Add an ability to set the SSL read buffer size

This capability is required for read pipelining. We will only read in as many records as will fit in the read buffer (and the network can provide in one go). The bigger the buffer the more records we can process in parallel. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-01-13 14:20:25 +0000
committer: Matt Caswell <matt@openssl.org> 2016-03-07 21:39:27 +0000
commit: dad78fb13d790cd06afd6e88067c038d22d7780f (patch)
tree: 784454e5db93dedfd5239e36b7e61c055d1a1b4b /apps
parent: 0220fee47f912c9c89efe24c09e10f4d452a4d42 (diff)
2 files changed, 24 insertions, 3 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index c6af2936d0..27c8be86a1 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -656,7 +656,7 @@ typedef enum OPTION_choice {
     OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
     OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME,
     OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
-    OPT_ASYNC, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES,
+    OPT_ASYNC, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
     OPT_V_ENUM,
     OPT_X_ENUM,
     OPT_S_ENUM,
@@ -766,6 +766,8 @@ OPTIONS s_client_options[] = {
      "Size used to split data for encrypt/decrypt pipelines"},
     {"max_pipelines", OPT_MAX_PIPELINES, 'n',
      "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'n',
+     "Default read buffer size to be used for connections"},
     OPT_S_OPTIONS,
     OPT_V_OPTIONS,
     OPT_X_OPTIONS,
@@ -896,6 +898,7 @@ int s_client_main(int argc, char **argv)
     int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;
     int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
     int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
+    int read_buf_len = 0;
     int fallback_scsv = 0;
     long socket_mtu = 0, randamt = 0;
     OPTION_CHOICE o;
@@ -1393,6 +1396,9 @@ int s_client_main(int argc, char **argv)
         case OPT_MAX_PIPELINES:
             max_pipelines = atoi(opt_arg());
             break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
         }
     }
     argc = opt_num_rest();
@@ -1573,6 +1579,10 @@ int s_client_main(int argc, char **argv)
         SSL_CTX_set_max_pipelines(ctx, max_pipelines);
     }
 
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+
     if (!config_ctx(cctx, ssl_args, ctx))
         goto end;
 
diff --git a/apps/s_server.c b/apps/s_server.c
index f544be1596..22e917542b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -809,8 +809,8 @@ typedef enum OPTION_choice {
     OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
     OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
     OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
-    OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_SSL3,
-    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
+    OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
     OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
     OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
     OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
@@ -946,6 +946,8 @@ OPTIONS s_server_options[] = {
      "Size used to split data for encrypt/decrypt pipelines"},
     {"max_pipelines", OPT_MAX_PIPELINES, 'n',
      "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'n',
+     "Default read buffer size to be used for connections"},
     OPT_S_OPTIONS,
     OPT_V_OPTIONS,
     OPT_X_OPTIONS,
@@ -1049,6 +1051,7 @@ int s_server_main(int argc, char *argv[])
     X509 *s_cert2 = NULL;
     tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
     const char *ssl_config = NULL;
+    int read_buf_len = 0;
 #ifndef OPENSSL_NO_NEXTPROTONEG
     const char *next_proto_neg_in = NULL;
     tlsextnextprotoctx next_proto = { NULL, 0 };
@@ -1521,6 +1524,10 @@ int s_server_main(int argc, char *argv[])
         case OPT_MAX_PIPELINES:
             max_pipelines = atoi(opt_arg());
             break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
+
         }
     }
     argc = opt_num_rest();
@@ -1753,6 +1760,10 @@ int s_server_main(int argc, char *argv[])
         SSL_CTX_set_max_pipelines(ctx, max_pipelines);
     }
 
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+
 #ifndef OPENSSL_NO_SRTP
     if (srtp_profiles != NULL) {
         /* Returns 0 on success! */
author	Matt Caswell <matt@openssl.org>	2016-01-13 14:20:25 +0000
committer	Matt Caswell <matt@openssl.org>	2016-03-07 21:39:27 +0000
commit	dad78fb13d790cd06afd6e88067c038d22d7780f (patch)
tree	784454e5db93dedfd5239e36b7e61c055d1a1b4b /apps
parent	0220fee47f912c9c89efe24c09e10f4d452a4d42 (diff)