diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/quic_sf_list.h | 2 | ||||
| -rw-r--r-- | include/internal/quic_ssl.h | 1 | ||||
| -rw-r--r-- | include/internal/quic_stream.h | 5 | ||||
| -rw-r--r-- | include/internal/ring_buf.h | 20 |
4 files changed, 27 insertions, 1 deletions
diff --git a/include/internal/quic_sf_list.h b/include/internal/quic_sf_list.h index f0efcea2bf..2583ae2811 100644 --- a/include/internal/quic_sf_list.h +++ b/include/internal/quic_sf_list.h @@ -49,6 +49,8 @@ typedef struct sframe_list_st { uint64_t offset; /* Is head locked ? */ int head_locked; + /* Cleanse data on release? */ + int cleanse; } SFRAME_LIST; /* diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h index 28047f985c..cfcd3a6b92 100644 --- a/include/internal/quic_ssl.h +++ b/include/internal/quic_ssl.h @@ -38,6 +38,7 @@ __owur int ossl_quic_key_update(SSL *s, int update_type); __owur int ossl_quic_get_key_update_type(const SSL *s); __owur int ossl_quic_num_ciphers(void); __owur const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u); +__owur int ossl_quic_set_ssl_op(SSL *ssl, uint64_t op); int ossl_quic_renegotiate_check(SSL *ssl, int initok); typedef struct quic_conn_st QUIC_CONNECTION; diff --git a/include/internal/quic_stream.h b/include/internal/quic_stream.h index a1e88a4ab6..4bd88d5b11 100644 --- a/include/internal/quic_stream.h +++ b/include/internal/quic_stream.h @@ -414,6 +414,11 @@ int ossl_quic_rstream_move_to_rbuf(QUIC_RSTREAM *qrs); * than currently occupied. */ int ossl_quic_rstream_resize_rbuf(QUIC_RSTREAM *qrs, size_t rbuf_size); + +/* + * Sets flag to cleanse the buffered data when user reads it. + */ +void ossl_quic_rstream_set_cleanse(QUIC_RSTREAM *qrs, int cleanse); # endif #endif diff --git a/include/internal/ring_buf.h b/include/internal/ring_buf.h index e7da3b32a0..69b8df2aa8 100644 --- a/include/internal/ring_buf.h +++ b/include/internal/ring_buf.h @@ -182,13 +182,31 @@ static ossl_inline int ring_buf_get_buf_at(const struct ring_buf *r, } static ossl_inline void ring_buf_cpop_range(struct ring_buf *r, - uint64_t start, uint64_t end) + uint64_t start, uint64_t end, + int cleanse) { assert(end >= start); if (start > r->ctail_offset) return; + if (cleanse && r->alloc > 0 && end > r->ctail_offset) { + size_t idx = r->ctail_offset % r->alloc; + uint64_t cleanse_end = end + 1; + size_t l; + + if (cleanse_end > r->head_offset) + cleanse_end = r->head_offset; + l = (size_t)(cleanse_end - r->ctail_offset); + if (l > r->alloc - idx) { + OPENSSL_cleanse((unsigned char *)r->start + idx, r->alloc - idx); + l -= r->alloc - idx; + idx = 0; + } + if (l > 0) + OPENSSL_cleanse((unsigned char *)r->start + idx, l); + } + r->ctail_offset = end + 1; /* Allow culling unpushed data */ if (r->head_offset < r->ctail_offset) |