Open
Bug 283763
Opened 19 years ago
Updated 1 year ago
memsets in libssl affect performance ; SSL buffer also starts too small
Categories
(NSS :: Libraries, enhancement, P2)
Tracking
(Not tracked)
NEW
People
(Reporter: julien.pierre, Unassigned)
Details
(Keywords: perf)
Attachments
(1 file, 1 obsolete file)
Performance profile data shows that several cleanup calls memset in libssl affect performance significantly. We may want to retain these memset calls for security purposes. However, when it's time for running benchmarks, these calls should be removed . We need to have a way to run the code less securely without them. This should probably be a runtime setting ... Another observation is that we call PORT_Realloc twice for really small amounts (from 79 to 86 to 150 bytes) in sslBuffer_Grow . We should increase the default minimum size to avoid those calls. I will attach a patch that addresses both of these issues.
Reporter | ||
Comment 1•19 years ago
|
||
Not meant to be checked in as is; the memset need a dynamic setting.
Reporter | ||
Updated•19 years ago
|
Severity: normal → enhancement
Priority: -- → P2
Target Milestone: --- → 3.10
Comment 2•19 years ago
|
||
Comment on attachment 175623 [details] [diff] [review] remove cleanup memset calls, and increase default SSL buffer size >+ newLen = PR_MAX(newLen, 18432); Would be nice to define a macro for the magic number 18432.
Comment 3•19 years ago
|
||
Comment on attachment 175623 [details] [diff] [review] remove cleanup memset calls, and increase default SSL buffer size Julien, Your patch removes two memsets, believing that they are only for "security" and not necessary for correctness. But one of them is needed for correctness. Both of these memsets clear structures that were separately malloc'ed at one time, but are now parts of the larger SSLSocket structure. That change was made to reduce malloc calls, which as you know is something we want to do MORE of. These memsets took the place of PORT_ZFree calls that preceeded that change. The second of these two removed memsets only occurs when the socket is being closed, and is only to prevent sensitive info from remaining in memory after close. But the first is used in a function that may be called repeatedly on an SSLSocket that is in use. It is called from SSL_ResetHandshake, and removing that memset stops SSL_ResetHandshake from working properly. When called from SSL_ResetHandshake, the first memset must be done. The first of the two modified functions is also called from the second, which means that the first memset is overlapped by the second one. I propose adding an argument to the first function, which is internal, that tells it whether or not to do that memset.
Comment 4•19 years ago
|
||
Comment on attachment 175623 [details] [diff] [review] remove cleanup memset calls, and increase default SSL buffer size BTW, the comment just above function ssl_DestroySecurityInfo is incorrect. It is not called from SSL_ResetHandshake. It is the previous function that is called from SSL_ResetHandshake. So, when this bug is fixed, that comment should be fixed too. > /* > ** Called from SSL_ResetHandshake (above), and > ** from ssl_FreeSocket in sslsock.c
Attachment #175623 -
Flags: review-
Reporter | ||
Comment 5•19 years ago
|
||
still not for checkin
Attachment #175623 -
Attachment is obsolete: true
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•18 years ago
|
QA Contact: jason.m.reid → libraries
Comment 7•17 years ago
|
||
remove target milestone, since the target was missed.
Target Milestone: 3.11 → ---
Updated•2 years ago
|
Severity: normal → S3
Comment 8•2 years ago
|
||
The bug assignee is inactive on Bugzilla, and this bug has priority 'P2'.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee: nelson → nobody
Flags: needinfo?(bbeurdouche)
Comment 9•1 year ago
|
||
We have modified the bot to only consider P1 as high priority, so I'm cancelling the needinfo here.
Flags: needinfo?(bbeurdouche)
You need to log in
before you can comment on or make changes to this bug.
Description
•