Annotation of src/usr.bin/openssl/s_time.c, Revision 1.10
1.10 ! bcook 1: /* $OpenBSD: s_time.c,v 1.9 2015/08/22 16:36:05 jsing Exp $ */
1.1 jsing 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3: * All rights reserved.
4: *
5: * This package is an SSL implementation written
6: * by Eric Young (eay@cryptsoft.com).
7: * The implementation was written so as to conform with Netscapes SSL.
8: *
9: * This library is free for commercial and non-commercial use as long as
10: * the following conditions are aheared to. The following conditions
11: * apply to all code found in this distribution, be it the RC4, RSA,
12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13: * included with this distribution is covered by the same copyright terms
14: * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15: *
16: * Copyright remains Eric Young's, and as such any Copyright notices in
17: * the code are not to be removed.
18: * If this package is used in a product, Eric Young should be given attribution
19: * as the author of the parts of the library used.
20: * This can be in the form of a textual message at program startup or
21: * in documentation (online or textual) provided with the package.
22: *
23: * Redistribution and use in source and binary forms, with or without
24: * modification, are permitted provided that the following conditions
25: * are met:
26: * 1. Redistributions of source code must retain the copyright
27: * notice, this list of conditions and the following disclaimer.
28: * 2. Redistributions in binary form must reproduce the above copyright
29: * notice, this list of conditions and the following disclaimer in the
30: * documentation and/or other materials provided with the distribution.
31: * 3. All advertising materials mentioning features or use of this software
32: * must display the following acknowledgement:
33: * "This product includes cryptographic software written by
34: * Eric Young (eay@cryptsoft.com)"
35: * The word 'cryptographic' can be left out if the rouines from the library
36: * being used are not cryptographic related :-).
37: * 4. If you include any Windows specific code (or a derivative thereof) from
38: * the apps directory (application code) you must include an acknowledgement:
39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40: *
41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51: * SUCH DAMAGE.
52: *
53: * The licence and distribution terms for any publically available version or
54: * derivative of this code cannot be changed. i.e. this code cannot simply be
55: * copied and put under another distribution licence
56: * [including the GNU Public Licence.]
57: */
58:
59: #define NO_SHUTDOWN
60:
61: /*-----------------------------------------
62: s_time - SSL client connection timer program
63: Written and donated by Larry Streepy <streepy@healthcare.com>
64: -----------------------------------------*/
65:
1.3 deraadt 66: #include <sys/types.h>
1.1 jsing 67: #include <sys/socket.h>
68:
69: #include <stdio.h>
70: #include <stdlib.h>
71: #include <limits.h>
72: #include <string.h>
73: #include <unistd.h>
1.3 deraadt 74: #include <poll.h>
1.1 jsing 75:
76: #include "apps.h"
77:
78: #include <openssl/err.h>
79: #include <openssl/pem.h>
80: #include <openssl/ssl.h>
81: #include <openssl/x509.h>
82:
83: #include "s_apps.h"
84:
85: #define SSL_CONNECT_NAME "localhost:4433"
86:
87: #define BUFSIZZ 1024*10
88:
89: #define MYBUFSIZ 1024*8
90:
91: #undef min
92: #undef max
93: #define min(a,b) (((a) < (b)) ? (a) : (b))
94: #define max(a,b) (((a) > (b)) ? (a) : (b))
95:
96: #define SECONDS 30
1.7 jsing 97: extern int verify_depth;
98: extern int verify_error;
1.1 jsing 99:
100: static void s_time_usage(void);
101: static SSL *doConnection(SSL * scon);
102:
103: static SSL_CTX *tm_ctx = NULL;
104: static const SSL_METHOD *s_time_meth = NULL;
105: static long bytes_read = 0;
106:
1.5 jsing 107: struct {
108: int bugs;
109: char *CAfile;
110: char *CApath;
111: char *certfile;
112: char *cipher;
113: char *host;
114: char *keyfile;
115: int maxtime;
116: int nbio;
117: int perform;
118: int verify;
119: int verify_depth;
120: char *www_path;
121: } s_time_config;
122:
123: struct option s_time_options[] = {
124: {
125: .name = "bugs",
126: .desc = "Enable workarounds for known SSL/TLS bugs",
127: .type = OPTION_FLAG,
128: .opt.flag = &s_time_config.bugs,
129: },
130: {
131: .name = "CAfile",
132: .argname = "file",
133: .desc = "File containing trusted certificates in PEM format",
134: .type = OPTION_ARG,
135: .opt.arg = &s_time_config.CAfile,
136: },
137: {
138: .name = "CApath",
139: .argname = "path",
140: .desc = "Directory containing trusted certificates",
141: .type = OPTION_ARG,
142: .opt.arg = &s_time_config.CApath,
143: },
144: {
145: .name = "cert",
146: .argname = "file",
147: .desc = "Client certificate to use, if one is requested",
148: .type = OPTION_ARG,
149: .opt.arg = &s_time_config.certfile,
150: },
151: {
152: .name = "cipher",
153: .argname = "list",
154: .desc = "List of cipher suites to send to the server",
155: .type = OPTION_ARG,
156: .opt.arg = &s_time_config.cipher,
157: },
158: {
159: .name = "connect",
160: .argname = "host:port",
161: .desc = "Host and port to connect to (default "
162: SSL_CONNECT_NAME ")",
163: .type = OPTION_ARG,
164: .opt.arg = &s_time_config.host,
165: },
166: {
167: .name = "key",
168: .argname = "file",
169: .desc = "Client private key to use, if one is required",
170: .type = OPTION_ARG,
171: .opt.arg = &s_time_config.keyfile,
172: },
173: {
174: .name = "nbio",
175: .desc = "Use non-blocking I/O",
176: .type = OPTION_FLAG,
177: .opt.flag = &s_time_config.nbio,
178: },
179: {
180: .name = "new",
181: .desc = "Use a new session ID for each connection",
182: .type = OPTION_VALUE,
183: .opt.value = &s_time_config.perform,
184: .value = 1,
185: },
186: {
187: .name = "reuse",
188: .desc = "Reuse the same session ID for each connection",
189: .type = OPTION_VALUE,
190: .opt.value = &s_time_config.perform,
191: .value = 2,
192: },
193: {
194: .name = "time",
195: .argname = "seconds",
196: .desc = "Duration to perform timing tests for (default 30)",
197: .type = OPTION_ARG_INT,
198: .opt.value = &s_time_config.maxtime,
199: },
200: {
201: .name = "verify",
202: .argname = "depth",
203: .desc = "Enable peer certificate verification with given depth",
204: .type = OPTION_ARG_INT,
205: .opt.value = &s_time_config.verify_depth,
206: },
207: {
208: .name = "www",
209: .argname = "page",
210: .desc = "Page to GET from the server (default none)",
211: .type = OPTION_ARG,
212: .opt.arg = &s_time_config.www_path,
213: },
214: { NULL },
215: };
1.1 jsing 216:
217: static void
218: s_time_usage(void)
219: {
1.5 jsing 220: fprintf(stderr,
221: "usage: s_time "
222: "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
223: " [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
1.8 doug 224: " [-nbio] [-new] [-reuse] [-time seconds]\n"
1.5 jsing 225: " [-verify depth] [-www page]\n\n");
226: options_usage(s_time_options);
1.1 jsing 227: }
228:
229: /***********************************************************************
230: * TIME - time functions
231: */
232: #define START 0
233: #define STOP 1
234:
235: static double
236: tm_Time_F(int s)
237: {
238: return app_tminterval(s, 1);
239: }
240:
241: /***********************************************************************
242: * MAIN - main processing area for client
243: * real name depends on MONOLITH
244: */
245: int
246: s_time_main(int argc, char **argv)
247: {
248: double totalTime = 0.0;
249: int nConn = 0;
250: SSL *scon = NULL;
251: long finishtime = 0;
252: int ret = 1, i;
253: char buf[1024 * 8];
254: int ver;
1.8 doug 255:
1.5 jsing 256: s_time_meth = SSLv23_client_method();
1.1 jsing 257:
1.5 jsing 258: verify_depth = 0;
259:
260: memset(&s_time_config, 0, sizeof(s_time_config));
261:
262: s_time_config.host = SSL_CONNECT_NAME;
263: s_time_config.maxtime = SECONDS;
264: s_time_config.perform = 3;
265: s_time_config.verify = SSL_VERIFY_NONE;
266: s_time_config.verify_depth = -1;
1.1 jsing 267:
1.5 jsing 268: if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
269: s_time_usage();
270: goto end;
271: }
272:
273: if (s_time_config.verify_depth >= 0) {
274: s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
275: verify_depth = s_time_config.verify_depth;
276: BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
277: }
1.1 jsing 278:
1.5 jsing 279: if (s_time_config.www_path != NULL &&
280: strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
281: BIO_printf(bio_err, "-www option too long\n");
1.1 jsing 282: goto end;
1.5 jsing 283: }
1.1 jsing 284:
285: if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
286: return (1);
287:
288: SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
289:
1.5 jsing 290: if (s_time_config.bugs)
1.1 jsing 291: SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
1.7 jsing 292:
293: if (s_time_config.cipher != NULL) {
294: if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
295: BIO_printf(bio_err, "error setting cipher list\n");
296: ERR_print_errors(bio_err);
297: goto end;
298: }
299: }
300:
1.10 ! bcook 301: SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);
! 302:
1.5 jsing 303: if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
304: s_time_config.keyfile))
1.1 jsing 305: goto end;
306:
1.5 jsing 307: if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
308: s_time_config.CApath)) ||
1.1 jsing 309: (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
310: /*
311: * BIO_printf(bio_err,"error setting default verify
312: * locations\n");
313: */
314: ERR_print_errors(bio_err);
315: /* goto end; */
316: }
317:
1.5 jsing 318: if (!(s_time_config.perform & 1))
1.1 jsing 319: goto next;
1.5 jsing 320: printf("Collecting connection statistics for %d seconds\n",
321: s_time_config.maxtime);
1.1 jsing 322:
323: /* Loop and time how long it takes to make connections */
324:
325: bytes_read = 0;
1.5 jsing 326: finishtime = (long) time(NULL) + s_time_config.maxtime;
1.1 jsing 327: tm_Time_F(START);
328: for (;;) {
329: if (finishtime < (long) time(NULL))
330: break;
331: if ((scon = doConnection(NULL)) == NULL)
332: goto end;
333:
1.5 jsing 334: if (s_time_config.www_path != NULL) {
1.2 doug 335: int retval = snprintf(buf, sizeof buf,
1.5 jsing 336: "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
1.2 doug 337: if ((size_t)retval >= sizeof buf) {
1.1 jsing 338: fprintf(stderr, "URL too long\n");
339: goto end;
340: }
341: SSL_write(scon, buf, strlen(buf));
342: while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
343: bytes_read += i;
344: }
345: #ifdef NO_SHUTDOWN
346: SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
347: #else
348: SSL_shutdown(scon);
349: #endif
350: shutdown(SSL_get_fd(scon), SHUT_RDWR);
351: close(SSL_get_fd(scon));
352:
353: nConn += 1;
354: if (SSL_session_reused(scon))
355: ver = 'r';
356: else {
357: ver = SSL_version(scon);
358: if (ver == TLS1_VERSION)
359: ver = 't';
360: else if (ver == SSL3_VERSION)
361: ver = '3';
362: else if (ver == SSL2_VERSION)
363: ver = '2';
364: else
365: ver = '*';
366: }
367: fputc(ver, stdout);
368: fflush(stdout);
369:
370: SSL_free(scon);
371: scon = NULL;
372: }
373: totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
374:
1.5 jsing 375: i = (int) ((long) time(NULL) - finishtime + s_time_config.maxtime);
1.1 jsing 376: printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
1.5 jsing 377: printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);
1.1 jsing 378:
379: /*
380: * Now loop and time connections using the same session id over and
381: * over
382: */
383:
384: next:
1.5 jsing 385: if (!(s_time_config.perform & 2))
1.1 jsing 386: goto end;
387: printf("\n\nNow timing with session id reuse.\n");
388:
389: /* Get an SSL object so we can reuse the session id */
390: if ((scon = doConnection(NULL)) == NULL) {
391: fprintf(stderr, "Unable to get connection\n");
392: goto end;
393: }
1.5 jsing 394: if (s_time_config.www_path != NULL) {
1.2 doug 395: int retval = snprintf(buf, sizeof buf,
1.5 jsing 396: "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
1.2 doug 397: if ((size_t)retval >= sizeof buf) {
1.1 jsing 398: fprintf(stderr, "URL too long\n");
399: goto end;
400: }
401: SSL_write(scon, buf, strlen(buf));
402: while (SSL_read(scon, buf, sizeof(buf)) > 0);
403: }
404: #ifdef NO_SHUTDOWN
405: SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
406: #else
407: SSL_shutdown(scon);
408: #endif
409: shutdown(SSL_get_fd(scon), SHUT_RDWR);
410: close(SSL_get_fd(scon));
411:
412: nConn = 0;
413: totalTime = 0.0;
414:
1.5 jsing 415: finishtime = (long) time(NULL) + s_time_config.maxtime;
1.1 jsing 416:
417: printf("starting\n");
418: bytes_read = 0;
419: tm_Time_F(START);
420:
421: for (;;) {
422: if (finishtime < (long) time(NULL))
423: break;
424: if ((doConnection(scon)) == NULL)
425: goto end;
426:
1.5 jsing 427: if (s_time_config.www_path) {
1.2 doug 428: int retval = snprintf(buf, sizeof buf,
1.5 jsing 429: "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
1.2 doug 430: if ((size_t)retval >= sizeof buf) {
1.1 jsing 431: fprintf(stderr, "URL too long\n");
432: goto end;
433: }
434: SSL_write(scon, buf, strlen(buf));
435: while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
436: bytes_read += i;
437: }
438: #ifdef NO_SHUTDOWN
439: SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
440: #else
441: SSL_shutdown(scon);
442: #endif
443: shutdown(SSL_get_fd(scon), SHUT_RDWR);
444: close(SSL_get_fd(scon));
445:
446: nConn += 1;
447: if (SSL_session_reused(scon))
448: ver = 'r';
449: else {
450: ver = SSL_version(scon);
451: if (ver == TLS1_VERSION)
452: ver = 't';
453: else if (ver == SSL3_VERSION)
454: ver = '3';
455: else if (ver == SSL2_VERSION)
456: ver = '2';
457: else
458: ver = '*';
459: }
460: fputc(ver, stdout);
461: fflush(stdout);
462: }
463: totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
464:
465:
466: printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
1.5 jsing 467: printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);
1.1 jsing 468:
469: ret = 0;
470: end:
471: if (scon != NULL)
472: SSL_free(scon);
473:
474: if (tm_ctx != NULL) {
475: SSL_CTX_free(tm_ctx);
476: tm_ctx = NULL;
477: }
478:
479: return (ret);
480: }
481:
482: /***********************************************************************
483: * doConnection - make a connection
484: * Args:
485: * scon = earlier ssl connection for session id, or NULL
486: * Returns:
487: * SSL * = the connection pointer.
488: */
489: static SSL *
490: doConnection(SSL * scon)
491: {
1.3 deraadt 492: struct pollfd pfd[1];
493: SSL *serverCon;
1.1 jsing 494: BIO *conn;
1.10 ! bcook 495: long verify_error;
1.3 deraadt 496: int i;
1.1 jsing 497:
498: if ((conn = BIO_new(BIO_s_connect())) == NULL)
499: return (NULL);
500:
501: /* BIO_set_conn_port(conn,port);*/
1.5 jsing 502: BIO_set_conn_hostname(conn, s_time_config.host);
1.1 jsing 503:
504: if (scon == NULL)
505: serverCon = SSL_new(tm_ctx);
506: else {
507: serverCon = scon;
508: SSL_set_connect_state(serverCon);
509: }
510:
511: SSL_set_bio(serverCon, conn, conn);
512:
513: /* ok, lets connect */
514: for (;;) {
515: i = SSL_connect(serverCon);
516: if (BIO_sock_should_retry(i)) {
517: BIO_printf(bio_err, "DELAY\n");
518:
519: i = SSL_get_fd(serverCon);
1.3 deraadt 520: pfd[0].fd = i;
521: pfd[0].events = POLLIN;
522: poll(pfd, 1, -1);
1.1 jsing 523: continue;
524: }
525: break;
526: }
527: if (i <= 0) {
528: BIO_printf(bio_err, "ERROR\n");
1.10 ! bcook 529: verify_error = SSL_get_verify_result(serverCon);
1.1 jsing 530: if (verify_error != X509_V_OK)
531: BIO_printf(bio_err, "verify error:%s\n",
532: X509_verify_cert_error_string(verify_error));
533: else
534: ERR_print_errors(bio_err);
535: if (scon == NULL)
536: SSL_free(serverCon);
537: return NULL;
538: }
539: return serverCon;
540: }