Set OPENSSL_NO_BUF_FREELISTS The memory freelist maintained by OpenSSL claims to be a performance optimization for platforms that have a slow malloc/free implementation. This should not be the case on modern linux/glibc. Remove the freelist as it poses a potential security hazard of buffer-reuse that is of "initialized" memory that will not be caught be tools such as valgrind. Change-Id: I3cfa6a05f9bdfbbba7820060bae5a673dee43014 Reviewed-on: https://boringssl-review.googlesource.com/1385 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/opensslfeatures.h b/include/openssl/opensslfeatures.h index 9ff2c63..6026a4b 100644 --- a/include/openssl/opensslfeatures.h +++ b/include/openssl/opensslfeatures.h
@@ -20,6 +20,7 @@ #define OPENSSL_NO_BF +#define OPENSSL_NO_BUF_FREELISTS #define OPENSSL_NO_CAMELLIA #define OPENSSL_NO_CAST #define OPENSSL_NO_CMS
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5176846..b43fa74 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -1010,12 +1010,6 @@ unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len); -#ifndef OPENSSL_NO_BUF_FREELISTS -#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -#endif /* retain_only_sha256_of_client_certs is true if we should compute the * SHA256 hash of the peer's certifiate and then discard it to save
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 8d05201..136a14d 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c
@@ -591,79 +591,8 @@ return(al); } -#ifndef OPENSSL_NO_BUF_FREELISTS -/* On some platforms, malloc() performance is bad enough that you can't just - * free() and malloc() buffers all the time, so we need to use freelists from - * unused buffers. Currently, each freelist holds memory chunks of only a - * given size (list->chunklen); other sized chunks are freed and malloced. - * This doesn't help much if you're using many different SSL option settings - * with a given context. (The options affecting buffer size are - * max_send_fragment, read buffer vs write buffer, - * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and - * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every - * possible size is not an option, since max_send_fragment can take on many - * different values. - * - * If you are on a platform with a slow malloc(), and you're using SSL - * connections with many different settings for these options, and you need to - * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: - * - Link against a faster malloc implementation. - * - Use a separate SSL_CTX for each option set. - * - Improve this code. - */ -static void * -freelist_extract(SSL_CTX *ctx, int for_read, int sz) - { - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent = NULL; - void *result = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && sz == (int)list->chunklen) - ent = list->head; - if (ent != NULL) - { - list->head = ent->next; - result = ent; - if (--list->len == 0) - list->chunklen = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (!result) - result = OPENSSL_malloc(sz); - return result; -} - -static void -freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) - { - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && - (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && - sz >= sizeof(*ent)) - { - list->chunklen = sz; - ent = mem; - ent->next = list->head; - list->head = ent; - ++list->len; - mem = NULL; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (mem) - OPENSSL_free(mem); - } -#else #define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) #define freelist_insert(c,fr,sz,m) OPENSSL_free(m) -#endif int ssl3_setup_read_buffer(SSL *s) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2e49302..9eace73 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -2011,24 +2011,6 @@ ret->psk_identity_hint=NULL; ret->psk_client_callback=NULL; ret->psk_server_callback=NULL; -#ifndef OPENSSL_NO_BUF_FREELISTS - ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; - ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->rbuf_freelist) - goto err; - ret->rbuf_freelist->chunklen = 0; - ret->rbuf_freelist->len = 0; - ret->rbuf_freelist->head = NULL; - ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) - { - OPENSSL_free(ret->rbuf_freelist); - goto err; - } - ret->wbuf_freelist->chunklen = 0; - ret->wbuf_freelist->len = 0; - ret->wbuf_freelist->head = NULL; -#endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO @@ -2062,19 +2044,6 @@ return(NULL); } -#ifndef OPENSSL_NO_BUF_FREELISTS -static void -ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) - { - SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) - { - next = ent->next; - OPENSSL_free(ent); - } - OPENSSL_free(list); - } -#endif void SSL_CTX_free(SSL_CTX *a) { @@ -2144,12 +2113,6 @@ #endif #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - if (a->wbuf_freelist) - ssl_buf_freelist_free(a->wbuf_freelist); - if (a->rbuf_freelist) - ssl_buf_freelist_free(a->rbuf_freelist); -#endif # ifndef OPENSSL_NO_EC if (a->tlsext_ecpointformatlist) OPENSSL_free(a->tlsext_ecpointformatlist);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index bf95fb3..e13b8bc 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -690,19 +690,6 @@ char variable_nonce_included_in_record; }; -#ifndef OPENSSL_NO_BUF_FREELISTS -typedef struct ssl3_buf_freelist_st - { - size_t chunklen; - unsigned int len; - struct ssl3_buf_freelist_entry_st *head; - } SSL3_BUF_FREELIST; - -typedef struct ssl3_buf_freelist_entry_st - { - struct ssl3_buf_freelist_entry_st *next; - } SSL3_BUF_FREELIST_ENTRY; -#endif extern SSL3_ENC_METHOD ssl3_undef_enc_method; extern SSL_CIPHER ssl3_ciphers[];