kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Always enable SSL_MODE_RELEASE_BUFFERS.

Browse Source 
There's no real need to ever disable it, so this is one fewer configuration to
test. It's still disabled for DTLS, but a follow-up will resolve that.

Change-Id: Ia95ad8c17ae8236ada516b3968a81c684bf37fd9
Reviewed-on: https://boringssl-review.googlesource.com/4683
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-05-08 22:20:04 -04:00 committed by Adam Langley
parent c561aa64b6
commit aebefed905
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/openssl/ssl.h
View File

@ -523,14 +523,11 @@ struct ssl_session_st {
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
/* Don't attempt to automatically build certificate chain */ /* Don't attempt to automatically build certificate chain */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
* TLS only.) "Released" buffers are put onto a free-list in the context or
* just freed (depending on the context's setting for freelist_max_len). */
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
/* The following flags do nothing and are included only to make it easier to /* The following flags do nothing and are included only to make it easier to
* compile code with BoringSSL. */ * compile code with BoringSSL. */
#define SSL_MODE_AUTO_RETRY 0 #define SSL_MODE_AUTO_RETRY 0
#define SSL_MODE_RELEASE_BUFFERS 0
/* Send the current time in the Random fields of the ClientHello and /* Send the current time in the Random fields of the ClientHello and
* ServerHello records for compatibility with hypothetical implementations that * ServerHello records for compatibility with hypothetical implementations that

11
ssl/s3_pkt.c
View File

@ -232,8 +232,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) {
if (i <= 0) { if (i <= 0) {
rb->left = left; rb->left = left;
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s) && if (!SSL_IS_DTLS(s) && len + left == 0) {
len + left == 0) {
ssl3_release_read_buffer(s); ssl3_release_read_buffer(s);
} }
return i; return i;
@ -673,15 +672,15 @@ int ssl3_write_pending(SSL *s, int type, const uint8_t *buf, unsigned int len) {
if (i == wb->left) { if (i == wb->left) {
wb->left = 0; wb->left = 0;
wb->offset += i; wb->offset += i;
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) { if (!SSL_IS_DTLS(s)) {
ssl3_release_write_buffer(s); ssl3_release_write_buffer(s);
} }
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
return s->s3->wpend_ret; return s->s3->wpend_ret;
} else if (i <= 0) { } else if (i <= 0) {
if (SSL_IS_DTLS(s)) { if (SSL_IS_DTLS(s)) {
/* For DTLS, just drop it. That's kind of the whole /* For DTLS, just drop it. That's kind of the whole point in
point in using a datagram service */ * using a datagram service */
wb->left = 0; wb->left = 0;
} }
return i; return i;
@ -868,7 +867,7 @@ start:
if (rr->length == 0) { if (rr->length == 0) {
s->rstate = SSL_ST_READ_HEADER; s->rstate = SSL_ST_READ_HEADER;
rr->off = 0; rr->off = 0;
if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) { if (s->s3->rbuf.left == 0) {
ssl3_release_read_buffer(s); ssl3_release_read_buffer(s);
} }
} }