introduced GNUTLS_E_NEED_FALLBACK to allow falling back from registered ciphers

That allows a registered cipher to indicate that it cannot operate
(e.g., due to memory constraints, or internal limits), and gnutls should
proceed with the default algorithms.

1 files changed, 9 insertions, 0 deletions

diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c
index a4415169ca..b509fabdc7 100644
--- a/lib/crypto-backend.c
+++ b/lib/crypto-backend.c
@@ -151,6 +151,9 @@ void _gnutls_crypto_deregister(void)
  * priority of 90 and CPU-assisted of 80.  The algorithm with the lowest priority will be
  * used by gnutls.
  *
+ * In the case the registered init function return %GNUTLS_E_NEED_FALLBACK
+ * then GnuTLS will attempt to use the next in priority registered cipher.
+ *
  * This function should be called before gnutls_global_init().
  *
  * For simplicity you can use the convenience
@@ -193,6 +196,9 @@ const gnutls_crypto_cipher_st
  * priority of 90 and CPU-assisted of 80.  The algorithm with the lowest priority will be
  * used by gnutls.
  *
+ * In the case the registered init function return %GNUTLS_E_NEED_FALLBACK
+ * then GnuTLS will attempt to use the next in priority registered cipher.
+ *
  * The functions which are marked as non-AEAD they are not required when
  * registering a cipher to be used with the new AEAD API introduced in
  * GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API.
@@ -241,6 +247,9 @@ gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm,
  * priority of 90 and CPU-assisted of 80.  The algorithm with the lowest priority will be
  * used by gnutls.
  *
+ * In the case the registered init function return %GNUTLS_E_NEED_FALLBACK
+ * then GnuTLS will attempt to use the next in priority registered cipher.
+ *
  * The functions registered will be used with the new AEAD API introduced in
  * GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API.
  *