__owur SSL *ossl_quic_get0_connection(SSL *s);
__owur SSL *ossl_quic_get0_listener(SSL *s);
__owur SSL *ossl_quic_get0_domain(SSL *s);
+__owur int ossl_quic_get_domain_flags(const SSL *s, uint64_t *domain_flags);
__owur int ossl_quic_get_stream_type(SSL *s);
__owur uint64_t ossl_quic_get_stream_id(SSL *s);
__owur int ossl_quic_is_stream_local(SSL *s);
__owur SSL *SSL_get0_domain(SSL *s);
__owur SSL *SSL_new_domain(SSL_CTX *ctx, uint64_t flags);
+#define SSL_DOMAIN_FLAG_SINGLE_THREAD (1U << 0)
+#define SSL_DOMAIN_FLAG_MULTI_THREAD (1U << 1)
+#define SSL_DOMAIN_FLAG_THREAD_ASSISTED (1U << 2)
+#define SSL_DOMAIN_FLAG_BLOCKING (1U << 3)
+#define SSL_DOMAIN_FLAG_LEGACY_BLOCKING (1U << 4)
+
+__owur int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t domain_flags);
+__owur int SSL_CTX_get_domain_flags(const SSL_CTX *ctx, uint64_t *domain_flags);
+__owur int SSL_get_domain_flags(const SSL *ssl, uint64_t *domain_flags);
+
#define SSL_STREAM_TYPE_NONE 0
#define SSL_STREAM_TYPE_READ (1U << 0)
#define SSL_STREAM_TYPE_WRITE (1U << 1)
{
QCTX ctx;
- if (!expect_quic_csld(s, &ctx))
+ if (!expect_quic_any(s, &ctx))
return NULL;
return ctx.qd != NULL ? &ctx.qd->obj.ssl : NULL;
}
+/*
+ * SSL_get_domain_flags
+ * --------------------
+ */
+int ossl_quic_get_domain_flags(const SSL *ssl, uint64_t *domain_flags)
+{
+ QCTX ctx;
+
+ if (!expect_quic_any(ssl, &ctx))
+ return 0;
+
+ if (domain_flags != NULL)
+ *domain_flags = ctx.obj->domain_flags;
+
+ return 1;
+}
+
/*
* SSL_get_stream_type
* -------------------
if (!ossl_ssl_init(&obj->ssl, ctx, ctx->method, type))
goto err;
+ obj->domain_flags = ctx->domain_flags;
obj->parent_obj = (QUIC_OBJ *)parent_obj;
obj->is_event_leader = is_event_leader;
obj->is_port_leader = is_port_leader;
*/
QUIC_PORT *port;
+ /* SSL_DOMAIN_FLAG values taken from SSL_CTX at construction time. */
+ uint64_t domain_flags;
+
unsigned int init_done : 1;
unsigned int is_event_leader : 1;
unsigned int is_port_leader : 1;
/* By default we send two session tickets automatically in TLSv1.3 */
ret->num_tickets = 2;
+# ifndef OPENSSL_NO_QUIC
+ ret->domain_flags = 0;
+ if (IS_QUIC_METHOD(meth)) {
+# if defined(OPENSSL_THREADS)
+ if (meth == OSSL_QUIC_client_thread_method())
+ ret->domain_flags
+ = SSL_DOMAIN_FLAG_MULTI_THREAD
+ | SSL_DOMAIN_FLAG_THREAD_ASSISTED
+ | SSL_DOMAIN_FLAG_BLOCKING;
+ else
+ ret->domain_flags
+ = SSL_DOMAIN_FLAG_MULTI_THREAD
+ | SSL_DOMAIN_FLAG_LEGACY_BLOCKING;
+# else
+ ret->domain_flags
+ = SSL_DOMAIN_FLAG_SINGLE_THREAD
+ | SSL_DOMAIN_FLAG_LEGACY_BLOCKING;
+# endif
+ }
+# endif
+
if (!ssl_ctx_system_config(ret)) {
ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG);
goto err;
#endif
}
+int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t domain_flags)
+{
+#ifndef OPENSSL_NO_QUIC
+ if (IS_QUIC_CTX(ctx)) {
+ if ((domain_flags & ~OSSL_QUIC_SUPPORTED_DOMAIN_FLAGS) != 0) {
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_UNSUPPORTED,
+ "unsupported domain flag requested");
+ return 0;
+ }
+
+ if ((domain_flags & SSL_DOMAIN_FLAG_SINGLE_THREAD) != 0
+ && (domain_flags & (SSL_DOMAIN_FLAG_MULTI_THREAD
+ | SSL_DOMAIN_FLAG_THREAD_ASSISTED)) != 0) {
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
+ "mutually exclusive domain flags specified");
+ return 0;
+ }
+
+ ctx->domain_flags = domain_flags;
+ return 1;
+ }
+#endif
+
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_UNSUPPORTED,
+ "domain flags unsupported on this kind of SSL_CTX");
+ return 0;
+}
+
+int SSL_CTX_get_domain_flags(const SSL_CTX *ctx, uint64_t *domain_flags)
+{
+#ifndef OPENSSL_NO_QUIC
+ if (IS_QUIC_CTX(ctx)) {
+ if (domain_flags != NULL)
+ *domain_flags = ctx->domain_flags;
+
+ return 1;
+ }
+#endif
+
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_UNSUPPORTED,
+ "domain flags unsupported on this kind of SSL_CTX");
+ return 0;
+}
+
+int SSL_get_domain_flags(const SSL *ssl, uint64_t *domain_flags)
+{
+#ifndef OPENSSL_NO_QUIC
+ if (IS_QUIC(ssl))
+ return ossl_quic_get_domain_flags(ssl, domain_flags);
+#endif
+
+ return 0;
+}
+
int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
{
unsigned char *data = NULL;
unsigned char *server_cert_type;
size_t server_cert_type_len;
+# ifndef OPENSSL_NO_QUIC
+ uint64_t domain_flags;
+# endif
+
# ifndef OPENSSL_NO_QLOG
char *qlog_title; /* Session title for qlog */
# endif
(OSSL_QUIC_PERMITTED_OPTIONS_CONN | \
OSSL_QUIC_PERMITTED_OPTIONS_STREAM)
+/* Total mask of domain flags supported on a QUIC SSL_CTX. */
+#define OSSL_QUIC_SUPPORTED_DOMAIN_FLAGS \
+ (SSL_DOMAIN_FLAG_SINGLE_THREAD | \
+ SSL_DOMAIN_FLAG_MULTI_THREAD | \
+ SSL_DOMAIN_FLAG_THREAD_ASSISTED | \
+ SSL_DOMAIN_FLAG_BLOCKING | \
+ SSL_DOMAIN_FLAG_LEGACY_BLOCKING)
+
#endif
projects / thirdparty / openssl.git / commitdiff
