Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams

[openssl.git] / include / internal / ring_buf.h

diff --git a/include/internal/ring_buf.h b/include/internal/ring_buf.h
index e7da3b32a0b5f7ef9640740457b1375a79b6b630..69b8df2aa83cdb5c96b57664cf7d741a93e0056d 100644 (file)
--- a/include/internal/ring_buf.h
+++ b/include/internal/ring_buf.h
@@ -182,13 +182,31 @@ static ossl_inline int ring_buf_get_buf_at(const struct ring_buf *r,
 }
 
 static ossl_inline void ring_buf_cpop_range(struct ring_buf *r,
-                                            uint64_t start, uint64_t end)
+                                            uint64_t start, uint64_t end,
+                                            int cleanse)
 {
     assert(end >= start);
 
     if (start > r->ctail_offset)
         return;
 
+    if (cleanse && r->alloc > 0 && end > r->ctail_offset) {
+        size_t idx = r->ctail_offset % r->alloc;
+        uint64_t cleanse_end = end + 1;
+        size_t l;
+
+        if (cleanse_end > r->head_offset)
+            cleanse_end = r->head_offset;
+        l = (size_t)(cleanse_end - r->ctail_offset);
+        if (l > r->alloc - idx) {
+            OPENSSL_cleanse((unsigned char *)r->start + idx, r->alloc - idx);
+            l -= r->alloc - idx;
+            idx = 0;
+        }
+        if (l > 0)
+            OPENSSL_cleanse((unsigned char *)r->start + idx, l);
+    }
+
     r->ctail_offset = end + 1;
     /* Allow culling unpushed data */
     if (r->head_offset < r->ctail_offset)