From 5b4be7d2738de5874f2e302157a0b726fe7bd4a6 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Wed, 2 Mar 2016 15:34:15 +0300
Subject: [PATCH] Reserve 16k fragment buffer only when it is actually
required.
This change reduces memory pressure when server response size fits into 6k buffer allocated by default.
---
ssl/tls1.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 8b53ee36a..e7b8319d0 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -259,11 +259,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
*/
EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
{
- int ret = increase_bm_data_size(ssl);
- if (ret != SSL_OK) {
- return ret;
- }
- ret = basic_read(ssl, in_data);
+ int ret = basic_read(ssl, in_data);
/* check for return code so we can send an alert */
if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
@@ -287,10 +283,6 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
{
int n = out_len, nw, i, tot = 0;
- int ret = increase_bm_data_size(ssl);
- if (ret != SSL_OK) {
- return ret;
- }
/* maximum size of a TLS packet is around 16kB, so fragment */
do
{
@@ -1293,9 +1285,21 @@ int basic_read(SSL *ssl, uint8_t **in_data)
/* do we violate the spec with the message size? */
if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
{
- ret = SSL_ERROR_INVALID_PROT_MSG;
printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
- goto error;
+ if (ssl->can_increase_data_size)
+ {
+ ret = increase_bm_data_size(ssl);
+ if (ret != SSL_OK)
+ {
+ ret = SSL_ERROR_INVALID_PROT_MSG;
+ goto error;
+ }
+ }
+ else
+ {
+ ret = SSL_ERROR_INVALID_PROT_MSG;
+ goto error;
+ }
}
CLR_SSL_FLAG(SSL_NEED_RECORD);