From: Hugo Landau <hlandau@openssl.org>
Date: Wed, 24 Apr 2024 10:02:11 +0000 (+0100)
Subject: QUIC APL: Default domain flags
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19bc3946b64c149612b3d4fd20747defd638d64c;p=thirdparty%2Fopenssl.git

QUIC APL: Default domain flags

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24971)
---

diff --git a/include/internal/quic_engine.h b/include/internal/quic_engine.h
index 454c4bfaaaa..691793fcb07 100644
--- a/include/internal/quic_engine.h
+++ b/include/internal/quic_engine.h
@@ -55,6 +55,9 @@ typedef struct quic_engine_args_st {
 
     OSSL_TIME       (*now_cb)(void *arg);
     void            *now_cb_arg;
+
+    /* Flags to pass when initialising the reactor. */
+    uint64_t        reactor_flags;
 } QUIC_ENGINE_ARGS;
 
 QUIC_ENGINE *ossl_quic_engine_new(const QUIC_ENGINE_ARGS *args);
diff --git a/ssl/quic/quic_engine.c b/ssl/quic/quic_engine.c
index fae9737f243..240362a8713 100644
--- a/ssl/quic/quic_engine.c
+++ b/ssl/quic/quic_engine.c
@@ -17,7 +17,7 @@
  * QUIC Engine
  * ===========
  */
-static int qeng_init(QUIC_ENGINE *qeng);
+static int qeng_init(QUIC_ENGINE *qeng, uint64_t reactor_flags);
 static void qeng_cleanup(QUIC_ENGINE *qeng);
 static void qeng_tick(QUIC_TICK_RESULT *res, void *arg, uint32_t flags);
 
@@ -36,7 +36,7 @@ QUIC_ENGINE *ossl_quic_engine_new(const QUIC_ENGINE_ARGS *args)
     qeng->now_cb            = args->now_cb;
     qeng->now_cb_arg        = args->now_cb_arg;
 
-    if (!qeng_init(qeng)) {
+    if (!qeng_init(qeng, args->reactor_flags)) {
         OPENSSL_free(qeng);
         return NULL;
     }
@@ -53,15 +53,16 @@ void ossl_quic_engine_free(QUIC_ENGINE *qeng)
     OPENSSL_free(qeng);
 }
 
-static int qeng_init(QUIC_ENGINE *qeng)
+static int qeng_init(QUIC_ENGINE *qeng, uint64_t reactor_flags)
 {
-    ossl_quic_reactor_init(&qeng->rtor, qeng_tick, qeng, ossl_time_zero(), 0);
-    return 1;
+    return ossl_quic_reactor_init(&qeng->rtor, qeng_tick, qeng,
+                                  ossl_time_zero(), reactor_flags);
 }
 
 static void qeng_cleanup(QUIC_ENGINE *qeng)
 {
     assert(ossl_list_port_num(&qeng->port_list) == 0);
+    ossl_quic_reactor_cleanup(&qeng->rtor);
 }
 
 QUIC_REACTOR *ossl_quic_engine_get0_reactor(QUIC_ENGINE *qeng)
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index ff2b17d7e39..cb52eb949df 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1748,6 +1748,13 @@ static int configure_channel(QUIC_CONNECTION *qc)
     return 1;
 }
 
+static int need_notifier_for_domain_flags(uint64_t domain_flags)
+{
+    return (domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0
+        || ((domain_flags & SSL_DOMAIN_FLAG_MULTI_THREAD) != 0
+            && (domain_flags & SSL_DOMAIN_FLAG_BLOCKING) != 0);
+}
+
 QUIC_NEEDS_LOCK
 static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx)
 {
@@ -1761,6 +1768,9 @@ static int create_channel(QUIC_CONNECTION *qc, SSL_CTX *ctx)
 #endif
     engine_args.now_cb        = get_time_cb;
     engine_args.now_cb_arg    = qc;
+    if (need_notifier_for_domain_flags(ctx->domain_flags))
+        engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
+
     qc->engine = ossl_quic_engine_new(&engine_args);
     if (qc->engine == NULL) {
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
@@ -4231,6 +4241,9 @@ SSL *ossl_quic_new_listener(SSL_CTX *ctx, uint64_t flags)
 #if defined(OPENSSL_THREADS)
     engine_args.mutex   = ql->mutex;
 #endif
+    if (need_notifier_for_domain_flags(ctx->domain_flags))
+        engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
+
     if ((ql->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
         goto err;
@@ -4533,6 +4546,9 @@ SSL *ossl_quic_new_domain(SSL_CTX *ctx, uint64_t flags)
 #if defined(OPENSSL_THREADS)
     engine_args.mutex   = qd->mutex;
 #endif
+    if (need_notifier_for_domain_flags(ctx->domain_flags))
+        engine_args.reactor_flags |= QUIC_REACTOR_FLAG_USE_NOTIFIER;
+
     if ((qd->engine = ossl_quic_engine_new(&engine_args)) == NULL) {
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
         goto err;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 0916b31202e..04b139640bb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -8005,9 +8005,15 @@ int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t domain_flags)
             return 0;
         }
 
+        if ((domain_flags & SSL_DOMAIN_FLAG_THREAD_ASSISTED) != 0)
+            domain_flags |= SSL_DOMAIN_FLAG_MULTI_THREAD;
+
+        if ((domain_flags & (SSL_DOMAIN_FLAG_MULTI_THREAD
+                             | SSL_DOMAIN_FLAG_SINGLE_THREAD)) == 0)
+            domain_flags |= SSL_DOMAIN_FLAG_MULTI_THREAD;
+
         if ((domain_flags & SSL_DOMAIN_FLAG_SINGLE_THREAD) != 0
-            && (domain_flags & (SSL_DOMAIN_FLAG_MULTI_THREAD
-                                | SSL_DOMAIN_FLAG_THREAD_ASSISTED)) != 0) {
+            && (domain_flags & SSL_DOMAIN_FLAG_MULTI_THREAD) != 0) {
             ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
                            "mutually exclusive domain flags specified");
             return 0;