1 files changed, 82 insertions, 21 deletions
diff --git a/src/lib/libssl/man/SSL_pending.3 b/src/lib/libssl/man/SSL_pending.3
index dadeec4b92..1f8493b87c 100644
--- a/src/lib/libssl/man/SSL_pending.3
+++ b/src/lib/libssl/man/SSL_pending.3
@@ -1,7 +1,56 @@
+.\"     $OpenBSD: SSL_pending.3,v 1.2 2016/12/04 12:26:05 schwarze Exp $
+.\"     OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
 .\"
-.\"     $OpenBSD: SSL_pending.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
+.\" Bodo Moeller <bodo@openssl.org>, and Matt Caswell <matt@openssl.org>.
+.\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project.
+.\" All rights reserved.
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 4 2016 $
 .Dt SSL_PENDING 3
 .Os
 .Sh NAME
@@ -12,33 +61,45 @@
 .Ft int
 .Fn SSL_pending "const SSL *ssl"
 .Sh DESCRIPTION
+Data is received in whole blocks known as records from the peer.
+A whole record is processed, for example decrypted, in one go and
+is buffered until it is read by the application via a call to
+.Xr SSL_read 3 .
+.Pp
 .Fn SSL_pending
 returns the number of bytes which are available inside
 .Fa ssl
 for immediate read.
-.Sh NOTES
+.Pp
-Data are received in blocks from the peer.
+.Fn SSL_pending
-Therefore data can be buffered inside
+takes into account only bytes from the TLS/SSL record that is
-.Fa ssl
+currently being processed (if any).
-and are ready for immediate retrieval with
+If the
-.Xr SSL_read 3 .
+.Fa ssl->read_ahead
+flag is set (see
+.Xr SSL_CTX_set_read_ahead 3 ) ,
+additional protocol bytes beyond the current record may have been
+read containing more TLS/SSL records.
+This also applies to DTLS.
+These additional bytes will be buffered but will remain unprocessed
+until they are needed.
+As these bytes are still in an unprocessed state,
+.Fn SSL_pending
+will ignore them.
+Therefore it is possible for no more bytes to be readable from the
+underlying BIO (because the library has already read them) and for
+.Fn SSL_pending
+to return 0, even though readable application data bytes are available
+(because the data is in unprocessed buffered records).
 .Sh RETURN VALUES
-The number of bytes pending is returned.
+.Fn SSL_pending
+returns the number of buffered and processed application data
+bytes that are pending and are available for immediate read.
 .Sh SEE ALSO
 .Xr ssl 3 ,
+.Xr SSL_CTX_set_read_ahead 3 ,
 .Xr SSL_read 3
 .Sh BUGS
-.Fn SSL_pending
-takes into account only bytes from the TLS/SSL record that is currently being
-processed (if any).
-If the
-.Vt SSL
-object's
-.Em read_ahead
-flag is set, additional protocol bytes may have been read containing more
-TLS/SSL records; these are ignored by
-.Fn SSL_pending .
-.Pp
 Up to OpenSSL 0.9.6,
 .Fn SSL_pending
-does not check if the record type of pending data is application data.
+did not check if the record type of pending data is application data.

diff --git a/src/lib/libssl/man/SSL_pending.3 b/src/lib/libssl/man/SSL_pending.3 index dadeec4b92..1f8493b87c 100644 --- a/src/lib/libssl/man/SSL_pending.3 +++ b/src/lib/libssl/man/SSL_pending.3
@@ -1,7 +1,56 @@
		1	.\" $OpenBSD: SSL_pending.3,v 1.2 2016/12/04 12:26:05 schwarze Exp $
		2	.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
1	.\"	3	.\"
2	.\" $OpenBSD: SSL_pending.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
		5	.\" Bodo Moeller <bodo@openssl.org>, and Matt Caswell <matt@openssl.org>.
		6	.\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project.
		7	.\" All rights reserved.
3	.\"	8	.\"
4	.Dd $Mdocdate: November 5 2016 $	9	.\" Redistribution and use in source and binary forms, with or without
		10	.\" modification, are permitted provided that the following conditions
		11	.\" are met:
		12	.\"
		13	.\" 1. Redistributions of source code must retain the above copyright
		14	.\" notice, this list of conditions and the following disclaimer.
		15	.\"
		16	.\" 2. Redistributions in binary form must reproduce the above copyright
		17	.\" notice, this list of conditions and the following disclaimer in
		18	.\" the documentation and/or other materials provided with the
		19	.\" distribution.
		20	.\"
		21	.\" 3. All advertising materials mentioning features or use of this
		22	.\" software must display the following acknowledgment:
		23	.\" "This product includes software developed by the OpenSSL Project
		24	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		25	.\"
		26	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		27	.\" endorse or promote products derived from this software without
		28	.\" prior written permission. For written permission, please contact
		29	.\" openssl-core@openssl.org.
		30	.\"
		31	.\" 5. Products derived from this software may not be called "OpenSSL"
		32	.\" nor may "OpenSSL" appear in their names without prior written
		33	.\" permission of the OpenSSL Project.
		34	.\"
		35	.\" 6. Redistributions of any form whatsoever must retain the following
		36	.\" acknowledgment:
		37	.\" "This product includes software developed by the OpenSSL Project
		38	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		39	.\"
		40	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		41	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		42	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		43	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		44	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		45	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		46	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		47	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		48	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		49	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		52	.\"
		53	.Dd $Mdocdate: December 4 2016 $
5	.Dt SSL_PENDING 3	54	.Dt SSL_PENDING 3
6	.Os	55	.Os
7	.Sh NAME	56	.Sh NAME
@@ -12,33 +61,45 @@
12	.Ft int	61	.Ft int
13	.Fn SSL_pending "const SSL *ssl"	62	.Fn SSL_pending "const SSL *ssl"
14	.Sh DESCRIPTION	63	.Sh DESCRIPTION
		64	Data is received in whole blocks known as records from the peer.
		65	A whole record is processed, for example decrypted, in one go and
		66	is buffered until it is read by the application via a call to
		67	.Xr SSL_read 3 .
		68	.Pp
15	.Fn SSL_pending	69	.Fn SSL_pending
16	returns the number of bytes which are available inside	70	returns the number of bytes which are available inside
17	.Fa ssl	71	.Fa ssl
18	for immediate read.	72	for immediate read.
19	.Sh NOTES	73	.Pp
20	Data are received in blocks from the peer.	74	.Fn SSL_pending
21	Therefore data can be buffered inside	75	takes into account only bytes from the TLS/SSL record that is
22	.Fa ssl	76	currently being processed (if any).
23	and are ready for immediate retrieval with	77	If the
24	.Xr SSL_read 3 .	78	.Fa ssl->read_ahead
		79	flag is set (see
		80	.Xr SSL_CTX_set_read_ahead 3 ) ,
		81	additional protocol bytes beyond the current record may have been
		82	read containing more TLS/SSL records.
		83	This also applies to DTLS.
		84	These additional bytes will be buffered but will remain unprocessed
		85	until they are needed.
		86	As these bytes are still in an unprocessed state,
		87	.Fn SSL_pending
		88	will ignore them.
		89	Therefore it is possible for no more bytes to be readable from the
		90	underlying BIO (because the library has already read them) and for
		91	.Fn SSL_pending
		92	to return 0, even though readable application data bytes are available
		93	(because the data is in unprocessed buffered records).
25	.Sh RETURN VALUES	94	.Sh RETURN VALUES
26	The number of bytes pending is returned.	95	.Fn SSL_pending
		96	returns the number of buffered and processed application data
		97	bytes that are pending and are available for immediate read.
27	.Sh SEE ALSO	98	.Sh SEE ALSO
28	.Xr ssl 3 ,	99	.Xr ssl 3 ,
		100	.Xr SSL_CTX_set_read_ahead 3 ,
29	.Xr SSL_read 3	101	.Xr SSL_read 3
30	.Sh BUGS	102	.Sh BUGS
31	.Fn SSL_pending
32	takes into account only bytes from the TLS/SSL record that is currently being
33	processed (if any).
34	If the
35	.Vt SSL
36	object's
37	.Em read_ahead
38	flag is set, additional protocol bytes may have been read containing more
39	TLS/SSL records; these are ignored by
40	.Fn SSL_pending .
41	.Pp
42	Up to OpenSSL 0.9.6,	103	Up to OpenSSL 0.9.6,
43	.Fn SSL_pending	104	.Fn SSL_pending
44	does not check if the record type of pending data is application data.	105	did not check if the record type of pending data is application data.