WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes for TLS perf examples. Fixed issue with server-tls-epll-threaded not doing wolfAsync_DevClose. Enhanced server-tls-epll-threaded to use the wolfAsync_DevOpenThread feature to assign thread and QuickAssist core affinity. Added “-a” option on servers to allow TLS version downgrade. Enhancements to the Makefile. Other various cleanups.

pull/37/head
David Garske 2017-01-26 17:11:32 -08:00
parent 849f19ff12
commit 3a1e5518ad
4 changed files with 98 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tls/Makefile
View File

@ -1,8 +1,14 @@
# TLS Examples Makefile # TLS Examples Makefile
CC=gcc CC=gcc
CFLAGS=-Wall LIB_PATH=/usr/local
LIBS=-lwolfssl -lm CFLAGS=-Wall -I$(LIB_PATH)/include
LIBS=-L$(LIB_PATH)/lib -lm
DYN_LIB=-lwolfssl
STATIC_LIB=$(LIB_PATH)/lib/libwolfssl.a
DEBUG_FLAGS=-g -DDEBUG DEBUG_FLAGS=-g -DDEBUG
DEBUG_INC_PATHS=-MD
OPTIMIZE=-Os
# Intel QuickAssist # Intel QuickAssist
QAT_PATH=../../QAT1.6 QAT_PATH=../../QAT1.6
@ -13,12 +19,15 @@ QAT_FLAGS=-DDO_CRYPTO -DUSER_SPACE \
-I$(QAT_PATH)/quickassist/utilities/osal/src/linux/user_space/include \ -I$(QAT_PATH)/quickassist/utilities/osal/src/linux/user_space/include \
-I$(QAT_PATH)/quickassist/lookaside/access_layer/include \ -I$(QAT_PATH)/quickassist/lookaside/access_layer/include \
-I$(QAT_PATH)/quickassist/lookaside/access_layer/src/common/include -I$(QAT_PATH)/quickassist/lookaside/access_layer/src/common/include
QAT_LIBS=-L$(QAT_PATH) -ladf_proxy -losal -licp_qa_al_s QAT_LIBS=-L$(QAT_PATH) -ladf_proxy -losal -licp_qa_al_s -lpthread
# Options # Options
#CFLAGS+=$(DEBUG_FLAGS) #CFLAGS+=$(DEBUG_FLAGS)
CFLAGS+=$(OPTIMIZE)
#CFLAGS+=$(QAT_FLAGS) #CFLAGS+=$(QAT_FLAGS)
#LIBS+=$(QAT_LIBS) #LIBS+=$(QAT_LIBS)
#LIBS+=$(STATIC_LIB)
LIBS+=$(DYN_LIB)
# OS / CPU Detection # OS / CPU Detection

26
tls/client-tls-perf.c
View File

@ -139,10 +139,10 @@ static int devId = INVALID_DEVID;
#endif #endif
/* Get the wolfSSL server method function for the specified version. /* Get the wolfSSL client method function for the specified version.
* *
* version Protocol version to use. * version Protocol version to use.
* returns The server method function or NULL when version not supported. * returns The client method function or NULL when version not supported.
*/ */
static wolfSSL_method_func SSL_GetMethod(int version) static wolfSSL_method_func SSL_GetMethod(int version)
{ {
@ -677,13 +677,6 @@ static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert,
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
wolfSSL_method_func method = NULL; wolfSSL_method_func method = NULL;
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Initialize wolfSSL */
wolfSSL_Init();
method = SSL_GetMethod(version); method = SSL_GetMethod(version);
if (method == NULL) if (method == NULL)
return(EXIT_FAILURE); return(EXIT_FAILURE);
@ -734,11 +727,10 @@ static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert,
*/ */
static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx) static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx)
{ {
wolfSSL_CTX_free(ctx);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId); wolfAsync_DevClose(&devId);
#endif #endif
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
} }
/* Create a socket to talf to server on and connect. /* Create a socket to talf to server on and connect.
@ -811,7 +803,7 @@ static void Usage(void)
*/ */
int main(int argc, char* argv[]) int main(int argc, char* argv[])
{ {
socklen_t socketfd; socklen_t socketfd = -1;
int ch; int ch;
WOLFSSL_CTX* ctx = NULL; WOLFSSL_CTX* ctx = NULL;
SSLConn_CTX* sslConnCtx; SSLConn_CTX* sslConnCtx;
@ -930,6 +922,14 @@ int main(int argc, char* argv[])
} }
} }
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Initialize wolfSSL */
wolfSSL_Init();
/* Initialize wolfSSL and create a context object. */ /* Initialize wolfSSL and create a context object. */
if (WolfSSLCtx_Init(version, ourCert, ourKey, verifyCert, cipherList, &ctx) if (WolfSSLCtx_Init(version, ourCert, ourKey, verifyCert, cipherList, &ctx)
== EXIT_FAILURE) == EXIT_FAILURE)
@ -1003,6 +1003,8 @@ int main(int argc, char* argv[])
WolfSSLCtx_Final(ctx); WolfSSLCtx_Final(ctx);
wolfSSL_Cleanup();
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }

38
tls/server-tls-epoll-perf.c
View File

@ -51,7 +51,7 @@
#define MAX_WOLF_EVENTS 10 #define MAX_WOLF_EVENTS 10
/* The command line options. */ /* The command line options. */
#define OPTIONS "?p:v:l:c:k:A:n:N:R:W:B:" #define OPTIONS "?p:v:al:c:k:A:n:N:R:W:B:"
/* The default server certificate. */ /* The default server certificate. */
#define SVR_CERT "../certs/server-cert.pem" #define SVR_CERT "../certs/server-cert.pem"
@ -151,7 +151,7 @@ static char reply[NUM_WRITE_BYTES];
* version Protocol version to use. * version Protocol version to use.
* returns The server method function or NULL when version not supported. * returns The server method function or NULL when version not supported.
*/ */
static wolfSSL_method_func SSL_GetMethod(int version) static wolfSSL_method_func SSL_GetMethod(int version, int allowDowngrade)
{ {
wolfSSL_method_func method = NULL; wolfSSL_method_func method = NULL;
@ -176,7 +176,7 @@ static wolfSSL_method_func SSL_GetMethod(int version)
#ifndef NO_TLS #ifndef NO_TLS
case 3: case 3:
method = wolfTLSv1_2_server_method_ex; method = allowDowngrade ? wolfSSLv23_server_method_ex : wolfTLSv1_2_server_method_ex;
break; break;
#endif #endif
} }
@ -632,20 +632,13 @@ static void SSLConn_PrintStats(SSLConn_CTX* ctx)
* returns EXIT_SUCCESS when a wolfSSL context object is created and * returns EXIT_SUCCESS when a wolfSSL context object is created and
* EXIT_FAILURE otherwise. * EXIT_FAILURE otherwise.
*/ */
static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert, static int WolfSSLCtx_Init(int version, int allowDowngrade, char* cert,
char* cipherList, WOLFSSL_CTX** wolfsslCtx) char* key, char* verifyCert, char* cipherList, WOLFSSL_CTX** wolfsslCtx)
{ {
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
wolfSSL_method_func method = NULL; wolfSSL_method_func method = NULL;
#ifdef DEBUG_WOLFSSL method = SSL_GetMethod(version, allowDowngrade);
wolfSSL_Debugging_ON();
#endif
/* Initialize wolfSSL */
wolfSSL_Init();
method = SSL_GetMethod(version);
if (method == NULL) if (method == NULL)
return(EXIT_FAILURE); return(EXIT_FAILURE);
@ -710,11 +703,10 @@ static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert,
*/ */
static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx) static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx)
{ {
wolfSSL_CTX_free(ctx);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId); wolfAsync_DevClose(&devId);
#endif #endif
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
} }
/* Create a random reply. /* Create a random reply.
@ -802,6 +794,7 @@ static void Usage(void)
printf("-p <num> Port to listen on, not 0, default %d\n", wolfSSLPort); printf("-p <num> Port to listen on, not 0, default %d\n", wolfSSLPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n", printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
SERVER_DEFAULT_VERSION); SERVER_DEFAULT_VERSION);
printf("-a Allow TLS version downgrade\n");
printf("-l <str> Cipher suite list (: delimited)\n"); printf("-l <str> Cipher suite list (: delimited)\n");
printf("-c <file> Certificate file, default %s\n", SVR_CERT); printf("-c <file> Certificate file, default %s\n", SVR_CERT);
printf("-k <file> Key file, default %s\n", SVR_KEY); printf("-k <file> Key file, default %s\n", SVR_KEY);
@ -836,6 +829,7 @@ int main(int argc, char* argv[])
char* ourKey = SVR_KEY; char* ourKey = SVR_KEY;
char* verifyCert = CLI_CERT; char* verifyCert = CLI_CERT;
int version = SERVER_DEFAULT_VERSION; int version = SERVER_DEFAULT_VERSION;
int allowDowngrade= 0;
int numConns = SSL_NUM_CONN; int numConns = SSL_NUM_CONN;
int numBytesRead = NUM_READ_BYTES; int numBytesRead = NUM_READ_BYTES;
int numBytesWrite = NUM_WRITE_BYTES; int numBytesWrite = NUM_WRITE_BYTES;
@ -867,6 +861,9 @@ int main(int argc, char* argv[])
exit(MY_EX_USAGE); exit(MY_EX_USAGE);
} }
break; break;
case 'a':
allowDowngrade = 1;
break;
/* List of cipher suites to use. */ /* List of cipher suites to use. */
case 'l': case 'l':
@ -947,8 +944,15 @@ int main(int argc, char* argv[])
if (events == NULL) if (events == NULL)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Initialize wolfSSL */
wolfSSL_Init();
/* Initialize wolfSSL and create a context object. */ /* Initialize wolfSSL and create a context object. */
if (WolfSSLCtx_Init(version, ourCert, ourKey, verifyCert, cipherList, &ctx) if (WolfSSLCtx_Init(version, allowDowngrade, ourCert, ourKey, verifyCert, cipherList, &ctx)
== -1) == -1)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
@ -1091,6 +1095,8 @@ int main(int argc, char* argv[])
WolfSSLCtx_Final(ctx); WolfSSLCtx_Final(ctx);
wolfSSL_Cleanup();
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }

78
tls/server-tls-epoll-threaded.c
View File

@ -53,7 +53,7 @@
#define MAX_WOLF_EVENTS 10 #define MAX_WOLF_EVENTS 10
/* The command line options. */ /* The command line options. */
#define OPTIONS "?p:v:l:c:k:A:t:n:N:R:W:B:" #define OPTIONS "?p:v:al:c:k:A:t:n:N:R:W:B:"
/* The default server certificate. */ /* The default server certificate. */
#define SVR_CERT "../certs/server-cert.pem" #define SVR_CERT "../certs/server-cert.pem"
@ -150,7 +150,7 @@ static void SSLConn_Free(SSLConn_CTX* ctx);
static void SSLConn_Close(SSLConn_CTX* ctx, ThreadData* threadData, static void SSLConn_Close(SSLConn_CTX* ctx, ThreadData* threadData,
SSLConn* sslConn); SSLConn* sslConn);
static void SSLConn_FreeSSLConn(ThreadData* threadData); static void SSLConn_FreeSSLConn(ThreadData* threadData);
static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx); static void WolfSSLCtx_Final(ThreadData* threadData);
/* The index of the command line option. */ /* The index of the command line option. */
@ -178,6 +178,8 @@ static char* ourKey = SVR_KEY;
static char* verifyCert = CLI_CERT; static char* verifyCert = CLI_CERT;
/* The version of SSL/TLS to use. */ /* The version of SSL/TLS to use. */
static int version = SERVER_DEFAULT_VERSION; static int version = SERVER_DEFAULT_VERSION;
/* The flag to indicate downgrade is allowed */
static int allowDowngrade = 0;
/* The number of threads to start. */ /* The number of threads to start. */
static int numThreads = NUM_THREADS; static int numThreads = NUM_THREADS;
/* The number of connections per threads to allow. */ /* The number of connections per threads to allow. */
@ -197,7 +199,7 @@ static int maxConns = MAX_CONNECTIONS;
* version Protocol version to use. * version Protocol version to use.
* returns The server method function or NULL when version not supported. * returns The server method function or NULL when version not supported.
*/ */
static wolfSSL_method_func SSL_GetMethod(int version) static wolfSSL_method_func SSL_GetMethod(int version, int allowDowngrade)
{ {
wolfSSL_method_func method = NULL; wolfSSL_method_func method = NULL;
@ -222,7 +224,7 @@ static wolfSSL_method_func SSL_GetMethod(int version)
#ifndef NO_TLS #ifndef NO_TLS
case 3: case 3:
method = wolfTLSv1_2_server_method_ex; method = allowDowngrade ? wolfSSLv23_server_method_ex : wolfTLSv1_2_server_method_ex;
break; break;
#endif #endif
} }
@ -444,9 +446,10 @@ static void SSLConn_Free(SSLConn_CTX* ctx)
while (threadData->sslConn != NULL) while (threadData->sslConn != NULL)
SSLConn_Close(ctx, threadData, threadData->sslConn); SSLConn_Close(ctx, threadData, threadData->sslConn);
SSLConn_FreeSSLConn(threadData); SSLConn_FreeSSLConn(threadData);
WolfSSLCtx_Final(threadData->ctx); WolfSSLCtx_Final(threadData);
} }
free(ctx->threadData); free(ctx->threadData);
ctx->threadData = NULL;
free(ctx); free(ctx);
} }
@ -515,6 +518,7 @@ static void SSLConn_FreeSSLConn(ThreadData* threadData)
; ;
#endif #endif
wolfSSL_free(sslConn->ssl); wolfSSL_free(sslConn->ssl);
sslConn->ssl = NULL;
close(sslConn->sockfd); close(sslConn->sockfd);
free(sslConn); free(sslConn);
@ -736,69 +740,71 @@ static void SSLConn_PrintStats(SSLConn_CTX* ctx)
* returns EXIT_SUCCESS when a wolfSSL context object is created and * returns EXIT_SUCCESS when a wolfSSL context object is created and
* EXIT_FAILURE otherwise. * EXIT_FAILURE otherwise.
*/ */
static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert, static int WolfSSLCtx_Init(ThreadData* threadData, int version, int allowDowngrade,
char* cipherList, int* devId, char* cert, char* key, char* verifyCert, char* cipherList)
WOLFSSL_CTX** wolfsslCtx)
{ {
WOLFSSL_CTX* ctx;
wolfSSL_method_func method = NULL; wolfSSL_method_func method = NULL;
method = SSL_GetMethod(version); method = SSL_GetMethod(version, allowDowngrade);
if (method == NULL) if (method == NULL)
return(EXIT_FAILURE); return(EXIT_FAILURE);
/* Create and initialize WOLFSSL_CTX structure */ /* Create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(method(NULL))) == NULL) { if ((threadData->ctx = wolfSSL_CTX_new(method(NULL))) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n"); fprintf(stderr, "wolfSSL_CTX_new error.\n");
return(EXIT_FAILURE); return(EXIT_FAILURE);
} }
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (wolfAsync_DevOpen(devId) != 0) { #ifndef WC_NO_ASYNC_THREADING
if (wolfAsync_DevOpenThread(&threadData->devId, &threadData->thread_id) < 0)
#else
if (wolfAsync_DevOpen(&threadData->devId) < 0)
#endif
{
fprintf(stderr, "Async device open failed\nRunning without async\n"); fprintf(stderr, "Async device open failed\nRunning without async\n");
} }
wolfSSL_CTX_UseAsync(ctx, *devId); wolfSSL_CTX_UseAsync(threadData->ctx, threadData->devId);
#endif #endif
/* Load server certificate into WOLFSSL_CTX */ /* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM) if (wolfSSL_CTX_use_certificate_file(threadData->ctx, cert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) { != SSL_SUCCESS) {
fprintf(stderr, "Error loading %s, please check the file.\n", cert); fprintf(stderr, "Error loading %s, please check the file.\n", cert);
wolfSSL_CTX_free(ctx); WolfSSLCtx_Final(threadData);
return(EXIT_FAILURE); return(EXIT_FAILURE);
} }
/* Load server key into WOLFSSL_CTX */ /* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) if (wolfSSL_CTX_use_PrivateKey_file(threadData->ctx, key, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) { != SSL_SUCCESS) {
fprintf(stderr, "Error loading %s, please check the file.\n", key); fprintf(stderr, "Error loading %s, please check the file.\n", key);
wolfSSL_CTX_free(ctx); WolfSSLCtx_Final(threadData);
return(EXIT_FAILURE); return(EXIT_FAILURE);
} }
/* Setup client authentication. */ /* Setup client authentication. */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); wolfSSL_CTX_set_verify(threadData->ctx, SSL_VERIFY_PEER, 0);
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) { if (wolfSSL_CTX_load_verify_locations(threadData->ctx, verifyCert, 0) != SSL_SUCCESS) {
fprintf(stderr, "Error loading %s, please check the file.\n", fprintf(stderr, "Error loading %s, please check the file.\n",
verifyCert); verifyCert);
wolfSSL_CTX_free(ctx); WolfSSLCtx_Final(threadData);
return(EXIT_FAILURE); return(EXIT_FAILURE);
} }
if (cipherList != NULL) { if (cipherList != NULL) {
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) { if (wolfSSL_CTX_set_cipher_list(threadData->ctx, cipherList) != SSL_SUCCESS) {
fprintf(stderr, "Server can't set cipher list.\n"); fprintf(stderr, "Server can't set cipher list.\n");
wolfSSL_CTX_free(ctx); WolfSSLCtx_Final(threadData);
return(EXIT_FAILURE); return(EXIT_FAILURE);
} }
} }
#ifndef NO_DH #ifndef NO_DH
SetDHCtx(ctx); SetDHCtx(threadData->ctx);
#endif #endif
*wolfsslCtx = ctx;
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
@ -806,9 +812,14 @@ static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert,
* *
* ctx The wolfSSL context object. * ctx The wolfSSL context object.
*/ */
static void WolfSSLCtx_Final(WOLFSSL_CTX* ctx) static void WolfSSLCtx_Final(ThreadData* threadData)
{ {
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(threadData->ctx);
threadData->ctx = NULL;
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&threadData->devId);
#endif
} }
/* Create a socket to listen on and wait for first client. /* Create a socket to listen on and wait for first client.
@ -879,8 +890,7 @@ static void *ThreadHandler(void *data)
#endif #endif
/* Initialize wolfSSL and create a context object. */ /* Initialize wolfSSL and create a context object. */
if (WolfSSLCtx_Init(version, ourCert, ourKey, verifyCert, cipherList, if (WolfSSLCtx_Init(threadData, version, allowDowngrade, ourCert, ourKey, verifyCert, cipherList) == -1) {
&threadData->devId, &threadData->ctx) == -1) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@ -1061,6 +1071,7 @@ static void Usage(void)
printf("-p <num> Port to listen on, not 0, default %d\n", DEFAULT_PORT); printf("-p <num> Port to listen on, not 0, default %d\n", DEFAULT_PORT);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n", printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
SERVER_DEFAULT_VERSION); SERVER_DEFAULT_VERSION);
printf("-a Allow TLS version downgrade\n");
printf("-l <str> Cipher suite list (: delimited)\n"); printf("-l <str> Cipher suite list (: delimited)\n");
printf("-c <file> Certificate file, default %s\n", SVR_CERT); printf("-c <file> Certificate file, default %s\n", SVR_CERT);
printf("-k <file> Key file, default %s\n", SVR_KEY); printf("-k <file> Key file, default %s\n", SVR_KEY);
@ -1105,6 +1116,9 @@ int main(int argc, char* argv[])
exit(MY_EX_USAGE); exit(MY_EX_USAGE);
} }
break; break;
case 'a':
allowDowngrade = 1;
break;
/* List of cipher suites to use. */ /* List of cipher suites to use. */
case 'l': case 'l':
@ -1193,6 +1207,10 @@ int main(int argc, char* argv[])
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_HardwareStart();
#endif
/* Initialize wolfSSL */ /* Initialize wolfSSL */
wolfSSL_Init(); wolfSSL_Init();
@ -1222,6 +1240,10 @@ int main(int argc, char* argv[])
wolfSSL_Cleanup(); wolfSSL_Cleanup();
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_HardwareStop();
#endif
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }