On 9/27/2010 4:13 PM, Scott Neugroschl wrote:
As David said, yes. On the other hand, you could re-implement malloc() and free() for your platform.
There's really no way to make that help very much. It might help a little, but the fundamental problem is this:
If you want to implement each 'malloc' so that a later 'free' can return the memory to the operating system, you can. But that requires rounding up even small allocations to at least a page, which increases your memory footprint.
If you don't implement each 'malloc' that way, you still wind up with the problem that one small allocation that has not been freed in the middle of a bunch of larger allocations that have been freed prevents you from returning any of the memory used by the larger allocations to the operating system.
Generally, what you need are algorithms designed for low memory footprint and a way to 'group' allocations that will tend to be freed as a unit (such as those related to a single SSL session) such that when they are all freed, the memory can be returned to the OS. OpenSSL simply is not designed this way.
You could probably hack OpenSSL to pass a pointer to a session object to calls to malloc/free (perhaps using TSD) and use that TSD pointer as an allocation context. That might increase the chances that the whole allocation context is freed. It may even be sufficient (or at least helpful) just to hook all OpenSSL calls to malloc/free and process them from their own arena.
DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
