From a0065ed1978bddeefeaae81841f9ac055a4f9b67 Mon Sep 17 00:00:00 2001 From: tedu Date: Wed, 16 Apr 2014 21:16:33 +0000 Subject: [PATCH] TANSTAAFL - delete the buf freelist code. if you need a better malloc, get a better malloc. ok beck deraadt --- lib/libssl/s3_both.c | 78 ++--------------------------------- lib/libssl/src/ssl/s3_both.c | 78 ++--------------------------------- lib/libssl/src/ssl/ssl.h | 6 --- lib/libssl/src/ssl/ssl_lib.c | 37 ----------------- lib/libssl/src/ssl/ssl_locl.h | 12 ------ lib/libssl/ssl.h | 6 --- lib/libssl/ssl/Makefile | 3 +- lib/libssl/ssl_lib.c | 37 ----------------- lib/libssl/ssl_locl.h | 12 ------ 9 files changed, 9 insertions(+), 260 deletions(-) diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index b2fd5c6f805..5642e6c175a 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -624,76 +624,6 @@ ssl_verify_alarm_type(long type) return (al); } -#ifndef OPENSSL_NO_BUF_FREELISTS -/* On some platforms, malloc() performance is bad enough that you can't just - * free() and malloc() buffers all the time, so we need to use freelists from - * unused buffers. Currently, each freelist holds memory chunks of only a - * given size (list->chunklen); other sized chunks are freed and malloced. - * This doesn't help much if you're using many different SSL option settings - * with a given context. (The options affecting buffer size are - * max_send_fragment, read buffer vs write buffer, - * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and - * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every - * possible size is not an option, since max_send_fragment can take on many - * different values. - * - * If you are on a platform with a slow malloc(), and you're using SSL - * connections with many different settings for these options, and you need to - * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: - * - Link against a faster malloc implementation. - * - Use a separate SSL_CTX for each option set. - * - Improve this code. - */ -static void * -freelist_extract(SSL_CTX *ctx, int for_read, int sz) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent = NULL; - void *result = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && sz == (int)list->chunklen) - ent = list->head; - if (ent != NULL) { - list->head = ent->next; - result = ent; - if (--list->len == 0) - list->chunklen = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (!result) - result = OPENSSL_malloc(sz); - return result; -} - -static void -freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) { - list->chunklen = sz; - ent = mem; - ent->next = list->head; - list->head = ent; - ++list->len; - mem = NULL; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (mem) - OPENSSL_free(mem); -} -#else -#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) -#define freelist_insert(c,fr,sz,m) OPENSSL_free(m) -#endif - int ssl3_setup_read_buffer(SSL *s) { @@ -720,7 +650,7 @@ ssl3_setup_read_buffer(SSL *s) if (!(s->options & SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if ((p = freelist_extract(s->ctx, 1, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->rbuf.buf = p; s->s3->rbuf.len = len; @@ -760,7 +690,7 @@ ssl3_setup_write_buffer(SSL *s) len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - if ((p = freelist_extract(s->ctx, 0, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->wbuf.buf = p; s->s3->wbuf.len = len; @@ -788,7 +718,7 @@ int ssl3_release_write_buffer(SSL *s) { if (s->s3->wbuf.buf != NULL) { - freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); + OPENSSL_free(s->s3->wbuf.buf); s->s3->wbuf.buf = NULL; } return 1; @@ -798,7 +728,7 @@ int ssl3_release_read_buffer(SSL *s) { if (s->s3->rbuf.buf != NULL) { - freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); + OPENSSL_free(s->s3->rbuf.buf); s->s3->rbuf.buf = NULL; } return 1; diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index b2fd5c6f805..5642e6c175a 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -624,76 +624,6 @@ ssl_verify_alarm_type(long type) return (al); } -#ifndef OPENSSL_NO_BUF_FREELISTS -/* On some platforms, malloc() performance is bad enough that you can't just - * free() and malloc() buffers all the time, so we need to use freelists from - * unused buffers. Currently, each freelist holds memory chunks of only a - * given size (list->chunklen); other sized chunks are freed and malloced. - * This doesn't help much if you're using many different SSL option settings - * with a given context. (The options affecting buffer size are - * max_send_fragment, read buffer vs write buffer, - * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and - * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every - * possible size is not an option, since max_send_fragment can take on many - * different values. - * - * If you are on a platform with a slow malloc(), and you're using SSL - * connections with many different settings for these options, and you need to - * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: - * - Link against a faster malloc implementation. - * - Use a separate SSL_CTX for each option set. - * - Improve this code. - */ -static void * -freelist_extract(SSL_CTX *ctx, int for_read, int sz) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent = NULL; - void *result = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && sz == (int)list->chunklen) - ent = list->head; - if (ent != NULL) { - list->head = ent->next; - result = ent; - if (--list->len == 0) - list->chunklen = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (!result) - result = OPENSSL_malloc(sz); - return result; -} - -static void -freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) { - list->chunklen = sz; - ent = mem; - ent->next = list->head; - list->head = ent; - ++list->len; - mem = NULL; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (mem) - OPENSSL_free(mem); -} -#else -#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) -#define freelist_insert(c,fr,sz,m) OPENSSL_free(m) -#endif - int ssl3_setup_read_buffer(SSL *s) { @@ -720,7 +650,7 @@ ssl3_setup_read_buffer(SSL *s) if (!(s->options & SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if ((p = freelist_extract(s->ctx, 1, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->rbuf.buf = p; s->s3->rbuf.len = len; @@ -760,7 +690,7 @@ ssl3_setup_write_buffer(SSL *s) len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - if ((p = freelist_extract(s->ctx, 0, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->wbuf.buf = p; s->s3->wbuf.len = len; @@ -788,7 +718,7 @@ int ssl3_release_write_buffer(SSL *s) { if (s->s3->wbuf.buf != NULL) { - freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); + OPENSSL_free(s->s3->wbuf.buf); s->s3->wbuf.buf = NULL; } return 1; @@ -798,7 +728,7 @@ int ssl3_release_read_buffer(SSL *s) { if (s->s3->rbuf.buf != NULL) { - freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); + OPENSSL_free(s->s3->rbuf.buf); s->s3->rbuf.buf = NULL; } return 1; diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h index d3e015e738c..cefee6189d8 100644 --- a/lib/libssl/src/ssl/ssl.h +++ b/lib/libssl/src/ssl/ssl.h @@ -936,12 +936,6 @@ struct ssl_ctx_st { unsigned char *psk, unsigned int max_psk_len); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS -#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -#endif #ifndef OPENSSL_NO_SRP SRP_CTX srp_ctx; /* ctx for SRP authentication */ #endif diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index a0882e45215..6db3bd29933 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -1826,23 +1826,6 @@ SSL_CTX #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_init(ret); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; - ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->rbuf_freelist) - goto err; - ret->rbuf_freelist->chunklen = 0; - ret->rbuf_freelist->len = 0; - ret->rbuf_freelist->head = NULL; - ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) { - OPENSSL_free(ret->rbuf_freelist); - goto err; - } - ret->wbuf_freelist->chunklen = 0; - ret->wbuf_freelist->len = 0; - ret->wbuf_freelist->head = NULL; -#endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO @@ -1883,19 +1866,6 @@ SSL_COMP_free(SSL_COMP *comp) } #endif -#ifndef OPENSSL_NO_BUF_FREELISTS -static void -ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) -{ - SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) { - next = ent->next; - OPENSSL_free(ent); - } - OPENSSL_free(list); -} -#endif - void SSL_CTX_free(SSL_CTX *a) { @@ -1973,13 +1943,6 @@ SSL_CTX_free(SSL_CTX *a) ENGINE_finish(a->client_cert_engine); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - if (a->wbuf_freelist) - ssl_buf_freelist_free(a->wbuf_freelist); - if (a->rbuf_freelist) - ssl_buf_freelist_free(a->rbuf_freelist); -#endif - OPENSSL_free(a); } diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index e9c3a6bcd85..c539b1229d6 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -594,18 +594,6 @@ typedef struct ssl3_comp_st { } SSL3_COMP; #endif -#ifndef OPENSSL_NO_BUF_FREELISTS -typedef struct ssl3_buf_freelist_st { - size_t chunklen; - unsigned int len; - struct ssl3_buf_freelist_entry_st *head; -} SSL3_BUF_FREELIST; - -typedef struct ssl3_buf_freelist_entry_st { - struct ssl3_buf_freelist_entry_st *next; -} SSL3_BUF_FREELIST_ENTRY; -#endif - extern SSL3_ENC_METHOD ssl3_undef_enc_method; OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index d3e015e738c..cefee6189d8 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -936,12 +936,6 @@ struct ssl_ctx_st { unsigned char *psk, unsigned int max_psk_len); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS -#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -#endif #ifndef OPENSSL_NO_SRP SRP_CTX srp_ctx; /* ctx for SRP authentication */ #endif diff --git a/lib/libssl/ssl/Makefile b/lib/libssl/ssl/Makefile index 6c8584e80d7..57124e2dc2f 100644 --- a/lib/libssl/ssl/Makefile +++ b/lib/libssl/ssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.37 2014/04/16 20:39:09 tedu Exp $ +# $OpenBSD: Makefile,v 1.38 2014/04/16 21:16:33 tedu Exp $ LIB= ssl @@ -7,7 +7,6 @@ LSSL_SRC= ${SSL_SRC}/ssl CFLAGS+= -DTERMIOS -DANSI_SOURCE CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -CFLAGS+= -DOPENSSL_NO_BUF_FREELISTS CFLAGS+= -I${SSL_SRC} SRCS=\ diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index a0882e45215..6db3bd29933 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1826,23 +1826,6 @@ SSL_CTX #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_init(ret); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; - ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->rbuf_freelist) - goto err; - ret->rbuf_freelist->chunklen = 0; - ret->rbuf_freelist->len = 0; - ret->rbuf_freelist->head = NULL; - ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) { - OPENSSL_free(ret->rbuf_freelist); - goto err; - } - ret->wbuf_freelist->chunklen = 0; - ret->wbuf_freelist->len = 0; - ret->wbuf_freelist->head = NULL; -#endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO @@ -1883,19 +1866,6 @@ SSL_COMP_free(SSL_COMP *comp) } #endif -#ifndef OPENSSL_NO_BUF_FREELISTS -static void -ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) -{ - SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) { - next = ent->next; - OPENSSL_free(ent); - } - OPENSSL_free(list); -} -#endif - void SSL_CTX_free(SSL_CTX *a) { @@ -1973,13 +1943,6 @@ SSL_CTX_free(SSL_CTX *a) ENGINE_finish(a->client_cert_engine); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - if (a->wbuf_freelist) - ssl_buf_freelist_free(a->wbuf_freelist); - if (a->rbuf_freelist) - ssl_buf_freelist_free(a->rbuf_freelist); -#endif - OPENSSL_free(a); } diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index e9c3a6bcd85..c539b1229d6 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -594,18 +594,6 @@ typedef struct ssl3_comp_st { } SSL3_COMP; #endif -#ifndef OPENSSL_NO_BUF_FREELISTS -typedef struct ssl3_buf_freelist_st { - size_t chunklen; - unsigned int len; - struct ssl3_buf_freelist_entry_st *head; -} SSL3_BUF_FREELIST; - -typedef struct ssl3_buf_freelist_entry_st { - struct ssl3_buf_freelist_entry_st *next; -} SSL3_BUF_FREELIST_ENTRY; -#endif - extern SSL3_ENC_METHOD ssl3_undef_enc_method; OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; -- 2.20.1