Skip to content

Commit 6830d98

Browse files
igrrigrr
committed
Pre-allocate encrypt/decrypt ctx to reduce memory fragmentation
1 parent 10b41c8 commit 6830d98

File tree

1 file changed

+27
-10
lines changed

1 file changed

+27
-10
lines changed

ssl/tls1.c

+27-10
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ static const char * client_finished = "client finished";
5050
static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
5151
static int set_key_block(SSL *ssl, int is_write);
5252
static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
53-
static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
53+
static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
5454
static int send_raw_packet(SSL *ssl, uint8_t protocol);
5555

5656
/**
@@ -591,6 +591,9 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
591591
ssl_ctx->tail = ssl;
592592
}
593593

594+
ssl->encrypt_ctx = malloc(sizeof(AES_CTX));
595+
ssl->decrypt_ctx = malloc(sizeof(AES_CTX));
596+
594597
SSL_CTX_UNLOCK(ssl_ctx->mutex);
595598
return ssl;
596599
}
@@ -917,14 +920,18 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
917920
/**
918921
* Retrieve (and initialise) the context of a cipher.
919922
*/
920-
static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
923+
static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached)
921924
{
922925
switch (ssl->cipher)
923926
{
924927
#ifndef CONFIG_SSL_SKELETON_MODE
925928
case SSL_AES128_SHA:
926929
{
927-
AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
930+
AES_CTX *aes_ctx;
931+
if (cached)
932+
aes_ctx = (AES_CTX*) cached;
933+
else
934+
aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
928935
AES_set_key(aes_ctx, key, iv, AES_MODE_128);
929936

930937
if (is_decrypt)
@@ -937,7 +944,12 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
937944

938945
case SSL_AES256_SHA:
939946
{
940-
AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
947+
AES_CTX *aes_ctx;
948+
if (cached)
949+
aes_ctx = (AES_CTX*) cached;
950+
else
951+
aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
952+
941953
AES_set_key(aes_ctx, key, iv, AES_MODE_256);
942954

943955
if (is_decrypt)
@@ -952,7 +964,12 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
952964
#endif
953965
case SSL_RC4_128_SHA:
954966
{
955-
RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
967+
RC4_CTX* rc4_ctx;
968+
if (cached)
969+
rc4_ctx = (RC4_CTX*) cached;
970+
else
971+
rc4_ctx = (RC4_CTX*) malloc(sizeof(RC4_CTX));
972+
956973
RC4_setup(rc4_ctx, key, 16);
957974
return (void *)rc4_ctx;
958975
}
@@ -1184,26 +1201,26 @@ static int set_key_block(SSL *ssl, int is_write)
11841201
}
11851202
#endif
11861203

1187-
free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
1204+
// free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
11881205

11891206
/* now initialise the ciphers */
11901207
if (is_client)
11911208
{
11921209
finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
11931210

11941211
if (is_write)
1195-
ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
1212+
ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0, ssl->encrypt_ctx);
11961213
else
1197-
ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
1214+
ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1, ssl->decrypt_ctx);
11981215
}
11991216
else
12001217
{
12011218
finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
12021219

12031220
if (is_write)
1204-
ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
1221+
ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0, ssl->encrypt_ctx);
12051222
else
1206-
ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
1223+
ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1, ssl->decrypt_ctx);
12071224
}
12081225

12091226
ssl->cipher_info = ciph_info;

0 commit comments

Comments
 (0)