Commit dad78fb1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add an ability to set the SSL read buffer size 



This capability is required for read pipelining. We will only read in as
many records as will fit in the read buffer (and the network can provide
in one go). The bigger the buffer the more records we can process in
parallel.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent 0220fee4

apps/s_client.c

+11 −1
Original line number Diff line number Diff line
@@ -656,7 +656,7 @@ typedef enum OPTION_choice { 
    OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,

    OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME,

    OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,

    OPT_ASYNC, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES,

    OPT_ASYNC, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,

    OPT_V_ENUM,

    OPT_X_ENUM,

    OPT_S_ENUM,
@@ -766,6 +766,8 @@ OPTIONS s_client_options[] = { 
     "Size used to split data for encrypt/decrypt pipelines"},

    {"max_pipelines", OPT_MAX_PIPELINES, 'n',

     "Maximum number of encrypt/decrypt pipelines to be used"},

    {"read_buf", OPT_READ_BUF, 'n',

     "Default read buffer size to be used for connections"},

    OPT_S_OPTIONS,

    OPT_V_OPTIONS,

    OPT_X_OPTIONS,
@@ -896,6 +898,7 @@ int s_client_main(int argc, char **argv) 
    int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;

    int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;

    int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;

    int read_buf_len = 0;

    int fallback_scsv = 0;

    long socket_mtu = 0, randamt = 0;

    OPTION_CHOICE o;
@@ -1393,6 +1396,9 @@ int s_client_main(int argc, char **argv) 
        case OPT_MAX_PIPELINES:

            max_pipelines = atoi(opt_arg());

            break;

        case OPT_READ_BUF:

            read_buf_len = atoi(opt_arg());

            break;

        }

    }

    argc = opt_num_rest();
@@ -1573,6 +1579,10 @@ int s_client_main(int argc, char **argv) 
        SSL_CTX_set_max_pipelines(ctx, max_pipelines);

    }



    if (read_buf_len > 0) {

        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);

    }



    if (!config_ctx(cctx, ssl_args, ctx))

        goto end;

apps/s_server.c

+13 −2
Original line number Diff line number Diff line
@@ -809,8 +809,8 @@ typedef enum OPTION_choice { 
    OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,

    OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,

    OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,

    OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_SSL3,

    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,

    OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,

    OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,

    OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,

    OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,

    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
@@ -946,6 +946,8 @@ OPTIONS s_server_options[] = { 
     "Size used to split data for encrypt/decrypt pipelines"},

    {"max_pipelines", OPT_MAX_PIPELINES, 'n',

     "Maximum number of encrypt/decrypt pipelines to be used"},

    {"read_buf", OPT_READ_BUF, 'n',

     "Default read buffer size to be used for connections"},

    OPT_S_OPTIONS,

    OPT_V_OPTIONS,

    OPT_X_OPTIONS,
@@ -1049,6 +1051,7 @@ int s_server_main(int argc, char *argv[]) 
    X509 *s_cert2 = NULL;

    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };

    const char *ssl_config = NULL;

    int read_buf_len = 0;

#ifndef OPENSSL_NO_NEXTPROTONEG

    const char *next_proto_neg_in = NULL;

    tlsextnextprotoctx next_proto = { NULL, 0 };
@@ -1521,6 +1524,10 @@ int s_server_main(int argc, char *argv[]) 
        case OPT_MAX_PIPELINES:

            max_pipelines = atoi(opt_arg());

            break;

        case OPT_READ_BUF:

            read_buf_len = atoi(opt_arg());

            break;



        }

    }

    argc = opt_num_rest();
@@ -1753,6 +1760,10 @@ int s_server_main(int argc, char *argv[]) 
        SSL_CTX_set_max_pipelines(ctx, max_pipelines);

    }



    if (read_buf_len > 0) {

        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);

    }



#ifndef OPENSSL_NO_SRTP

    if (srtp_profiles != NULL) {

        /* Returns 0 on success! */

include/openssl/ssl.h

+3 −0
Original line number Diff line number Diff line
@@ -1808,6 +1808,9 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); 
# define SSL_set_max_pipelines(ssl,m) \

        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)



void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);

void SSL_set_default_read_buffer_len(SSL *s, size_t len);



     /* NB: the keylength is only applicable when is_export is true */

# ifndef OPENSSL_NO_DH

void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,

ssl/record/rec_layer_s3.c

+10 −0
Original line number Diff line number Diff line
@@ -241,6 +241,16 @@ int ssl3_pending(const SSL *s) 
    return num;

}



void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)

{

    ctx->default_read_buf_len = len;

}



void SSL_set_default_read_buffer_len(SSL *s, size_t len)

{

    SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);

}



const char *SSL_rstate_string_long(const SSL *s)

{

    const char *str;

ssl/record/record.h

+2 −0
Original line number Diff line number Diff line
@@ -118,6 +118,8 @@ 
typedef struct ssl3_buffer_st {

    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */

    unsigned char *buf;

    /* default buffer size (or 0 if no default set) */

    size_t default_len;

    /* buffer size */

    size_t len;

    /* where to 'copy from' */