diff options
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/openssl/cipher.h | 4 | ||||
-rw-r--r-- | src/include/openssl/ec_key.h | 4 | ||||
-rw-r--r-- | src/include/openssl/ssl.h | 10 |
3 files changed, 13 insertions, 5 deletions
diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index ea7a940a..17b7b91c 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -136,8 +136,8 @@ OPENSSL_EXPORT int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); // EVP_CIPHER_CTX_reset calls |EVP_CIPHER_CTX_cleanup| followed by -// |EVP_CIPHER_CTX_init|. -OPENSSL_EXPORT void EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); +// |EVP_CIPHER_CTX_init| and returns one. +OPENSSL_EXPORT int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); // Cipher context configuration. diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h index 3b1a5666..be0faaf8 100644 --- a/src/include/openssl/ec_key.h +++ b/src/include/openssl/ec_key.h @@ -174,8 +174,8 @@ OPENSSL_EXPORT int EC_KEY_check_fips(const EC_KEY *key); // EC_KEY_set_public_key_affine_coordinates sets the public key in |key| to // (|x|, |y|). It returns one on success and zero otherwise. OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, - BIGNUM *x, - BIGNUM *y); + const BIGNUM *x, + const BIGNUM *y); // EC_KEY_key2buf encodes the public key in |key| to an allocated octet string // and sets |*out_buf| to point to it. It returns the length of the encoded diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index 1ef9f84b..d3ca63c9 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -3140,6 +3140,13 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl); // |SSL_process_quic_post_handshake| to process it. It is an error to call // |SSL_read| and |SSL_write| in QUIC. // +// 0-RTT behaves similarly to |TLS_method|'s usual behavior. |SSL_do_handshake| +// returns early as soon as the client (respectively, server) is allowed to send +// 0-RTT (respectively, half-RTT) data. The caller should then call +// |SSL_do_handshake| again to consume the remaining handshake messages and +// confirm the handshake. As a client, |SSL_ERROR_EARLY_DATA_REJECTED| and +// |SSL_reset_early_data_reject| behave as usual. +// // Note that secrets for an encryption level may be available to QUIC before the // level is active in TLS. Callers should use |SSL_quic_read_level| to determine // the active read level for |SSL_provide_quic_data|. |SSL_do_handshake| will @@ -3155,7 +3162,8 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl); // |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each // encryption level. // -// Note: 0-RTT is not currently supported via this API. +// Note: 0-RTT support is incomplete and does not currently handle QUIC +// transport parameters and server SETTINGS frame. // ssl_encryption_level_t represents a specific QUIC encryption level used to // transmit handshake messages. |