handshake: test SSL_CTX pool

use an SSL_CTX pool of the same size as the libctx pool size, with
server and client SSL_CTX objects allocated alongside the associated
libctx.

| Threads | NoOpts |   -p |   -s | -s -P |    -P | -s -p |    -l |
|---------+--------+------+------+-------+-------+-------+-------|
|       1 |   1704 | 1065 | 1075 |  1077 |  1688 |  1073 |  1682 |
|       2 |   3320 | 2100 | 2074 |  2073 |  3301 |  2083 |  3304 |
|       4 |   6480 | 4098 | 4012 |  4096 |  6541 |  4070 |  6523 |
|       8 |  11863 | 7518 | 7003 |  7537 | 11641 |  7405 | 11913 |
|      16 |  12448 | 5867 | 5520 |  6048 | 13537 |  5889 | 13506 |
|      32 |  12200 | 5147 | 5588 |  5330 | 13417 |  5085 | 13226 |
|      64 |  12297 | 4938 | 5451 |  4845 | 13500 |  4873 | 13692 |

There does not seem to be much of differece between using pool of
lib_ctx with allocating ssl_ctx per thread (-P), and having having
pre-allocated pool of lib_ctx alongside with associated (-l)
libctx.

Resolves: openssl/project#1228
Signed-off-by: Nikola Pajkovsky <[email protected]>

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from #27)

Author: nikolapajkovsky

README

@@ -59,6 +59,7 @@ handshake [-t] [-s] <certsdir> <threadcount>
 -P - use ossl_lib_ctx pool (can be combined with -s. If sharing is enabled, ssl_ctx
      is shared within single thread)
 -o - set ossl_lib_ctx pool size (use only with -P)
+-l - use ssl_ctx pool
 certsdir - Directory where the test can locate servercert.pem and serverkey.pem
 threadcount - Number of concurrent threads to run in test
 

source/Makefile

@@ -8,7 +8,7 @@ clean:
 CPPFLAGS += -I$(TARGET_OSSL_INCLUDE_PATH) -I.
 # For second include path, i.e. out of tree build of OpenSSL uncomment this:
 # CPPFLAGS += -I$(TARGET_OSSL_INCLUDE_PATH2)
-CFLAGS += -pthread -O3
+CFLAGS += -pthread -O3 -Wall
 LDFLAGS += -L$(TARGET_OSSL_LIBRARY_PATH) -L.
 # For setting RUNPATH on built executables uncomment this:
 # LDFLAGS += -Wl,-rpath,$(TARGET_OSSL_LIBRARY_PATH)

source/handshake.c

@@ -26,31 +26,42 @@
 
 int err = 0;
 
+typedef enum {
+  INIT_LIB_CTX,
+  INIT_LIB_AND_SSL_CTX,
+} init_ctx;
+
+struct ctxs {
+    OSSL_LIB_CTX *libctx;
+    SSL_CTX *sctx;
+    SSL_CTX *cctx;
+};
+
 static SSL_CTX *sctx = NULL, *cctx = NULL;
 static int share_ctx = 1;
 static char *cert = NULL;
 static char *privkey = NULL;
-static OSSL_LIB_CTX **libctx_pool = NULL;
-
+static struct ctxs **ctx_pool = NULL;
 
 size_t *counts;
 
 static int threadcount;
 size_t num_calls;
-static long ossl_lib_ctx_pool_size = 16;
+static long pool_size = 16;
 
 typedef enum {
     TC_SSL_CTX,
     TC_OSSL_LIB_CTX_PER_THREAD,
     TC_OSSL_LIB_CTX_POOL,
+    TC_SSL_CTX_POOL,
 } test_case_t;
 OSSL_TIME max_time;
+static test_case_t test_case = TC_SSL_CTX;
 
 static void do_handshake(size_t num)
 {
     SSL *clientssl = NULL, *serverssl = NULL;
     int ret = 1;
-    size_t i;
     OSSL_TIME time;
     SSL_CTX *lsctx = NULL;
     SSL_CTX *lcctx = NULL;
@@ -96,7 +107,6 @@ static void do_handshake_ossl_lib_ctx_per_thread(size_t num)
 {
     SSL *clientssl = NULL, *serverssl = NULL;
     int ret = 1;
-    size_t i;
     OSSL_TIME time;
     OSSL_LIB_CTX *libctx = NULL;
     SSL_CTX *lsctx = NULL;
@@ -142,19 +152,25 @@ static void do_handshake_ossl_lib_ctx_per_thread(size_t num)
     OSSL_LIB_CTX_free(libctx);
 }
 
-static void do_handshake_ossl_lib_ctx_pool(size_t num)
+static void do_handshake_ctx_pool(size_t num)
 {
     SSL *clientssl = NULL, *serverssl = NULL;
     int ret = 1;
-    size_t i;
     OSSL_TIME time;
-    OSSL_LIB_CTX *libctx = NULL;
     SSL_CTX *lsctx = NULL;
     SSL_CTX *lcctx = NULL;
+    struct ctxs *ctx = NULL;
 
-    libctx = libctx_pool[num % ossl_lib_ctx_pool_size];
-    if (share_ctx == 1) {
-        if (!perflib_create_ossl_lib_ctx_pair(libctx,
+    ctx = ctx_pool[num % pool_size];
+
+    if (test_case == TC_SSL_CTX_POOL) {
+        /* Use pre-created SSL_CTX from the pool */
+        lsctx = ctx->sctx;
+        lcctx = ctx->cctx;
+    }
+
+    if (share_ctx == 1 && test_case == TC_OSSL_LIB_CTX_POOL) {
+        if (!perflib_create_ossl_lib_ctx_pair(ctx->libctx,
                                               TLS_server_method(),
                                               TLS_client_method(),
                                               0, 0, &lsctx, &lcctx, cert,
@@ -168,8 +184,8 @@ static void do_handshake_ossl_lib_ctx_pool(size_t num)
     counts[num] = 0;
 
     do {
-        if (share_ctx == 0) {
-            if (!perflib_create_ossl_lib_ctx_pair(libctx,
+        if (share_ctx == 0 && test_case == TC_OSSL_LIB_CTX_POOL) {
+            if (!perflib_create_ossl_lib_ctx_pair(ctx->libctx,
                                                   TLS_server_method(),
                                                   TLS_client_method(),
                                                   0, 0, &lsctx, &lcctx, cert,
@@ -186,7 +202,7 @@ static void do_handshake_ossl_lib_ctx_pool(size_t num)
                                              SSL_ERROR_NONE);
         perflib_shutdown_ssl_connection(serverssl, clientssl);
         serverssl = clientssl = NULL;
-        if (share_ctx == 0) {
+        if (share_ctx == 0 && test_case == TC_OSSL_LIB_CTX_POOL) {
             SSL_CTX_free(lsctx);
             SSL_CTX_free(lcctx);
             lsctx = lcctx = NULL;
@@ -196,7 +212,7 @@ static void do_handshake_ossl_lib_ctx_pool(size_t num)
     }
     while (time.t < max_time.t);
 
-    if (share_ctx == 1) {
+    if (share_ctx == 1 && test_case == TC_OSSL_LIB_CTX_POOL) {
         SSL_CTX_free(lsctx);
         SSL_CTX_free(lcctx);
     }
@@ -205,57 +221,98 @@ static void do_handshake_ossl_lib_ctx_pool(size_t num)
         err = 1;
 }
 
-static int init_ossl_lib_ctx_pool()
+static void free_ctx_pool()
+{
+    if (ctx_pool == NULL)
+        return;
+    for (int i = 0; i < pool_size; ++i) {
+        if (ctx_pool[i]) {
+            OSSL_LIB_CTX_free(ctx_pool[i]->libctx);
+            SSL_CTX_free(ctx_pool[i]->sctx);
+            SSL_CTX_free(ctx_pool[i]->cctx);
+            OPENSSL_free(ctx_pool[i]);
+        }
+    }
+    OPENSSL_free(ctx_pool);
+    ctx_pool = NULL;
+}
+
+static int init_ctx_pool(init_ctx init_ctx)
 {
-    libctx_pool = OPENSSL_malloc(ossl_lib_ctx_pool_size * sizeof(*libctx_pool));
-    if (libctx_pool == NULL)
-        return 1;
+    ctx_pool = OPENSSL_zalloc(pool_size * sizeof(*ctx_pool));
+    if (ctx_pool == NULL) {
+        fprintf(stderr, "%s:%d: Failed to allocate ssl ctx pool\n", __FILE__, __LINE__);
+        return 0;
+    }
 
-    for (int i = 0; i < ossl_lib_ctx_pool_size; ++i) {
-        libctx_pool[i] = OSSL_LIB_CTX_new();
-        if (libctx_pool[i] == NULL) {
+    for (int i = 0; i < pool_size; ++i) {
+        SSL_CTX *lsctx = NULL, *lcctx = NULL;
+        struct ctxs *ctx = NULL;
+        OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
+
+        if (libctx == NULL) {
             fprintf(stderr, "%s:%d: Failed to create ossl lib context\n", __FILE__, __LINE__);
             return 0;
         }
-    }
 
-    return 1;
-}
+        if (init_ctx == INIT_LIB_AND_SSL_CTX) {
+            if (!perflib_create_ossl_lib_ctx_pair(libctx,
+                                                  TLS_server_method(),
+                                                  TLS_client_method(),
+                                                  0, 0, &lsctx, &lcctx, cert,
+                                                  privkey)) {
+                fprintf(stderr, "%s:%d: Failed to create SSL_CTX pair\n", __FILE__, __LINE__);
+                OSSL_LIB_CTX_free(libctx);
+                return 0;
+            }
+        }
 
-static void free_ossl_lib_ctx_pool()
-{
-    for (int i = 0; i < ossl_lib_ctx_pool_size; ++i) {
-        OSSL_LIB_CTX_free(libctx_pool[i]);
+        ctx = OPENSSL_zalloc(sizeof(*ctx));
+        if (ctx == NULL) {
+            OSSL_LIB_CTX_free(libctx);
+            SSL_CTX_free(lsctx);
+            SSL_CTX_free(lcctx);
+            return 0;
+        }
+
+        ctx->libctx = libctx;
+        ctx->sctx = lsctx;
+        ctx->cctx = lcctx;
+        ctx_pool[i] = ctx;
     }
 
-    OPENSSL_free(libctx_pool);
+    return 1;
 }
 
 static int test_ossl_lib_ctx_pool(size_t threadcount, OSSL_TIME *duration)
 {
     int ret = 0;
 
-    ret = init_ossl_lib_ctx_pool();
+    if (test_case == TC_SSL_CTX_POOL)
+        ret = init_ctx_pool(INIT_LIB_AND_SSL_CTX);
+    else
+        ret = init_ctx_pool(INIT_LIB_CTX);
     if (!ret)
         goto err;
 
-    ret = perflib_run_multi_thread_test(do_handshake_ossl_lib_ctx_pool, threadcount, duration);
+    ret = perflib_run_multi_thread_test(do_handshake_ctx_pool, threadcount, duration);
     if (!ret)
         printf("Failed to run the test\n");
 
  err:
-    free_ossl_lib_ctx_pool();
+    free_ctx_pool();
 
     return ret;
-}
+ }
 
 void usage(const char *progname)
 {
-    printf("Usage: %s [-t] [-s] [-p] [-P] [-o] certsdir threadcount\n", progname);
+    printf("Usage: %s [options] certsdir threadcount\n", progname);
     printf("-t - terse output\n");
     printf("-s - disable context sharing\n");
     printf("-p - use ossl_lib_ctx per thread\n");
     printf("-P - use ossl_lib_ctx pool\n");
+    printf("-l - use ssl ctx pool\n");
     printf("-o - set ossl_lib_ctx pool size\n");
 }
 
@@ -269,11 +326,10 @@ int main(int argc, char * const argv[])
     int i;
     int terse = 0;
     int opt;
-    int p_flag = 0, P_flag = 0;
+    int p_flag = 0, P_flag = 0, l_flag = 0;
     char *endptr = NULL;
-    test_case_t test_case = TC_SSL_CTX;
 
-    while ((opt = getopt(argc, argv, "tspPo:")) != -1) {
+    while ((opt = getopt(argc, argv, "tspPo:l")) != -1) {
         switch (opt) {
         case 't':
             terse = 1;
@@ -291,8 +347,8 @@ int main(int argc, char * const argv[])
             break;
         case 'o':
             errno = 0;
-            ossl_lib_ctx_pool_size = strtol(optarg, &endptr, 0);
-            if (errno == ERANGE && ossl_lib_ctx_pool_size == ULONG_MAX) {
+            pool_size = strtol(optarg, &endptr, 0);
+            if (errno == ERANGE && pool_size == ULONG_MAX) {
                 perror("Overflow occurred");
                 usage(basename(argv[0]));
                 return EXIT_FAILURE;
@@ -302,21 +358,25 @@ int main(int argc, char * const argv[])
                 usage(basename(argv[0]));
                 return EXIT_FAILURE;
             }
-            if (ossl_lib_ctx_pool_size < 1) {
+            if (pool_size < 1) {
                 fprintf(stderr, "Pool size must be a > 0\n");
                 usage(basename(argv[0]));
                 return EXIT_FAILURE;
             }
             break;
+        case 'l':
+            l_flag = 1;
+            test_case = TC_SSL_CTX_POOL;
+            break;
         default:
             usage(basename(argv[0]));
             return EXIT_FAILURE;
         }
     }
 
-    if ((p_flag + P_flag) > 1) {
-        fprintf(stderr,
-                "Error: -p and -P mutually exclusive. Choose only one.\n\n");
+    if ((p_flag + P_flag + l_flag) > 1) {
+        fprintf(stderr, "Error: -p, -P, and -l are mutually exclusive."
+              " Choose only one.\n\n");
         usage(basename(argv[0]));
         return EXIT_FAILURE;
     }
@@ -367,18 +427,16 @@ int main(int argc, char * const argv[])
         break;
     }
     case TC_OSSL_LIB_CTX_PER_THREAD: {
-         ret =
-            perflib_run_multi_thread_test(do_handshake_ossl_lib_ctx_per_thread,
-                                          threadcount, &duration);
-        if (!ret) {
+        if (!perflib_run_multi_thread_test(do_handshake_ossl_lib_ctx_per_thread,
+                                           threadcount, &duration)) {
             printf("Failed to run the test\n");
             goto err;
         }
         break;
     }
+    case TC_SSL_CTX_POOL:
     case TC_OSSL_LIB_CTX_POOL: {
-        int ret = test_ossl_lib_ctx_pool(threadcount, &duration);
-        if (!ret) {
+        if (!test_ossl_lib_ctx_pool(threadcount, &duration)) {
             printf("Failed to run the test\n");
             goto err;
         }