Commit 63c574f6 authored by Rich Salz's avatar Rich Salz
Browse files

OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS 



Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default,
so the work here is removing the 'maintain our own freelist' code.
Also removed a minor old Windows-multibyte/widechar conversion flag.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent daa48704

crypto/cryptlib.c

+0 −3
Original line number Diff line number Diff line
@@ -365,12 +365,9 @@ void OPENSSL_showfatal(const char *fmta, ...) 
                fmt = (const TCHAR *)L"no stack?";

                break;

            }

# ifndef OPENSSL_NO_MULTIBYTE

            if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))

# endif

                for (i = 0; i < len_0; i++)

                    fmtw[i] = (WCHAR)fmta[i];



            for (i = 0; i < len_0; i++) {

                if (fmtw[i] == L'%')

                    do {

doc/ssl/SSL_CTX_set_mode.pod

+2 −4
Original line number Diff line number Diff line
@@ -64,10 +64,8 @@ return after the handshake and successful completion. 
=item SSL_MODE_RELEASE_BUFFERS



When we no longer need a read buffer or a write buffer for a given SSL,

then release the memory we were using to hold it.  Released memory is

either appended to a list of unused RAM chunks on the SSL_CTX, or simply

freed if the list of unused chunks would become longer than 

SSL_CTX->freelist_max_len, which defaults to 32.  Using this flag can

then release the memory we were using to hold it.

Using this flag can

save around 34k per idle SSL connection.

This flag has no effect on SSL v2 connections, or on DTLS connections.

ssl/s3_both.c

+4 −74
Original line number Diff line number Diff line
@@ -566,76 +566,6 @@ int ssl_verify_alarm_type(long type) 
    return (al);

}



#ifndef OPENSSL_NO_BUF_FREELISTS

/*-

 * On some platforms, malloc() performance is bad enough that you can't just

 * free() and malloc() buffers all the time, so we need to use freelists from

 * unused buffers.  Currently, each freelist holds memory chunks of only a

 * given size (list->chunklen); other sized chunks are freed and malloced.

 * This doesn't help much if you're using many different SSL option settings

 * with a given context.  (The options affecting buffer size are

 * max_send_fragment, read buffer vs write buffer,

 * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and

 * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every

 * possible size is not an option, since max_send_fragment can take on many

 * different values.

 *

 * If you are on a platform with a slow malloc(), and you're using SSL

 * connections with many different settings for these options, and you need to

 * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:

 *    - Link against a faster malloc implementation.

 *    - Use a separate SSL_CTX for each option set.

 *    - Improve this code.

 */

static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz)

{

    SSL3_BUF_FREELIST *list;

    SSL3_BUF_FREELIST_ENTRY *ent = NULL;

    void *result = NULL;



    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;

    if (list != NULL && sz == (int)list->chunklen)

        ent = list->head;

    if (ent != NULL) {

        list->head = ent->next;

        result = ent;

        if (--list->len == 0)

            list->chunklen = 0;

    }

    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

    if (!result)

        result = OPENSSL_malloc(sz);

    return result;

}



static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)

{

    SSL3_BUF_FREELIST *list;

    SSL3_BUF_FREELIST_ENTRY *ent;



    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;

    if (list != NULL &&

        (sz == list->chunklen || list->chunklen == 0) &&

        list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {

        list->chunklen = sz;

        ent = mem;

        ent->next = list->head;

        list->head = ent;

        ++list->len;

        mem = NULL;

    }



    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

    if (mem)

        OPENSSL_free(mem);

}

#else

# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)

# define freelist_insert(c,fr,sz,m) OPENSSL_free(m)

#endif



int ssl3_setup_read_buffer(SSL *s)

{

    unsigned char *p;
@@ -661,7 +591,7 @@ int ssl3_setup_read_buffer(SSL *s) 
        if (ssl_allow_compression(s))

            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;

#endif

        if ((p = freelist_extract(s->ctx, 1, len)) == NULL)

        if ((p = OPENSSL_malloc(len)) == NULL)

            goto err;

        s->s3->rbuf.buf = p;

        s->s3->rbuf.len = len;
@@ -699,7 +629,7 @@ int ssl3_setup_write_buffer(SSL *s) 
        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))

            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;



        if ((p = freelist_extract(s->ctx, 0, len)) == NULL)

        if ((p = OPENSSL_malloc(len)) == NULL)

            goto err;

        s->s3->wbuf.buf = p;

        s->s3->wbuf.len = len;
@@ -724,7 +654,7 @@ int ssl3_setup_buffers(SSL *s) 
int ssl3_release_write_buffer(SSL *s)

{

    if (s->s3->wbuf.buf != NULL) {

        freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);

        OPENSSL_free(s->s3->wbuf.buf);

        s->s3->wbuf.buf = NULL;

    }

    return 1;
@@ -733,7 +663,7 @@ int ssl3_release_write_buffer(SSL *s) 
int ssl3_release_read_buffer(SSL *s)

{

    if (s->s3->rbuf.buf != NULL) {

        freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);

        OPENSSL_free(s->s3->rbuf.buf);

        s->s3->rbuf.buf = NULL;

    }

    return 1;

ssl/ssl.h

+0 −6
Original line number Diff line number Diff line
@@ -1083,12 +1083,6 @@ struct ssl_ctx_st { 
                                         unsigned int max_psk_len);

#  endif



#  ifndef OPENSSL_NO_BUF_FREELISTS

#   define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32

    unsigned int freelist_max_len;

    struct ssl3_buf_freelist_st *wbuf_freelist;

    struct ssl3_buf_freelist_st *rbuf_freelist;

#  endif

#  ifndef OPENSSL_NO_SRP

    SRP_CTX srp_ctx;            /* ctx for SRP authentication */

#  endif

ssl/ssl_lib.c

+0 −42
Original line number Diff line number Diff line
@@ -2008,23 +2008,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 
#ifndef OPENSSL_NO_SRP

    SSL_CTX_SRP_CTX_init(ret);

#endif

#ifndef OPENSSL_NO_BUF_FREELISTS

    ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;

    ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));

    if (!ret->rbuf_freelist)

        goto err;

    ret->rbuf_freelist->chunklen = 0;

    ret->rbuf_freelist->len = 0;

    ret->rbuf_freelist->head = NULL;

    ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));

    if (!ret->wbuf_freelist) {

        OPENSSL_free(ret->rbuf_freelist);

        goto err;

    }

    ret->wbuf_freelist->chunklen = 0;

    ret->wbuf_freelist->len = 0;

    ret->wbuf_freelist->head = NULL;

#endif

#ifndef OPENSSL_NO_ENGINE

    ret->client_cert_engine = NULL;

# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -2059,25 +2042,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 
    return (NULL);

}



#if 0

static void SSL_COMP_free(SSL_COMP *comp)

{

    OPENSSL_free(comp);

}

#endif



#ifndef OPENSSL_NO_BUF_FREELISTS

static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)

{

    SSL3_BUF_FREELIST_ENTRY *ent, *next;

    for (ent = list->head; ent; ent = next) {

        next = ent->next;

        OPENSSL_free(ent);

    }

    OPENSSL_free(list);

}

#endif



void SSL_CTX_free(SSL_CTX *a)

{

    int i;
@@ -2155,12 +2119,6 @@ void SSL_CTX_free(SSL_CTX *a) 
        ENGINE_finish(a->client_cert_engine);

#endif



#ifndef OPENSSL_NO_BUF_FREELISTS

    if (a->wbuf_freelist)

        ssl_buf_freelist_free(a->wbuf_freelist);

    if (a->rbuf_freelist)

        ssl_buf_freelist_free(a->rbuf_freelist);

#endif

#ifndef OPENSSL_NO_TLSEXT

# ifndef OPENSSL_NO_EC

    if (a->tlsext_ecpointformatlist)