Annotation of src/usr.bin/openssl/s_time.c, Revision 1.26
1.26 ! cheloha 1: /* $OpenBSD: s_time.c,v 1.25 2018/08/11 16:07:36 cheloha Exp $ */
1.1 jsing 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3: * All rights reserved.
4: *
5: * This package is an SSL implementation written
6: * by Eric Young (eay@cryptsoft.com).
7: * The implementation was written so as to conform with Netscapes SSL.
8: *
9: * This library is free for commercial and non-commercial use as long as
10: * the following conditions are aheared to. The following conditions
11: * apply to all code found in this distribution, be it the RC4, RSA,
12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13: * included with this distribution is covered by the same copyright terms
14: * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15: *
16: * Copyright remains Eric Young's, and as such any Copyright notices in
17: * the code are not to be removed.
18: * If this package is used in a product, Eric Young should be given attribution
19: * as the author of the parts of the library used.
20: * This can be in the form of a textual message at program startup or
21: * in documentation (online or textual) provided with the package.
22: *
23: * Redistribution and use in source and binary forms, with or without
24: * modification, are permitted provided that the following conditions
25: * are met:
26: * 1. Redistributions of source code must retain the copyright
27: * notice, this list of conditions and the following disclaimer.
28: * 2. Redistributions in binary form must reproduce the above copyright
29: * notice, this list of conditions and the following disclaimer in the
30: * documentation and/or other materials provided with the distribution.
31: * 3. All advertising materials mentioning features or use of this software
32: * must display the following acknowledgement:
33: * "This product includes cryptographic software written by
34: * Eric Young (eay@cryptsoft.com)"
35: * The word 'cryptographic' can be left out if the rouines from the library
36: * being used are not cryptographic related :-).
37: * 4. If you include any Windows specific code (or a derivative thereof) from
38: * the apps directory (application code) you must include an acknowledgement:
39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40: *
41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51: * SUCH DAMAGE.
52: *
53: * The licence and distribution terms for any publically available version or
54: * derivative of this code cannot be changed. i.e. this code cannot simply be
55: * copied and put under another distribution licence
56: * [including the GNU Public Licence.]
57: */
58:
59: /*-----------------------------------------
60: s_time - SSL client connection timer program
61: Written and donated by Larry Streepy <streepy@healthcare.com>
62: -----------------------------------------*/
63:
1.3 deraadt 64: #include <sys/types.h>
1.1 jsing 65: #include <sys/socket.h>
66:
67: #include <stdio.h>
68: #include <stdlib.h>
69: #include <limits.h>
70: #include <string.h>
71: #include <unistd.h>
1.3 deraadt 72: #include <poll.h>
1.1 jsing 73:
74: #include "apps.h"
75:
76: #include <openssl/err.h>
77: #include <openssl/pem.h>
78: #include <openssl/ssl.h>
79: #include <openssl/x509.h>
80:
81: #include "s_apps.h"
82:
83: #define SSL_CONNECT_NAME "localhost:4433"
84:
85: #define BUFSIZZ 1024*10
86:
87: #define MYBUFSIZ 1024*8
88:
89: #define SECONDS 30
1.7 jsing 90: extern int verify_depth;
1.1 jsing 91:
92: static void s_time_usage(void);
93: static SSL *doConnection(SSL * scon);
1.25 cheloha 94: static int benchmark(int);
1.1 jsing 95:
96: static SSL_CTX *tm_ctx = NULL;
97: static const SSL_METHOD *s_time_meth = NULL;
98: static long bytes_read = 0;
99:
1.5 jsing 100: struct {
101: int bugs;
102: char *CAfile;
103: char *CApath;
104: char *certfile;
105: char *cipher;
106: char *host;
107: char *keyfile;
1.15 deraadt 108: time_t maxtime;
1.5 jsing 109: int nbio;
1.11 lteo 110: int no_shutdown;
1.5 jsing 111: int perform;
112: int verify;
113: int verify_depth;
114: char *www_path;
115: } s_time_config;
116:
117: struct option s_time_options[] = {
118: {
119: .name = "bugs",
120: .desc = "Enable workarounds for known SSL/TLS bugs",
121: .type = OPTION_FLAG,
122: .opt.flag = &s_time_config.bugs,
123: },
124: {
125: .name = "CAfile",
126: .argname = "file",
127: .desc = "File containing trusted certificates in PEM format",
128: .type = OPTION_ARG,
129: .opt.arg = &s_time_config.CAfile,
130: },
131: {
132: .name = "CApath",
133: .argname = "path",
134: .desc = "Directory containing trusted certificates",
135: .type = OPTION_ARG,
136: .opt.arg = &s_time_config.CApath,
137: },
138: {
139: .name = "cert",
140: .argname = "file",
141: .desc = "Client certificate to use, if one is requested",
142: .type = OPTION_ARG,
143: .opt.arg = &s_time_config.certfile,
144: },
145: {
146: .name = "cipher",
147: .argname = "list",
148: .desc = "List of cipher suites to send to the server",
149: .type = OPTION_ARG,
150: .opt.arg = &s_time_config.cipher,
151: },
152: {
153: .name = "connect",
154: .argname = "host:port",
155: .desc = "Host and port to connect to (default "
156: SSL_CONNECT_NAME ")",
157: .type = OPTION_ARG,
158: .opt.arg = &s_time_config.host,
159: },
160: {
161: .name = "key",
162: .argname = "file",
163: .desc = "Client private key to use, if one is required",
164: .type = OPTION_ARG,
165: .opt.arg = &s_time_config.keyfile,
166: },
167: {
168: .name = "nbio",
169: .desc = "Use non-blocking I/O",
170: .type = OPTION_FLAG,
171: .opt.flag = &s_time_config.nbio,
172: },
173: {
174: .name = "new",
175: .desc = "Use a new session ID for each connection",
176: .type = OPTION_VALUE,
177: .opt.value = &s_time_config.perform,
178: .value = 1,
179: },
180: {
1.11 lteo 181: .name = "no_shutdown",
1.12 lteo 182: .desc = "Shut down the connection without notifying the server",
1.11 lteo 183: .type = OPTION_FLAG,
184: .opt.flag = &s_time_config.no_shutdown,
185: },
186: {
1.5 jsing 187: .name = "reuse",
188: .desc = "Reuse the same session ID for each connection",
189: .type = OPTION_VALUE,
190: .opt.value = &s_time_config.perform,
191: .value = 2,
192: },
193: {
194: .name = "time",
195: .argname = "seconds",
196: .desc = "Duration to perform timing tests for (default 30)",
1.16 deraadt 197: .type = OPTION_ARG_TIME,
1.15 deraadt 198: .opt.tvalue = &s_time_config.maxtime,
1.5 jsing 199: },
200: {
201: .name = "verify",
202: .argname = "depth",
203: .desc = "Enable peer certificate verification with given depth",
204: .type = OPTION_ARG_INT,
205: .opt.value = &s_time_config.verify_depth,
206: },
207: {
208: .name = "www",
209: .argname = "page",
210: .desc = "Page to GET from the server (default none)",
211: .type = OPTION_ARG,
212: .opt.arg = &s_time_config.www_path,
213: },
214: { NULL },
215: };
1.1 jsing 216:
217: static void
218: s_time_usage(void)
219: {
1.5 jsing 220: fprintf(stderr,
221: "usage: s_time "
222: "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
223: " [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
1.11 lteo 224: " [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
1.5 jsing 225: " [-verify depth] [-www page]\n\n");
226: options_usage(s_time_options);
1.1 jsing 227: }
228:
229: /***********************************************************************
230: * TIME - time functions
231: */
1.24 cheloha 232: #define START TM_RESET
233: #define STOP TM_GET
1.1 jsing 234:
235: static double
1.19 jca 236: tm_Time_F(int op)
1.1 jsing 237: {
1.19 jca 238: return app_timer_user(op);
1.1 jsing 239: }
240:
241: /***********************************************************************
242: * MAIN - main processing area for client
243: * real name depends on MONOLITH
244: */
245: int
246: s_time_main(int argc, char **argv)
247: {
1.15 deraadt 248: int ret = 1;
1.13 doug 249:
250: if (single_execution) {
1.18 mestre 251: if (pledge("stdio rpath inet dns", NULL) == -1) {
1.13 doug 252: perror("pledge");
1.14 doug 253: exit(1);
254: }
1.13 doug 255: }
1.8 doug 256:
1.5 jsing 257: s_time_meth = SSLv23_client_method();
1.1 jsing 258:
1.5 jsing 259: verify_depth = 0;
260:
261: memset(&s_time_config, 0, sizeof(s_time_config));
262:
263: s_time_config.host = SSL_CONNECT_NAME;
264: s_time_config.maxtime = SECONDS;
265: s_time_config.perform = 3;
266: s_time_config.verify = SSL_VERIFY_NONE;
267: s_time_config.verify_depth = -1;
1.1 jsing 268:
1.5 jsing 269: if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
270: s_time_usage();
271: goto end;
272: }
273:
274: if (s_time_config.verify_depth >= 0) {
275: s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
276: verify_depth = s_time_config.verify_depth;
277: BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
278: }
1.1 jsing 279:
1.5 jsing 280: if (s_time_config.www_path != NULL &&
281: strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
282: BIO_printf(bio_err, "-www option too long\n");
1.1 jsing 283: goto end;
1.5 jsing 284: }
1.1 jsing 285:
286: if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
287: return (1);
288:
289: SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
290:
1.5 jsing 291: if (s_time_config.bugs)
1.1 jsing 292: SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
1.7 jsing 293:
294: if (s_time_config.cipher != NULL) {
295: if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
296: BIO_printf(bio_err, "error setting cipher list\n");
297: ERR_print_errors(bio_err);
298: goto end;
299: }
300: }
301:
1.10 bcook 302: SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);
303:
1.5 jsing 304: if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
305: s_time_config.keyfile))
1.1 jsing 306: goto end;
307:
1.5 jsing 308: if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
309: s_time_config.CApath)) ||
1.1 jsing 310: (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
311: /*
312: * BIO_printf(bio_err,"error setting default verify
313: * locations\n");
314: */
315: ERR_print_errors(bio_err);
316: /* goto end; */
317: }
318:
319: /* Loop and time how long it takes to make connections */
1.26 ! cheloha 320: if (s_time_config.perform & 1) {
! 321: printf("Collecting connection statistics for %lld seconds\n",
! 322: (long long)s_time_config.maxtime);
! 323: if (benchmark(0))
! 324: goto end;
! 325: }
1.1 jsing 326: /*
327: * Now loop and time connections using the same session id over and
328: * over
329: */
1.26 ! cheloha 330: if (s_time_config.perform & 2) {
! 331: printf("\n\nNow timing with session id reuse.\n");
! 332: if (benchmark(1))
! 333: goto end;
! 334: }
1.1 jsing 335: ret = 0;
1.23 jsing 336: end:
1.1 jsing 337: if (tm_ctx != NULL) {
338: SSL_CTX_free(tm_ctx);
339: tm_ctx = NULL;
340: }
341:
342: return (ret);
343: }
344:
345: /***********************************************************************
346: * doConnection - make a connection
347: * Args:
348: * scon = earlier ssl connection for session id, or NULL
349: * Returns:
350: * SSL * = the connection pointer.
351: */
352: static SSL *
353: doConnection(SSL * scon)
354: {
1.3 deraadt 355: struct pollfd pfd[1];
356: SSL *serverCon;
1.1 jsing 357: BIO *conn;
1.10 bcook 358: long verify_error;
1.3 deraadt 359: int i;
1.1 jsing 360:
361: if ((conn = BIO_new(BIO_s_connect())) == NULL)
362: return (NULL);
363:
364: /* BIO_set_conn_port(conn,port);*/
1.5 jsing 365: BIO_set_conn_hostname(conn, s_time_config.host);
1.1 jsing 366:
367: if (scon == NULL)
368: serverCon = SSL_new(tm_ctx);
369: else {
370: serverCon = scon;
371: SSL_set_connect_state(serverCon);
372: }
373:
374: SSL_set_bio(serverCon, conn, conn);
375:
376: /* ok, lets connect */
377: for (;;) {
378: i = SSL_connect(serverCon);
379: if (BIO_sock_should_retry(i)) {
380: BIO_printf(bio_err, "DELAY\n");
381:
382: i = SSL_get_fd(serverCon);
1.3 deraadt 383: pfd[0].fd = i;
384: pfd[0].events = POLLIN;
385: poll(pfd, 1, -1);
1.1 jsing 386: continue;
387: }
388: break;
389: }
390: if (i <= 0) {
391: BIO_printf(bio_err, "ERROR\n");
1.10 bcook 392: verify_error = SSL_get_verify_result(serverCon);
1.1 jsing 393: if (verify_error != X509_V_OK)
394: BIO_printf(bio_err, "verify error:%s\n",
395: X509_verify_cert_error_string(verify_error));
396: else
397: ERR_print_errors(bio_err);
398: if (scon == NULL)
399: SSL_free(serverCon);
400: return NULL;
401: }
402: return serverCon;
1.25 cheloha 403: }
404:
405: static int
406: benchmark(int reuse_session)
407: {
408: double totalTime = 0.0;
409: int nConn = 0;
410: SSL *scon = NULL;
411: time_t finishtime;
412: int ret = 1;
413: char buf[1024 * 8];
414: int ver;
415:
416: if (reuse_session) {
417: /* Get an SSL object so we can reuse the session id */
418: if ((scon = doConnection(NULL)) == NULL) {
419: fprintf(stderr, "Unable to get connection\n");
420: goto end;
421: }
422: if (s_time_config.www_path != NULL) {
423: int retval = snprintf(buf, sizeof buf,
424: "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
425: if ((size_t)retval >= sizeof buf) {
426: fprintf(stderr, "URL too long\n");
427: goto end;
428: }
429: SSL_write(scon, buf, strlen(buf));
430: while (SSL_read(scon, buf, sizeof(buf)) > 0);
431: }
432: if (s_time_config.no_shutdown)
433: SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
434: SSL_RECEIVED_SHUTDOWN);
435: else
436: SSL_shutdown(scon);
437: printf("starting\n");
438: }
439:
440: nConn = 0;
441: totalTime = 0.0;
442:
443: finishtime = time(NULL) + s_time_config.maxtime;
444:
445: bytes_read = 0;
446: tm_Time_F(START);
447:
448: for (;;) {
449: if (finishtime < time(NULL))
450: break;
451: if ((scon = doConnection(reuse_session ? scon : NULL)) == NULL)
452: goto end;
453:
454: if (s_time_config.www_path != NULL) {
455: int i, retval = snprintf(buf, sizeof buf,
456: "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
457: if ((size_t)retval >= sizeof buf) {
458: fprintf(stderr, "URL too long\n");
459: goto end;
460: }
461: SSL_write(scon, buf, strlen(buf));
462: while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
463: bytes_read += i;
464: }
465: if (s_time_config.no_shutdown)
466: SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
467: SSL_RECEIVED_SHUTDOWN);
468: else
469: SSL_shutdown(scon);
470:
471: nConn += 1;
472: if (SSL_session_reused(scon))
473: ver = 'r';
474: else {
475: ver = SSL_version(scon);
476: if (ver == TLS1_VERSION)
477: ver = 't';
478: else if (ver == SSL3_VERSION)
479: ver = '3';
480: else if (ver == SSL2_VERSION)
481: ver = '2';
482: else
483: ver = '*';
484: }
485: fputc(ver, stdout);
486: fflush(stdout);
487:
488: if (!reuse_session) {
489: SSL_free(scon);
490: scon = NULL;
491: }
492: }
493: totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
494:
495: printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
496: nConn, totalTime, ((double) nConn / totalTime), bytes_read);
497: printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
498: nConn,
499: (long long)(time(NULL) - finishtime + s_time_config.maxtime),
500: bytes_read / nConn);
501:
502: ret = 0;
503: end:
504: SSL_free(scon);
505: return ret;
1.1 jsing 506: }