Set OPENSSL_NO_BUF_FREELISTS
The memory freelist maintained by OpenSSL claims to be a performance
optimization for platforms that have a slow malloc/free
implementation. This should not be the case on modern
linux/glibc. Remove the freelist as it poses a potential security
hazard of buffer-reuse that is of "initialized" memory that will not
be caught be tools such as valgrind.
Change-Id: I3cfa6a05f9bdfbbba7820060bae5a673dee43014
Reviewed-on: https://boringssl-review.googlesource.com/1385
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/opensslfeatures.h b/include/openssl/opensslfeatures.h
index 9ff2c63..6026a4b 100644
--- a/include/openssl/opensslfeatures.h
+++ b/include/openssl/opensslfeatures.h
@@ -20,6 +20,7 @@
#define OPENSSL_NO_BF
+#define OPENSSL_NO_BUF_FREELISTS
#define OPENSSL_NO_CAMELLIA
#define OPENSSL_NO_CAST
#define OPENSSL_NO_CMS
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5176846..b43fa74 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1010,12 +1010,6 @@
unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
unsigned char *psk, unsigned int max_psk_len);
-#ifndef OPENSSL_NO_BUF_FREELISTS
-#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
- unsigned int freelist_max_len;
- struct ssl3_buf_freelist_st *wbuf_freelist;
- struct ssl3_buf_freelist_st *rbuf_freelist;
-#endif
/* retain_only_sha256_of_client_certs is true if we should compute the
* SHA256 hash of the peer's certifiate and then discard it to save
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 8d05201..136a14d 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -591,79 +591,8 @@
return(al);
}
-#ifndef OPENSSL_NO_BUF_FREELISTS
-/* On some platforms, malloc() performance is bad enough that you can't just
- * free() and malloc() buffers all the time, so we need to use freelists from
- * unused buffers. Currently, each freelist holds memory chunks of only a
- * given size (list->chunklen); other sized chunks are freed and malloced.
- * This doesn't help much if you're using many different SSL option settings
- * with a given context. (The options affecting buffer size are
- * max_send_fragment, read buffer vs write buffer,
- * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
- * possible size is not an option, since max_send_fragment can take on many
- * different values.
- *
- * If you are on a platform with a slow malloc(), and you're using SSL
- * connections with many different settings for these options, and you need to
- * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
- * - Link against a faster malloc implementation.
- * - Use a separate SSL_CTX for each option set.
- * - Improve this code.
- */
-static void *
-freelist_extract(SSL_CTX *ctx, int for_read, int sz)
- {
- SSL3_BUF_FREELIST *list;
- SSL3_BUF_FREELIST_ENTRY *ent = NULL;
- void *result = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
- if (list != NULL && sz == (int)list->chunklen)
- ent = list->head;
- if (ent != NULL)
- {
- list->head = ent->next;
- result = ent;
- if (--list->len == 0)
- list->chunklen = 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- if (!result)
- result = OPENSSL_malloc(sz);
- return result;
-}
-
-static void
-freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
- {
- SSL3_BUF_FREELIST *list;
- SSL3_BUF_FREELIST_ENTRY *ent;
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
- if (list != NULL &&
- (sz == list->chunklen || list->chunklen == 0) &&
- list->len < ctx->freelist_max_len &&
- sz >= sizeof(*ent))
- {
- list->chunklen = sz;
- ent = mem;
- ent->next = list->head;
- list->head = ent;
- ++list->len;
- mem = NULL;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- if (mem)
- OPENSSL_free(mem);
- }
-#else
#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
-#endif
int ssl3_setup_read_buffer(SSL *s)
{
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2e49302..9eace73 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2011,24 +2011,6 @@
ret->psk_identity_hint=NULL;
ret->psk_client_callback=NULL;
ret->psk_server_callback=NULL;
-#ifndef OPENSSL_NO_BUF_FREELISTS
- ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
- ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
- if (!ret->rbuf_freelist)
- goto err;
- ret->rbuf_freelist->chunklen = 0;
- ret->rbuf_freelist->len = 0;
- ret->rbuf_freelist->head = NULL;
- ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
- if (!ret->wbuf_freelist)
- {
- OPENSSL_free(ret->rbuf_freelist);
- goto err;
- }
- ret->wbuf_freelist->chunklen = 0;
- ret->wbuf_freelist->len = 0;
- ret->wbuf_freelist->head = NULL;
-#endif
#ifndef OPENSSL_NO_ENGINE
ret->client_cert_engine = NULL;
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -2062,19 +2044,6 @@
return(NULL);
}
-#ifndef OPENSSL_NO_BUF_FREELISTS
-static void
-ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
- {
- SSL3_BUF_FREELIST_ENTRY *ent, *next;
- for (ent = list->head; ent; ent = next)
- {
- next = ent->next;
- OPENSSL_free(ent);
- }
- OPENSSL_free(list);
- }
-#endif
void SSL_CTX_free(SSL_CTX *a)
{
@@ -2144,12 +2113,6 @@
#endif
#endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
- if (a->wbuf_freelist)
- ssl_buf_freelist_free(a->wbuf_freelist);
- if (a->rbuf_freelist)
- ssl_buf_freelist_free(a->rbuf_freelist);
-#endif
# ifndef OPENSSL_NO_EC
if (a->tlsext_ecpointformatlist)
OPENSSL_free(a->tlsext_ecpointformatlist);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index bf95fb3..e13b8bc 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -690,19 +690,6 @@
char variable_nonce_included_in_record;
};
-#ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st
- {
- size_t chunklen;
- unsigned int len;
- struct ssl3_buf_freelist_entry_st *head;
- } SSL3_BUF_FREELIST;
-
-typedef struct ssl3_buf_freelist_entry_st
- {
- struct ssl3_buf_freelist_entry_st *next;
- } SSL3_BUF_FREELIST_ENTRY;
-#endif
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
extern SSL_CIPHER ssl3_ciphers[];