Add kTLS options and SSL_sendfile

james58899 · james58899 · commit 9adbc50e44a1 · 2024-03-14T03:45:03.000Z
diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs
@@ -674,6 +674,14 @@ extern "C" {
         num: size_t,
         written: *mut size_t,
     ) -> c_int;
+    #[cfg(ossl300)]
+    pub fn SSL_sendfile(
+        ssl: *mut SSL,
+        fd: c_int,
+        offset: off_t,
+        size: size_t,
+        flags: c_int,
+    ) -> ssize_t;
     #[cfg(any(ossl111, libressl340))]
     pub fn SSL_write_early_data(
         s: *mut SSL,
diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
@@ -73,6 +73,8 @@ cfg_if! {
 }
 
 pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
+#[cfg(ossl300)]
+pub const SSL_OP_ENABLE_KTLS: ssl_op_type!() = 0x00000008;
 cfg_if! {
     if #[cfg(libressl261)] {
         pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
@@ -169,6 +171,9 @@ cfg_if! {
     }
 }
 
+#[cfg(ossl320)]
+pub const SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE: ssl_op_type!() = 0x400000000;
+
 cfg_if! {
     if #[cfg(ossl300)] {
         pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
@@ -281,6 +281,26 @@ bitflags! {
         /// [`SslOptions::CIPHER_SERVER_PREFERENCE`]: struct.SslOptions.html#associatedconstant.CIPHER_SERVER_PREFERENCE
         #[cfg(ossl111)]
         const PRIORITIZE_CHACHA = ffi::SSL_OP_PRIORITIZE_CHACHA as SslOptionsRepr;
+
+        /// Enable the use of kernel TLS.
+        ///
+        /// In order to benefit from kernel TLS OpenSSL must have been compiled with support for it,
+        /// and it must be supported by the negotiated ciphersuites and extensions.
+        /// The specific ciphersuites and extensions that are supported may vary by platform and kernel version.
+        ///
+        /// Requires OpenSSL 3.0.0 or newer.
+        #[cfg(ossl300)]
+        const ENABLE_KTLS = ffi::SSL_OP_ENABLE_KTLS as SslOptionsRepr;
+
+        /// With this option, sendfile() will use the zerocopy mode, which gives a performance boost when used with KTLS hardware offload.
+        /// Note that invalid TLS records might be transmitted if the file is changed while being sent.
+        ///
+        /// Requires enable [`SslOptions::ENABLE_KTLS`].
+        /// Requires OpenSSL 3.2.0 or newer.
+        ///
+        /// [`SslOptions::ENABLE_KTLS`]: struct.SslOptions.html#associatedconstant.ENABLE_KTLS
+        #[cfg(ossl320)]
+        const ENABLE_KTLS_ZEROCOPY_SENDFILE = ffi::SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE as SslOptionsRepr;
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,8 @@ cfg_if! {`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;`
	`76`	`+#[cfg(ossl300)]`
	`77`	`+pub const SSL_OP_ENABLE_KTLS: ssl_op_type!() = 0x00000008;`
`76`	`78`	`cfg_if! {`
`77`	`79`	`if #[cfg(libressl261)] {`
`78`	`80`	`pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;`
`@@ -169,6 +171,9 @@ cfg_if! {`
`169`	`171`	`}`
`170`	`172`	`}`
`171`	`173`
	`174`	`+#[cfg(ossl320)]`
	`175`	`+pub const SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE: ssl_op_type!() = 0x400000000;`
	`176`	`+`
`172`	`177`	`cfg_if! {`
`173`	`178`	`if #[cfg(ossl300)] {`
`174`	`179`	`pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG`