handshake: add freeze option

nikolapajkovsky · Sashan · commit 0720238f6493 · 2026-03-26T17:39:49.000+01:00
Signed-off-by: Nikola Pajkovsky &lt;nikolap@openssl.org&gt;
diff --git a/README.md b/README.md
@@ -49,8 +49,9 @@ handshakes are performed divided evenly among each thread. It take 2 optional
 and two required arguments:
 
 ```
-handshake [-t] [-s] <certsdir> <threadcount>
+handshake [-t] [-s] [-f] <certsdir> <threadcount>
 -t - produce terse output
+-f - freeze default context (available only with openssl >= 4.x.x)
 -s - create an ssl_ctx per connection, rather than a single thread-shared ctx
 -p - use ossl_lib_ctx per thread
 -P - use ossl_lib_ctx pool (can be combined with -s. If sharing is enabled, ssl_ctx
diff --git a/source/handshake.c b/source/handshake.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "config.h"
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -336,6 +337,9 @@ void usage(const char *progname)
     printf("-P - use ossl_lib_ctx pool\n");
     printf("-l - use ssl ctx pool\n");
     printf("-o - set ossl_lib_ctx pool size\n");
+#endif
+#ifdef HAVE_OSSL_LIB_CTX_FREEZE
+    printf("-f - freeze default context\n");
 #endif
     printf("-S [n] - use secure memory\n");
     printf("-V - print version information and exit\n");
@@ -353,15 +357,21 @@ int main(int argc, char * const argv[])
     int opt;
     int p_flag = 0, P_flag = 0, l_flag = 0;
     char *endptr = NULL;
-
-    while ((opt = getopt(argc, argv,
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-                         "tspPo:lS:V"
+    char *getopt_options = "tsS:V";
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && defined(HAVE_OSSL_LIB_CTX_FREEZE)
+    int freeze = 0;
+    getopt_options =  "tspPo:lS:Vf";
 #else
-                         "tsS:V"
+    getopt_options =  "tspPo:lS:V";
 #endif
-                         )) != -1) {
+
+    while ((opt = getopt(argc, argv, getopt_options)) != -1) {
         switch (opt) {
+#ifdef HAVE_OSSL_LIB_CTX_FREEZE
+        case 'f':
+            freeze = 1;
+            break;
+#endif
         case 't':
             terse = 1;
             break;
@@ -474,6 +484,15 @@ int main(int argc, char * const argv[])
 
     max_time = ossl_time_add(ossl_time_now(), ossl_seconds2time(RUN_TIME));
 
+#ifdef HAVE_OSSL_LIB_CTX_FREEZE
+    if (freeze) {
+        if (OSSL_LIB_CTX_freeze(NULL, NULL) == 0) {
+            fprintf(stderr, "Freezing LIB CTX failed\n");
+            goto err;
+        }
+    }
+#endif
+
     switch (test_case) {
     case TC_SSL_CTX: {
         if (share_ctx == 1) {
