Open Bug 286635 Opened 20 years ago Updated 2 years ago

Performance optimizations in libssl

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Version:
3.9.5
Type:
defect

Tracking

(Not tracked)

People

(Reporter: julien.pierre, Unassigned)

Details

Attachments

(8 files)

remove safety locks
5.51 KB, patch
Details | Diff | Splinter Review
don't create RSA stepdown keys
778 bytes, patch
Details | Diff | Splinter Review
don't erase the security info structure multiple times
668 bytes, patch
Details | Diff | Splinter Review
start SSL buffer at 18KB
688 bytes, patch
Details | Diff | Splinter Review
don't copy unused fields
916 bytes, patch
Details | Diff | Splinter Review
avoid some memset calls
2.63 KB, patch
Details | Diff | Splinter Review
don't copy the server cert list
1.25 KB, patch
Details | Diff | Splinter Review
refer to the server's private key from model instead of copying
1.18 KB, patch
Details | Diff | Splinter Review 
After analyzing runtime code paths with dtrace, I came up with some quick and
dirty optimizations to accelerate libssl . I will attach a set of patches for
them. Most of those patches delete code that I deemed unnecessary for
benchmarking. They would need to be cleaned up to make that code optional. They
are not currently ready for checkin by any means, but I wanted to have a record
of them.
This patch removes the creation, deletion, and use of locks on SSL sockets.
These locks aren't strictly necessary. They are mostly there to avoid crashes
for applications that share sockets between multiple threads, and for
full-duplex operation. We should have a way for an application to turn these
locks off.
This is a quick and dirty hack to prevent RSA stepdown key creation. The reason
it improves SSL server performance is that those stepdown keys get duplicated
on every socket if they exist in the model or listen socket. Avoiding their
creation is thus a big win. The proper fix is to resolve bug 148452 .
This is a quick and dirty hack for bug 285525
Quick fix for bug 283763
These SECItems don't appear to be used in the SSL server codepath . Avoid
copying them.
Better fix for bug 283763
It should be possible to just refer to the cert list from the model/listen
socket, with slight semantic changes, rather than copying it and destrying it
for every socket. This patch just removes the copy. It's obviously not correct,
but that was done to measure the performance win.
This isn't really safe to do if the application gets rid of the model socket
before the connection sockets. But we should have a way to avoid the copy.
Maybe lock the model/listen socket to read-only, and refcount it.
QA Contact: bishakhabanerjee → jason.m.reid
QA Contact: jason.m.reid → libraries
Some of the above ideas were implemented in NSS 3.11.
The rest of these ideas can wait for the next big performance push.
Priority: -- → P3

The bug assignee didn't login in Bugzilla in the last 7 months, so the assignee is being reset.

Assignee: nelson → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: