feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Refactor for max record size (#1475)

Browse Source 
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
This commit is contained in:
Eric Blankenhorn
2018-04-05 11:11:58 -05:00
committed by David Garske
parent a1d6bc68de
commit 5439402c1d
5 changed files with 108 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
examples/benchmark/tls_bench.c
View File

@@ -345,10 +345,10 @@ static double gettime_secs(int reset)
static void* client_thread(void* args) static void* client_thread(void* args)
{ {
info_t* info = (info_t*)args; info_t* info = (info_t*)args;
unsigned char buf[MEM_BUFFER_SZ]; unsigned char* buf;
unsigned char *writeBuf; unsigned char *writeBuf;
double start; double start;
int ret; int ret, bufSize;
WOLFSSL_CTX* cli_ctx; WOLFSSL_CTX* cli_ctx;
WOLFSSL* cli_ssl; WOLFSSL* cli_ssl;
int haveShownPeerInfo = 0; int haveShownPeerInfo = 0;
@@ -414,28 +414,45 @@ static void* client_thread(void* args)
showPeer(cli_ssl); showPeer(cli_ssl);
} }
/* write test message to server */ /* Allocate buf after handshake is complete */
while (info->client_stats.rxTotal < info->numBytes) { bufSize = wolfSSL_GetMaxOutputSize(cli_ssl);
start = gettime_secs(1); if (bufSize > 0) {
ret = wolfSSL_write(cli_ssl, writeBuf, info->packetSize); buf = (unsigned char*)malloc(bufSize);
info->client_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.txTotal += ret;
}
/* read echo of message */
start = gettime_secs(1);
ret = wolfSSL_read(cli_ssl, buf, sizeof(buf)-1);
info->client_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.rxTotal += ret;
}
/* validate echo */
if (strncmp((char*)writeBuf, (char*)buf, info->packetSize) != 0) {
err_sys("echo check failed!\n");
}
} }
else {
buf = NULL;
}
if (buf != NULL) {
/* write test message to server */
while (info->client_stats.rxTotal < info->numBytes) {
start = gettime_secs(1);
ret = wolfSSL_write(cli_ssl, writeBuf, info->packetSize);
info->client_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.txTotal += ret;
}
/* read echo of message */
start = gettime_secs(1);
ret = wolfSSL_read(cli_ssl, buf, bufSize-1);
info->client_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.rxTotal += ret;
}
/* validate echo */
if (strncmp((char*)writeBuf, (char*)buf, info->packetSize) != 0) {
err_sys("echo check failed!\n");
}
}
free(buf);
}
else {
err_sys("failed to allocate memory");
}
info->client_stats.connCount++; info->client_stats.connCount++;
@@ -456,9 +473,9 @@ static void* client_thread(void* args)
static void* server_thread(void* args) static void* server_thread(void* args)
{ {
info_t* info = (info_t*)args; info_t* info = (info_t*)args;
unsigned char buf[MEM_BUFFER_SZ]; unsigned char *buf;
double start; double start;
int ret, len = 0; int ret, len = 0, bufSize;
WOLFSSL_CTX* srv_ctx; WOLFSSL_CTX* srv_ctx;
WOLFSSL* srv_ssl; WOLFSSL* srv_ssl;
@@ -521,24 +538,39 @@ static void* server_thread(void* args)
info->server_stats.connTime += start; info->server_stats.connTime += start;
while (info->server_stats.txTotal < info->numBytes) { /* Allocate buf after handshake is complete */
/* read msg post handshake from client */ bufSize = wolfSSL_GetMaxOutputSize(srv_ssl);
memset(buf, 0, sizeof(buf)); if (bufSize > 0) {
start = gettime_secs(1); buf = (unsigned char*)malloc(bufSize);
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1); }
info->server_stats.rxTime += gettime_secs(0) - start; else {
if (ret > 0) { buf = NULL;
info->server_stats.rxTotal += ret; }
len = ret;
}
/* write message back to client */ if (buf != NULL) {
start = gettime_secs(1); while (info->server_stats.txTotal < info->numBytes) {
ret = wolfSSL_write(srv_ssl, buf, len); /* read msg post handshake from client */
info->server_stats.txTime += gettime_secs(0) - start; memset(buf, 0, bufSize);
if (ret > 0) { start = gettime_secs(1);
info->server_stats.txTotal += ret; ret = wolfSSL_read(srv_ssl, buf, bufSize-1);
info->server_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.rxTotal += ret;
len = ret;
}
/* write message back to client */
start = gettime_secs(1);
ret = wolfSSL_write(srv_ssl, buf, len);
info->server_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.txTotal += ret;
}
} }
free(buf);
}
else {
err_sys("failed to allocate memory");
} }
info->server_stats.connCount++; info->server_stats.connCount++;

39
src/internal.c
View File

@@ -5208,7 +5208,6 @@ void FreeSSL(WOLFSSL* ssl, void* heap)
(void)heap; (void)heap;
} }
#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
|| defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS) || defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS)
static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
@@ -13585,17 +13584,18 @@ int SendCertificate(WOLFSSL* ssl)
length -= (ssl->fragOffset + headerSz); length -= (ssl->fragOffset + headerSz);
maxFragment = MAX_RECORD_SIZE; maxFragment = MAX_RECORD_SIZE;
if (ssl->options.dtls) { if (ssl->options.dtls) {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
/* The 100 bytes is used to account for the UDP and IP headers.
It can also include the record padding and MAC if the
SendCertificate is called for a secure renegotiation. */
maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
- DTLS_HANDSHAKE_HEADER_SZ - 100; - DTLS_HANDSHAKE_HEADER_SZ - 100;
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
} }
#ifdef HAVE_MAX_FRAGMENT maxFragment = wolfSSL_GetMaxRecordSize(ssl, maxFragment);
if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
maxFragment = ssl->max_fragment;
#endif /* HAVE_MAX_FRAGMENT */
while (length > 0 && ret == 0) { while (length > 0 && ret == 0) {
byte* output = NULL; byte* output = NULL;
@@ -14447,10 +14447,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
if (sent == sz) break; if (sent == sz) break;
len = min(sz - sent, OUTPUT_RECORD_SIZE); len = wolfSSL_GetMaxRecordSize(ssl, sz - sent);
#ifdef HAVE_MAX_FRAGMENT
len = min(len, ssl->max_fragment);
#endif
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
@@ -25641,6 +25638,30 @@ int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev)
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
/* return the max record size */
int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
{
(void) ssl; /* Avoid compiler warnings */
if (maxFragment > MAX_RECORD_SIZE) {
maxFragment = MAX_RECORD_SIZE;
}
#ifdef HAVE_MAX_FRAGMENT
if ((ssl->max_fragment != 0) && (maxFragment > ssl->max_fragment)) {
maxFragment = ssl->max_fragment;
}
#endif /* HAVE_MAX_FRAGMENT */
#ifdef WOLFSSL_DTLS
if ((ssl->options.dtls) && (maxFragment > MAX_UDP_SIZE)) {
maxFragment = MAX_UDP_SIZE;
}
#endif
return maxFragment;
}
#undef ERROR_OUT #undef ERROR_OUT
#endif /* WOLFCRYPT_ONLY */ #endif /* WOLFCRYPT_ONLY */

20
src/ssl.c
View File

@@ -1386,8 +1386,6 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
/* return max record layer size plaintext input size */ /* return max record layer size plaintext input size */
int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl) int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
{ {
int maxSize = OUTPUT_RECORD_SIZE;
WOLFSSL_ENTER("wolfSSL_GetMaxOutputSize"); WOLFSSL_ENTER("wolfSSL_GetMaxOutputSize");
if (ssl == NULL) if (ssl == NULL)
@@ -1398,17 +1396,7 @@ int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#ifdef HAVE_MAX_FRAGMENT return wolfSSL_GetMaxRecordSize(ssl, OUTPUT_RECORD_SIZE);
maxSize = min(maxSize, ssl->max_fragment);
#endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
maxSize = min(maxSize, MAX_UDP_SIZE);
}
#endif
return maxSize;
} }
@@ -1717,10 +1705,8 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
} }
#endif #endif
sz = min(sz, OUTPUT_RECORD_SIZE); sz = wolfSSL_GetMaxRecordSize(ssl, sz);
#ifdef HAVE_MAX_FRAGMENT
sz = min(sz, ssl->max_fragment);
#endif
ret = ReceiveData(ssl, (byte*)data, sz, peek); ret = ReceiveData(ssl, (byte*)data, sz, peek);
#ifdef HAVE_WRITE_DUP #ifdef HAVE_WRITE_DUP

7
src/tls13.c
View File

@@ -4629,12 +4629,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
if (ssl->fragOffset != 0) if (ssl->fragOffset != 0)
length -= (ssl->fragOffset + headerSz); length -= (ssl->fragOffset + headerSz);
maxFragment = MAX_RECORD_SIZE; maxFragment = wolfSSL_GetMaxRecordSize(ssl, MAX_RECORD_SIZE);
#ifdef HAVE_MAX_FRAGMENT
if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
maxFragment = ssl->max_fragment;
#endif /* HAVE_MAX_FRAGMENT */
while (length > 0 && ret == 0) { while (length > 0 && ret == 0) {
byte* output = NULL; byte* output = NULL;

1
wolfssl/internal.h
View File

@@ -3832,6 +3832,7 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
#ifndef NO_CERTS #ifndef NO_CERTS
#ifndef NO_RSA #ifndef NO_RSA