From: Edwin Török <edwin.torok@cloud.com>
Date: Fri, 6 Jun 2025 15:23:29 +0000 (+0100)
Subject: openssl: enable readahead
X-Git-Tag: curl-8_15_0~283
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aea336aa231540c9d638939774474fc24b465ed5;p=thirdparty%2Fcurl.git

openssl: enable readahead

Speeds up TLS operations up to ~%13.

Closes #17548

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 464302dc86..f019fb2410 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -122,6 +122,12 @@
 static void ossl_provider_cleanup(struct Curl_easy *data);
 #endif
 
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+     !defined(LIBRESSL_VERSION_NUMBER) && \
+     !defined(OPENSSL_IS_BORINGSSL))
+  #define HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN 1
+#endif
+
 #include "../curlx/warnless.h"
 
 /* The last #include files should be: */
@@ -4112,6 +4118,21 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
   }
 
   SSL_CTX_set_options(octx->ssl_ctx, ctx_options);
+  SSL_CTX_set_read_ahead(octx->ssl_ctx, 1);
+
+  /* Max TLS1.2 record size 0x4000 + 0x800.
+     OpenSSL supports processing "jumbo TLS record" (8 TLS records) in one go
+     for some algorithms, so match that here.
+     Experimentation shows that a slightly larger buffer is needed
+      to avoid short reads.
+
+     However using a large buffer (8 packets) actually decreases performance.
+     4 packets is better.
+   */
+
+#ifdef HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN
+  SSL_CTX_set_default_read_buffer_len(octx->ssl_ctx, 0x401e * 4);
+#endif
 
 #ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
   /* We do retry writes sometimes from another buffer address */