OpenSSL 1.1.1 and has been available since
+.Ox 7.1 .
author	schwarze <>	2021-10-24 15:10:13 +0000
committer	schwarze <>	2021-10-24 15:10:13 +0000
commit	cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e (patch)
tree	ab6e4a6859e452d35eeb3e6b83e50360a070a7e0 /src
parent	da942ee69e65b73b38b1ceaacc1dcf1a9b86e412 (diff)
download	openbsd-cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e.tar.gz openbsd-cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e.tar.bz2 openbsd-cd96037ccee449c5bfb5e2fe0f58fc1357cdfa8e.zip

diff --git a/src/lib/libssl/man/SSL_read.3 b/src/lib/libssl/man/SSL_read.3 index ea181ce15c..bb72a8ed82 100644 --- a/src/lib/libssl/man/SSL_read.3 +++ b/src/lib/libssl/man/SSL_read.3
@@ -1,6 +1,6 @@
1	.\" $OpenBSD: SSL_read.3,v 1.7 2020/05/26 19:45:58 schwarze Exp $	1	.\" $OpenBSD: SSL_read.3,v 1.8 2021/10/24 15:10:13 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 5a2443ae Nov 14 11:37:36 2016 +0000
3	.\" partial merge up to: OpenSSL 18bad535 Apr 9 15:13:55 2019 +0100	3	.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\"	4	.\"
5	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and	5	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
6	.\" Matt Caswell <matt@openssl.org>.	6	.\" Matt Caswell <matt@openssl.org>.
@@ -51,38 +51,59 @@
51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
53	.\"	53	.\"
54	.Dd $Mdocdate: May 26 2020 $	54	.Dd $Mdocdate: October 24 2021 $
55	.Dt SSL_READ 3	55	.Dt SSL_READ 3
56	.Os	56	.Os
57	.Sh NAME	57	.Sh NAME
		58	.Nm SSL_read_ex ,
58	.Nm SSL_read ,	59	.Nm SSL_read ,
		60	.Nm SSL_peek_ex ,
59	.Nm SSL_peek	61	.Nm SSL_peek
60	.Nd read bytes from a TLS connection	62	.Nd read bytes from a TLS connection
61	.Sh SYNOPSIS	63	.Sh SYNOPSIS
62	.In openssl/ssl.h	64	.In openssl/ssl.h
63	.Ft int	65	.Ft int
		66	.Fn SSL_read_ex "SSL ssl" "void buf" "size_t num" "size_t *readbytes"
		67	.Ft int
64	.Fn SSL_read "SSL ssl" "void buf" "int num"	68	.Fn SSL_read "SSL ssl" "void buf" "int num"
65	.Ft int	69	.Ft int
		70	.Fn SSL_peek_ex "SSL ssl" "void buf" "size_t num" "size_t *readbytes"
		71	.Ft int
66	.Fn SSL_peek "SSL ssl" "void buf" "int num"	72	.Fn SSL_peek "SSL ssl" "void buf" "int num"
67	.Sh DESCRIPTION	73	.Sh DESCRIPTION
		74	.Fn SSL_read_ex
		75	and
68	.Fn SSL_read	76	.Fn SSL_read
69	tries to read	77	try to read
70	.Fa num	78	.Fa num
71	bytes from the specified	79	bytes from the specified
72	.Fa ssl	80	.Fa ssl
73	into the buffer	81	into the buffer
74	.Fa buf .	82	.Fa buf .
		83	On success
		84	.Fn SSL_read_ex
		85	stores the number of bytes actually read in
		86	.Pf * Fa readbytes .
75	.Pp	87	.Pp
		88	.Fn SSL_peek_ex
		89	and
76	.Fn SSL_peek	90	.Fn SSL_peek
77	is identical to	91	are identical to
78	.Fn SSL_read	92	.Fn SSL_read_ex
		93	and
		94	.Fn SSL_read ,
		95	respectively,
79	except that no bytes are removed from the underlying BIO during	96	except that no bytes are removed from the underlying BIO during
80	the read, such that a subsequent call to	97	the read, such that a subsequent call to
		98	.Fn SSL_read_ex
		99	or
81	.Fn SSL_read	100	.Fn SSL_read
82	will yield at least the same bytes once again.	101	will yield at least the same bytes once again.
83	.Pp	102	.Pp
84	In the following,	103	In the following,
85	.Fn SSL_read	104	.Fn SSL_read_ex ,
		105	.Fn SSL_read ,
		106	.Fn SSL_peek_ex ,
86	and	107	and
87	.Fn SSL_peek	108	.Fn SSL_peek
88	are called	109	are called
@@ -107,11 +128,11 @@ or
107	.Xr SSL_set_accept_state 3	128	.Xr SSL_set_accept_state 3
108	before the first call to a read function.	129	before the first call to a read function.
109	.Pp	130	.Pp
110	The read functions works based on the TLS records.	131	The read functions work based on the TLS records.
111	The data are received in records (with a maximum record size of 16kB).	132	The data are received in records (with a maximum record size of 16kB).
112	Only when a record has been completely received, it can be processed	133	Only when a record has been completely received, it can be processed
113	(decrypted and checked for integrity).	134	(decrypted and checked for integrity).
114	Therefore data that was not retrieved at the last read call can	135	Therefore, data that was not retrieved at the last read call can
115	still be buffered inside the TLS layer and will be retrieved on the	136	still be buffered inside the TLS layer and will be retrieved on the
116	next read call.	137	next read call.
117	If	138	If
@@ -182,7 +203,24 @@ or
182	.Dv SSL_ERROR_WANT_WRITE ,	203	.Dv SSL_ERROR_WANT_WRITE ,
183	it must be repeated with the same arguments.	204	it must be repeated with the same arguments.
184	.Sh RETURN VALUES	205	.Sh RETURN VALUES
185	The following return values can occur:	206	.Fn SSL_read_ex
		207	and
		208	.Fn SSL_peek_ex
		209	return 1 for success or 0 for failure.
		210	Success means that one or more application data bytes
		211	have been read from the SSL connection.
		212	Failure means that no bytes could be read from the SSL connection.
		213	Failures can be retryable (e.g. we are waiting for more bytes to be
		214	delivered by the network) or non-retryable (e.g. a fatal network error).
		215	In the event of a failure, call
		216	.Xr SSL_get_error 3
		217	to find out the reason which indicates whether the call is retryable or not.
		218	.Pp
		219	For
		220	.Fn SSL_read
		221	and
		222	.Fn SSL_peek ,
		223	the following return values can occur:
186	.Bl -tag -width Ds	224	.Bl -tag -width Ds
187	.It >0	225	.It >0
188	The read operation was successful.	226	The read operation was successful.
@@ -232,3 +270,9 @@ appeared in SSLeay 0.4 or earlier.
232	first appeared in SSLeay 0.6.6.	270	first appeared in SSLeay 0.6.6.
233	Both functions have been available since	271	Both functions have been available since
234	.Ox 2.4 .	272	.Ox 2.4 .
		273	.Pp
		274	.Fn SSL_read_ex
		275	and
		276	.Fn SSL_peek_ex
		277	first appeared in OpenSSL 1.1.1 and have been available since
		278	.Ox 7.1 .


diff --git a/src/lib/libssl/man/SSL_write.3 b/src/lib/libssl/man/SSL_write.3 index 16be55f259..2c6fbcef08 100644 --- a/src/lib/libssl/man/SSL_write.3 +++ b/src/lib/libssl/man/SSL_write.3
@@ -1,8 +1,11 @@
1	.\" $OpenBSD: SSL_write.3,v 1.6 2020/10/08 16:02:38 tb Exp $	1	.\" $OpenBSD: SSL_write.3,v 1.7 2021/10/24 15:10:13 schwarze Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
		3	.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
3	.\"	4	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.	5	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
5	.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project. All rights reserved.	6	.\" and Matt Caswell <matt@openssl.org>.
		7	.\" Copyright (c) 2000, 2001, 2002, 2016 The OpenSSL Project.
		8	.\" All rights reserved.
6	.\"	9	.\"
7	.\" Redistribution and use in source and binary forms, with or without	10	.\" Redistribution and use in source and binary forms, with or without
8	.\" modification, are permitted provided that the following conditions	11	.\" modification, are permitted provided that the following conditions
@@ -48,59 +51,67 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	53	.\"
51	.Dd $Mdocdate: October 8 2020 $	54	.Dd $Mdocdate: October 24 2021 $
52	.Dt SSL_WRITE 3	55	.Dt SSL_WRITE 3
53	.Os	56	.Os
54	.Sh NAME	57	.Sh NAME
		58	.Nm SSL_write_ex ,
55	.Nm SSL_write	59	.Nm SSL_write
56	.Nd write bytes to a TLS/SSL connection	60	.Nd write bytes to a TLS connection
57	.Sh SYNOPSIS	61	.Sh SYNOPSIS
58	.In openssl/ssl.h	62	.In openssl/ssl.h
59	.Ft int	63	.Ft int
		64	.Fn SSL_write_ex "SSL ssl" "const void buf" "size_t num" "size_t *written"
		65	.Ft int
60	.Fn SSL_write "SSL ssl" "const void buf" "int num"	66	.Fn SSL_write "SSL ssl" "const void buf" "int num"
61	.Sh DESCRIPTION	67	.Sh DESCRIPTION
		68	.Fn SSL_write_ex
		69	and
62	.Fn SSL_write	70	.Fn SSL_write
63	writes	71	write
64	.Fa num	72	.Fa num
65	bytes from the buffer	73	bytes from the buffer
66	.Fa buf	74	.Fa buf
67	into the specified	75	into the specified
68	.Fa ssl	76	.Fa ssl
69	connection.	77	connection.
		78	On success
		79	.Fn SSL_write_ex
		80	stores the number of bytes written in
		81	.Pf * Fa written .
70	.Pp	82	.Pp
71	If necessary,	83	In the following,
		84	.Fn SSL_write_ex
		85	and
72	.Fn SSL_write	86	.Fn SSL_write
73	will negotiate a TLS/SSL session, if not already explicitly performed by	87	are called
		88	.Dq write functions .
		89	.Pp
		90	If necessary, a write function negotiates a TLS session,
		91	if not already explicitly performed by
74	.Xr SSL_connect 3	92	.Xr SSL_connect 3
75	or	93	or
76	.Xr SSL_accept 3 .	94	.Xr SSL_accept 3 .
77	If the peer requests a re-negotiation,	95	If the peer requests a re-negotiation,
78	it will be performed transparently during the	96	it will be performed transparently during the
79	.Fn SSL_write	97	write function operation.
80	operation.	98	The behaviour of the write functions depends on the underlying
81	The behaviour of
82	.Fn SSL_write
83	depends on the underlying
84	.Vt BIO .	99	.Vt BIO .
85	.Pp	100	.Pp
86	For the transparent negotiation to succeed, the	101	For the transparent negotiation to succeed, the
87	.Fa ssl	102	.Fa ssl
88	must have been initialized to client or server mode.	103	must have been initialized to client or server mode.
89	This is being done by calling	104	This is done by calling
90	.Xr SSL_set_connect_state 3	105	.Xr SSL_set_connect_state 3
91	or	106	or
92	.Xr SSL_set_accept_state 3	107	.Xr SSL_set_accept_state 3
93	before the first call to an	108	before the first call to a write function.
94	.Xr SSL_read 3
95	or
96	.Fn SSL_write
97	function.
98	.Pp	109	.Pp
99	If the underlying	110	If the underlying
100	.Vt BIO	111	.Vt BIO
101	is	112	is
102	.Em blocking ,	113	.Em blocking ,
103	.Fn SSL_write	114	the write function
104	will only return once the write operation has been finished or an error	115	will only return once the write operation has been finished or an error
105	occurred, except when a renegotiation takes place, in which case a	116	occurred, except when a renegotiation takes place, in which case a
106	.Dv SSL_ERROR_WANT_READ	117	.Dv SSL_ERROR_WANT_READ
@@ -115,26 +126,19 @@ If the underlying
115	.Vt BIO	126	.Vt BIO
116	is	127	is
117	.Em non-blocking ,	128	.Em non-blocking ,
118	.Fn SSL_write	129	the write function will also return when the underlying
119	will also return when the underlying
120	.Vt BIO	130	.Vt BIO
121	could not satisfy the needs of	131	could not satisfy the needs of the function to continue the operation.
122	.Fn SSL_write
123	to continue the operation.
124	In this case a call to	132	In this case a call to
125	.Xr SSL_get_error 3	133	.Xr SSL_get_error 3
126	with the return value of	134	with the return value of the write function will yield
127	.Fn SSL_write
128	will yield
129	.Dv SSL_ERROR_WANT_READ	135	.Dv SSL_ERROR_WANT_READ
130	or	136	or
131	.Dv SSL_ERROR_WANT_WRITE .	137	.Dv SSL_ERROR_WANT_WRITE .
132	As at any time a re-negotiation is possible, a call to	138	As at any time a re-negotiation is possible, a call to
133	.Fn SSL_write	139	a write function can also cause read operations.
134	can also cause read operations!
135	The calling process then must repeat the call after taking appropriate action	140	The calling process then must repeat the call after taking appropriate action
136	to satisfy the needs of	141	to satisfy the needs of the write function.
137	.Fn SSL_write .
138	The action depends on the underlying	142	The action depends on the underlying
139	.Vt BIO .	143	.Vt BIO .
140	When using a non-blocking socket, nothing is to be done, but	144	When using a non-blocking socket, nothing is to be done, but
@@ -147,7 +151,7 @@ like a
147	pair, data must be written into or retrieved out of the BIO before being able	151	pair, data must be written into or retrieved out of the BIO before being able
148	to continue.	152	to continue.
149	.Pp	153	.Pp
150	.Fn SSL_write	154	The write functions
151	will only return with success when the complete contents of	155	will only return with success when the complete contents of
152	.Fa buf	156	.Fa buf
153	of length	157	of length
@@ -157,23 +161,15 @@ This default behaviour can be changed with the
157	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE	161	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
158	option of	162	option of
159	.Xr SSL_CTX_set_mode 3 .	163	.Xr SSL_CTX_set_mode 3 .
160	When this flag is set,	164	When this flag is set, the write functions will also return with
161	.Fn SSL_write	165	success when a partial write has been successfully completed.
162	will also return with success when a partial write has been successfully	166	In this case the write function operation is considered completed.
163	completed.	167	The bytes are sent and a new write call with a new buffer (with the
164	In this case the	168	already sent bytes removed) must be started.
165	.Fn SSL_write
166	operation is considered completed.
167	The bytes are sent and a new
168	.Fn SSL_write
169	operation with a new buffer (with the already sent bytes removed) must be
170	started.
171	A partial write is performed with the size of a message block,	169	A partial write is performed with the size of a message block,
172	which is 16kB.	170	which is 16kB.
173	.Pp	171	.Pp
174	When an	172	When a write function call has to be repeated because
175	.Fn SSL_write
176	operation has to be repeated because
177	.Xr SSL_get_error 3	173	.Xr SSL_get_error 3
178	returned	174	returned
179	.Dv SSL_ERROR_WANT_READ	175	.Dv SSL_ERROR_WANT_READ
@@ -186,12 +182,37 @@ When calling
186	with	182	with
187	.Fa num Ns =0	183	.Fa num Ns =0
188	bytes to be sent, the behaviour is undefined.	184	bytes to be sent, the behaviour is undefined.
		185	.Fn SSL_write_ex
		186	can be called with
		187	.Fa num Ns =0 ,
		188	but will not send application data to the peer.
189	.Sh RETURN VALUES	189	.Sh RETURN VALUES
190	The following return values can occur:	190	.Fn SSL_write_ex
		191	returns 1 for success or 0 for failure.
		192	Success means that all requested application data bytes have been
		193	written to the TLS connection or, if
		194	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
		195	is in use, at least one application data byte has been written
		196	to the TLS connection.
		197	Failure means that not all the requested bytes have been written yet (if
		198	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
		199	is not in use) or no bytes could be written to the TLS connection (if
		200	.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
		201	is in use).
		202	Failures can be retryable (e.g. the network write buffer has temporarily
		203	filled up) or non-retryable (e.g. a fatal network error).
		204	In the event of a failure, call
		205	.Xr SSL_get_error 3
		206	to find out the reason
		207	which indicates whether the call is retryable or not.
		208	.Pp
		209	For
		210	.Fn SSL_write ,
		211	the following return values can occur:
191	.Bl -tag -width Ds	212	.Bl -tag -width Ds
192	.It >0	213	.It >0
193	The write operation was successful.	214	The write operation was successful.
194	The return value is the number of bytes actually written to the TLS/SSL	215	The return value is the number of bytes actually written to the TLS
195	connection.	216	connection.
196	.It 0	217	.It 0
197	The write operation was not successful.	218	The write operation was not successful.
@@ -222,3 +243,7 @@ with the return value to find out the reason.
222	.Fn SSL_write	243	.Fn SSL_write
223	appeared in SSLeay 0.4 or earlier and has been available since	244	appeared in SSLeay 0.4 or earlier and has been available since
224	.Ox 2.4 .	245	.Ox 2.4 .
		246	.Pp
		247	.Fn SSL_write_ex
		248	first appeared in OpenSSL 1.1.1 and has been available since
		249	.Ox 7.1 .