boringssl/crypto/pool/internal.h

/* Copyright (c) 2016, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

#ifndef OPENSSL_HEADER_POOL_INTERNAL_H
#define OPENSSL_HEADER_POOL_INTERNAL_H

#include <openssl/lhash.h>
#include <openssl/thread.h>

#include "../lhash/internal.h"


#if defined(__cplusplus)
extern "C" {
#endif


DEFINE_LHASH_OF(CRYPTO_BUFFER)

struct crypto_buffer_st {
  CRYPTO_BUFFER_POOL *pool;
  uint8_t *data;
  size_t len;
  CRYPTO_refcount_t references;
  int data_is_static;
};

struct crypto_buffer_pool_st {
  LHASH_OF(CRYPTO_BUFFER) *bufs;
  CRYPTO_MUTEX lock;
  const uint64_t hash_key[2];
};


#if defined(__cplusplus)
}  // extern C
#endif

#endif  // OPENSSL_HEADER_POOL_INTERNAL_H
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com> 5 years ago			`/* Copyright (c) 2016, Google Inc.`
			`*`
			`* Permission to use, copy, modify, and/or distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY`
			`* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION`
			`* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN`
			`* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */`

			`#ifndef OPENSSL_HEADER_POOL_INTERNAL_H`
			`#define OPENSSL_HEADER_POOL_INTERNAL_H`

			`#include <openssl/lhash.h>`
			`#include <openssl/thread.h>`

Add CRYPTO_BUFFER_new_from_static_data_unsafe. When making a CRYPTO_BUFFER from a static, const buffer, there is no need to make a copy of the data. Instead, we can reference it directly. The hope is this will save a bit of memory in Chromium, since root store certs will already in static data. Moreover, by letting static CRYPTO_BUFFERs participate in pooling, we can extend the memory savings to yet other copies of these certs. For instance, if we make the root store updatable via component updater, most of the updated roots will likely already be in the binary's copy. Pooling will transparently dedup those and avoid retaining an extra copy. (I haven't gone as far as to give static CRYPTO_BUFFERs strong references from the pool, since that seems odd. But something like Chromium probably wants to intentionally leak the initial static ones so that, when all references go away, they're still available for pooling.) Change-Id: I05c25c5ff618f9f7a6ed21e4575cf659e7c32811 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50045 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> 3 years ago			`#include "../lhash/internal.h"`


acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com> 5 years ago			`#if defined(__cplusplus)`
			`extern "C" {`
			`#endif`


Add CRYPTO_BUFFER_new_from_static_data_unsafe. When making a CRYPTO_BUFFER from a static, const buffer, there is no need to make a copy of the data. Instead, we can reference it directly. The hope is this will save a bit of memory in Chromium, since root store certs will already in static data. Moreover, by letting static CRYPTO_BUFFERs participate in pooling, we can extend the memory savings to yet other copies of these certs. For instance, if we make the root store updatable via component updater, most of the updated roots will likely already be in the binary's copy. Pooling will transparently dedup those and avoid retaining an extra copy. (I haven't gone as far as to give static CRYPTO_BUFFERs strong references from the pool, since that seems odd. But something like Chromium probably wants to intentionally leak the initial static ones so that, when all references go away, they're still available for pooling.) Change-Id: I05c25c5ff618f9f7a6ed21e4575cf659e7c32811 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50045 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> 3 years ago			`DEFINE_LHASH_OF(CRYPTO_BUFFER)`
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com> 5 years ago
			`struct crypto_buffer_st {`
			`CRYPTO_BUFFER_POOL *pool;`
			`uint8_t *data;`
			`size_t len;`
			`CRYPTO_refcount_t references;`
Add CRYPTO_BUFFER_new_from_static_data_unsafe. When making a CRYPTO_BUFFER from a static, const buffer, there is no need to make a copy of the data. Instead, we can reference it directly. The hope is this will save a bit of memory in Chromium, since root store certs will already in static data. Moreover, by letting static CRYPTO_BUFFERs participate in pooling, we can extend the memory savings to yet other copies of these certs. For instance, if we make the root store updatable via component updater, most of the updated roots will likely already be in the binary's copy. Pooling will transparently dedup those and avoid retaining an extra copy. (I haven't gone as far as to give static CRYPTO_BUFFERs strong references from the pool, since that seems odd. But something like Chromium probably wants to intentionally leak the initial static ones so that, when all references go away, they're still available for pooling.) Change-Id: I05c25c5ff618f9f7a6ed21e4575cf659e7c32811 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50045 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> 3 years ago			`int data_is_static;`
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com> 5 years ago			`};`

			`struct crypto_buffer_pool_st {`
			`LHASH_OF(CRYPTO_BUFFER) *bufs;`
			`CRYPTO_MUTEX lock;`
Switch CRYPTO_BUFFER_POOL to SipHash-2-4. This hash table, in applications that use pooling, can dedup received certificates in memory and thus should use a keyed hash. Change-Id: Idc40dc8f7463025183121642b30ea0de43ebac0e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51125 Reviewed-by: Adam Langley <agl@google.com> 3 years ago			`const uint64_t hash_key[2];`
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com> 5 years ago			`};`


			`#if defined(__cplusplus)`
			`} // extern C`
			`#endif`

			`#endif // OPENSSL_HEADER_POOL_INTERNAL_H`