diff options
| -rw-r--r-- | crypto/cryptlib.c | 3 | ||||
| -rw-r--r-- | doc/ssl/SSL_CTX_set_mode.pod | 6 | ||||
| -rw-r--r-- | ssl/s3_both.c | 78 | ||||
| -rw-r--r-- | ssl/ssl.h | 6 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 42 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 12 |
6 files changed, 6 insertions, 141 deletions
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 6597af6523..ce07b848d2 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -365,12 +365,9 @@ void OPENSSL_showfatal(const char *fmta, ...) fmt = (const TCHAR *)L"no stack?"; break; } -# ifndef OPENSSL_NO_MULTIBYTE if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) -# endif for (i = 0; i < len_0; i++) fmtw[i] = (WCHAR)fmta[i]; - for (i = 0; i < len_0; i++) { if (fmtw[i] == L'%') do { diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod index 2a5aaa555e..a109f343ea 100644 --- a/doc/ssl/SSL_CTX_set_mode.pod +++ b/doc/ssl/SSL_CTX_set_mode.pod @@ -64,10 +64,8 @@ return after the handshake and successful completion. =item SSL_MODE_RELEASE_BUFFERS When we no longer need a read buffer or a write buffer for a given SSL, -then release the memory we were using to hold it. Released memory is -either appended to a list of unused RAM chunks on the SSL_CTX, or simply -freed if the list of unused chunks would become longer than -SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can +then release the memory we were using to hold it. +Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 50aa428fe9..de49e646a1 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -566,76 +566,6 @@ int ssl_verify_alarm_type(long type) return (al); } -#ifndef OPENSSL_NO_BUF_FREELISTS -/*- - * On some platforms, malloc() performance is bad enough that you can't just - * free() and malloc() buffers all the time, so we need to use freelists from - * unused buffers. Currently, each freelist holds memory chunks of only a - * given size (list->chunklen); other sized chunks are freed and malloced. - * This doesn't help much if you're using many different SSL option settings - * with a given context. (The options affecting buffer size are - * max_send_fragment, read buffer vs write buffer, - * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and - * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every - * possible size is not an option, since max_send_fragment can take on many - * different values. - * - * If you are on a platform with a slow malloc(), and you're using SSL - * connections with many different settings for these options, and you need to - * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: - * - Link against a faster malloc implementation. - * - Use a separate SSL_CTX for each option set. - * - Improve this code. - */ -static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent = NULL; - void *result = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && sz == (int)list->chunklen) - ent = list->head; - if (ent != NULL) { - list->head = ent->next; - result = ent; - if (--list->len == 0) - list->chunklen = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (!result) - result = OPENSSL_malloc(sz); - return result; -} - -static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && - (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) { - list->chunklen = sz; - ent = mem; - ent->next = list->head; - list->head = ent; - ++list->len; - mem = NULL; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (mem) - OPENSSL_free(mem); -} -#else -# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) -# define freelist_insert(c,fr,sz,m) OPENSSL_free(m) -#endif - int ssl3_setup_read_buffer(SSL *s) { unsigned char *p; @@ -661,7 +591,7 @@ int ssl3_setup_read_buffer(SSL *s) if (ssl_allow_compression(s)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if ((p = freelist_extract(s->ctx, 1, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->rbuf.buf = p; s->s3->rbuf.len = len; @@ -699,7 +629,7 @@ int ssl3_setup_write_buffer(SSL *s) if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - if ((p = freelist_extract(s->ctx, 0, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->wbuf.buf = p; s->s3->wbuf.len = len; @@ -724,7 +654,7 @@ int ssl3_setup_buffers(SSL *s) int ssl3_release_write_buffer(SSL *s) { if (s->s3->wbuf.buf != NULL) { - freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); + OPENSSL_free(s->s3->wbuf.buf); s->s3->wbuf.buf = NULL; } return 1; @@ -733,7 +663,7 @@ int ssl3_release_write_buffer(SSL *s) int ssl3_release_read_buffer(SSL *s) { if (s->s3->rbuf.buf != NULL) { - freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); + OPENSSL_free(s->s3->rbuf.buf); s->s3->rbuf.buf = NULL; } return 1; @@ -1083,12 +1083,6 @@ struct ssl_ctx_st { unsigned int max_psk_len); # endif -# ifndef OPENSSL_NO_BUF_FREELISTS -# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -# endif # ifndef OPENSSL_NO_SRP SRP_CTX srp_ctx; /* ctx for SRP authentication */ # endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d777935b32..59a871cc36 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2008,23 +2008,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_init(ret); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; - ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->rbuf_freelist) - goto err; - ret->rbuf_freelist->chunklen = 0; - ret->rbuf_freelist->len = 0; - ret->rbuf_freelist->head = NULL; - ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) { - OPENSSL_free(ret->rbuf_freelist); - goto err; - } - ret->wbuf_freelist->chunklen = 0; - ret->wbuf_freelist->len = 0; - ret->wbuf_freelist->head = NULL; -#endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO @@ -2059,25 +2042,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return (NULL); } -#if 0 -static void SSL_COMP_free(SSL_COMP *comp) -{ - OPENSSL_free(comp); -} -#endif - -#ifndef OPENSSL_NO_BUF_FREELISTS -static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) -{ - SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) { - next = ent->next; - OPENSSL_free(ent); - } - OPENSSL_free(list); -} -#endif - void SSL_CTX_free(SSL_CTX *a) { int i; @@ -2155,12 +2119,6 @@ void SSL_CTX_free(SSL_CTX *a) ENGINE_finish(a->client_cert_engine); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - if (a->wbuf_freelist) - ssl_buf_freelist_free(a->wbuf_freelist); - if (a->rbuf_freelist) - ssl_buf_freelist_free(a->rbuf_freelist); -#endif #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC if (a->tlsext_ecpointformatlist) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index fcf5f8d61d..f3ce460665 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -833,18 +833,6 @@ typedef struct ssl3_comp_st { } SSL3_COMP; # endif -# ifndef OPENSSL_NO_BUF_FREELISTS -typedef struct ssl3_buf_freelist_st { - size_t chunklen; - unsigned int len; - struct ssl3_buf_freelist_entry_st *head; -} SSL3_BUF_FREELIST; - -typedef struct ssl3_buf_freelist_entry_st { - struct ssl3_buf_freelist_entry_st *next; -} SSL3_BUF_FREELIST_ENTRY; -# endif - extern SSL3_ENC_METHOD ssl3_undef_enc_method; OPENSSL_EXTERN const SSL_CIPHER ssl3_ciphers[]; |