GitList
Browse code

tls_wolfssl: memory handling cleanup

Set memory allocators to align up to 16-bytes

S-P Chan authored on 18/06/2022 03:11:36
Showing 2 changed files
src/modules/tls_wolfssl/tls_init.c
History View file @ 20d0b2211e
... ... 
@@ -216,26 +216,49 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
216 216
217 217 
 #else /*TLS_MALLOC_DBG */
218 218
219 
+// up align memory allocations to 16 bytes for
220 
+// wolfSSL --enable-aligndata=yes (the default)
221 
+static const int MAX_ALIGN = __alignof__(max_align_t);
219 222
220 
-static void* ser_malloc(size_t size, const char *fname, int fline)
223 
+static void* ser_malloc(size_t size)
221 224 
 {
222 
-	return shm_malloc(size);
223 
-}
225 
+	char* ptr =  shm_malloc(size + 2*MAX_ALIGN);
226 
+	int pad = MAX_ALIGN - ((long) ptr % MAX_ALIGN);
227 
+
228 
+	*(size_t*)ptr = size;
224 229
230 
+	memset(ptr + MAX_ALIGN, pad, pad);
231 
+	return ptr + MAX_ALIGN + pad;
232 
+}
225 233
226 
-static void* ser_realloc(void *ptr, size_t size, const char *fname, int fline)
234 
+static void* ser_realloc(void *ptr, size_t new_size)
227 235 
 {
228 
-	return shm_realloc(ptr, size);
236 
+	if(!ptr) return ser_malloc(new_size);
237 
+
238 
+	int pad = *((unsigned char*)ptr - 1);
239 
+	unsigned char *real_ptr = (unsigned char*)ptr - pad - MAX_ALIGN;
240 
+	int size = *(size_t*)real_ptr;
241 
+
242 
+	char *new_ptr = shm_realloc(real_ptr, new_size+2*MAX_ALIGN);
243 
+	*(size_t*)new_ptr = new_size;
244 
+	int new_pad = MAX_ALIGN - ((long) new_ptr % MAX_ALIGN);
245 
+	if (new_pad != pad) {
246 
+		memmove(new_ptr + MAX_ALIGN + new_pad, new_ptr + MAX_ALIGN + pad, size);
247 
+		memset(new_ptr + MAX_ALIGN, new_pad, new_pad);
248 
+	}
249 
+
250 
+	return new_ptr + MAX_ALIGN + new_pad;
229 251 
 }
252 
+#endif /* LIBRESSL_VERSION_NUMBER */
230 253
231 
-static void ser_free(void *ptr, const char *fname, int fline)
254 
+static void ser_free(void *ptr)
232 255 
 {
233 256 
 	if (ptr) {
234 
-		shm_free(ptr);
257 
+		int pad = *((unsigned char *)ptr - 1);
258 
+		shm_free((unsigned char*)ptr - pad  - MAX_ALIGN);
235 259 
 	}
236 260 
 }
237 261
238 
-#endif /* LIBRESSL_VERSION_NUMBER */
239 262
240 263 
 /*
241 264 
  * Initialize TLS socket
... ... 
@@ -366,11 +389,7 @@ int tls_pre_init(void)
366 389 
 	mf = NULL;
367 390 
 	rf = NULL;
368 391 
 	ff = NULL;
369 
-#ifdef TLS_MALLOC_DBG
370 
-	if (!CRYPTO_set_mem_ex_functions(ser_malloc, ser_realloc, ser_free)) {
371 
-#else
372 
-	if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
373 
-#endif
392 
+	if (wolfSSL_SetAllocators(ser_malloc, ser_free, ser_realloc)) {
374 393 
 		LM_ERR("Unable to set the memory allocation functions\n");
375 394 
 		// CRYPTO_get_mem_functions(&mf, &rf, &ff);
376 395 
 		LM_ERR("libssl current mem functions - m: %p r: %p f: %p\n",
... ... 
@@ -412,108 +431,12 @@ int tls_h_mod_pre_init_f(void)
412 431 
  */
413 432 
 int tls_h_mod_init_f(void)
414 433 
 {
415 
-	/*struct socket_info* si;*/
416 
-	long ssl_version;
417 
-	const char *ssl_version_txt;
418 
-	int low_mem_threshold1;
419 
-	int low_mem_threshold2;
420 
-	str tls_grp;
421 
-	str s;
422 
-	cfg_ctx_t* cfg_ctx;
423 
-
424 434 
 	if(tls_mod_initialized == 1) {
425 435 
 		LM_DBG("already initialized\n");
426 436 
 		return 0;
427 437 
 	}
428 438 
 	LM_DBG("initializing tls system\n");
429 439
430 
-	ssl_version=wolfSSL_OpenSSL_version_num();
431 
-	ssl_version_txt=wolfSSL_OpenSSL_version(OPENSSL_VERSION);
432 
-
433 
-	/* check if version have the same major minor and fix level
434 
-	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
435 
-	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
436 
-	 *   0x00090705f == 0.9.7e release */
437 
-	if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){
438 
-		LM_CRIT("installed openssl library"
439 
-				" version is too different from the library the " NAME " tls"
440 
-				" module was compiled with: installed \"%s\" (0x%08lx),"
441 
-				" compiled \"%s\" (0x%08lx).\n"
442 
-				" Please make sure a compatible version is used"
443 
-				" (tls_force_run in kamailio.cfg will override this check)\n",
444 
-				ssl_version_txt, ssl_version,
445 
-				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
446 
-		if (cfg_get(tls, tls_cfg, force_run))
447 
-			LM_WARN("tls_force_run turned on, ignoring "
448 
-					" openssl version mismatch\n");
449 
-		else
450 
-			return -1; /* safer to exit */
451 
-	}
452 
-
453 
-	/* check kerberos support using compile flags only for version < 1.1.0 */
454 
-
455 
-	/* set free memory threshold for openssl bug #1491 workaround */
456 
-	low_mem_threshold1 = cfg_get(tls, tls_cfg, low_mem_threshold1);
457 
-	low_mem_threshold2 = cfg_get(tls, tls_cfg, low_mem_threshold2);
458 
-	if (low_mem_threshold1<0){
459 
-		/* default */
460 
-		low_mem_threshold1=512*1024*get_max_procs();
461 
-	}else
462 
-		low_mem_threshold1*=1024; /* KB */
463 
-	if (low_mem_threshold2<0){
464 
-		/* default */
465 
-		low_mem_threshold2=256*1024*get_max_procs();
466 
-	}else
467 
-		low_mem_threshold2*=1024; /* KB */
468 
-
469 
-#if 0
470 
-	if ((low_mem_threshold1==0) || (low_mem_threshold2==0))
471 
-	 LM_WARN("tls: openssl bug #1491 (crash/mem leaks on low memory)"
472 
-				" workaround disabled\n");
473 
-	else
474 
-		LM_WARN("openssl bug #1491 (crash/mem leaks on low memory)"
475 
-				" workaround enabled (on low memory tls operations will fail"
476 
-				" preemptively) with free memory thresholds %d and %d bytes\n",
477 
-				low_mem_threshold1, low_mem_threshold2);
478 
-#endif
479 
-
480 
-	if (shm_available()==(unsigned long)(-1)){
481 
-		LM_WARN(NAME " is compiled without MALLOC_STATS support:"
482 
-				" the workaround for low mem. openssl bugs will _not_ "
483 
-				"work\n");
484 
-		low_mem_threshold1=0;
485 
-		low_mem_threshold2=0;
486 
-	}
487 
-	if ((low_mem_threshold1 != cfg_get(tls, tls_cfg, low_mem_threshold1))
488 
-			|| (low_mem_threshold2
489 
-				!= cfg_get(tls, tls_cfg, low_mem_threshold2))) {
490 
-		/* ugly hack to set the initial values for the mem tresholds */
491 
-		if (cfg_register_ctx(&cfg_ctx, 0)) {
492 
-			LM_ERR("failed to register cfg context\n");
493 
-			return -1;
494 
-		}
495 
-		tls_grp.s = "tls";
496 
-		tls_grp.len = strlen(tls_grp.s);
497 
-		s.s = "low_mem_threshold1";
498 
-		s.len = strlen(s.s);
499 
-		if (low_mem_threshold1 != cfg_get(tls, tls_cfg, low_mem_threshold1) &&
500 
-				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s,
501 
-					low_mem_threshold1)) {
502 
-			LM_ERR("failed to set tls.low_mem_threshold1 to %d\n",
503 
-					low_mem_threshold1);
504 
-			return -1;
505 
-		}
506 
-		s.s = "low_mem_threshold2";
507 
-		s.len = strlen(s.s);
508 
-		if (low_mem_threshold2 != cfg_get(tls, tls_cfg, low_mem_threshold2) &&
509 
-				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s,
510 
-					low_mem_threshold2)) {
511 
-			LM_ERR("failed to set tls.low_mem_threshold1 to %d\n",
512 
-					low_mem_threshold2);
513 
-			return -1;
514 
-		}
515 
-	}
516 
-
517 440 
 	init_ssl_methods();
518 441 
 	tls_mod_initialized = 1;
519 442 
 	return 0;
src/modules/tls_wolfssl/tls_server.c
History View file @ 20d0b2211e
... ... 
@@ -65,14 +65,6 @@
65 65
66 66 
 int tls_run_event_routes(struct tcp_connection *c);
67 67
68 
-/* low memory treshold for openssl bug #1491 workaround */
69 
-#define LOW_MEM_NEW_CONNECTION_TEST() \
70 
-	(cfg_get(tls, tls_cfg, low_mem_threshold1) && \
71 
-		(shm_available_safe() < cfg_get(tls, tls_cfg, low_mem_threshold1)))
72 
-#define LOW_MEM_CONNECTED_TEST() \
73 
-	(cfg_get(tls, tls_cfg, low_mem_threshold2) && \
74 
-		(shm_available_safe() <  cfg_get(tls, tls_cfg, low_mem_threshold2)))
75 
-
76 68 
 #define TLS_RD_MBUF_SZ	65536
77 69 
 #define TLS_WR_MBUF_SZ	65536
78 70
... ... 
@@ -238,12 +230,6 @@ static int tls_complete_init(struct tcp_connection* c)
238 230 
 	str *sname = NULL;
239 231 
 	str *srvid = NULL;
240 232
241 
-	if (LOW_MEM_NEW_CONNECTION_TEST()){
242 
-		ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
243 
-				" operation: shm=%lu threshold1=%d\n", shm_available_safe(),
244 
-				cfg_get(tls, tls_cfg, low_mem_threshold1));
245 
-		goto error2;
246 
-	}
247 233 
 	/* Get current TLS configuration and increase reference
248 234 
 	 * count immediately.
249 235 
 	 */
... ... 
@@ -341,11 +327,6 @@ static int tls_fix_connection_unsafe(struct tcp_connection* c)
341 327 
 		if (unlikely(tls_complete_init(c) < 0)) {
342 328 
 			return -1;
343 329 
 		}
344 
-	}else if (unlikely(LOW_MEM_CONNECTED_TEST())){
345 
-		ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
346 
-				" operation: shm=%lu threshold2=%d\n", shm_available_safe(),
347 
-				cfg_get(tls, tls_cfg, low_mem_threshold2));
348 
-		return -1;
349 330 
 	}
350 331 
 	return 0;
351 332 
 }
... ... 
@@ -372,12 +353,6 @@ static int tls_fix_connection(struct tcp_connection* c)
372 353 
 			}
373 354 
 		lock_release(&c->write_lock);
374 355 
 	}
375 
-	if (unlikely(LOW_MEM_CONNECTED_TEST())){
376 
-		ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
377 
-				" operation: shm=%lu threshold2=%d\n", shm_available_safe(),
378 
-				cfg_get(tls, tls_cfg, low_mem_threshold2));
379 
-		return -1;
380 
-	}
381 356 
 	return 0;
382 357 
 }
383 358
... ... 
@@ -575,12 +550,6 @@ static int tls_shutdown(struct tcp_connection *c)
575 550 
 	 * if the connection is not fully initialized */
576 551 
 	if (unlikely(tls_c->state != S_TLS_ESTABLISHED))
577 552 
 		return 0;
578 
-	if (unlikely(LOW_MEM_CONNECTED_TEST())){
579 
-		ERR("tls: ssl bug #1491 workaround: not enough memory for safe"
580 
-				" operation: shm=%lu threshold2=%d\n", shm_available_safe(),
581 
-				cfg_get(tls, tls_cfg, low_mem_threshold2));
582 
-		goto err;
583 
-	}
584 553
585 554 
 	ret = wolfSSL_shutdown(ssl);
586 555 
 	if (ret == 1) {