=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/s_time.c,v retrieving revision 1.37 retrieving revision 1.38 diff -c -r1.37 -r1.38 *** src/usr.bin/openssl/s_time.c 2023/03/05 13:12:53 1.37 --- src/usr.bin/openssl/s_time.c 2023/03/06 14:32:06 1.38 *************** *** 1,4 **** ! /* $OpenBSD: s_time.c,v 1.37 2023/03/05 13:12:53 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: s_time.c,v 1.38 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 113,154 **** int verify; int verify_depth; char *www_path; ! } s_time_config; static const struct option s_time_options[] = { { .name = "bugs", .desc = "Enable workarounds for known SSL/TLS bugs", .type = OPTION_FLAG, ! .opt.flag = &s_time_config.bugs, }, { .name = "CAfile", .argname = "file", .desc = "File containing trusted certificates in PEM format", .type = OPTION_ARG, ! .opt.arg = &s_time_config.CAfile, }, { .name = "CApath", .argname = "path", .desc = "Directory containing trusted certificates", .type = OPTION_ARG, ! .opt.arg = &s_time_config.CApath, }, { .name = "cert", .argname = "file", .desc = "Client certificate to use, if one is requested", .type = OPTION_ARG, ! .opt.arg = &s_time_config.certfile, }, { .name = "cipher", .argname = "list", .desc = "List of cipher suites to send to the server", .type = OPTION_ARG, ! .opt.arg = &s_time_config.cipher, }, { .name = "connect", --- 113,154 ---- int verify; int verify_depth; char *www_path; ! } cfg; static const struct option s_time_options[] = { { .name = "bugs", .desc = "Enable workarounds for known SSL/TLS bugs", .type = OPTION_FLAG, ! .opt.flag = &cfg.bugs, }, { .name = "CAfile", .argname = "file", .desc = "File containing trusted certificates in PEM format", .type = OPTION_ARG, ! .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "path", .desc = "Directory containing trusted certificates", .type = OPTION_ARG, ! .opt.arg = &cfg.CApath, }, { .name = "cert", .argname = "file", .desc = "Client certificate to use, if one is requested", .type = OPTION_ARG, ! .opt.arg = &cfg.certfile, }, { .name = "cipher", .argname = "list", .desc = "List of cipher suites to send to the server", .type = OPTION_ARG, ! .opt.arg = &cfg.cipher, }, { .name = "connect", *************** *** 156,194 **** .desc = "Host and port to connect to (default " SSL_CONNECT_NAME ")", .type = OPTION_ARG, ! .opt.arg = &s_time_config.host, }, { .name = "key", .argname = "file", .desc = "Client private key to use, if one is required", .type = OPTION_ARG, ! .opt.arg = &s_time_config.keyfile, }, { .name = "nbio", .desc = "Use non-blocking I/O", .type = OPTION_FLAG, ! .opt.flag = &s_time_config.nbio, }, { .name = "new", .desc = "Use a new session ID for each connection", .type = OPTION_VALUE, ! .opt.value = &s_time_config.perform, .value = 1, }, { .name = "no_shutdown", .desc = "Shut down the connection without notifying the server", .type = OPTION_FLAG, ! .opt.flag = &s_time_config.no_shutdown, }, { .name = "reuse", .desc = "Reuse the same session ID for each connection", .type = OPTION_VALUE, ! .opt.value = &s_time_config.perform, .value = 2, }, { --- 156,194 ---- .desc = "Host and port to connect to (default " SSL_CONNECT_NAME ")", .type = OPTION_ARG, ! .opt.arg = &cfg.host, }, { .name = "key", .argname = "file", .desc = "Client private key to use, if one is required", .type = OPTION_ARG, ! .opt.arg = &cfg.keyfile, }, { .name = "nbio", .desc = "Use non-blocking I/O", .type = OPTION_FLAG, ! .opt.flag = &cfg.nbio, }, { .name = "new", .desc = "Use a new session ID for each connection", .type = OPTION_VALUE, ! .opt.value = &cfg.perform, .value = 1, }, { .name = "no_shutdown", .desc = "Shut down the connection without notifying the server", .type = OPTION_FLAG, ! .opt.flag = &cfg.no_shutdown, }, { .name = "reuse", .desc = "Reuse the same session ID for each connection", .type = OPTION_VALUE, ! .opt.value = &cfg.perform, .value = 2, }, { *************** *** 196,216 **** .argname = "seconds", .desc = "Duration to perform timing tests for (default 30)", .type = OPTION_ARG_TIME, ! .opt.tvalue = &s_time_config.maxtime, }, { .name = "verify", .argname = "depth", .desc = "Enable peer certificate verification with given depth", .type = OPTION_ARG_INT, ! .opt.value = &s_time_config.verify_depth, }, { .name = "www", .argname = "page", .desc = "Page to GET from the server (default none)", .type = OPTION_ARG, ! .opt.arg = &s_time_config.www_path, }, { NULL }, }; --- 196,216 ---- .argname = "seconds", .desc = "Duration to perform timing tests for (default 30)", .type = OPTION_ARG_TIME, ! .opt.tvalue = &cfg.maxtime, }, { .name = "verify", .argname = "depth", .desc = "Enable peer certificate verification with given depth", .type = OPTION_ARG_INT, ! .opt.value = &cfg.verify_depth, }, { .name = "www", .argname = "page", .desc = "Page to GET from the server (default none)", .type = OPTION_ARG, ! .opt.arg = &cfg.www_path, }, { NULL }, }; *************** *** 245,271 **** verify_depth = 0; ! memset(&s_time_config, 0, sizeof(s_time_config)); ! s_time_config.host = SSL_CONNECT_NAME; ! s_time_config.maxtime = SECONDS; ! s_time_config.perform = 3; ! s_time_config.verify = SSL_VERIFY_NONE; ! s_time_config.verify_depth = -1; if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) { s_time_usage(); goto end; } ! if (s_time_config.verify_depth >= 0) { ! s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; ! verify_depth = s_time_config.verify_depth; BIO_printf(bio_err, "verify depth is %d\n", verify_depth); } ! if (s_time_config.www_path != NULL && ! strlen(s_time_config.www_path) > MYBUFSIZ - 100) { BIO_printf(bio_err, "-www option too long\n"); goto end; } --- 245,271 ---- verify_depth = 0; ! memset(&cfg, 0, sizeof(cfg)); ! cfg.host = SSL_CONNECT_NAME; ! cfg.maxtime = SECONDS; ! cfg.perform = 3; ! cfg.verify = SSL_VERIFY_NONE; ! cfg.verify_depth = -1; if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) { s_time_usage(); goto end; } ! if (cfg.verify_depth >= 0) { ! cfg.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; ! verify_depth = cfg.verify_depth; BIO_printf(bio_err, "verify depth is %d\n", verify_depth); } ! if (cfg.www_path != NULL && ! strlen(cfg.www_path) > MYBUFSIZ - 100) { BIO_printf(bio_err, "-www option too long\n"); goto end; } *************** *** 275,299 **** SSL_CTX_set_quiet_shutdown(tm_ctx, 1); ! if (s_time_config.bugs) SSL_CTX_set_options(tm_ctx, SSL_OP_ALL); ! if (s_time_config.cipher != NULL) { ! if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) { BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } } ! SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL); ! if (!set_cert_stuff(tm_ctx, s_time_config.certfile, ! s_time_config.keyfile)) goto end; ! if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile, ! s_time_config.CApath)) || (!SSL_CTX_set_default_verify_paths(tm_ctx))) { /* * BIO_printf(bio_err,"error setting default verify --- 275,299 ---- SSL_CTX_set_quiet_shutdown(tm_ctx, 1); ! if (cfg.bugs) SSL_CTX_set_options(tm_ctx, SSL_OP_ALL); ! if (cfg.cipher != NULL) { ! if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) { BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } } ! SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL); ! if (!set_cert_stuff(tm_ctx, cfg.certfile, ! cfg.keyfile)) goto end; ! if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile, ! cfg.CApath)) || (!SSL_CTX_set_default_verify_paths(tm_ctx))) { /* * BIO_printf(bio_err,"error setting default verify *************** *** 304,312 **** } /* Loop and time how long it takes to make connections */ ! if (s_time_config.perform & 1) { printf("Collecting connection statistics for %lld seconds\n", ! (long long)s_time_config.maxtime); if (benchmark(0)) goto end; } --- 304,312 ---- } /* Loop and time how long it takes to make connections */ ! if (cfg.perform & 1) { printf("Collecting connection statistics for %lld seconds\n", ! (long long)cfg.maxtime); if (benchmark(0)) goto end; } *************** *** 314,320 **** * Now loop and time connections using the same session id over and * over */ ! if (s_time_config.perform & 2) { printf("\n\nNow timing with session id reuse.\n"); if (benchmark(1)) goto end; --- 314,320 ---- * Now loop and time connections using the same session id over and * over */ ! if (cfg.perform & 2) { printf("\n\nNow timing with session id reuse.\n"); if (benchmark(1)) goto end; *************** *** 348,354 **** if ((conn = BIO_new(BIO_s_connect())) == NULL) return 0; ! BIO_set_conn_hostname(conn, s_time_config.host); SSL_set_connect_state(scon); SSL_set_bio(scon, conn, conn); for (;;) { --- 348,354 ---- if ((conn = BIO_new(BIO_s_connect())) == NULL) return 0; ! BIO_set_conn_hostname(conn, cfg.host); SSL_set_connect_state(scon); SSL_set_bio(scon, conn, conn); for (;;) { *************** *** 372,380 **** ERR_print_errors(bio_err); return 0; } ! if (s_time_config.www_path != NULL) { retval = snprintf(buf, sizeof buf, ! "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path); if (retval < 0 || retval >= sizeof buf) { fprintf(stderr, "URL too long\n"); return 0; --- 372,380 ---- ERR_print_errors(bio_err); return 0; } ! if (cfg.www_path != NULL) { retval = snprintf(buf, sizeof buf, ! "GET %s HTTP/1.0\r\n\r\n", cfg.www_path); if (retval < 0 || retval >= sizeof buf) { fprintf(stderr, "URL too long\n"); return 0; *************** *** 384,390 **** while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; } ! if (s_time_config.no_shutdown) SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); else --- 384,390 ---- while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; } ! if (cfg.no_shutdown) SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); else *************** *** 436,442 **** app_timer_user(TM_RESET); for (;;) { elapsed = app_timer_real(TM_GET); ! if (elapsed > s_time_config.maxtime) break; if (scon == NULL) { if ((scon = SSL_new(tm_ctx)) == NULL) --- 436,442 ---- app_timer_user(TM_RESET); for (;;) { elapsed = app_timer_real(TM_GET); ! if (elapsed > cfg.maxtime) break; if (scon == NULL) { if ((scon = SSL_new(tm_ctx)) == NULL)