Make SSL handshakes much faster

This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2025-06-28 07:18:30 +00:00 · 2021-07-11 23:17:47 -07:00 · 2021-07-11 23:17:47 -07:00 · f3e28aa192
commit f3e28aa192
parent 8c4cce043c
103 changed files with 1310 additions and 1085 deletions
--- a/libc/log/backtrace2.c
+++ b/libc/log/backtrace2.c
@ -135,10 +135,12 @@ static int PrintBacktrace(int fd, const struct StackFrame *bp) {

 void ShowBacktrace(int fd, const struct StackFrame *bp) {
  static bool noreentry;
+  ++ftrace;
  if (!bp) bp = __builtin_frame_address(0);
  if (!noreentry) {
    noreentry = true;
    PrintBacktrace(fd, bp);
-    noreentry = 0;
+    noreentry = false;
  }
+  --ftrace;
 }
--- a/libc/log/backtrace3.c
+++ b/libc/log/backtrace3.c
@ -42,6 +42,7 @@
 */
 int PrintBacktraceUsingSymbols(int fd, const struct StackFrame *bp,
                               struct SymbolTable *st) {
+  int rc;
  char *p;
  size_t gi;
  intptr_t addr;
@ -50,10 +51,11 @@ int PrintBacktraceUsingSymbols(int fd, const struct StackFrame *bp,
  char buf[256], ibuf[21];
  const struct Symbol *symbol;
  const struct StackFrame *frame;
+  ++ftrace;
  if (!bp) bp = __builtin_frame_address(0);
  garbage = weaken(__garbage);
  gi = garbage ? garbage->i : 0;
-  for (frame = bp; frame; frame = frame->next) {
+  for (rc = 0, frame = bp; frame; frame = frame->next) {
    addr = frame->addr;
    if (addr == weakaddr("__gc")) {
      do {
@ -80,8 +82,10 @@ int PrintBacktraceUsingSymbols(int fd, const struct StackFrame *bp,
    }
    *p++ = '\n';
    if (write(fd, buf, p - buf) == -1) {
-      return -1;
+      rc = -1;
+      break;
    }
  }
-  return 0;
+  --ftrace;
+  return rc;
 }
--- a/libc/log/getsymboltable.c
+++ b/libc/log/getsymboltable.c
@ -30,10 +30,12 @@ struct SymbolTable *GetSymbolTable(void) {
  const char *debugbin;
  if (!once) {
    once = true;
+    ++ftrace;
    if ((debugbin = FindDebugBinary()) &&
        (singleton = OpenSymbolTable(debugbin))) {
      __cxa_atexit(CloseSymbolTable, &singleton, NULL);
    }
+    --ftrace;
  }
  return singleton;
 }
--- a/libc/log/log.h
+++ b/libc/log/log.h
@ -14,6 +14,7 @@
 #define kLogInfo    3
 #define kLogVerbose 4
 #define kLogDebug   5
+#define kLogNoise   6

 /**
 * Log level for compile-time DCE.
@ -60,6 +61,19 @@ extern unsigned __log_level; /* log level for runtime check */
  ((!__builtin_constant_p(LEVEL) || (LEVEL) <= LOGGABLELEVEL) && \
   (LEVEL) <= __log_level)

+#define FATALF(FMT, ...)                                              \
+  do {                                                                \
+    ffatalf(kLogFatal, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
+    unreachable;                                                      \
+  } while (0)
+
+#define WARNF(FMT, ...)                                              \
+  do {                                                               \
+    if (LOGGABLE(kLogWarn)) {                                        \
+      flogf(kLogWarn, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
+    }                                                                \
+  } while (0)
+
 #define LOGF(FMT, ...)                                               \
  do {                                                               \
    if (LOGGABLE(kLogInfo)) {                                        \
@ -67,6 +81,27 @@ extern unsigned __log_level; /* log level for runtime check */
    }                                                                \
  } while (0)

+#define VERBOSEF(FMT, ...)                                                  \
+  do {                                                                      \
+    if (LOGGABLE(kLogVerbose)) {                                            \
+      fverbosef(kLogVerbose, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
+    }                                                                       \
+  } while (0)
+
+#define DEBUGF(FMT, ...)                                                \
+  do {                                                                  \
+    if (LOGGABLE(kLogDebug)) {                                          \
+      fdebugf(kLogDebug, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
+    }                                                                   \
+  } while (0)
+
+#define NOISEF(FMT, ...)                                                \
+  do {                                                                  \
+    if (LOGGABLE(kLogNoise)) {                                          \
+      fnoisef(kLogNoise, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
+    }                                                                   \
+  } while (0)
+
 #define VFLOG(FMT, VA)                                     \
  do {                                                     \
    if (LOGGABLE(kLogInfo)) {                              \
@ -88,13 +123,6 @@ extern unsigned __log_level; /* log level for runtime check */
    }                                                   \
  } while (0)

-#define WARNF(FMT, ...)                                              \
-  do {                                                               \
-    if (LOGGABLE(kLogWarn)) {                                        \
-      flogf(kLogWarn, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
-    }                                                                \
-  } while (0)
-
 #define VWARNF(FMT, VA)                                    \
  do {                                                     \
    if (LOGGABLE(kLogWarn)) {                              \
@ -116,12 +144,6 @@ extern unsigned __log_level; /* log level for runtime check */
    }                                                   \
  } while (0)

-#define FATALF(FMT, ...)                                              \
-  do {                                                                \
-    ffatalf(kLogFatal, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
-    unreachable;                                                      \
-  } while (0)
-
 #define VFATALF(FMT, VA)                                    \
  do {                                                      \
    vffatalf(kLogFatal, __FILE__, __LINE__, NULL, FMT, VA); \
@ -140,20 +162,6 @@ extern unsigned __log_level; /* log level for runtime check */
    unreachable;                                         \
  } while (0)

-#define DEBUGF(FMT, ...)                                                \
-  do {                                                                  \
-    if (LOGGABLE(kLogDebug)) {                                          \
-      fdebugf(kLogDebug, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
-    }                                                                   \
-  } while (0)
-
-#define VERBOSEF(FMT, ...)                                                  \
-  do {                                                                      \
-    if (LOGGABLE(kLogVerbose)) {                                            \
-      fverbosef(kLogVerbose, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \
-    }                                                                       \
-  } while (0)
-
 #define VDEBUGF(FMT, VA)                                      \
  do {                                                        \
    if (LOGGABLE(kLogDebug)) {                                \
@ -182,6 +190,20 @@ extern unsigned __log_level; /* log level for runtime check */
    }                                                      \
  } while (0)

+#define VNOISEF(FMT, VA)                                      \
+  do {                                                        \
+    if (LOGGABLE(kLogNoise)) {                                \
+      vfnoisef(kLogNoise, __FILE__, __LINE__, NULL, FMT, VA); \
+    }                                                         \
+  } while (0)
+
+#define FNOISEF(F, FMT, ...)                                         \
+  do {                                                               \
+    if (LOGGABLE(kLogNoise)) {                                       \
+      fnoisef(kLogNoise, __FILE__, __LINE__, F, FMT, ##__VA_ARGS__); \
+    }                                                                \
+  } while (0)
+
 /*───────────────────────────────────────────────────────────────────────────│─╗
 │ cosmopolitan § liblog » on error resume next                             ─╬─│┼
 ╚────────────────────────────────────────────────────────────────────────────│*/
@ -219,6 +241,8 @@ void fverbosef(ARGS, ...) asm("flogf") ATTR relegated libcesque;
 void vfverbosef(ARGS, va_list) asm("vflogf") ATTRV relegated libcesque;
 void fdebugf(ARGS, ...) asm("flogf") ATTR relegated libcesque;
 void vfdebugf(ARGS, va_list) asm("vflogf") ATTRV relegated libcesque;
+void fnoisef(ARGS, ...) asm("flogf") ATTR relegated libcesque;
+void vfnoisef(ARGS, va_list) asm("vflogf") ATTRV relegated libcesque;
 void ffatalf(ARGS, ...) asm("flogf") ATTR relegated wontreturn libcesque;
 void vffatalf(ARGS, va_list) asm("vflogf") ATTRV relegated wontreturn libcesque;
 #undef ARGS
--- a/libc/log/vflogf.c
+++ b/libc/log/vflogf.c
@ -39,10 +39,6 @@

 static struct timespec vflogf_ts;

-static int vflogf_loglevel2char(unsigned level) {
-  return "FEWIVDYZ"[level & 7];
-}
-
 /**
 * Takes corrective action if logging is on the fritz.
 */
@ -87,6 +83,7 @@ void(vflogf)(unsigned level, const char *file, int line, FILE *f,
  int64_t secs, nsec, dots;
  if (!f) f = __log_file;
  if (!f) return;
+  ++ftrace;
  t2 = nowl();
  secs = t2;
  nsec = (t2 - secs) * 1e9L;
@ -104,8 +101,8 @@ void(vflogf)(unsigned level, const char *file, int line, FILE *f,
  prog = basename(program_invocation_name);
  bufmode = f->bufmode;
  if (bufmode == _IOLBF) f->bufmode = _IOFBF;
-  if ((fprintf)(f, "%c%s%06ld:%s:%d:%.*s:%d] ", vflogf_loglevel2char(level),
-                buf32p, rem1000000int64(div1000int64(dots)), file, line,
+  if ((fprintf)(f, "%c%s%06ld:%s:%d:%.*s:%d] ", "FEWIVDNT"[level & 7], buf32p,
+                rem1000000int64(div1000int64(dots)), file, line,
                strchrnul(prog, '.') - prog, prog, getpid()) <= 0) {
    vflogf_onfail(f);
  }
@ -124,4 +121,5 @@ void(vflogf)(unsigned level, const char *file, int line, FILE *f,
    __die();
    unreachable;
  }
+  --ftrace;
 }