Reduce memory footprint for NOTLS builds.

2016-01-07 09:20:09 +01:00 · 2016-01-07 09:20:09 +01:00 · 07ed037a00
parent 2fc326c0ce
commit 07ed037a00
6 changed files with 42 additions and 12 deletions
--- a/includes/kore.h
+++ b/includes/kore.h
@ -22,17 +22,24 @@
 #endif

 #include <sys/types.h>
+#include <sys/time.h>
 #include <sys/queue.h>

 #include <netinet/in.h>
 #include <arpa/inet.h>

+#if !defined(KORE_NO_TLS)
 #include <openssl/err.h>
 #include <openssl/dh.h>
 #include <openssl/ssl.h>
+#endif

 #include <errno.h>
 #include <regex.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
 #include <syslog.h>
 #include <unistd.h>

@ -159,11 +166,13 @@ struct connection {
 	u_int8_t		state;
 	u_int8_t		proto;
 	void			*owner;
+#if !defined(KORE_NO_TLS)
+	X509			*cert;
 	SSL			*ssl;
+	int			tls_reneg;
+#endif
 	u_int8_t		flags;
 	void			*hdlr_extra;
-	X509			*cert;
-	int			tls_reneg;

 	int			(*handle)(struct connection *);
 	void			(*disconnect)(struct connection *);
@ -283,12 +292,14 @@ struct kore_worker {

 struct kore_domain {
 	char					*domain;
-	char					*certfile;
-	char					*certkey;
+	int					accesslog;
+#if !defined(KORE_NO_TLS)
 	char					*cafile;
 	char					*crlfile;
-	int					accesslog;
+	char					*certfile;
+	char					*certkey;
 	SSL_CTX					*ssl_ctx;
+#endif
 	TAILQ_HEAD(, kore_module_handle)	handlers;
 	TAILQ_ENTRY(kore_domain)		list;
 };
@ -385,7 +396,10 @@ extern char	*kore_pidfile;
 extern char	*config_file;
 extern char	*kore_tls_cipher_list;
 extern int	tls_version;
+
+#if !defined(KORE_NO_TLS)
 extern DH	*tls_dhparam;
+#endif

 extern u_int8_t			nlisteners;
 extern u_int16_t		cpu_count;
@ -448,9 +462,11 @@ void		kore_timer_remove(struct kore_timer *);
 struct kore_timer	*kore_timer_add(void (*cb)(void *, u_int64_t),
 			    u_int64_t, void *, int);

-int		kore_tls_sni_cb(SSL *, int *, void *);
 int		kore_server_bind(const char *, const char *, const char *);
+#if !defined(KORE_NO_TLS)
+int		kore_tls_sni_cb(SSL *, int *, void *);
 void		kore_tls_info_callback(const SSL *, int, int);
+#endif

 void			kore_connection_init(void);
 void			kore_connection_prune(int);
--- a/src/accesslog.c
+++ b/src/accesslog.c
@ -32,7 +32,9 @@ struct kore_log_packet {
 	char		host[KORE_DOMAINNAME_LEN];
 	char		path[HTTP_URI_LEN];
 	char		agent[HTTP_USERAGENT_LEN];
+#if !defined(KORE_NO_TLS)
 	char		cn[X509_CN_LENGTH];
+#endif
 };

 void
@ -90,10 +92,11 @@ kore_accesslog_write(const void *data, u_int32_t len)
 		break;
 	}

+	cn = "none";
+#if !defined(KORE_NO_TLS)
 	if (logpacket.cn[0] != '\0')
 		cn = logpacket.cn;
-	else
-		cn = "none";
+#endif

 	if (inet_ntop(logpacket.addrtype, &(logpacket.addr),
 	    addr, sizeof(addr)) == NULL)
@ -157,8 +160,8 @@ kore_accesslog(struct http_request *req)
 		    sizeof(logpacket.agent));
 	}

-	memset(logpacket.cn, '\0', sizeof(logpacket.cn));
 #if !defined(KORE_NO_TLS)
+	memset(logpacket.cn, '\0', sizeof(logpacket.cn));
 	if (req->owner->cert != NULL) {
 		if (X509_GET_CN(req->owner->cert,
 		    logpacket.cn, sizeof(logpacket.cn)) == -1) {
--- a/src/cli.c
+++ b/src/cli.c
@ -920,7 +920,9 @@ cli_compile_cfile(void *arg)
 #if defined(KORE_NO_HTTP)
 	args[idx++] = "-DKORE_NO_HTTP";
 #endif
-
+#if defined(KORE_NO_TLS)
+	args[idx++] = "-DKORE_NO_TLS";
+#endif
 	args[idx++] = "-Wall";
 	args[idx++] = "-Wmissing-declarations";
 	args[idx++] = "-Wshadow";
--- a/src/connection.c
+++ b/src/connection.c
@ -45,13 +45,15 @@ kore_connection_new(void *owner)

 	c = kore_pool_get(&connection_pool);

+#if !defined(KORE_NO_TLS)
 	c->ssl = NULL;
+	c->cert = NULL;
+	c->tls_reneg = 0;
+#endif
 	c->flags = 0;
 	c->rnb = NULL;
 	c->snb = NULL;
-	c->cert = NULL;
 	c->owner = owner;
-	c->tls_reneg = 0;
 	c->handle = NULL;
 	c->disconnect = NULL;
 	c->hdlr_extra = NULL;
--- a/src/domain.c
+++ b/src/domain.c
@ -24,8 +24,11 @@

 struct kore_domain_h		domains;
 struct kore_domain		*primary_dom = NULL;
+
+#if !defined(KORE_NO_TLS)
 DH				*tls_dhparam = NULL;
 int				tls_version = KORE_TLS_VERSION_1_2;
+#endif

 static void	domain_load_crl(struct kore_domain *);

@ -51,11 +54,13 @@ kore_domain_new(char *domain)

 	dom = kore_malloc(sizeof(*dom));
 	dom->accesslog = -1;
+#if !defined(KORE_NO_TLS)
 	dom->cafile = NULL;
 	dom->certkey = NULL;
 	dom->ssl_ctx = NULL;
 	dom->certfile = NULL;
 	dom->crlfile = NULL;
+#endif
 	dom->domain = kore_strdup(domain);
 	TAILQ_INIT(&(dom->handlers));
 	TAILQ_INSERT_TAIL(&domains, dom, list);
--- a/src/websocket.c
+++ b/src/websocket.c
@ -16,6 +16,8 @@

 #include <sys/param.h>

+#include <openssl/sha.h>
+
 #include <limits.h>

 #include "kore.h"