x509storeissuer update#50
Conversation
| td->q_data[quantiles - 1].count = count; | ||
| td->q_data[quantiles - 1].end_time = time; | ||
|
|
||
| err: |
There was a problem hiding this comment.
ci seems to be unhappy because of this. I would try to add return; or just empty statement ;. finge cross.
d1454e0 to
b327824
Compare
b327824 to
1206f0b
Compare
1206f0b to
3001309
Compare
Sashan
left a comment
There was a problem hiding this comment.
May be I would move the recent changeset which populates store with certificates to separate PR. so we can get at least some changes in and fine tune new set of changes. that's just suggestions. but it feels like here we are just piling up more and more code.
| */ | ||
|
|
||
| #include <stdlib.h> | ||
| #include <dirent.h> |
There was a problem hiding this comment.
I'm afraid including dirent.h won't fly on windows.
ccbb791 to
4b335f7
Compare
| static unsigned char out[64]; | ||
| size_t len; | ||
|
|
||
| len = rand() % (sizeof(out) - 2) + 1; |
There was a problem hiding this comment.
What happens here if rand() returns a value that is a multiple of sizeof(out) - 2? Don't we then just get an empty string for the issuer or subject name? Is that a problem?
| fprintf(stderr, "Added %zu generated certificates to the store\n", | ||
| num_store_gen_certs); | ||
|
|
||
| num_certs += read_certsdirs(argv + dirs_start, argc - dirs_start - 1, |
There was a problem hiding this comment.
So, I'm a bit confused here. Most of this code that targets x509storeissuer is about dynamically generating certificates at run time. Are we also allowing the loading of a certificate directory from disk? If we are allowing both, would it make more sense to move the dynamic generation to an external script in the repository, so that we can just support reading from disk in the code, and create any dynamic certs via the aforementioned script?
There was a problem hiding this comment.
I guess it makes sense. The idea behind generating them in the test was to have control over the contents of the certificates, but that can just as well be achieved by an external script.
There was a problem hiding this comment.
The loading has been reworked to include -l/-L/-E options, the certificate generation patches have been dropped.
|
|
||
| #include <stdarg.h> | ||
| # if !defined(_WIN32) | ||
|
|
There was a problem hiding this comment.
nit: we don't do new lines around the ifdefs
| goto err; | ||
| } | ||
| if (cert == NULL) | ||
| errx(EXIT_FAILURE, "Failed to allocate cert path"); |
There was a problem hiding this comment.
You're missing goto err on every errx.
There was a problem hiding this comment.
errx() does exit() so goto won't be executed.
|
|
||
| return ret; | ||
| } | ||
|
|
There was a problem hiding this comment.
Can you move it to libperf? It's used in other tests, and that should be fixed in other tests in another PR.
There was a problem hiding this comment.
Will do a separate PR for that.
| fprintf(stderr, | ||
| "Usage: %s [-t] [-v] [-T time] [-n nonce_type:type_args] " | ||
| "certsdir threadcount\n" | ||
| "certsdir [certsdir...] threadcount\n" |
There was a problem hiding this comment.
Initially it was in order to avoid the need to combine the cert dirs outside the test, now it's more to get ability to point to a generated certs dir in addition to initially loaded ones.
| counts[num]++; | ||
| time = ossl_time_now(); | ||
| if ((count & 0x3f) == 0) | ||
| time = ossl_time_now(); |
There was a problem hiding this comment.
Please keep it aligned with other tests. If there is an issue, create a new ticket where we can discuss it.
There was a problem hiding this comment.
Since the were no observed benefit on MacOS after all, the patch has been dropped.
Sashan
left a comment
There was a problem hiding this comment.
looks good in general. I could spot few nits which I think are worth to address.
| if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, x509, NULL)) { | ||
| printf("Failed to initialise X509_STORE_CTX\n"); | ||
| err = 1; | ||
| alg = p ? *alg_storage = OPENSSL_strndup(algstr, p - algstr) : algstr; |
There was a problem hiding this comment.
I wonder if there should also be OPENSSL_strdup(algstr) in false branch.
There was a problem hiding this comment.
The offending code has been dropped after the latest changes.
| return ctx; | ||
|
|
||
| err: | ||
| EVP_PKEY_CTX_free(ctx); |
There was a problem hiding this comment.
shall we do
OPENSSL_free(alg);
*alg_storage = NULL;
it does not matter much now because program is going to terminate when failure happens here.
| static unsigned char out[64]; | ||
| size_t len; | ||
|
|
||
| len = rand() % (sizeof(out) - 2) + 1; |
There was a problem hiding this comment.
shall we care if rand() returns 0 here making the function to yield an empty string?
| int error = 1; | ||
|
|
||
| cert = X509_new(); | ||
| if (!cert) { |
There was a problem hiding this comment.
NIT: in function make_pkey_ctx() we use == NULL / != NULL to compare pointers. either way is fine with me as long as it is used consistently. Well I have slight preference to use == NULL over !x
thanks.
| X509 *x509_nonce = X509_new(); | ||
| X509_NAME *x509_name_nonce = NULL; | ||
|
|
||
| if (!x509_nonce) |
| #if defined(_WIN32) | ||
| /* | ||
| * So, we don't try to concatenate the provided path with the directory | ||
| * paths if the path start with the following: |
There was a problem hiding this comment.
I think it should be ...the path starts
| { | ||
| X509 *x509 = NULL; | ||
| char *path = NULL; | ||
| size_t ret = 1; |
There was a problem hiding this comment.
I think ret should be initialized to 0 here.
| static void | ||
| do_x509storeissuer(size_t num) | ||
| { | ||
| struct thread_data *td = thread_data + num; |
There was a problem hiding this comment.
would it be possible to do td = &thread_data[num]; thanks.
|
openssl head 0ab2ece0a2025ebdea1f94744424ef89ffb9a2b0 ./Configure --banner=Configured --strict-warningsMain branch $ ./x509storeissuer -t /Users/npajkovsky/openssl/openssl/test/certs 8
1.981555Your branch $ ./x509storeissuer -t /Users/npajkovsky/openssl/openssl/test/certs 8
4.663879There is something that changes the behaviour of the test that we already have publicly available. |
|
hmm, this is actually a very good point. I think the whole statistics machinery deserves some explanation in comment. I see the difference, but otherway round: |
| issuer = NULL; | ||
| } | ||
|
|
||
| count++; |
There was a problem hiding this comment.
I found the code block which starts at 769 as pretty dense. it perhaps deserves some comment here. my understanding is that the whole idea is to divide the collection of statistics to evenly distributed samples (quantiles). The current setting is there are 5 quantiles for the whole duration of test which is 5 secs.
the line here just makes we check the elapsed time only once in a while (count 0x3f). If time collection interval ellapses, then we save a sample (quantile) for elapsed interval.
and one important detail to mention here is that when tool is running with -t option, terse mode there is just one quantile (quantile = 1) which covers the whole test duration. no split to evenly distributed intervals happens.
| td->q_data[q].found = found; | ||
| td->q_data[q].added_certs = add; | ||
| td->q_data[q].end_time = time; | ||
| q_end.t = (duration.t * (++q + 1)) / quantiles + td->start_time.t; |
There was a problem hiding this comment.
here we calculate the time when to collect the next sample. ++q + 1 prevents 0 (which might be interpreted as now in current logic at line 771.
|
@npajkovsky given that this change introduces a population of the X509_STORE that we are testing (i.e. with this change we're actually iterating over lots of certificates. vs no certificates), I would expect some level of run time increase (though a 4x slowdown is odd). Weather or not we should set the default NUM_KEYS value to 16 vs 0 is probably the question to answer here. |
I'm going to change the defaults so it still measures the time against an empty store, so the additional measurements can be added separately. |
Number of certificates in the store should not matter much. X509_STORE is using hastable which maps certificate's |
|
The difference between performance is because the original code didn't find the certificate, while @esyr code finds it. That triggers a bit of different code paths which we can measure.
|
|
Also, there are two leaks. |
0b96651 to
44e0c66
Compare
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
… function Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
…ration Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
…mmering the common counts array's cache line Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
…nt and report successful calls Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
…e store Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
…bosity level is DEBUG_STATS or higher Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
…the run Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
…t run matrix Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
45e4a5f to
176619a
Compare
…e in CI Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
|
|
||
| do { | ||
| if (td->cert_count > 0 && (rand() % 65536 < w_probability)) { | ||
| size_t cert_id = add % td->cert_count; |
There was a problem hiding this comment.
What was the license on the code you were borrowing from FreeBSD?
The normal license on FreeBSD is copyright the freebsd foundation and is 2 clause BSD. You can't
just copy code from FreeBSD that is licensed like that, and put it in something that is Apache2 licensed copyright the OpenSSL authors. You would have to ask permission to relicense like that unless we
include the original license with the code and license such code like that.
Do we really need this level of complexity for this test?
| extern void vwarn(const char *, va_list); | ||
|
|
||
| extern ossl_noreturn void errx(int, const char *, ...); | ||
| extern ossl_noreturn void err(int, const char *, ...); |
There was a problem hiding this comment.
Adding this dependency here seems awfully intrusive in the rest of the code, for what you're
actually getting out of it for this that couldn't be done in other ways.
If we decide we want this (and I'm a BSD guy so not overly objectiing to them) I think this should be
a decision to deal with this separately from improvements to this test.
| OSSL_TIME max_time; | ||
|
|
||
| int err = 0; | ||
| int error = 0; |
There was a problem hiding this comment.
As mentioned, this is pretty intrusive and should probably be a separate change from this.
like with a real issue and stuff about the name of this global symbol in this file and what it conflicts with. To me it seems like changing err to error is just moving the deck chair over one place and waiting for the next conflict. While making a decision to solve that is fine, we should solve it rather than just hacking this just for the purpose of having err() in this test.
| */ | ||
|
|
||
| #ifndef OSSL_PERFLIB_NORETURN_H | ||
| # define OSSL_PERFLIB_BASENAME_H |
There was a problem hiding this comment.
This appears to not be guarded, as. you're defining something different than the guard.
| #else | ||
| # define ALIGN64 | ||
| #endif | ||
|
|
There was a problem hiding this comment.
Got a measured perfomance difference with and without?
| if (!perflib_run_multi_thread_test(do_x509storeissuer, threadcount, &duration)) { | ||
| printf("Failed to run the test\n"); | ||
| goto err; | ||
| x509_nonce = make_nonce(&nonce_cfg); |
There was a problem hiding this comment.
So this can return NULL, and is already checked.
There was a problem hiding this comment.
so that function does not need noreturn, and therefore I don't think you also need to bring in the noreturn stuff just for this.
|
|
||
| ret = EXIT_SUCCESS; | ||
|
|
||
| err: |
There was a problem hiding this comment.
I think changing this sort of stuff to errx is probably a regression if the tests are used to check leaks, it just becomes a pain. So I would avoid adding more of this type of refactor until we know what our answer is for that, and just keep these as goto err;
Additionaly because a lot of what appears to be being brought in here for err/errx is a lot of unrelated churn for this. and makes this change a lot more intrusive than we need otherwise.
If we truly want err/errx in tests we should make an issue for it, and add it separately, with some documentation on it at least in it's header file for internal use here, and a PR to add it, before using it. Adding it while doing this seems to add a lot of baggage and complexity to this PR that I don't think is needed.
There was a problem hiding this comment.
FYI: err/errx has been added some time ago:
#26
the question rather is to drop the changeset which does s/err/error exercise. this changeset came from here as an attempt to fix some linker/compiler warning on windows. The compile/warning was triggered by code which no longer exists here. so there is some history in this PR...
This patch set slightly updates the
x509storeissuertest to actually populate the store with certificates, and provides additional modes of operation and measurement data (when requested).Resolves: openssl/project#1529