Fix lhash implementation to avoid unwanted resizes during iteration.

patches.chromium/0006-fix_lhash_iteration.patch

+diff -burN android-openssl.org/crypto/conf/conf_api.c android-openssl/crypto/conf/conf_api.c
+--- android-openssl.org/crypto/conf/conf_api.c  2013-11-04 14:55:20.473482962 +0100
++++ android-openssl/crypto/conf/conf_api.c      2013-11-04 14:55:26.643552646 +0100
+@@ -225,9 +225,6 @@
+        {
+        if (conf == NULL || conf->data == NULL) return;
+ 
+-       lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make
+-                                 * sure the 'OPENSSL_free()' works as
+-                                 * expected */
+        lh_CONF_VALUE_doall_arg(conf->data,
+                                LHASH_DOALL_ARG_FN(value_free_hash),
+                                LHASH_OF(CONF_VALUE), conf->data);
+diff -burN android-openssl.org/crypto/lhash/lhash.c android-openssl/crypto/lhash/lhash.c
+--- android-openssl.org/crypto/lhash/lhash.c    2013-11-04 14:55:20.483483075 +0100
++++ android-openssl/crypto/lhash/lhash.c        2013-11-04 14:55:26.643552646 +0100
+@@ -94,6 +94,7 @@
+  *
+  * 1.0 eay - First version
+  */
++#include <limits.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
+@@ -107,6 +108,113 @@
+ #define UP_LOAD                (2*LH_LOAD_MULT) /* load times 256  (default 2) */
+ #define DOWN_LOAD      (LH_LOAD_MULT)   /* load times 256  (default 1) */
+ 
++/* Maximum number of nodes to guarantee the load computations don't overflow */
++#define MAX_LOAD_ITEMS   (UINT_MAX / LH_LOAD_MULT)
++
++/* The field 'iteration_state' is used to hold data to ensure that a hash
++ * table is not resized during an 'insert' or 'delete' operation performed
++ * within a lh_doall/lh_doall_arg call.
++ *
++ * Conceptually, this records two things:
++ *
++ *   - A 'depth' count, which is incremented at the start of lh_doall*,
++ *     and decremented just before it returns.
++ *
++ *   - A 'mutated' boolean flag, which is set in lh_insert() or lh_delete()
++ *     when the operation is performed with a non-0 depth.
++ *
++ * The following are helper macros to handle this state in a more explicit
++ * way.
++ */
++
++/* Reset the iteration state to its defaults. */
++#define LH_ITERATION_RESET(lh) do { \
++       (lh)->iteration_state = 0; \
++       } while (0)
++
++/* Returns 1 if the hash table is currently being iterated on, 0 otherwise. */
++#define LH_ITERATION_IS_ACTIVE(lh)  ((lh)->iteration_state >= 2)
++
++/* Increment iteration depth. This should always be followed by a paired call
++ * to LH_ITERATION_DECREMENT_DEPTH(). */
++#define LH_ITERATION_INCREMENT_DEPTH(lh) do { \
++       (lh)->iteration_state += 2; \
++       } while (0)
++
++/* Decrement iteration depth. This should always be called after a paired call
++ * to LH_ITERATION_INCREMENT_DEPTH(). */
++#define LH_ITERATION_DECREMENT_DEPTH(lh) do { \
++       (lh)->iteration_state -= 2; \
++       } while (0)
++
++/* Return 1 if the iteration 'mutated' flag is set, 0 otherwise. */
++#define LH_ITERATION_IS_MUTATED(lh) (((lh)->iteration_state & 1) != 0)
++
++/* Set the iteration 'mutated' flag to 1. LH_ITERATION_RESET() to reset it. */
++#define LH_ITERATION_SET_MUTATED(lh) do { \
++       (lh)->iteration_state |= 1; \
++       } while (0)
++
++/* This macros returns 1 if the hash table should be expanded due to its current
++ * load, or 0 otherwise. The exact comparison to be performed is expressed by
++ * the mathematical expression (where '//' denotes the exact division operation):
++ *
++ *      (num_items // num_nodes) >= (up_load // LOAD_MULT)    or
++ *      (num_items * LOAD_MULT // num_nodes) >= up_load.
++ *
++ * Given that the C language operator '/' implements integer division, i.e:
++ *     a // b == (a / b) + epsilon  (with 0 <= epsilon < 1, for positive a & b)
++ *
++ * This can be rewritten as:
++ *     (num_items * LOAD_MULT / num_nodes) + epsilon >= up_load
++ *     (num_items * LOAD_MULT / num_nodes) - up_load >= - epsilon
++ *
++ * Let's call 'A' the left-hand side of the equation above, it is an integer
++ * and:
++ *     - If A >= 0, the expression is true for any value of epsilon.
++ *     - If A <= -1, the expression is also true for any value of epsilon.
++ *
++ * In other words, this is equivalent to 'A >= 0', or:
++ *     (num_items * LOAD_MULT / num_nodes) >= up_load
++ */
++#define LH_SHOULD_EXPAND(lh) \
++       ((lh)->num_items < MAX_LOAD_ITEMS && \
++        (((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) >= (lh)->up_load))
++
++/* This macro returns 1 if the hash table should be contracted due to its
++ * current load, or 0 otherwise. Abbreviated computations are:
++ *
++ *    (num_items // num_nodes) <= (down_load // LOAD_MULT)
++ *    (num_items * LOAD_MULT // num_nodes) <= down_load
++ *    (num_items * LOAD_MULT / num_nodes) + epsilon <= down_load
++ *    (num_items * LOAD_MULT / num_nodes) - down_load <= -epsilon
++ *
++ * Let's call 'B' the left-hand side of the equation above:
++ *    - If B <= -1, the expression is true for any value of epsilon.
++ *    - If B >= 1, the expression is false for any value of epsilon.
++ *    - If B == 0, the expression is true for 'epsilon == 0', and false
++ *      otherwise, which is problematic.
++ *
++ * To work around this problem, while keeping the code simple, just change
++ * the initial expression to use a strict inequality, i.e.:
++ *
++ *    (num_items // num_nodes) < (down_load // LOAD_MULT)
++ *
++ * Which leads to:
++ *    (num_items * LOAD_MULT / num_nodes) - down_load < -epsilon
++ *
++ * Then:
++ *    - If 'B <= -1', the expression is true for any value of epsilon.
++ *    - If 'B' >= 0, the expression is false for any value of epsilon,
++ *
++ * In other words, this is equivalent to 'B < 0', or:
++ *     (num_items * LOAD_MULT / num_nodes) < down_load
++ */
++#define LH_SHOULD_CONTRACT(lh) \
++       (((lh)->num_nodes > MIN_NODES) && \
++        ((lh)->num_items < MAX_LOAD_ITEMS && \
++        ((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) < (lh)->down_load))
++
+ static void expand(_LHASH *lh);
+ static void contract(_LHASH *lh);
+ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
+@@ -147,6 +255,7 @@
+        ret->num_hash_comps=0;
+ 
+        ret->error=0;
++       LH_ITERATION_RESET(ret);
+        return(ret);
+ err1:
+        OPENSSL_free(ret);
+@@ -183,7 +292,10 @@
+        void *ret;
+ 
+        lh->error=0;
+-       if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
++       /* Do not expand the array if the table is being iterated on. */
++       if (LH_ITERATION_IS_ACTIVE(lh))
++               LH_ITERATION_SET_MUTATED(lh);
++       else if (LH_SHOULD_EXPAND(lh))
+                expand(lh);
+ 
+        rn=getrn(lh,data,&hash);
+@@ -238,8 +350,10 @@
+                }
+ 
+        lh->num_items--;
+-       if ((lh->num_nodes > MIN_NODES) &&
+-               (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
++       /* Do not contract the array if the table is being iterated on. */
++       if (LH_ITERATION_IS_ACTIVE(lh))
++               LH_ITERATION_SET_MUTATED(lh);
++       else if (LH_SHOULD_CONTRACT(lh))
+                contract(lh);
+ 
+        return(ret);
+@@ -276,6 +390,7 @@
+        if (lh == NULL)
+                return;
+ 
++       LH_ITERATION_INCREMENT_DEPTH(lh);
+        /* reverse the order so we search from 'top to bottom'
+         * We were having memory leaks otherwise */
+        for (i=lh->num_nodes-1; i>=0; i--)
+@@ -295,6 +410,19 @@
+                        a=n;
+                        }
+                }
++
++       LH_ITERATION_DECREMENT_DEPTH(lh);
++       if (!LH_ITERATION_IS_ACTIVE(lh) && LH_ITERATION_IS_MUTATED(lh))
++               {
++               LH_ITERATION_RESET(lh);
++               /* Resize the buckets array if necessary. Each expand() or
++                * contract() call will double/halve the size of the array,
++                * respectively, so call them in a loop. */
++               while (LH_SHOULD_EXPAND(lh))
++                       expand(lh);
++               while (LH_SHOULD_CONTRACT(lh))
++                       contract(lh);
++               }
+        }
+ 
+ void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
+diff -burN android-openssl.org/crypto/lhash/lhash.h android-openssl/crypto/lhash/lhash.h
+--- android-openssl.org/crypto/lhash/lhash.h    2013-11-04 14:55:20.483483075 +0100
++++ android-openssl/crypto/lhash/lhash.h        2013-11-04 14:55:26.643552646 +0100
+@@ -163,6 +163,7 @@
+        unsigned long num_hash_comps;
+ 
+        int error;
++       int iteration_state;
+        } _LHASH;       /* Do not use _LHASH directly, use LHASH_OF
+                         * and friends */
+ 
+diff -burN android-openssl.org/crypto/objects/obj_dat.c android-openssl/crypto/objects/obj_dat.c
+--- android-openssl.org/crypto/objects/obj_dat.c        2013-11-04 14:55:20.493483188 +0100
++++ android-openssl/crypto/objects/obj_dat.c    2013-11-04 14:55:26.643552646 +0100
+@@ -227,7 +227,6 @@
+                return ;
+                }
+        if (added == NULL) return;
+-       lh_ADDED_OBJ_down_load(added) = 0;
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
+diff -burN android-openssl.org/crypto/objects/o_names.c android-openssl/crypto/objects/o_names.c
+--- android-openssl.org/crypto/objects/o_names.c        2013-11-04 14:55:20.493483188 +0100
++++ android-openssl/crypto/objects/o_names.c    2013-11-04 14:55:26.643552646 +0100
+@@ -350,13 +350,9 @@
+ 
+ void OBJ_NAME_cleanup(int type)
+        {
+-       unsigned long down_load;
+-
+        if (names_lh == NULL) return;
+ 
+        free_type=type;
+-       down_load=lh_OBJ_NAME_down_load(names_lh);
+-       lh_OBJ_NAME_down_load(names_lh)=0;
+ 
+        lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
+        if (type < 0)
+@@ -366,7 +362,5 @@
+                names_lh=NULL;
+                name_funcs_stack = NULL;
+                }
+-       else
+-               lh_OBJ_NAME_down_load(names_lh)=down_load;
+        }
+ 
+diff -burN android-openssl.org/include/openssl/lhash.h android-openssl/include/openssl/lhash.h
+--- android-openssl.org/include/openssl/lhash.h 2013-11-04 14:55:20.503483301 +0100
++++ android-openssl/include/openssl/lhash.h     2013-11-04 14:55:26.643552646 +0100
+@@ -163,6 +163,7 @@
+        unsigned long num_hash_comps;
+ 
+        int error;
++       int iteration_state;
+        } _LHASH;       /* Do not use _LHASH directly, use LHASH_OF
+                         * and friends */
+ 
+diff -burN android-openssl.org/openssl.config android-openssl/openssl.config
+--- android-openssl.org/openssl.config  2013-11-04 14:55:20.503483301 +0100
++++ android-openssl/openssl.config      2013-11-04 14:59:05.916037366 +0100
+@@ -997,6 +997,7 @@
+ fix_clang_build.patch \
+ x509_hash_name_algorithm_change.patch \
+ reduce_client_hello_size.patch \
++fix_lhash_iteration.patch \
+ "
+ 
+ OPENSSL_PATCHES_progs_SOURCES="\
+@@ -1060,3 +1061,14 @@
+ OPENSSL_PATCHES_reduce_client_hello_size_SOURCES="\
+ ssl/t1_lib.c \
+ "
++
++OPENSSL_PATCHES_fix_lhash_iteration_SOURCES="\
++crypto/conf/conf_api.c
++crypto/lhash/lhash.c
++crypto/lhash/lhash.h
++crypto/objects/obj_dat.c
++crypto/objects/o_names.c
++include/openssl/lhash.h
++ssl/ssl_sess.c
++"
++
+diff -burN android-openssl.org/patches/fix_lhash_iteration.patch android-openssl/patches/fix_lhash_iteration.patch
+--- android-openssl.org/patches/fix_lhash_iteration.patch       1970-01-01 01:00:00.000000000 +0100
++++ android-openssl/patches/fix_lhash_iteration.patch   2013-11-04 14:55:26.643552646 +0100
+@@ -0,0 +1,326 @@
++From 84726440ecdd3ecd0c3d8571cc6a50bad769b5b8 Mon Sep 17 00:00:00 2001
++From: David 'Digit' Turner <digit@android.com>
++Date: Tue, 29 Oct 2013 18:40:45 +0100
++Subject: Ensure iterating over a lhash table prevents unwanted resizes.
++
++This patch modifies the implementation of lhash tables to ensure
++that deleting or inserting items during a lh_doall or lh_doall_arg
++call will not unexpectedly resize the buckets array, leading to
++undefined behaviour.
++
++This is done by adding a new field ('iteration_state') to the
++lhash_st structure. Note that the field is placed at the end
++of the structure to preserve the OpenSSL ABI [1]
++
++This also removes the 'evil' changes to the 'down_load' field,
++which were performed to prevent this. Unfortunately, this didn't
++work due to an incorrect load-comparison computation is
++lh_delete() [2]
++
++[1] Since all _LHASH objects are heap-allocated through lh_new(),
++    client code that accesses fields directly will not be
++    impacted if their offsets do not change.
++
++[2] The original code used the following expression to determine
++    when to contract the table during a lh_delete() operation:
++
++       down_load >= (num_items * LOAD_MULT / num_nodes)
++
++    Unfortunately, due to truncation towards zero, this could
++    trigger even when down_load was set to 0 in certain cases.
++    See the comments for the LH_SHOULD_CONTRACT() macro for
++    more explanations.
++
++Change-Id: I9fa5b84c5d787d41fd520b63f7e641cf22fbb5b6
++---
++ crypto/conf/conf_api.c   |   3 --
++ crypto/lhash/lhash.c     | 134 +++++++++++++++++++++++++++++++++++++++++++++--
++ crypto/lhash/lhash.h     |   3 +-
++ crypto/objects/o_names.c |   6 ---
++ crypto/objects/obj_dat.c |   1 -
++ include/openssl/lhash.h  |   1 +
++ ssl/ssl_sess.c           |   3 --
++ 7 files changed, 134 insertions(+), 17 deletions(-)
++
++diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
++index f5fcbb9..9a37bd4 100644
++--- a/crypto/conf/conf_api.c
+++++ b/crypto/conf/conf_api.c
++@@ -225,9 +225,6 @@ void _CONF_free_data(CONF *conf)
++       {
++       if (conf == NULL || conf->data == NULL) return;
++ 
++-      lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make
++-                                * sure the 'OPENSSL_free()' works as
++-                                * expected */
++       lh_CONF_VALUE_doall_arg(conf->data,
++                               LHASH_DOALL_ARG_FN(value_free_hash),
++                               LHASH_OF(CONF_VALUE), conf->data);
++diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
++index 47f7480..6278c54 100644
++--- a/crypto/lhash/lhash.c
+++++ b/crypto/lhash/lhash.c
++@@ -94,6 +94,7 @@
++  *
++  * 1.0 eay - First version
++  */
+++#include <limits.h>
++ #include <stdio.h>
++ #include <string.h>
++ #include <stdlib.h>
++@@ -107,6 +108,113 @@ const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
++ #define UP_LOAD               (2*LH_LOAD_MULT) /* load times 256  (default 2) */
++ #define DOWN_LOAD     (LH_LOAD_MULT)   /* load times 256  (default 1) */
++ 
+++/* Maximum number of nodes to guarantee the load computations don't overflow */
+++#define MAX_LOAD_ITEMS   (UINT_MAX / LH_LOAD_MULT)
+++
+++/* The field 'iteration_state' is used to hold data to ensure that a hash
+++ * table is not resized during an 'insert' or 'delete' operation performed
+++ * within a lh_doall/lh_doall_arg call.
+++ *
+++ * Conceptually, this records two things:
+++ *
+++ *   - A 'depth' count, which is incremented at the start of lh_doall*,
+++ *     and decremented just before it returns.
+++ *
+++ *   - A 'mutated' boolean flag, which is set in lh_insert() or lh_delete()
+++ *     when the operation is performed with a non-0 depth.
+++ *
+++ * The following are helper macros to handle this state in a more explicit
+++ * way.
+++ */
+++
+++/* Reset the iteration state to its defaults. */
+++#define LH_ITERATION_RESET(lh) do { \
+++      (lh)->iteration_state = 0; \
+++      } while (0)
+++
+++/* Returns 1 if the hash table is currently being iterated on, 0 otherwise. */
+++#define LH_ITERATION_IS_ACTIVE(lh)  ((lh)->iteration_state >= 2)
+++
+++/* Increment iteration depth. This should always be followed by a paired call
+++ * to LH_ITERATION_DECREMENT_DEPTH(). */
+++#define LH_ITERATION_INCREMENT_DEPTH(lh) do { \
+++      (lh)->iteration_state += 2; \
+++      } while (0)
+++
+++/* Decrement iteration depth. This should always be called after a paired call
+++ * to LH_ITERATION_INCREMENT_DEPTH(). */
+++#define LH_ITERATION_DECREMENT_DEPTH(lh) do { \
+++      (lh)->iteration_state -= 2; \
+++      } while (0)
+++
+++/* Return 1 if the iteration 'mutated' flag is set, 0 otherwise. */
+++#define LH_ITERATION_IS_MUTATED(lh) (((lh)->iteration_state & 1) != 0)
+++
+++/* Set the iteration 'mutated' flag to 1. LH_ITERATION_RESET() to reset it. */
+++#define LH_ITERATION_SET_MUTATED(lh) do { \
+++      (lh)->iteration_state |= 1; \
+++      } while (0)
+++
+++/* This macros returns 1 if the hash table should be expanded due to its current
+++ * load, or 0 otherwise. The exact comparison to be performed is expressed by
+++ * the mathematical expression (where '//' denotes the exact division operation):
+++ *
+++ *      (num_items // num_nodes) >= (up_load // LOAD_MULT)    or
+++ *      (num_items * LOAD_MULT // num_nodes) >= up_load.
+++ *
+++ * Given that the C language operator '/' implements integer division, i.e:
+++ *     a // b == (a / b) + epsilon  (with 0 <= epsilon < 1, for positive a & b)
+++ *
+++ * This can be rewritten as:
+++ *     (num_items * LOAD_MULT / num_nodes) + epsilon >= up_load
+++ *     (num_items * LOAD_MULT / num_nodes) - up_load >= - epsilon
+++ *
+++ * Let's call 'A' the left-hand side of the equation above, it is an integer
+++ * and:
+++ *     - If A >= 0, the expression is true for any value of epsilon.
+++ *     - If A <= -1, the expression is also true for any value of epsilon.
+++ *
+++ * In other words, this is equivalent to 'A >= 0', or:
+++ *     (num_items * LOAD_MULT / num_nodes) >= up_load
+++ */
+++#define LH_SHOULD_EXPAND(lh) \
+++      ((lh)->num_items < MAX_LOAD_ITEMS && \
+++       (((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) >= (lh)->up_load))
+++
+++/* This macro returns 1 if the hash table should be contracted due to its
+++ * current load, or 0 otherwise. Abbreviated computations are:
+++ *
+++ *    (num_items // num_nodes) <= (down_load // LOAD_MULT)
+++ *    (num_items * LOAD_MULT // num_nodes) <= down_load
+++ *    (num_items * LOAD_MULT / num_nodes) + epsilon <= down_load
+++ *    (num_items * LOAD_MULT / num_nodes) - down_load <= -epsilon
+++ *
+++ * Let's call 'B' the left-hand side of the equation above:
+++ *    - If B <= -1, the expression is true for any value of epsilon.
+++ *    - If B >= 1, the expression is false for any value of epsilon.
+++ *    - If B == 0, the expression is true for 'epsilon == 0', and false
+++ *      otherwise, which is problematic.
+++ *
+++ * To work around this problem, while keeping the code simple, just change
+++ * the initial expression to use a strict inequality, i.e.:
+++ *
+++ *    (num_items // num_nodes) < (down_load // LOAD_MULT)
+++ *
+++ * Which leads to:
+++ *    (num_items * LOAD_MULT / num_nodes) - down_load < -epsilon
+++ *
+++ * Then:
+++ *    - If 'B <= -1', the expression is true for any value of epsilon.
+++ *    - If 'B' >= 0, the expression is false for any value of epsilon,
+++ *
+++ * In other words, this is equivalent to 'B < 0', or:
+++ *     (num_items * LOAD_MULT / num_nodes) < down_load
+++ */
+++#define LH_SHOULD_CONTRACT(lh) \
+++      (((lh)->num_nodes > MIN_NODES) && \
+++       ((lh)->num_items < MAX_LOAD_ITEMS && \
+++       ((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) < (lh)->down_load))
+++
++ static void expand(_LHASH *lh);
++ static void contract(_LHASH *lh);
++ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
++@@ -147,6 +255,7 @@ _LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
++       ret->num_hash_comps=0;
++ 
++       ret->error=0;
+++      LH_ITERATION_RESET(ret);
++       return(ret);
++ err1:
++       OPENSSL_free(ret);
++@@ -183,7 +292,10 @@ void *lh_insert(_LHASH *lh, void *data)
++       void *ret;
++ 
++       lh->error=0;
++-      if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
+++      /* Do not expand the array if the table is being iterated on. */
+++      if (LH_ITERATION_IS_ACTIVE(lh))
+++              LH_ITERATION_SET_MUTATED(lh);
+++      else if (LH_SHOULD_EXPAND(lh))
++               expand(lh);
++ 
++       rn=getrn(lh,data,&hash);
++@@ -238,8 +350,10 @@ void *lh_delete(_LHASH *lh, const void *data)
++               }
++ 
++       lh->num_items--;
++-      if ((lh->num_nodes > MIN_NODES) &&
++-              (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
+++      /* Do not contract the array if the table is being iterated on. */
+++      if (LH_ITERATION_IS_ACTIVE(lh))
+++              LH_ITERATION_SET_MUTATED(lh);
+++      else if (LH_SHOULD_CONTRACT(lh))
++               contract(lh);
++ 
++       return(ret);
++@@ -276,6 +390,7 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
++       if (lh == NULL)
++               return;
++ 
+++      LH_ITERATION_INCREMENT_DEPTH(lh);
++       /* reverse the order so we search from 'top to bottom'
++        * We were having memory leaks otherwise */
++       for (i=lh->num_nodes-1; i>=0; i--)
++@@ -295,6 +410,19 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
++                       a=n;
++                       }
++               }
+++
+++      LH_ITERATION_DECREMENT_DEPTH(lh);
+++      if (!LH_ITERATION_IS_ACTIVE(lh) && LH_ITERATION_IS_MUTATED(lh))
+++              {
+++              LH_ITERATION_RESET(lh);
+++              /* Resize the buckets array if necessary. Each expand() or
+++               * contract() call will double/halve the size of the array,
+++               * respectively, so call them in a loop. */
+++              while (LH_SHOULD_EXPAND(lh))
+++                      expand(lh);
+++              while (LH_SHOULD_CONTRACT(lh))
+++                      contract(lh);
+++              }
++       }
++ 
++ void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
++diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
++index e7d8763..40aa7a5 100644
++--- a/crypto/lhash/lhash.h
+++++ b/crypto/lhash/lhash.h
++@@ -163,6 +163,7 @@ typedef struct lhash_st
++       unsigned long num_hash_comps;
++ 
++       int error;
+++      int iteration_state;
++       } _LHASH;       /* Do not use _LHASH directly, use LHASH_OF
++                        * and friends */
++ 
++diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
++index 4a548c2..4e18045 100644
++--- a/crypto/objects/o_names.c
+++++ b/crypto/objects/o_names.c
++@@ -350,13 +350,9 @@ static void name_funcs_free(NAME_FUNCS *ptr)
++ 
++ void OBJ_NAME_cleanup(int type)
++       {
++-      unsigned long down_load;
++-
++       if (names_lh == NULL) return;
++ 
++       free_type=type;
++-      down_load=lh_OBJ_NAME_down_load(names_lh);
++-      lh_OBJ_NAME_down_load(names_lh)=0;
++ 
++       lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
++       if (type < 0)
++@@ -366,7 +362,5 @@ void OBJ_NAME_cleanup(int type)
++               names_lh=NULL;
++               name_funcs_stack = NULL;
++               }
++-      else
++-              lh_OBJ_NAME_down_load(names_lh)=down_load;
++       }
++ 
++diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
++index 8a342ba..ef0512a 100644
++--- a/crypto/objects/obj_dat.c
+++++ b/crypto/objects/obj_dat.c
++@@ -227,7 +227,6 @@ void OBJ_cleanup(void)
++               return ;
++               }
++       if (added == NULL) return;
++-      lh_ADDED_OBJ_down_load(added) = 0;
++       lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
++       lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
++       lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
++diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h
++index e7d8763..75386f2 100644
++--- a/include/openssl/lhash.h
+++++ b/include/openssl/lhash.h
++@@ -163,6 +163,7 @@ typedef struct lhash_st
++       unsigned long num_hash_comps;
++ 
++       int error;
+++      int iteration_state;
++       } _LHASH;       /* Do not use _LHASH directly, use LHASH_OF
++                        * and friends */
++ 
++diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
++index 920b763..447a37e 100644
++--- a/ssl/ssl_sess.c
+++++ b/ssl/ssl_sess.c
++@@ -999,11 +999,8 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
++       if (tp.cache == NULL) return;
++       tp.time=t;
++       CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
++-      i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
++-      CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
++       lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
++                                TIMEOUT_PARAM, &tp);
++-      CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
++       CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
++       }
++ 
++-- 
++1.8.4.1
++
+diff -burN android-openssl.org/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c
+--- android-openssl.org/ssl/ssl_sess.c  2013-11-04 14:55:20.453482735 +0100
++++ android-openssl/ssl/ssl_sess.c      2013-11-04 14:55:26.643552646 +0100
+@@ -999,11 +999,8 @@
+        if (tp.cache == NULL) return;
+        tp.time=t;
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+-       i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
+-       CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
+        lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
+                                 TIMEOUT_PARAM, &tp);
+-       CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        }
+