commit 983f6bdb5888d7074d7ee67d5e3741bcf1027108
author Alex Chernyakhovsky <achernya@google.com> Sun Aug 03 15:48:35 2014 -0400
committer Adam Langley <agl@google.com> Mon Aug 04 20:14:33 2014 +0000
tree c2542c6a384b4b9d668a234991302bff2988f721
parent 75d1589f6099877a167ec262c0207d51eb8e5c4f

Set OPENSSL_NO_BUF_FREELISTS

The memory freelist maintained by OpenSSL claims to be a performance
optimization for platforms that have a slow malloc/free
implementation. This should not be the case on modern
linux/glibc. Remove the freelist as it poses a potential security
hazard of buffer-reuse that is of "initialized" memory that will not
be caught be tools such as valgrind.

Change-Id: I3cfa6a05f9bdfbbba7820060bae5a673dee43014
Reviewed-on: https://boringssl-review.googlesource.com/1385
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/opensslfeatures.h

diff --git a/include/openssl/opensslfeatures.h b/include/openssl/opensslfeatures.h
index 9ff2c63..6026a4b 100644
--- a/include/openssl/opensslfeatures.h
+++ b/include/openssl/opensslfeatures.h
@@ -20,6 +20,7 @@
 
 
 #define OPENSSL_NO_BF
+#define OPENSSL_NO_BUF_FREELISTS
 #define OPENSSL_NO_CAMELLIA
 #define OPENSSL_NO_CAST
 #define OPENSSL_NO_CMS

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5176846..b43fa74 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1010,12 +1010,6 @@
 	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
 		unsigned char *psk, unsigned int max_psk_len);
 
-#ifndef OPENSSL_NO_BUF_FREELISTS
-#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-	unsigned int freelist_max_len;
-	struct ssl3_buf_freelist_st *wbuf_freelist;
-	struct ssl3_buf_freelist_st *rbuf_freelist;
-#endif
 
 	/* retain_only_sha256_of_client_certs is true if we should compute the
 	 * SHA256 hash of the peer's certifiate and then discard it to save