Make redbean ssl handshake go a little faster

2025-03-03 07:29:23 +00:00 · 2021-07-03 05:51:04 -07:00 · 2021-07-03 05:51:04 -07:00 · 74200a0ea0
commit 74200a0ea0
parent 87222aad35
6 changed files with 33 additions and 18 deletions
--- a/libc/nexgen32e/sha1.S
+++ b/libc/nexgen32e/sha1.S
@ -640,6 +640,9 @@ BSWAP_SHUFB_CTL:
 .text

 sha1_transform_avx2:
+	push	%rbp
+	mov	%rsp,%rbp
+	.profilable
 	push	%rbx
 	push	%r12
 	push	%r13
@ -677,5 +680,6 @@ sha1_transform_avx2:
 	pop	%r13
 	pop	%r12
 	pop	%rbx
+	pop	%rbp
 	ret
 	.endfn	sha1_transform_avx2,globl
--- a/libc/nexgen32e/sha256.S
+++ b/libc/nexgen32e/sha256.S
@ -529,8 +529,11 @@ STACK_SIZE	= _RSP      + _RSP_SIZE
 ## arg 3 : Num blocks
 ########################################################################
 .text
-sha256_transform_rorx:
 .align 32
+sha256_transform_rorx:
+	push	%rbp
+	mov	%rsp,%rbp
+	.profilable
 	pushq	%rbx
 	pushq	%r12
 	pushq	%r13
@ -715,6 +718,7 @@ sha256_transform_rorx:
 	popq	%r13
 	popq	%r12
 	popq	%rbx
+	pop	%rbp
 	ret
 	.endfn	sha256_transform_rorx,globl

--- a/libc/nexgen32e/sha512.S
+++ b/libc/nexgen32e/sha512.S
@ -572,6 +572,9 @@ frame_size = frame_GPRSAVE + GPRSAVE_SIZE
 # "blocks" is the message length in SHA512 blocks
 ########################################################################
 sha512_transform_rorx:
+	push	%rbp
+	mov	%rsp,%rbp
+	.profilable
 	# Allocate Stack Space
 	mov	%rsp, %rax
 	sub	$frame_size, %rsp
@ -683,6 +686,7 @@ sha512_transform_rorx:

 	# Restore Stack Pointer
 	mov	frame_RSPSAVE(%rsp), %rsp
+	pop	%rbp
 	ret
 	.endfn	sha512_transform_rorx,globl

--- a/third_party/mbedtls/base64.c
+++ b/third_party/mbedtls/base64.c
@ -54,7 +54,7 @@ static const unsigned char base64_dec_map[128] =
 /*
 * Constant flow conditional assignment to unsigned char 
 */
-static void mbedtls_base64_cond_assign_uchar( unsigned char * dest,
+forceinline void mbedtls_base64_cond_assign_uchar( unsigned char * dest,
                                                   const unsigned char * const src,
                                                   unsigned char condition )
 {
@ -68,7 +68,7 @@ static void mbedtls_base64_cond_assign_uchar( unsigned char * dest,
 /*
 * Constant flow conditional assignment to uint_32
 */
-static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
+forceinline void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
                                                    uint32_t condition )
 {
    /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
@ -81,7 +81,7 @@ static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t s
 /*
 * Constant flow check for equality
 */
-static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
+forceinline unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
 {
    size_t difference = in_a ^ in_b;
    difference |= -difference;
--- a/third_party/mbedtls/everest.c
+++ b/third_party/mbedtls/everest.c
@ -36,6 +36,11 @@ asm(".include \"libc/disclaimer.inc\"");

 #if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)

+#ifdef memcpy
+#undef memcpy
+#endif
+#define memcpy(x,y,z) __builtin_memcpy(x,y,z)
+
 #define load64_le(b) READ64LE(b)
 #define store64_le(b, i) WRITE64LE(b, i)

--- a/tool/net/redbean.c
+++ b/tool/net/redbean.c
@ -149,6 +149,7 @@ STATIC_YOINK("usr/share/ssl/root/verisign.pem");

 #define HASH_LOAD_FACTOR /* 1. / */ 4
 #define read(F, P, N)    readv(F, &(struct iovec){P, N}, 1)
+#define write(F, P, N)   writev(F, &(struct iovec){P, N}, 1)
 #define LockInc(P)       asm volatile("lock incq\t%0" : "=m"(*(P)))
 #define AppendCrlf(P)    mempcpy(P, "\r\n", 2)
 #define HasHeader(H)     (!!msg.headers[H].a)
@ -363,13 +364,6 @@ static const char kCounterNames[] =
 #undef C
    ;

-static mbedtls_entropy_context ent = {
-    .source_count = 1,
-    .source = {{.f_source = mbedtls_hardware_poll,
-                .threshold = MBEDTLS_ENTROPY_MIN_HARDWARE,
-                .strong = MBEDTLS_ENTROPY_SOURCE_STRONG}},
-};
-
 typedef ssize_t (*reader_f)(int, void *, size_t);
 typedef ssize_t (*writer_f)(int, struct iovec *, int);

@ -1399,8 +1393,6 @@ static bool TlsSetup(void) {
  inbuf.n -= amtread;
  inbuf.c = amtread;
  amtread = 0;
-  mbedtls_ssl_setup(&ssl, &conf);
-  mbedtls_ssl_set_bio(&ssl, &client, TlsSend, 0, TlsRecv);
  for (;;) {
    if (!(r = mbedtls_ssl_handshake(&ssl))) {
      LockInc(&shared->c.sslhandshakes);
@ -1468,11 +1460,16 @@ static bool TlsSetup(void) {
  }
 }

+static int GetEntropy(void *c, unsigned char *p, size_t n) {
+  CHECK_EQ(n, getrandom(p, n, 0));
+  return 0;
+}
+
 static void InitializeRng(mbedtls_ctr_drbg_context *r) {
  volatile unsigned char b[64];
  mbedtls_ctr_drbg_init(r);
  CHECK(getrandom(b, 64, 0) == 64);
-  CHECK(!mbedtls_ctr_drbg_seed(r, mbedtls_entropy_func, &ent, b, 64));
+  CHECK(!mbedtls_ctr_drbg_seed(r, GetEntropy, 0, b, 64));
  mbedtls_platform_zeroize(b, 64);
 }

@ -5452,7 +5449,6 @@ static void HandleConnection(size_t i) {
        case 0:
          meltdown = false;
          connectionclose = false;
-          ReseedRng(&rng, "child");
          if (funtrace && !IsTiny()) {
            ftrace_install();
          }
@ -5696,6 +5692,8 @@ void RedBean(int argc, char *argv[]) {
  mbedtls_ssl_conf_dbg(&conf, TlsDebug, 0);
  LoadCertificates();
  mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &rng);
+  mbedtls_ssl_setup(&ssl, &conf);
+  mbedtls_ssl_set_bio(&ssl, &client, TlsSend, 0, TlsRecv);
 #endif
  if (launchbrowser) {
    LaunchBrowser(launchbrowser);