9 files changed, 9 insertions, 260 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index b2fd5c6f80..5642e6c175 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -624,76 +624,6 @@ ssl_verify_alarm_type(long type)
        return (al);
 }
-#ifndef OPENSSL_NO_BUF_FREELISTS
-/* On some platforms, malloc() performance is bad enough that you can't just
- * free() and malloc() buffers all the time, so we need to use freelists from
- * unused buffers.  Currently, each freelist holds memory chunks of only a
- * given size (list->chunklen); other sized chunks are freed and malloced.
- * This doesn't help much if you're using many different SSL option settings
- * with a given context.  (The options affecting buffer size are
- * max_send_fragment, read buffer vs write buffer,
- * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every
- * possible size is not an option, since max_send_fragment can take on many
- * different values.
- *
- * If you are on a platform with a slow malloc(), and you're using SSL
- * connections with many different settings for these options, and you need to
- * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
- *    - Link against a faster malloc implementation.
- *    - Use a separate SSL_CTX for each option set.
- *    - Improve this code.
- */
-static void *
-freelist_extract(SSL_CTX *ctx, int for_read, int sz)
-{
-        SSL3_BUF_FREELIST *list;
-        SSL3_BUF_FREELIST_ENTRY *ent = NULL;
-        void *result = NULL;
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-        if (list != NULL && sz == (int)list->chunklen)
-                ent = list->head;
-        if (ent != NULL) {
-                list->head = ent->next;
-                result = ent;
-                if (--list->len == 0)
-                        list->chunklen = 0;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        if (!result)
-                result = OPENSSL_malloc(sz);
-        return result;
-}
-static void
-freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
-{
-        SSL3_BUF_FREELIST *list;
-        SSL3_BUF_FREELIST_ENTRY *ent;
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-        if (list != NULL && (sz == list->chunklen || list->chunklen == 0) &&
-            list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
-                list->chunklen = sz;
-                ent = mem;
-                ent->next = list->head;
-                list->head = ent;
-                ++list->len;
-                mem = NULL;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        if (mem)
-                OPENSSL_free(mem);
-}
-#else
-#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
-#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
-#endif
 int
 ssl3_setup_read_buffer(SSL *s)
 {
@@ -720,7 +650,7 @@ ssl3_setup_read_buffer(SSL *s)
                if (!(s->options & SSL_OP_NO_COMPRESSION))
                        len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 #endif
-                if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
+                if ((p = OPENSSL_malloc(len)) == NULL)
                        goto err;
                s->s3->rbuf.buf = p;
                s->s3->rbuf.len = len;
@@ -760,7 +690,7 @@ ssl3_setup_write_buffer(SSL *s)
                        len += headerlen + align +
                            SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-                if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
+                if ((p = OPENSSL_malloc(len)) == NULL)
                        goto err;
                s->s3->wbuf.buf = p;
                s->s3->wbuf.len = len;
@@ -788,7 +718,7 @@ int
 ssl3_release_write_buffer(SSL *s)
 {
        if (s->s3->wbuf.buf != NULL) {
-                freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
+                OPENSSL_free(s->s3->wbuf.buf);
                s->s3->wbuf.buf = NULL;
        }
        return 1;
@@ -798,7 +728,7 @@ int
 ssl3_release_read_buffer(SSL *s)
 {
        if (s->s3->rbuf.buf != NULL) {
-                freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
+                OPENSSL_free(s->s3->rbuf.buf);
                s->s3->rbuf.buf = NULL;
        }
        return 1;
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index b2fd5c6f80..5642e6c175 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -624,76 +624,6 @@ ssl_verify_alarm_type(long type)
        return (al);
 }
-#ifndef OPENSSL_NO_BUF_FREELISTS
-/* On some platforms, malloc() performance is bad enough that you can't just
- * free() and malloc() buffers all the time, so we need to use freelists from
- * unused buffers.  Currently, each freelist holds memory chunks of only a
- * given size (list->chunklen); other sized chunks are freed and malloced.
- * This doesn't help much if you're using many different SSL option settings
- * with a given context.  (The options affecting buffer size are
- * max_send_fragment, read buffer vs write buffer,
- * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every
- * possible size is not an option, since max_send_fragment can take on many
- * different values.
- *
- * If you are on a platform with a slow malloc(), and you're using SSL
- * connections with many different settings for these options, and you need to
- * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
- *    - Link against a faster malloc implementation.
- *    - Use a separate SSL_CTX for each option set.
- *    - Improve this code.
- */
-static void *
-freelist_extract(SSL_CTX *ctx, int for_read, int sz)
-{
-        SSL3_BUF_FREELIST *list;
-        SSL3_BUF_FREELIST_ENTRY *ent = NULL;
-        void *result = NULL;
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-        if (list != NULL && sz == (int)list->chunklen)
-                ent = list->head;
-        if (ent != NULL) {
-                list->head = ent->next;
-                result = ent;
-                if (--list->len == 0)
-                        list->chunklen = 0;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        if (!result)
-                result = OPENSSL_malloc(sz);
-        return result;
-}
-static void
-freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
-{
-        SSL3_BUF_FREELIST *list;
-        SSL3_BUF_FREELIST_ENTRY *ent;
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-        if (list != NULL && (sz == list->chunklen || list->chunklen == 0) &&
-            list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
-                list->chunklen = sz;
-                ent = mem;
-                ent->next = list->head;
-                list->head = ent;
-                ++list->len;
-                mem = NULL;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        if (mem)
-                OPENSSL_free(mem);
-}
-#else
-#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
-#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
-#endif
 int
 ssl3_setup_read_buffer(SSL *s)
 {
@@ -720,7 +650,7 @@ ssl3_setup_read_buffer(SSL *s)
                if (!(s->options & SSL_OP_NO_COMPRESSION))
                        len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 #endif
-                if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
+                if ((p = OPENSSL_malloc(len)) == NULL)
                        goto err;
                s->s3->rbuf.buf = p;
                s->s3->rbuf.len = len;
@@ -760,7 +690,7 @@ ssl3_setup_write_buffer(SSL *s)
                        len += headerlen + align +
                            SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-                if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
+                if ((p = OPENSSL_malloc(len)) == NULL)
                        goto err;
                s->s3->wbuf.buf = p;
                s->s3->wbuf.len = len;
@@ -788,7 +718,7 @@ int
 ssl3_release_write_buffer(SSL *s)
 {
        if (s->s3->wbuf.buf != NULL) {
-                freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
+                OPENSSL_free(s->s3->wbuf.buf);
                s->s3->wbuf.buf = NULL;
        }
        return 1;
@@ -798,7 +728,7 @@ int
 ssl3_release_read_buffer(SSL *s)
 {
        if (s->s3->rbuf.buf != NULL) {
-                freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
+                OPENSSL_free(s->s3->rbuf.buf);
                s->s3->rbuf.buf = NULL;
        }
        return 1;
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index d3e015e738..cefee6189d 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -936,12 +936,6 @@ struct ssl_ctx_st {
            unsigned char *psk, unsigned int max_psk_len);
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-        unsigned int freelist_max_len;
-        struct ssl3_buf_freelist_st *wbuf_freelist;
-        struct ssl3_buf_freelist_st *rbuf_freelist;
-#endif
 #ifndef OPENSSL_NO_SRP
        SRP_CTX srp_ctx; /* ctx for SRP authentication */
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index a0882e4521..6db3bd2993 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1826,23 +1826,6 @@ SSL_CTX
 #ifndef OPENSSL_NO_SRP
        SSL_CTX_SRP_CTX_init(ret);
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-        ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
-        ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-        if (!ret->rbuf_freelist)
-                goto err;
-        ret->rbuf_freelist->chunklen = 0;
-        ret->rbuf_freelist->len = 0;
-        ret->rbuf_freelist->head = NULL;
-        ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-        if (!ret->wbuf_freelist) {
-                OPENSSL_free(ret->rbuf_freelist);
-                goto err;
-        }
-        ret->wbuf_freelist->chunklen = 0;
-        ret->wbuf_freelist->len = 0;
-        ret->wbuf_freelist->head = NULL;
-#endif
 #ifndef OPENSSL_NO_ENGINE
        ret->client_cert_engine = NULL;
 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1883,19 +1866,6 @@ SSL_COMP_free(SSL_COMP *comp)
 }
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-static void
-ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
-{
-        SSL3_BUF_FREELIST_ENTRY *ent, *next;
-        for (ent = list->head; ent; ent = next) {
-                next = ent->next;
-                OPENSSL_free(ent);
-        }
-        OPENSSL_free(list);
-}
-#endif
 void
 SSL_CTX_free(SSL_CTX *a)
 {
@@ -1973,13 +1943,6 @@ SSL_CTX_free(SSL_CTX *a)
                ENGINE_finish(a->client_cert_engine);
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-        if (a->wbuf_freelist)
-                ssl_buf_freelist_free(a->wbuf_freelist);
-        if (a->rbuf_freelist)
-                ssl_buf_freelist_free(a->rbuf_freelist);
-#endif
        OPENSSL_free(a);
 }
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index e9c3a6bcd8..c539b1229d 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -594,18 +594,6 @@ typedef struct ssl3_comp_st {
 } SSL3_COMP;
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st {
-        size_t chunklen;
-        unsigned int len;
-        struct ssl3_buf_freelist_entry_st *head;
-} SSL3_BUF_FREELIST;
-typedef struct ssl3_buf_freelist_entry_st {
-        struct ssl3_buf_freelist_entry_st *next;
-} SSL3_BUF_FREELIST_ENTRY;
-#endif
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
 OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index d3e015e738..cefee6189d 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -936,12 +936,6 @@ struct ssl_ctx_st {
            unsigned char *psk, unsigned int max_psk_len);
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-        unsigned int freelist_max_len;
-        struct ssl3_buf_freelist_st *wbuf_freelist;
-        struct ssl3_buf_freelist_st *rbuf_freelist;
-#endif
 #ifndef OPENSSL_NO_SRP
        SRP_CTX srp_ctx; /* ctx for SRP authentication */
 #endif
diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile
index 6c8584e80d..57124e2dc2 100644
--- a/src/lib/libssl/ssl/Makefile
+++ b/src/lib/libssl/ssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.37 2014/04/16 20:39:09 tedu Exp $
+# $OpenBSD: Makefile,v 1.38 2014/04/16 21:16:33 tedu Exp $
 LIB=    ssl
@@ -7,7 +7,6 @@ LSSL_SRC=	${SSL_SRC}/ssl
 CFLAGS+= -DTERMIOS -DANSI_SOURCE
 CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5
-CFLAGS+= -DOPENSSL_NO_BUF_FREELISTS
 CFLAGS+= -I${SSL_SRC}
 SRCS=\
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index a0882e4521..6db3bd2993 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1826,23 +1826,6 @@ SSL_CTX
 #ifndef OPENSSL_NO_SRP
        SSL_CTX_SRP_CTX_init(ret);
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-        ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
-        ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-        if (!ret->rbuf_freelist)
-                goto err;
-        ret->rbuf_freelist->chunklen = 0;
-        ret->rbuf_freelist->len = 0;
-        ret->rbuf_freelist->head = NULL;
-        ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-        if (!ret->wbuf_freelist) {
-                OPENSSL_free(ret->rbuf_freelist);
-                goto err;
-        }
-        ret->wbuf_freelist->chunklen = 0;
-        ret->wbuf_freelist->len = 0;
-        ret->wbuf_freelist->head = NULL;
-#endif
 #ifndef OPENSSL_NO_ENGINE
        ret->client_cert_engine = NULL;
 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1883,19 +1866,6 @@ SSL_COMP_free(SSL_COMP *comp)
 }
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-static void
-ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
-{
-        SSL3_BUF_FREELIST_ENTRY *ent, *next;
-        for (ent = list->head; ent; ent = next) {
-                next = ent->next;
-                OPENSSL_free(ent);
-        }
-        OPENSSL_free(list);
-}
-#endif
 void
 SSL_CTX_free(SSL_CTX *a)
 {
@@ -1973,13 +1943,6 @@ SSL_CTX_free(SSL_CTX *a)
                ENGINE_finish(a->client_cert_engine);
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-        if (a->wbuf_freelist)
-                ssl_buf_freelist_free(a->wbuf_freelist);
-        if (a->rbuf_freelist)
-                ssl_buf_freelist_free(a->rbuf_freelist);
-#endif
        OPENSSL_free(a);
 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index e9c3a6bcd8..c539b1229d 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -594,18 +594,6 @@ typedef struct ssl3_comp_st {
 } SSL3_COMP;
 #endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st {
-        size_t chunklen;
-        unsigned int len;
-        struct ssl3_buf_freelist_entry_st *head;
-} SSL3_BUF_FREELIST;
-typedef struct ssl3_buf_freelist_entry_st {
-        struct ssl3_buf_freelist_entry_st *next;
-} SSL3_BUF_FREELIST_ENTRY;
-#endif
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
 OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index b2fd5c6f80..5642e6c175 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -624,76 +624,6 @@ ssl_verify_alarm_type(long type)
624	return (al);	624	return (al);
625	}	625	}
626		626
627	#ifndef OPENSSL_NO_BUF_FREELISTS
628	/* On some platforms, malloc() performance is bad enough that you can't just
629	* free() and malloc() buffers all the time, so we need to use freelists from
630	* unused buffers. Currently, each freelist holds memory chunks of only a
631	* given size (list->chunklen); other sized chunks are freed and malloced.
632	* This doesn't help much if you're using many different SSL option settings
633	* with a given context. (The options affecting buffer size are
634	* max_send_fragment, read buffer vs write buffer,
635	* SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
636	* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
637	* possible size is not an option, since max_send_fragment can take on many
638	* different values.
639	*
640	* If you are on a platform with a slow malloc(), and you're using SSL
641	* connections with many different settings for these options, and you need to
642	* use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
643	* - Link against a faster malloc implementation.
644	* - Use a separate SSL_CTX for each option set.
645	* - Improve this code.
646	*/
647	static void *
648	freelist_extract(SSL_CTX *ctx, int for_read, int sz)
649	{
650	SSL3_BUF_FREELIST *list;
651	SSL3_BUF_FREELIST_ENTRY *ent = NULL;
652	void *result = NULL;
653
654	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
655	list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
656	if (list != NULL && sz == (int)list->chunklen)
657	ent = list->head;
658	if (ent != NULL) {
659	list->head = ent->next;
660	result = ent;
661	if (--list->len == 0)
662	list->chunklen = 0;
663	}
664	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
665	if (!result)
666	result = OPENSSL_malloc(sz);
667	return result;
668	}
669
670	static void
671	freelist_insert(SSL_CTX ctx, int for_read, size_t sz, void mem)
672	{
673	SSL3_BUF_FREELIST *list;
674	SSL3_BUF_FREELIST_ENTRY *ent;
675
676	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
677	list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
678	if (list != NULL && (sz == list->chunklen \|\| list->chunklen == 0) &&
679	list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
680	list->chunklen = sz;
681	ent = mem;
682	ent->next = list->head;
683	list->head = ent;
684	++list->len;
685	mem = NULL;
686	}
687
688	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
689	if (mem)
690	OPENSSL_free(mem);
691	}
692	#else
693	#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
694	#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
695	#endif
696
697	int	627	int
698	ssl3_setup_read_buffer(SSL *s)	628	ssl3_setup_read_buffer(SSL *s)
699	{	629	{
@@ -720,7 +650,7 @@ ssl3_setup_read_buffer(SSL *s)
720	if (!(s->options & SSL_OP_NO_COMPRESSION))	650	if (!(s->options & SSL_OP_NO_COMPRESSION))
721	len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;	651	len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
722	#endif	652	#endif
723	if ((p = freelist_extract(s->ctx, 1, len)) == NULL)	653	if ((p = OPENSSL_malloc(len)) == NULL)
724	goto err;	654	goto err;
725	s->s3->rbuf.buf = p;	655	s->s3->rbuf.buf = p;
726	s->s3->rbuf.len = len;	656	s->s3->rbuf.len = len;
@@ -760,7 +690,7 @@ ssl3_setup_write_buffer(SSL *s)
760	len += headerlen + align +	690	len += headerlen + align +
761	SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;	691	SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
762		692
763	if ((p = freelist_extract(s->ctx, 0, len)) == NULL)	693	if ((p = OPENSSL_malloc(len)) == NULL)
764	goto err;	694	goto err;
765	s->s3->wbuf.buf = p;	695	s->s3->wbuf.buf = p;
766	s->s3->wbuf.len = len;	696	s->s3->wbuf.len = len;
@@ -788,7 +718,7 @@ int
788	ssl3_release_write_buffer(SSL *s)	718	ssl3_release_write_buffer(SSL *s)
789	{	719	{
790	if (s->s3->wbuf.buf != NULL) {	720	if (s->s3->wbuf.buf != NULL) {
791	freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);	721	OPENSSL_free(s->s3->wbuf.buf);
792	s->s3->wbuf.buf = NULL;	722	s->s3->wbuf.buf = NULL;
793	}	723	}
794	return 1;	724	return 1;
@@ -798,7 +728,7 @@ int
798	ssl3_release_read_buffer(SSL *s)	728	ssl3_release_read_buffer(SSL *s)
799	{	729	{
800	if (s->s3->rbuf.buf != NULL) {	730	if (s->s3->rbuf.buf != NULL) {
801	freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);	731	OPENSSL_free(s->s3->rbuf.buf);
802	s->s3->rbuf.buf = NULL;	732	s->s3->rbuf.buf = NULL;
803	}	733	}
804	return 1;	734	return 1;


diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index b2fd5c6f80..5642e6c175 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -624,76 +624,6 @@ ssl_verify_alarm_type(long type)
624	return (al);	624	return (al);
625	}	625	}
626		626
627	#ifndef OPENSSL_NO_BUF_FREELISTS
628	/* On some platforms, malloc() performance is bad enough that you can't just
629	* free() and malloc() buffers all the time, so we need to use freelists from
630	* unused buffers. Currently, each freelist holds memory chunks of only a
631	* given size (list->chunklen); other sized chunks are freed and malloced.
632	* This doesn't help much if you're using many different SSL option settings
633	* with a given context. (The options affecting buffer size are
634	* max_send_fragment, read buffer vs write buffer,
635	* SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
636	* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
637	* possible size is not an option, since max_send_fragment can take on many
638	* different values.
639	*
640	* If you are on a platform with a slow malloc(), and you're using SSL
641	* connections with many different settings for these options, and you need to
642	* use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
643	* - Link against a faster malloc implementation.
644	* - Use a separate SSL_CTX for each option set.
645	* - Improve this code.
646	*/
647	static void *
648	freelist_extract(SSL_CTX *ctx, int for_read, int sz)
649	{
650	SSL3_BUF_FREELIST *list;
651	SSL3_BUF_FREELIST_ENTRY *ent = NULL;
652	void *result = NULL;
653
654	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
655	list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
656	if (list != NULL && sz == (int)list->chunklen)
657	ent = list->head;
658	if (ent != NULL) {
659	list->head = ent->next;
660	result = ent;
661	if (--list->len == 0)
662	list->chunklen = 0;
663	}
664	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
665	if (!result)
666	result = OPENSSL_malloc(sz);
667	return result;
668	}
669
670	static void
671	freelist_insert(SSL_CTX ctx, int for_read, size_t sz, void mem)
672	{
673	SSL3_BUF_FREELIST *list;
674	SSL3_BUF_FREELIST_ENTRY *ent;
675
676	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
677	list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
678	if (list != NULL && (sz == list->chunklen \|\| list->chunklen == 0) &&
679	list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
680	list->chunklen = sz;
681	ent = mem;
682	ent->next = list->head;
683	list->head = ent;
684	++list->len;
685	mem = NULL;
686	}
687
688	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
689	if (mem)
690	OPENSSL_free(mem);
691	}
692	#else
693	#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
694	#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
695	#endif
696
697	int	627	int
698	ssl3_setup_read_buffer(SSL *s)	628	ssl3_setup_read_buffer(SSL *s)
699	{	629	{
@@ -720,7 +650,7 @@ ssl3_setup_read_buffer(SSL *s)
720	if (!(s->options & SSL_OP_NO_COMPRESSION))	650	if (!(s->options & SSL_OP_NO_COMPRESSION))
721	len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;	651	len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
722	#endif	652	#endif
723	if ((p = freelist_extract(s->ctx, 1, len)) == NULL)	653	if ((p = OPENSSL_malloc(len)) == NULL)
724	goto err;	654	goto err;
725	s->s3->rbuf.buf = p;	655	s->s3->rbuf.buf = p;
726	s->s3->rbuf.len = len;	656	s->s3->rbuf.len = len;
@@ -760,7 +690,7 @@ ssl3_setup_write_buffer(SSL *s)
760	len += headerlen + align +	690	len += headerlen + align +
761	SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;	691	SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
762		692
763	if ((p = freelist_extract(s->ctx, 0, len)) == NULL)	693	if ((p = OPENSSL_malloc(len)) == NULL)
764	goto err;	694	goto err;
765	s->s3->wbuf.buf = p;	695	s->s3->wbuf.buf = p;
766	s->s3->wbuf.len = len;	696	s->s3->wbuf.len = len;
@@ -788,7 +718,7 @@ int
788	ssl3_release_write_buffer(SSL *s)	718	ssl3_release_write_buffer(SSL *s)
789	{	719	{
790	if (s->s3->wbuf.buf != NULL) {	720	if (s->s3->wbuf.buf != NULL) {
791	freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);	721	OPENSSL_free(s->s3->wbuf.buf);
792	s->s3->wbuf.buf = NULL;	722	s->s3->wbuf.buf = NULL;
793	}	723	}
794	return 1;	724	return 1;
@@ -798,7 +728,7 @@ int
798	ssl3_release_read_buffer(SSL *s)	728	ssl3_release_read_buffer(SSL *s)
799	{	729	{
800	if (s->s3->rbuf.buf != NULL) {	730	if (s->s3->rbuf.buf != NULL) {
801	freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);	731	OPENSSL_free(s->s3->rbuf.buf);
802	s->s3->rbuf.buf = NULL;	732	s->s3->rbuf.buf = NULL;
803	}	733	}
804	return 1;	734	return 1;


diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index d3e015e738..cefee6189d 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h
@@ -936,12 +936,6 @@ struct ssl_ctx_st {
936	unsigned char *psk, unsigned int max_psk_len);	936	unsigned char *psk, unsigned int max_psk_len);
937	#endif	937	#endif
938		938
939	#ifndef OPENSSL_NO_BUF_FREELISTS
940	#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
941	unsigned int freelist_max_len;
942	struct ssl3_buf_freelist_st *wbuf_freelist;
943	struct ssl3_buf_freelist_st *rbuf_freelist;
944	#endif
945	#ifndef OPENSSL_NO_SRP	939	#ifndef OPENSSL_NO_SRP
946	SRP_CTX srp_ctx; /* ctx for SRP authentication */	940	SRP_CTX srp_ctx; /* ctx for SRP authentication */
947	#endif	941	#endif


diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index a0882e4521..6db3bd2993 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1826,23 +1826,6 @@ SSL_CTX
1826	#ifndef OPENSSL_NO_SRP	1826	#ifndef OPENSSL_NO_SRP
1827	SSL_CTX_SRP_CTX_init(ret);	1827	SSL_CTX_SRP_CTX_init(ret);
1828	#endif	1828	#endif
1829	#ifndef OPENSSL_NO_BUF_FREELISTS
1830	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1831	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1832	if (!ret->rbuf_freelist)
1833	goto err;
1834	ret->rbuf_freelist->chunklen = 0;
1835	ret->rbuf_freelist->len = 0;
1836	ret->rbuf_freelist->head = NULL;
1837	ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1838	if (!ret->wbuf_freelist) {
1839	OPENSSL_free(ret->rbuf_freelist);
1840	goto err;
1841	}
1842	ret->wbuf_freelist->chunklen = 0;
1843	ret->wbuf_freelist->len = 0;
1844	ret->wbuf_freelist->head = NULL;
1845	#endif
1846	#ifndef OPENSSL_NO_ENGINE	1829	#ifndef OPENSSL_NO_ENGINE
1847	ret->client_cert_engine = NULL;	1830	ret->client_cert_engine = NULL;
1848	#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO	1831	#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1883,19 +1866,6 @@ SSL_COMP_free(SSL_COMP *comp)
1883	}	1866	}
1884	#endif	1867	#endif
1885		1868
1886	#ifndef OPENSSL_NO_BUF_FREELISTS
1887	static void
1888	ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1889	{
1890	SSL3_BUF_FREELIST_ENTRY ent, next;
1891	for (ent = list->head; ent; ent = next) {
1892	next = ent->next;
1893	OPENSSL_free(ent);
1894	}
1895	OPENSSL_free(list);
1896	}
1897	#endif
1898
1899	void	1869	void
1900	SSL_CTX_free(SSL_CTX *a)	1870	SSL_CTX_free(SSL_CTX *a)
1901	{	1871	{
@@ -1973,13 +1943,6 @@ SSL_CTX_free(SSL_CTX *a)
1973	ENGINE_finish(a->client_cert_engine);	1943	ENGINE_finish(a->client_cert_engine);
1974	#endif	1944	#endif
1975		1945
1976	#ifndef OPENSSL_NO_BUF_FREELISTS
1977	if (a->wbuf_freelist)
1978	ssl_buf_freelist_free(a->wbuf_freelist);
1979	if (a->rbuf_freelist)
1980	ssl_buf_freelist_free(a->rbuf_freelist);
1981	#endif
1982
1983	OPENSSL_free(a);	1946	OPENSSL_free(a);
1984	}	1947	}
1985		1948


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index e9c3a6bcd8..c539b1229d 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -594,18 +594,6 @@ typedef struct ssl3_comp_st {
594	} SSL3_COMP;	594	} SSL3_COMP;
595	#endif	595	#endif
596		596
597	#ifndef OPENSSL_NO_BUF_FREELISTS
598	typedef struct ssl3_buf_freelist_st {
599	size_t chunklen;
600	unsigned int len;
601	struct ssl3_buf_freelist_entry_st *head;
602	} SSL3_BUF_FREELIST;
603
604	typedef struct ssl3_buf_freelist_entry_st {
605	struct ssl3_buf_freelist_entry_st *next;
606	} SSL3_BUF_FREELIST_ENTRY;
607	#endif
608
609	extern SSL3_ENC_METHOD ssl3_undef_enc_method;	597	extern SSL3_ENC_METHOD ssl3_undef_enc_method;
610	OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];	598	OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
611	OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];	599	OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index d3e015e738..cefee6189d 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -936,12 +936,6 @@ struct ssl_ctx_st {
936	unsigned char *psk, unsigned int max_psk_len);	936	unsigned char *psk, unsigned int max_psk_len);
937	#endif	937	#endif
938		938
939	#ifndef OPENSSL_NO_BUF_FREELISTS
940	#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
941	unsigned int freelist_max_len;
942	struct ssl3_buf_freelist_st *wbuf_freelist;
943	struct ssl3_buf_freelist_st *rbuf_freelist;
944	#endif
945	#ifndef OPENSSL_NO_SRP	939	#ifndef OPENSSL_NO_SRP
946	SRP_CTX srp_ctx; /* ctx for SRP authentication */	940	SRP_CTX srp_ctx; /* ctx for SRP authentication */
947	#endif	941	#endif


diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile index 6c8584e80d..57124e2dc2 100644 --- a/src/lib/libssl/ssl/Makefile +++ b/src/lib/libssl/ssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.37 2014/04/16 20:39:09 tedu Exp $	1	# $OpenBSD: Makefile,v 1.38 2014/04/16 21:16:33 tedu Exp $
2		2
3	LIB= ssl	3	LIB= ssl
4		4
@@ -7,7 +7,6 @@ LSSL_SRC= ${SSL_SRC}/ssl
7		7
8	CFLAGS+= -DTERMIOS -DANSI_SOURCE	8	CFLAGS+= -DTERMIOS -DANSI_SOURCE
9	CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5	9	CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5
10	CFLAGS+= -DOPENSSL_NO_BUF_FREELISTS
11	CFLAGS+= -I${SSL_SRC}	10	CFLAGS+= -I${SSL_SRC}
12		11
13	SRCS=\	12	SRCS=\


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index a0882e4521..6db3bd2993 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1826,23 +1826,6 @@ SSL_CTX
1826	#ifndef OPENSSL_NO_SRP	1826	#ifndef OPENSSL_NO_SRP
1827	SSL_CTX_SRP_CTX_init(ret);	1827	SSL_CTX_SRP_CTX_init(ret);
1828	#endif	1828	#endif
1829	#ifndef OPENSSL_NO_BUF_FREELISTS
1830	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1831	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1832	if (!ret->rbuf_freelist)
1833	goto err;
1834	ret->rbuf_freelist->chunklen = 0;
1835	ret->rbuf_freelist->len = 0;
1836	ret->rbuf_freelist->head = NULL;
1837	ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1838	if (!ret->wbuf_freelist) {
1839	OPENSSL_free(ret->rbuf_freelist);
1840	goto err;
1841	}
1842	ret->wbuf_freelist->chunklen = 0;
1843	ret->wbuf_freelist->len = 0;
1844	ret->wbuf_freelist->head = NULL;
1845	#endif
1846	#ifndef OPENSSL_NO_ENGINE	1829	#ifndef OPENSSL_NO_ENGINE
1847	ret->client_cert_engine = NULL;	1830	ret->client_cert_engine = NULL;
1848	#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO	1831	#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1883,19 +1866,6 @@ SSL_COMP_free(SSL_COMP *comp)
1883	}	1866	}
1884	#endif	1867	#endif
1885		1868
1886	#ifndef OPENSSL_NO_BUF_FREELISTS
1887	static void
1888	ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1889	{
1890	SSL3_BUF_FREELIST_ENTRY ent, next;
1891	for (ent = list->head; ent; ent = next) {
1892	next = ent->next;
1893	OPENSSL_free(ent);
1894	}
1895	OPENSSL_free(list);
1896	}
1897	#endif
1898
1899	void	1869	void
1900	SSL_CTX_free(SSL_CTX *a)	1870	SSL_CTX_free(SSL_CTX *a)
1901	{	1871	{
@@ -1973,13 +1943,6 @@ SSL_CTX_free(SSL_CTX *a)
1973	ENGINE_finish(a->client_cert_engine);	1943	ENGINE_finish(a->client_cert_engine);
1974	#endif	1944	#endif
1975		1945
1976	#ifndef OPENSSL_NO_BUF_FREELISTS
1977	if (a->wbuf_freelist)
1978	ssl_buf_freelist_free(a->wbuf_freelist);
1979	if (a->rbuf_freelist)
1980	ssl_buf_freelist_free(a->rbuf_freelist);
1981	#endif
1982
1983	OPENSSL_free(a);	1946	OPENSSL_free(a);
1984	}	1947	}
1985		1948


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index e9c3a6bcd8..c539b1229d 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -594,18 +594,6 @@ typedef struct ssl3_comp_st {
594	} SSL3_COMP;	594	} SSL3_COMP;
595	#endif	595	#endif
596		596
597	#ifndef OPENSSL_NO_BUF_FREELISTS
598	typedef struct ssl3_buf_freelist_st {
599	size_t chunklen;
600	unsigned int len;
601	struct ssl3_buf_freelist_entry_st *head;
602	} SSL3_BUF_FREELIST;
603
604	typedef struct ssl3_buf_freelist_entry_st {
605	struct ssl3_buf_freelist_entry_st *next;
606	} SSL3_BUF_FREELIST_ENTRY;
607	#endif
608
609	extern SSL3_ENC_METHOD ssl3_undef_enc_method;	597	extern SSL3_ENC_METHOD ssl3_undef_enc_method;
610	OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];	598	OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
611	OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];	599	OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];