From 01e077a02e249d3daca78c662328fbf3eb556fa6 Mon Sep 17 00:00:00 2001 From: Tobias Thierer Date: Wed, 9 Oct 2019 20:48:13 +0100 Subject: external/boringssl: Sync to 56b6c714c9cae5963681ed9dd9f6cabf294e3f80. This includes the following changes: https://boringssl.googlesource.com/boringssl/+log/6e7255c17e1a7348a2377fbc804441dd284806e2..56b6c714c9cae5963681ed9dd9f6cabf294e3f80 Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases Change-Id: I9977c8fa204dd39e5b6c71abdb85d055e842bf4e --- src/include/openssl/ssl.h | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'src/include') diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index 6810a647..8cd03be8 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -560,6 +560,13 @@ OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code); #define SSL_ERROR_HANDOFF 17 #define SSL_ERROR_HANDBACK 18 +// SSL_ERROR_WANT_RENEGOTIATE indicates the operation is pending a response to +// a renegotiation request from the server. The caller may call +// |SSL_renegotiate| to schedule a renegotiation and retry the operation. +// +// See also |ssl_renegotiate_explicit|. +#define SSL_ERROR_WANT_RENEGOTIATE 19 + // SSL_error_description returns a string representation of |err|, where |err| // is one of the |SSL_ERROR_*| constants returned by |SSL_get_error|, or NULL // if the value is unrecognized. @@ -3605,6 +3612,7 @@ enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT { ssl_renegotiate_once, ssl_renegotiate_freely, ssl_renegotiate_ignore, + ssl_renegotiate_explicit, }; // SSL_set_renegotiate_mode configures how |ssl|, a client, reacts to @@ -3618,6 +3626,13 @@ enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT { // Note that ignoring HelloRequest messages may cause the connection to stall // if the server waits for the renegotiation to complete. // +// If set to |ssl_renegotiate_explicit|, |SSL_read| and |SSL_peek| calls which +// encounter a HelloRequest will pause with |SSL_ERROR_WANT_RENEGOTIATE|. +// |SSL_write| will continue to work while paused. The caller may call +// |SSL_renegotiate| to begin the renegotiation at a later point. This mode may +// be used if callers wish to eagerly call |SSL_peek| without triggering a +// renegotiation. +// // If configuration shedding is enabled (see |SSL_set_shed_handshake_config|), // configuration is released if, at any point after the handshake, renegotiation // is disabled. It is not possible to switch from disabling renegotiation to @@ -3630,6 +3645,16 @@ enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT { OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode); +// SSL_renegotiate starts a deferred renegotiation on |ssl| if it was configured +// with |ssl_renegotiate_explicit| and has a pending HelloRequest. It returns +// one on success and zero on error. +// +// This function does not do perform any I/O. On success, a subsequent +// |SSL_do_handshake| call will run the handshake. |SSL_write| and +// |SSL_read| will also complete the handshake before sending or receiving +// application data. +OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl); + // SSL_renegotiate_pending returns one if |ssl| is in the middle of a // renegotiation. OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); @@ -4081,9 +4106,6 @@ OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *ssl); // SSL_set_read_ahead returns one. OPENSSL_EXPORT int SSL_set_read_ahead(SSL *ssl, int yes); -// SSL_renegotiate put an error on the error queue and returns zero. -OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl); - // SSL_set_state does nothing. OPENSSL_EXPORT void SSL_set_state(SSL *ssl, int state); -- cgit v1.2.3