From ecfef0eeb9b52f6d75b4aa936a1e11e6d8e678e3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 18 Feb 2018 16:51:06 +0100 Subject: [PATCH] Reduce memory allocations due to HMAC() and EVP_MD_*(). HMAC() allocates a temporary buffer on the heap each time it is called. Similarly, we called EVP_MD_CTX_create() every time we wanted to calculate a hash. Use HMAC_CTX and EVP_MD_CTX variables to store the state so no (re)allocations are necessary. HMAC() was called for every legacy packet sent and received. This issue was found thanks to heaptrack. --- src/openssl/digest.c | 40 ++++++++++++++++++++++++++-------------- src/openssl/digest.h | 4 ++-- 2 files changed, 28 insertions(+), 16 deletions(-) diff --git a/src/openssl/digest.c b/src/openssl/digest.c index 9c3ab1e..d51dcaa 100644 --- a/src/openssl/digest.c +++ b/src/openssl/digest.c @@ -66,9 +66,13 @@ digest_t *digest_open_by_nid(int nid, int maclength) { } bool digest_set_key(digest_t *digest, const void *key, size_t len) { - digest->key = xrealloc(digest->key, len); - memcpy(digest->key, key, len); - digest->keylength = len; + digest->hmac_ctx = HMAC_CTX_new(); + HMAC_Init_ex(digest->hmac_ctx, key, len, digest->digest, NULL); + + if(!digest->hmac_ctx) { + abort(); + } + return true; } @@ -77,7 +81,14 @@ void digest_close(digest_t *digest) { return; } - free(digest->key); + if(digest->md_ctx) { + EVP_MD_CTX_destroy(digest->md_ctx); + } + + if(digest->hmac_ctx) { + HMAC_CTX_free(digest->hmac_ctx); + } + free(digest); } @@ -85,27 +96,28 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out size_t len = EVP_MD_size(digest->digest); unsigned char tmpdata[len]; - if(digest->key) { - if(!HMAC(digest->digest, digest->key, digest->keylength, indata, inlen, tmpdata, NULL)) { + if(digest->hmac_ctx) { + if(!HMAC_Init_ex(digest->hmac_ctx, NULL, 0, NULL, NULL) + || !HMAC_Update(digest->hmac_ctx, indata, inlen) + || !HMAC_Final(digest->hmac_ctx, tmpdata, NULL)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } } else { - EVP_MD_CTX *ctx = EVP_MD_CTX_create(); + if(!digest->md_ctx) { + digest->md_ctx = EVP_MD_CTX_create(); + } - if(!ctx) { + if(!digest->md_ctx) { abort(); } - if(!EVP_DigestInit(ctx, digest->digest) - || !EVP_DigestUpdate(ctx, indata, inlen) - || !EVP_DigestFinal(ctx, tmpdata, NULL)) { + if(!EVP_DigestInit(digest->md_ctx, digest->digest) + || !EVP_DigestUpdate(digest->md_ctx, indata, inlen) + || !EVP_DigestFinal(digest->md_ctx, tmpdata, NULL)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL)); - EVP_MD_CTX_destroy(ctx); return false; } - - EVP_MD_CTX_destroy(ctx); } memcpy(outdata, tmpdata, digest->maclength); diff --git a/src/openssl/digest.h b/src/openssl/digest.h index 1b1389d..d553977 100644 --- a/src/openssl/digest.h +++ b/src/openssl/digest.h @@ -24,9 +24,9 @@ struct digest { const EVP_MD *digest; + HMAC_CTX *hmac_ctx; + EVP_MD_CTX *md_ctx; int maclength; - int keylength; - char *key; }; #endif -- 2.25.1