diff options
| author | bcook <> | 2014-12-14 21:49:29 +0000 |
|---|---|---|
| committer | bcook <> | 2014-12-14 21:49:29 +0000 |
| commit | 02216b57a0ccb0dd187f3ea646c6ae40e827d3ae (patch) | |
| tree | 4192f8b6f420704e7598dbfb017975afb1eebace | |
| parent | 9d7627cb78b8d58f06310b08151767a7309504dc (diff) | |
| download | openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.tar.gz openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.tar.bz2 openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.zip | |
unconditionally align SSL payloads
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
| -rw-r--r-- | src/lib/libssl/s3_both.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_both.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_pkt.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl3.h | 17 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 17 |
6 files changed, 36 insertions, 78 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 2180a24d4c..a2ce9e9fa3 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.36 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.37 2014/12/14 21:49:29 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -610,16 +610,14 @@ int | |||
| 610 | ssl3_setup_read_buffer(SSL *s) | 610 | ssl3_setup_read_buffer(SSL *s) |
| 611 | { | 611 | { |
| 612 | unsigned char *p; | 612 | unsigned char *p; |
| 613 | size_t len, align = 0, headerlen; | 613 | size_t len, align, headerlen; |
| 614 | 614 | ||
| 615 | if (SSL_IS_DTLS(s)) | 615 | if (SSL_IS_DTLS(s)) |
| 616 | headerlen = DTLS1_RT_HEADER_LENGTH; | 616 | headerlen = DTLS1_RT_HEADER_LENGTH; |
| 617 | else | 617 | else |
| 618 | headerlen = SSL3_RT_HEADER_LENGTH; | 618 | headerlen = SSL3_RT_HEADER_LENGTH; |
| 619 | 619 | ||
| 620 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 620 | align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); |
| 621 | align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); | ||
| 622 | #endif | ||
| 623 | 621 | ||
| 624 | if (s->s3->rbuf.buf == NULL) { | 622 | if (s->s3->rbuf.buf == NULL) { |
| 625 | len = SSL3_RT_MAX_PLAIN_LENGTH + | 623 | len = SSL3_RT_MAX_PLAIN_LENGTH + |
| @@ -646,16 +644,14 @@ int | |||
| 646 | ssl3_setup_write_buffer(SSL *s) | 644 | ssl3_setup_write_buffer(SSL *s) |
| 647 | { | 645 | { |
| 648 | unsigned char *p; | 646 | unsigned char *p; |
| 649 | size_t len, align = 0, headerlen; | 647 | size_t len, align, headerlen; |
| 650 | 648 | ||
| 651 | if (SSL_IS_DTLS(s)) | 649 | if (SSL_IS_DTLS(s)) |
| 652 | headerlen = DTLS1_RT_HEADER_LENGTH + 1; | 650 | headerlen = DTLS1_RT_HEADER_LENGTH + 1; |
| 653 | else | 651 | else |
| 654 | headerlen = SSL3_RT_HEADER_LENGTH; | 652 | headerlen = SSL3_RT_HEADER_LENGTH; |
| 655 | 653 | ||
| 656 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 654 | align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); |
| 657 | align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); | ||
| 658 | #endif | ||
| 659 | 655 | ||
| 660 | if (s->s3->wbuf.buf == NULL) { | 656 | if (s->s3->wbuf.buf == NULL) { |
| 661 | len = s->max_send_fragment + | 657 | len = s->max_send_fragment + |
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 9f98e6f540..117e6ec2da 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.53 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -132,7 +132,7 @@ int | |||
| 132 | ssl3_read_n(SSL *s, int n, int max, int extend) | 132 | ssl3_read_n(SSL *s, int n, int max, int extend) |
| 133 | { | 133 | { |
| 134 | int i, len, left; | 134 | int i, len, left; |
| 135 | long align = 0; | 135 | size_t align; |
| 136 | unsigned char *pkt; | 136 | unsigned char *pkt; |
| 137 | SSL3_BUFFER *rb; | 137 | SSL3_BUFFER *rb; |
| 138 | 138 | ||
| @@ -145,10 +145,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 145 | return -1; | 145 | return -1; |
| 146 | 146 | ||
| 147 | left = rb->left; | 147 | left = rb->left; |
| 148 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 148 | align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; |
| 149 | align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; | 149 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); |
| 150 | align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); | ||
| 151 | #endif | ||
| 152 | 150 | ||
| 153 | if (!extend) { | 151 | if (!extend) { |
| 154 | /* start with empty packet ... */ | 152 | /* start with empty packet ... */ |
| @@ -572,7 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 572 | int i, mac_size, clear = 0; | 570 | int i, mac_size, clear = 0; |
| 573 | int prefix_len = 0; | 571 | int prefix_len = 0; |
| 574 | int eivlen; | 572 | int eivlen; |
| 575 | long align = 0; | 573 | size_t align; |
| 576 | SSL3_RECORD *wr; | 574 | SSL3_RECORD *wr; |
| 577 | SSL3_BUFFER *wb = &(s->s3->wbuf); | 575 | SSL3_BUFFER *wb = &(s->s3->wbuf); |
| 578 | SSL_SESSION *sess; | 576 | SSL_SESSION *sess; |
| @@ -646,23 +644,21 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 646 | } | 644 | } |
| 647 | 645 | ||
| 648 | if (create_empty_fragment) { | 646 | if (create_empty_fragment) { |
| 649 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | ||
| 650 | /* extra fragment would be couple of cipher blocks, | 647 | /* extra fragment would be couple of cipher blocks, |
| 651 | * which would be multiple of SSL3_ALIGN_PAYLOAD, so | 648 | * which would be multiple of SSL3_ALIGN_PAYLOAD, so |
| 652 | * if we want to align the real payload, then we can | 649 | * if we want to align the real payload, then we can |
| 653 | * just pretent we simply have two headers. */ | 650 | * just pretent we simply have two headers. */ |
| 654 | align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; | 651 | align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH; |
| 655 | align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); | 652 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); |
| 656 | #endif | 653 | |
| 657 | p = wb->buf + align; | 654 | p = wb->buf + align; |
| 658 | wb->offset = align; | 655 | wb->offset = align; |
| 659 | } else if (prefix_len) { | 656 | } else if (prefix_len) { |
| 660 | p = wb->buf + wb->offset + prefix_len; | 657 | p = wb->buf + wb->offset + prefix_len; |
| 661 | } else { | 658 | } else { |
| 662 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 659 | align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH; |
| 663 | align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; | 660 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); |
| 664 | align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); | 661 | |
| 665 | #endif | ||
| 666 | p = wb->buf + align; | 662 | p = wb->buf + align; |
| 667 | wb->offset = align; | 663 | wb->offset = align; |
| 668 | } | 664 | } |
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 2180a24d4c..a2ce9e9fa3 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.36 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.37 2014/12/14 21:49:29 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -610,16 +610,14 @@ int | |||
| 610 | ssl3_setup_read_buffer(SSL *s) | 610 | ssl3_setup_read_buffer(SSL *s) |
| 611 | { | 611 | { |
| 612 | unsigned char *p; | 612 | unsigned char *p; |
| 613 | size_t len, align = 0, headerlen; | 613 | size_t len, align, headerlen; |
| 614 | 614 | ||
| 615 | if (SSL_IS_DTLS(s)) | 615 | if (SSL_IS_DTLS(s)) |
| 616 | headerlen = DTLS1_RT_HEADER_LENGTH; | 616 | headerlen = DTLS1_RT_HEADER_LENGTH; |
| 617 | else | 617 | else |
| 618 | headerlen = SSL3_RT_HEADER_LENGTH; | 618 | headerlen = SSL3_RT_HEADER_LENGTH; |
| 619 | 619 | ||
| 620 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 620 | align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); |
| 621 | align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); | ||
| 622 | #endif | ||
| 623 | 621 | ||
| 624 | if (s->s3->rbuf.buf == NULL) { | 622 | if (s->s3->rbuf.buf == NULL) { |
| 625 | len = SSL3_RT_MAX_PLAIN_LENGTH + | 623 | len = SSL3_RT_MAX_PLAIN_LENGTH + |
| @@ -646,16 +644,14 @@ int | |||
| 646 | ssl3_setup_write_buffer(SSL *s) | 644 | ssl3_setup_write_buffer(SSL *s) |
| 647 | { | 645 | { |
| 648 | unsigned char *p; | 646 | unsigned char *p; |
| 649 | size_t len, align = 0, headerlen; | 647 | size_t len, align, headerlen; |
| 650 | 648 | ||
| 651 | if (SSL_IS_DTLS(s)) | 649 | if (SSL_IS_DTLS(s)) |
| 652 | headerlen = DTLS1_RT_HEADER_LENGTH + 1; | 650 | headerlen = DTLS1_RT_HEADER_LENGTH + 1; |
| 653 | else | 651 | else |
| 654 | headerlen = SSL3_RT_HEADER_LENGTH; | 652 | headerlen = SSL3_RT_HEADER_LENGTH; |
| 655 | 653 | ||
| 656 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 654 | align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); |
| 657 | align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); | ||
| 658 | #endif | ||
| 659 | 655 | ||
| 660 | if (s->s3->wbuf.buf == NULL) { | 656 | if (s->s3->wbuf.buf == NULL) { |
| 661 | len = s->max_send_fragment + | 657 | len = s->max_send_fragment + |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index 9f98e6f540..117e6ec2da 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.53 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -132,7 +132,7 @@ int | |||
| 132 | ssl3_read_n(SSL *s, int n, int max, int extend) | 132 | ssl3_read_n(SSL *s, int n, int max, int extend) |
| 133 | { | 133 | { |
| 134 | int i, len, left; | 134 | int i, len, left; |
| 135 | long align = 0; | 135 | size_t align; |
| 136 | unsigned char *pkt; | 136 | unsigned char *pkt; |
| 137 | SSL3_BUFFER *rb; | 137 | SSL3_BUFFER *rb; |
| 138 | 138 | ||
| @@ -145,10 +145,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 145 | return -1; | 145 | return -1; |
| 146 | 146 | ||
| 147 | left = rb->left; | 147 | left = rb->left; |
| 148 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 148 | align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; |
| 149 | align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; | 149 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); |
| 150 | align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); | ||
| 151 | #endif | ||
| 152 | 150 | ||
| 153 | if (!extend) { | 151 | if (!extend) { |
| 154 | /* start with empty packet ... */ | 152 | /* start with empty packet ... */ |
| @@ -572,7 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 572 | int i, mac_size, clear = 0; | 570 | int i, mac_size, clear = 0; |
| 573 | int prefix_len = 0; | 571 | int prefix_len = 0; |
| 574 | int eivlen; | 572 | int eivlen; |
| 575 | long align = 0; | 573 | size_t align; |
| 576 | SSL3_RECORD *wr; | 574 | SSL3_RECORD *wr; |
| 577 | SSL3_BUFFER *wb = &(s->s3->wbuf); | 575 | SSL3_BUFFER *wb = &(s->s3->wbuf); |
| 578 | SSL_SESSION *sess; | 576 | SSL_SESSION *sess; |
| @@ -646,23 +644,21 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 646 | } | 644 | } |
| 647 | 645 | ||
| 648 | if (create_empty_fragment) { | 646 | if (create_empty_fragment) { |
| 649 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | ||
| 650 | /* extra fragment would be couple of cipher blocks, | 647 | /* extra fragment would be couple of cipher blocks, |
| 651 | * which would be multiple of SSL3_ALIGN_PAYLOAD, so | 648 | * which would be multiple of SSL3_ALIGN_PAYLOAD, so |
| 652 | * if we want to align the real payload, then we can | 649 | * if we want to align the real payload, then we can |
| 653 | * just pretent we simply have two headers. */ | 650 | * just pretent we simply have two headers. */ |
| 654 | align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; | 651 | align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH; |
| 655 | align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); | 652 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); |
| 656 | #endif | 653 | |
| 657 | p = wb->buf + align; | 654 | p = wb->buf + align; |
| 658 | wb->offset = align; | 655 | wb->offset = align; |
| 659 | } else if (prefix_len) { | 656 | } else if (prefix_len) { |
| 660 | p = wb->buf + wb->offset + prefix_len; | 657 | p = wb->buf + wb->offset + prefix_len; |
| 661 | } else { | 658 | } else { |
| 662 | #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 | 659 | align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH; |
| 663 | align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; | 660 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); |
| 664 | align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); | 661 | |
| 665 | #endif | ||
| 666 | p = wb->buf + align; | 662 | p = wb->buf + align; |
| 667 | wb->offset = align; | 663 | wb->offset = align; |
| 668 | } | 664 | } |
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index b5df1056ab..5f59e18eb4 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.32 2014/12/14 16:07:26 jsing Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.33 2014/12/14 21:49:29 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -236,20 +236,7 @@ extern "C" { | |||
| 236 | #define SSL3_RT_HEADER_LENGTH 5 | 236 | #define SSL3_RT_HEADER_LENGTH 5 |
| 237 | #define SSL3_HM_HEADER_LENGTH 4 | 237 | #define SSL3_HM_HEADER_LENGTH 4 |
| 238 | 238 | ||
| 239 | #ifndef SSL3_ALIGN_PAYLOAD | 239 | #define SSL3_ALIGN_PAYLOAD 8 |
| 240 | /* Some will argue that this increases memory footprint, but it's | ||
| 241 | * not actually true. Point is that malloc has to return at least | ||
| 242 | * 64-bit aligned pointers, meaning that allocating 5 bytes wastes | ||
| 243 | * 3 bytes in either case. Suggested pre-gaping simply moves these | ||
| 244 | * wasted bytes from the end of allocated region to its front, | ||
| 245 | * but makes data payload aligned, which improves performance:-) */ | ||
| 246 | # define SSL3_ALIGN_PAYLOAD 8 | ||
| 247 | #else | ||
| 248 | # if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 | ||
| 249 | # error "insane SSL3_ALIGN_PAYLOAD" | ||
| 250 | # undef SSL3_ALIGN_PAYLOAD | ||
| 251 | # endif | ||
| 252 | #endif | ||
| 253 | 240 | ||
| 254 | /* This is the maximum MAC (digest) size used by the SSL library. | 241 | /* This is the maximum MAC (digest) size used by the SSL library. |
| 255 | * Currently maximum of 20 is used by SHA1, but we reserve for | 242 | * Currently maximum of 20 is used by SHA1, but we reserve for |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index b5df1056ab..5f59e18eb4 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.32 2014/12/14 16:07:26 jsing Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.33 2014/12/14 21:49:29 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -236,20 +236,7 @@ extern "C" { | |||
| 236 | #define SSL3_RT_HEADER_LENGTH 5 | 236 | #define SSL3_RT_HEADER_LENGTH 5 |
| 237 | #define SSL3_HM_HEADER_LENGTH 4 | 237 | #define SSL3_HM_HEADER_LENGTH 4 |
| 238 | 238 | ||
| 239 | #ifndef SSL3_ALIGN_PAYLOAD | 239 | #define SSL3_ALIGN_PAYLOAD 8 |
| 240 | /* Some will argue that this increases memory footprint, but it's | ||
| 241 | * not actually true. Point is that malloc has to return at least | ||
| 242 | * 64-bit aligned pointers, meaning that allocating 5 bytes wastes | ||
| 243 | * 3 bytes in either case. Suggested pre-gaping simply moves these | ||
| 244 | * wasted bytes from the end of allocated region to its front, | ||
| 245 | * but makes data payload aligned, which improves performance:-) */ | ||
| 246 | # define SSL3_ALIGN_PAYLOAD 8 | ||
| 247 | #else | ||
| 248 | # if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 | ||
| 249 | # error "insane SSL3_ALIGN_PAYLOAD" | ||
| 250 | # undef SSL3_ALIGN_PAYLOAD | ||
| 251 | # endif | ||
| 252 | #endif | ||
| 253 | 240 | ||
| 254 | /* This is the maximum MAC (digest) size used by the SSL library. | 241 | /* This is the maximum MAC (digest) size used by the SSL library. |
| 255 | * Currently maximum of 20 is used by SHA1, but we reserve for | 242 | * Currently maximum of 20 is used by SHA1, but we reserve for |