Didn't find any way to upload patch for review, so sending it to
openssl-dev mailing list.
This patch moves some tables from .data segment to .rodata and reduces RAM
usage when openssl is loaded into several instances of process.
It is related to this chromium bug:
http://code.google.com/p/chromium/issues/detail?id=249746
It might also help compiler optimizer in some cases.
Thanks,
Slava
commit b3c85c9c1607a7ddb9f50d99900eafd3bf3c442c
Author: Viatcheslav Ostapenko <sl.ostape...@samsung.com>
Date: Tue Jan 14 11:40:20 2014 -0500
Constify tables in openssl
Moves more than 10k from .data to .rodata .
Reduces RAM usage when openssl is used in multiple process
instances: http://code.google.com/p/chromium/issues/detail?id=249746
Also might help compiler optimizer.
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index f8e6729..257c2ea 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -107,7 +107,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
int max,min,dif;
- BN_ULONG *ap,*bp,*rp,carry,t1,t2;
+ const BN_ULONG *ap,*bp;
+ BN_ULONG *rp,carry,t1,t2;
const BIGNUM *tmp;
bn_check_top(a);
@@ -168,7 +169,8 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
int max,min,dif;
- register BN_ULONG t1,t2,*ap,*bp,*rp;
+ register BN_ULONG t1,t2,*rp;
+ register const BN_ULONG *ap,*bp;
int i,carry;
#if defined(IRIX_CC_BUG) && !defined(LINT)
int dummy;
diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
index 7ec7825..c4017b3 100644
--- a/crypto/srp/srp.h
+++ b/crypto/srp/srp.h
@@ -120,7 +120,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file);
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g);
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g);
#define SRP_NO_ERROR 0
diff --git a/crypto/srp/srp_grps.h b/crypto/srp/srp_grps.h
index 8e3c35e..f4c13c8 100644
--- a/crypto/srp/srp_grps.h
+++ b/crypto/srp/srp_grps.h
@@ -1,6 +1,6 @@
/* start of generated data */
-static BN_ULONG bn_group_1024_value[] = {
+static const BN_ULONG bn_group_1024_value[] = {
bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3),
bn_pack4(0xFD51,0x38FE,0x8376,0x435B),
bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A),
@@ -18,15 +18,15 @@ static BN_ULONG bn_group_1024_value[] = {
bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8),
bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6)
};
-static BIGNUM bn_group_1024 = {
- bn_group_1024_value,
+static const BIGNUM bn_group_1024 = {
+ (BN_ULONG*)bn_group_1024_value,
(sizeof bn_group_1024_value)/sizeof(BN_ULONG),
(sizeof bn_group_1024_value)/sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_group_1536_value[] = {
+static const BN_ULONG bn_group_1536_value[] = {
bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB),
bn_pack4(0x1518,0x0F93,0x499A,0x234D),
bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3),
@@ -52,15 +52,15 @@ static BN_ULONG bn_group_1536_value[] = {
bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB),
bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A)
};
-static BIGNUM bn_group_1536 = {
- bn_group_1536_value,
+static const BIGNUM bn_group_1536 = {
+ (BN_ULONG*)bn_group_1536_value,
(sizeof bn_group_1536_value)/sizeof(BN_ULONG),
(sizeof bn_group_1536_value)/sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_group_2048_value[] = {
+static const BN_ULONG bn_group_2048_value[] = {
bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73),
bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2),
bn_pack4(0x35DE,0x236D,0x525F,0x5475),
@@ -94,15 +94,15 @@ static BN_ULONG bn_group_2048_value[] = {
bn_pack4(0xF166,0xDE5E,0x1389,0x582F),
bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B)
};
-static BIGNUM bn_group_2048 = {
- bn_group_2048_value,
+static const BIGNUM bn_group_2048 = {
+ (BN_ULONG*)bn_group_2048_value,
(sizeof bn_group_2048_value)/sizeof(BN_ULONG),
(sizeof bn_group_2048_value)/sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_group_3072_value[] = {
+static const BN_ULONG bn_group_3072_value[] = {
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA),
bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
@@ -152,15 +152,15 @@ static BN_ULONG bn_group_3072_value[] = {
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
-static BIGNUM bn_group_3072 = {
- bn_group_3072_value,
+static const BIGNUM bn_group_3072 = {
+ (BN_ULONG*)bn_group_3072_value,
(sizeof bn_group_3072_value)/sizeof(BN_ULONG),
(sizeof bn_group_3072_value)/sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_group_4096_value[] = {
+static const BN_ULONG bn_group_4096_value[] = {
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0x4DF4,0x35C9,0x3406,0x3199),
bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
@@ -226,15 +226,15 @@ static BN_ULONG bn_group_4096_value[] = {
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
-static BIGNUM bn_group_4096 = {
- bn_group_4096_value,
+static const BIGNUM bn_group_4096 = {
+ (BN_ULONG*)bn_group_4096_value,
(sizeof bn_group_4096_value)/sizeof(BN_ULONG),
(sizeof bn_group_4096_value)/sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_group_6144_value[] = {
+static const BN_ULONG bn_group_6144_value[] = {
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0xE694,0xF91E,0x6DCC,0x4024),
bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
@@ -332,15 +332,15 @@ static BN_ULONG bn_group_6144_value[] = {
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
-static BIGNUM bn_group_6144 = {
- bn_group_6144_value,
+static const BIGNUM bn_group_6144 = {
+ (BN_ULONG*)bn_group_6144_value,
(sizeof bn_group_6144_value)/sizeof(BN_ULONG),
(sizeof bn_group_6144_value)/sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_group_8192_value[] = {
+static const BN_ULONG bn_group_8192_value[] = {
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF),
bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71),
@@ -470,47 +470,47 @@ static BN_ULONG bn_group_8192_value[] = {
bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
};
-static BIGNUM bn_group_8192 = {
- bn_group_8192_value,
+static const BIGNUM bn_group_8192 = {
+ (BN_ULONG*)bn_group_8192_value,
(sizeof bn_group_8192_value)/sizeof(BN_ULONG),
(sizeof bn_group_8192_value)/sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_generator_19_value[] = {19} ;
-static BIGNUM bn_generator_19 = {
- bn_generator_19_value,
+static const BN_ULONG bn_generator_19_value[] = {19} ;
+static const BIGNUM bn_generator_19 = {
+ (BN_ULONG*)bn_generator_19_value,
1,
1,
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_generator_5_value[] = {5} ;
-static BIGNUM bn_generator_5 = {
- bn_generator_5_value,
+static const BN_ULONG bn_generator_5_value[] = {5} ;
+static const BIGNUM bn_generator_5 = {
+ (BN_ULONG*)bn_generator_5_value,
1,
1,
0,
BN_FLG_STATIC_DATA
};
-static BN_ULONG bn_generator_2_value[] = {2} ;
-static BIGNUM bn_generator_2 = {
- bn_generator_2_value,
+static const BN_ULONG bn_generator_2_value[] = {2} ;
+static const BIGNUM bn_generator_2 = {
+ (BN_ULONG*)bn_generator_2_value,
1,
1,
0,
BN_FLG_STATIC_DATA
};
-static SRP_gN knowngN[] = {
- {"8192",&bn_generator_19 , &bn_group_8192},
- {"6144",&bn_generator_5 , &bn_group_6144},
- {"4096",&bn_generator_5 , &bn_group_4096},
- {"3072",&bn_generator_5 , &bn_group_3072},
- {"2048",&bn_generator_2 , &bn_group_2048},
- {"1536",&bn_generator_2 , &bn_group_1536},
- {"1024",&bn_generator_2 , &bn_group_1024},
+static const SRP_gN knowngN[] = {
+ {"8192",(BIGNUM*)&bn_generator_19 , (BIGNUM*)&bn_group_8192},
+ {"6144",(BIGNUM*)&bn_generator_5 , (BIGNUM*)&bn_group_6144},
+ {"4096",(BIGNUM*)&bn_generator_5 , (BIGNUM*)&bn_group_4096},
+ {"3072",(BIGNUM*)&bn_generator_5 , (BIGNUM*)&bn_group_3072},
+ {"2048",(BIGNUM*)&bn_generator_2 , (BIGNUM*)&bn_group_2048},
+ {"1536",(BIGNUM*)&bn_generator_2 , (BIGNUM*)&bn_group_1536},
+ {"1024",(BIGNUM*)&bn_generator_2 , (BIGNUM*)&bn_group_1024},
};
#define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 6889a6b..080606d 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -605,7 +605,7 @@ err:
/*
create a verifier (*salt,*verifier,g and N are BIGNUMs)
*/
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g)
{
int result=0;
BIGNUM *x = NULL;
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2b066e0..df29da5 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -72,7 +72,7 @@ static int dtls1_handshake_write(SSL *s);
const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
int dtls1_listen(SSL *s, struct sockaddr *client);
-SSL3_ENC_METHOD DTLSv1_enc_data={
+const SSL3_ENC_METHOD DTLSv1_enc_data={
tls1_enc,
tls1_mac,
tls1_setup_key_block,
@@ -91,7 +91,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data={
dtls1_handshake_write
};
-SSL3_ENC_METHOD DTLSv1_2_enc_data={
+const SSL3_ENC_METHOD DTLSv1_2_enc_data={
tls1_enc,
tls1_mac,
tls1_setup_key_block,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 5c8aa13..d738b2d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -162,7 +162,7 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
+OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[]={
/* The RSA ciphers */
/* Cipher 01 */
@@ -2903,7 +2903,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* end of list */
};
-SSL3_ENC_METHOD SSLv3_enc_data={
+const SSL3_ENC_METHOD SSLv3_enc_data={
ssl3_enc,
n_ssl3_mac,
ssl3_setup_key_block,
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 3c49a38..c2269e1 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -544,7 +544,7 @@ struct ssl_method_st
const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
const struct ssl_method_st *(*get_ssl_method)(int version);
long (*get_timeout)(void);
- struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+ const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
int (*ssl_version)(void);
long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3c7d54d..bcaafb7 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -162,7 +162,7 @@
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-SSL3_ENC_METHOD ssl3_undef_enc_method={
+const SSL3_ENC_METHOD ssl3_undef_enc_method={
/* evil casts, but these functions are only called if there's a library
bug */
(int (*)(SSL *,int))ssl_undefined_function,
(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c493f7e..aef92a6 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -761,19 +761,19 @@ typedef struct ssl3_buf_freelist_entry_st
} SSL3_BUF_FREELIST_ENTRY;
#endif
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+extern const SSL3_ENC_METHOD ssl3_undef_enc_method;
OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
+OPENSSL_EXTERN const SSL_CIPHER ssl3_ciphers[];
SSL_METHOD *ssl_bad_method(int ver);
-extern SSL3_ENC_METHOD TLSv1_enc_data;
-extern SSL3_ENC_METHOD TLSv1_1_enc_data;
-extern SSL3_ENC_METHOD TLSv1_2_enc_data;
-extern SSL3_ENC_METHOD SSLv3_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD SSLv3_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth, enc_data) \
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 628aee2..d720f9b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -127,7 +127,7 @@ static int ssl_check_clienthello_tlsext_early(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);
#endif
-SSL3_ENC_METHOD TLSv1_enc_data={
+const SSL3_ENC_METHOD TLSv1_enc_data={
tls1_enc,
tls1_mac,
tls1_setup_key_block,
@@ -146,7 +146,7 @@ SSL3_ENC_METHOD TLSv1_enc_data={
ssl3_handshake_write
};
-SSL3_ENC_METHOD TLSv1_1_enc_data={
+const SSL3_ENC_METHOD TLSv1_1_enc_data={
tls1_enc,
tls1_mac,
tls1_setup_key_block,
@@ -165,7 +165,7 @@ SSL3_ENC_METHOD TLSv1_1_enc_data={
ssl3_handshake_write
};
-SSL3_ENC_METHOD TLSv1_2_enc_data={
+const SSL3_ENC_METHOD TLSv1_2_enc_data={
tls1_enc,
tls1_mac,
tls1_setup_key_block,
@@ -218,7 +218,7 @@ void tls1_clear(SSL *s)
#ifndef OPENSSL_NO_EC
-static int nid_list[] =
+static const int nid_list[] =
{
NID_sect163k1, /* sect163k1 (1) */
NID_sect163r1, /* sect163r1 (2) */
@@ -864,7 +864,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int
set_ee_md)
tlsext_sigalg_dsa(md) \
tlsext_sigalg_ecdsa(md)
-static unsigned char tls12_sigalgs[] = {
+static const unsigned char tls12_sigalgs[] = {
#ifndef OPENSSL_NO_SHA512
tlsext_sigalg(TLSEXT_hash_sha512)
tlsext_sigalg(TLSEXT_hash_sha384)
@@ -878,7 +878,7 @@ static unsigned char tls12_sigalgs[] = {
#endif
};
#ifndef OPENSSL_NO_ECDSA
-static unsigned char suiteb_sigalgs[] = {
+static const unsigned char suiteb_sigalgs[] = {
tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
};
