Add kTLS options and SSL_sendfile

sfackler · Mar 14, 2024 · 9adbc50 · 9adbc50
1 parent 9f29412
commit 9adbc50
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs
@@ -674,6 +674,14 @@ extern "C" {
         num: size_t,
         written: *mut size_t,
     ) -> c_int;
+    #[cfg(ossl300)]
+    pub fn SSL_sendfile(
+        ssl: *mut SSL,
+        fd: c_int,
+        offset: off_t,
+        size: size_t,
+        flags: c_int,
+    ) -> ssize_t;
     #[cfg(any(ossl111, libressl340))]
     pub fn SSL_write_early_data(
         s: *mut SSL,

diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
@@ -73,6 +73,8 @@ cfg_if! {
 }
 
 pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
+#[cfg(ossl300)]
+pub const SSL_OP_ENABLE_KTLS: ssl_op_type!() = 0x00000008;
 cfg_if! {
     if #[cfg(libressl261)] {
         pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
@@ -169,6 +171,9 @@ cfg_if! {
     }
 }
 
+#[cfg(ossl320)]
+pub const SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE: ssl_op_type!() = 0x400000000;
+
 cfg_if! {
     if #[cfg(ossl300)] {
         pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
@@ -281,6 +281,26 @@ bitflags! {
         /// [`SslOptions::CIPHER_SERVER_PREFERENCE`]: struct.SslOptions.html#associatedconstant.CIPHER_SERVER_PREFERENCE
         #[cfg(ossl111)]
         const PRIORITIZE_CHACHA = ffi::SSL_OP_PRIORITIZE_CHACHA as SslOptionsRepr;
+
+        /// Enable the use of kernel TLS.
+        ///
+        /// In order to benefit from kernel TLS OpenSSL must have been compiled with support for it,
+        /// and it must be supported by the negotiated ciphersuites and extensions.
+        /// The specific ciphersuites and extensions that are supported may vary by platform and kernel version.
+        ///
+        /// Requires OpenSSL 3.0.0 or newer.
+        #[cfg(ossl300)]
+        const ENABLE_KTLS = ffi::SSL_OP_ENABLE_KTLS as SslOptionsRepr;
+
+        /// With this option, sendfile() will use the zerocopy mode, which gives a performance boost when used with KTLS hardware offload.
+        /// Note that invalid TLS records might be transmitted if the file is changed while being sent.
+        ///
+        /// Requires enable [`SslOptions::ENABLE_KTLS`].
+        /// Requires OpenSSL 3.2.0 or newer.
+        ///
+        /// [`SslOptions::ENABLE_KTLS`]: struct.SslOptions.html#associatedconstant.ENABLE_KTLS
+        #[cfg(ossl320)]
+        const ENABLE_KTLS_ZEROCOPY_SENDFILE = ffi::SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE as SslOptionsRepr;
     }
 }