278 lines
8.0 KiB
C
278 lines
8.0 KiB
C
/*
|
|
* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef OSSL_INTERNAL_RING_BUF_H
|
|
# define OSSL_INTERNAL_RING_BUF_H
|
|
# pragma once
|
|
|
|
# include <openssl/e_os2.h> /* For 'ossl_inline' */
|
|
# include "internal/safe_math.h"
|
|
|
|
/*
|
|
* ==================================================================
|
|
* Byte-wise ring buffer which supports pushing and popping blocks of multiple
|
|
* bytes at a time. The logical offset of each byte for the purposes of a QUIC
|
|
* stream is tracked. Bytes can be popped from the ring buffer in two stages;
|
|
* first they are popped, and then they are culled. Bytes which have been popped
|
|
* but not yet culled will not be overwritten, and can be restored.
|
|
*/
|
|
struct ring_buf {
|
|
void *start;
|
|
size_t alloc; /* size of buffer allocation in bytes */
|
|
|
|
/*
|
|
* Logical offset of the head (where we append to). This is the current size
|
|
* of the QUIC stream. This increases monotonically.
|
|
*/
|
|
uint64_t head_offset;
|
|
|
|
/*
|
|
* Logical offset of the cull tail. Data is no longer needed and is
|
|
* deallocated as the cull tail advances, which occurs as data is
|
|
* acknowledged. This increases monotonically.
|
|
*/
|
|
uint64_t ctail_offset;
|
|
};
|
|
|
|
OSSL_SAFE_MATH_UNSIGNED(u64, uint64_t)
|
|
|
|
#define MAX_OFFSET (((uint64_t)1) << 62) /* QUIC-imposed limit */
|
|
|
|
static ossl_inline int ring_buf_init(struct ring_buf *r)
|
|
{
|
|
r->start = NULL;
|
|
r->alloc = 0;
|
|
r->head_offset = r->ctail_offset = 0;
|
|
return 1;
|
|
}
|
|
|
|
static ossl_inline void ring_buf_destroy(struct ring_buf *r, int cleanse)
|
|
{
|
|
if (cleanse)
|
|
OPENSSL_clear_free(r->start, r->alloc);
|
|
else
|
|
OPENSSL_free(r->start);
|
|
r->start = NULL;
|
|
r->alloc = 0;
|
|
}
|
|
|
|
static ossl_inline size_t ring_buf_used(struct ring_buf *r)
|
|
{
|
|
return (size_t)(r->head_offset - r->ctail_offset);
|
|
}
|
|
|
|
static ossl_inline size_t ring_buf_avail(struct ring_buf *r)
|
|
{
|
|
return r->alloc - ring_buf_used(r);
|
|
}
|
|
|
|
static ossl_inline int ring_buf_write_at(struct ring_buf *r,
|
|
uint64_t logical_offset,
|
|
const unsigned char *buf,
|
|
size_t buf_len)
|
|
{
|
|
size_t avail, idx, l;
|
|
unsigned char *start = r->start;
|
|
int i, err = 0;
|
|
|
|
avail = ring_buf_avail(r);
|
|
if (logical_offset < r->ctail_offset
|
|
|| safe_add_u64(logical_offset, buf_len, &err)
|
|
> safe_add_u64(r->head_offset, avail, &err)
|
|
|| safe_add_u64(r->head_offset, buf_len, &err)
|
|
> MAX_OFFSET
|
|
|| err)
|
|
return 0;
|
|
|
|
for (i = 0; buf_len > 0 && i < 2; ++i) {
|
|
idx = logical_offset % r->alloc;
|
|
l = r->alloc - idx;
|
|
if (buf_len < l)
|
|
l = buf_len;
|
|
|
|
memcpy(start + idx, buf, l);
|
|
if (r->head_offset < logical_offset + l)
|
|
r->head_offset = logical_offset + l;
|
|
|
|
logical_offset += l;
|
|
buf += l;
|
|
buf_len -= l;
|
|
}
|
|
|
|
assert(buf_len == 0);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static ossl_inline size_t ring_buf_push(struct ring_buf *r,
|
|
const unsigned char *buf,
|
|
size_t buf_len)
|
|
{
|
|
size_t pushed = 0, avail, idx, l;
|
|
unsigned char *start = r->start;
|
|
|
|
for (;;) {
|
|
avail = ring_buf_avail(r);
|
|
if (buf_len > avail)
|
|
buf_len = avail;
|
|
|
|
if (buf_len > MAX_OFFSET - r->head_offset)
|
|
buf_len = (size_t)(MAX_OFFSET - r->head_offset);
|
|
|
|
if (buf_len == 0)
|
|
break;
|
|
|
|
idx = r->head_offset % r->alloc;
|
|
l = r->alloc - idx;
|
|
if (buf_len < l)
|
|
l = buf_len;
|
|
|
|
memcpy(start + idx, buf, l);
|
|
r->head_offset += l;
|
|
buf += l;
|
|
buf_len -= l;
|
|
pushed += l;
|
|
}
|
|
|
|
return pushed;
|
|
}
|
|
|
|
static ossl_inline const unsigned char *ring_buf_get_ptr(const struct ring_buf *r,
|
|
uint64_t logical_offset,
|
|
size_t *max_len)
|
|
{
|
|
unsigned char *start = r->start;
|
|
size_t idx;
|
|
|
|
if (logical_offset >= r->head_offset || logical_offset < r->ctail_offset)
|
|
return NULL;
|
|
idx = logical_offset % r->alloc;
|
|
*max_len = r->alloc - idx;
|
|
return start + idx;
|
|
}
|
|
|
|
/*
|
|
* Retrieves data out of the read side of the ring buffer starting at the given
|
|
* logical offset. *buf is set to point to a contiguous span of bytes and
|
|
* *buf_len is set to the number of contiguous bytes. After this function
|
|
* returns, there may or may not be more bytes available at the logical offset
|
|
* of (logical_offset + *buf_len) by calling this function again. If the logical
|
|
* offset is out of the range retained by the ring buffer, returns 0, else
|
|
* returns 1. A logical offset at the end of the range retained by the ring
|
|
* buffer is not considered an error and is returned with a *buf_len of 0.
|
|
*
|
|
* The ring buffer state is not changed.
|
|
*/
|
|
static ossl_inline int ring_buf_get_buf_at(const struct ring_buf *r,
|
|
uint64_t logical_offset,
|
|
const unsigned char **buf,
|
|
size_t *buf_len)
|
|
{
|
|
const unsigned char *start = r->start;
|
|
size_t idx, l;
|
|
|
|
if (logical_offset > r->head_offset || logical_offset < r->ctail_offset)
|
|
return 0;
|
|
|
|
if (r->alloc == 0) {
|
|
*buf = NULL;
|
|
*buf_len = 0;
|
|
return 1;
|
|
}
|
|
|
|
idx = logical_offset % r->alloc;
|
|
l = (size_t)(r->head_offset - logical_offset);
|
|
if (l > r->alloc - idx)
|
|
l = r->alloc - idx;
|
|
|
|
*buf = start + idx;
|
|
*buf_len = l;
|
|
return 1;
|
|
}
|
|
|
|
static ossl_inline void ring_buf_cpop_range(struct ring_buf *r,
|
|
uint64_t start, uint64_t end,
|
|
int cleanse)
|
|
{
|
|
assert(end >= start);
|
|
|
|
if (start > r->ctail_offset || end >= MAX_OFFSET)
|
|
return;
|
|
|
|
if (cleanse && r->alloc > 0 && end > r->ctail_offset) {
|
|
size_t idx = r->ctail_offset % r->alloc;
|
|
uint64_t cleanse_end = end + 1;
|
|
size_t l;
|
|
|
|
if (cleanse_end > r->head_offset)
|
|
cleanse_end = r->head_offset;
|
|
l = (size_t)(cleanse_end - r->ctail_offset);
|
|
if (l > r->alloc - idx) {
|
|
OPENSSL_cleanse((unsigned char *)r->start + idx, r->alloc - idx);
|
|
l -= r->alloc - idx;
|
|
idx = 0;
|
|
}
|
|
if (l > 0)
|
|
OPENSSL_cleanse((unsigned char *)r->start + idx, l);
|
|
}
|
|
|
|
r->ctail_offset = end + 1;
|
|
/* Allow culling unpushed data */
|
|
if (r->head_offset < r->ctail_offset)
|
|
r->head_offset = r->ctail_offset;
|
|
}
|
|
|
|
static ossl_inline int ring_buf_resize(struct ring_buf *r, size_t num_bytes,
|
|
int cleanse)
|
|
{
|
|
struct ring_buf rnew = {0};
|
|
const unsigned char *src = NULL;
|
|
size_t src_len = 0, copied = 0;
|
|
|
|
if (num_bytes == r->alloc)
|
|
return 1;
|
|
|
|
if (num_bytes < ring_buf_used(r))
|
|
return 0;
|
|
|
|
rnew.start = OPENSSL_malloc(num_bytes);
|
|
if (rnew.start == NULL)
|
|
return 0;
|
|
|
|
rnew.alloc = num_bytes;
|
|
rnew.head_offset = r->head_offset - ring_buf_used(r);
|
|
rnew.ctail_offset = rnew.head_offset;
|
|
|
|
for (;;) {
|
|
if (!ring_buf_get_buf_at(r, r->ctail_offset + copied, &src, &src_len)) {
|
|
OPENSSL_free(rnew.start);
|
|
return 0;
|
|
}
|
|
|
|
if (src_len == 0)
|
|
break;
|
|
|
|
if (ring_buf_push(&rnew, src, src_len) != src_len) {
|
|
OPENSSL_free(rnew.start);
|
|
return 0;
|
|
}
|
|
|
|
copied += src_len;
|
|
}
|
|
|
|
assert(rnew.head_offset == r->head_offset);
|
|
rnew.ctail_offset = r->ctail_offset;
|
|
|
|
ring_buf_destroy(r, cleanse);
|
|
memcpy(r, &rnew, sizeof(*r));
|
|
return 1;
|
|
}
|
|
|
|
#endif /* OSSL_INTERNAL_RING_BUF_H */
|