Annotation of src/usr.bin/openssl/s_time.c, Revision 1.38
1.38 ! tb 1: /* $OpenBSD: s_time.c,v 1.37 2023/03/05 13:12:53 tb Exp $ */
1.1 jsing 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3: * All rights reserved.
4: *
5: * This package is an SSL implementation written
6: * by Eric Young (eay@cryptsoft.com).
7: * The implementation was written so as to conform with Netscapes SSL.
8: *
9: * This library is free for commercial and non-commercial use as long as
10: * the following conditions are aheared to. The following conditions
11: * apply to all code found in this distribution, be it the RC4, RSA,
12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13: * included with this distribution is covered by the same copyright terms
14: * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15: *
16: * Copyright remains Eric Young's, and as such any Copyright notices in
17: * the code are not to be removed.
18: * If this package is used in a product, Eric Young should be given attribution
19: * as the author of the parts of the library used.
20: * This can be in the form of a textual message at program startup or
21: * in documentation (online or textual) provided with the package.
22: *
23: * Redistribution and use in source and binary forms, with or without
24: * modification, are permitted provided that the following conditions
25: * are met:
26: * 1. Redistributions of source code must retain the copyright
27: * notice, this list of conditions and the following disclaimer.
28: * 2. Redistributions in binary form must reproduce the above copyright
29: * notice, this list of conditions and the following disclaimer in the
30: * documentation and/or other materials provided with the distribution.
31: * 3. All advertising materials mentioning features or use of this software
32: * must display the following acknowledgement:
33: * "This product includes cryptographic software written by
34: * Eric Young (eay@cryptsoft.com)"
35: * The word 'cryptographic' can be left out if the rouines from the library
36: * being used are not cryptographic related :-).
37: * 4. If you include any Windows specific code (or a derivative thereof) from
38: * the apps directory (application code) you must include an acknowledgement:
39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40: *
41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51: * SUCH DAMAGE.
52: *
53: * The licence and distribution terms for any publically available version or
54: * derivative of this code cannot be changed. i.e. this code cannot simply be
55: * copied and put under another distribution licence
56: * [including the GNU Public Licence.]
57: */
58:
59: /*-----------------------------------------
60: s_time - SSL client connection timer program
61: Written and donated by Larry Streepy <streepy@healthcare.com>
62: -----------------------------------------*/
63:
1.3 deraadt 64: #include <sys/types.h>
1.1 jsing 65: #include <sys/socket.h>
66:
67: #include <stdio.h>
68: #include <stdlib.h>
69: #include <limits.h>
70: #include <string.h>
71: #include <unistd.h>
1.3 deraadt 72: #include <poll.h>
1.1 jsing 73:
74: #include "apps.h"
75:
76: #include <openssl/err.h>
77: #include <openssl/pem.h>
78: #include <openssl/ssl.h>
79: #include <openssl/x509.h>
80:
81: #include "s_apps.h"
82:
83: #define SSL_CONNECT_NAME "localhost:4433"
84:
85: #define BUFSIZZ 1024*10
86:
87: #define MYBUFSIZ 1024*8
88:
89: #define SECONDS 30
1.7 jsing 90: extern int verify_depth;
1.1 jsing 91:
92: static void s_time_usage(void);
1.28 cheloha 93: static int run_test(SSL *);
1.25 cheloha 94: static int benchmark(int);
1.32 cheloha 95: static void print_tally_mark(SSL *);
1.1 jsing 96:
97: static SSL_CTX *tm_ctx = NULL;
98: static const SSL_METHOD *s_time_meth = NULL;
99: static long bytes_read = 0;
100:
1.37 tb 101: static struct {
1.5 jsing 102: int bugs;
103: char *CAfile;
104: char *CApath;
105: char *certfile;
106: char *cipher;
107: char *host;
108: char *keyfile;
1.15 deraadt 109: time_t maxtime;
1.5 jsing 110: int nbio;
1.11 lteo 111: int no_shutdown;
1.5 jsing 112: int perform;
113: int verify;
114: int verify_depth;
115: char *www_path;
1.38 ! tb 116: } cfg;
1.5 jsing 117:
1.34 guenther 118: static const struct option s_time_options[] = {
1.5 jsing 119: {
120: .name = "bugs",
121: .desc = "Enable workarounds for known SSL/TLS bugs",
122: .type = OPTION_FLAG,
1.38 ! tb 123: .opt.flag = &cfg.bugs,
1.5 jsing 124: },
125: {
126: .name = "CAfile",
127: .argname = "file",
128: .desc = "File containing trusted certificates in PEM format",
129: .type = OPTION_ARG,
1.38 ! tb 130: .opt.arg = &cfg.CAfile,
1.5 jsing 131: },
132: {
133: .name = "CApath",
134: .argname = "path",
135: .desc = "Directory containing trusted certificates",
136: .type = OPTION_ARG,
1.38 ! tb 137: .opt.arg = &cfg.CApath,
1.5 jsing 138: },
139: {
140: .name = "cert",
141: .argname = "file",
142: .desc = "Client certificate to use, if one is requested",
143: .type = OPTION_ARG,
1.38 ! tb 144: .opt.arg = &cfg.certfile,
1.5 jsing 145: },
146: {
147: .name = "cipher",
148: .argname = "list",
149: .desc = "List of cipher suites to send to the server",
150: .type = OPTION_ARG,
1.38 ! tb 151: .opt.arg = &cfg.cipher,
1.5 jsing 152: },
153: {
154: .name = "connect",
155: .argname = "host:port",
156: .desc = "Host and port to connect to (default "
157: SSL_CONNECT_NAME ")",
158: .type = OPTION_ARG,
1.38 ! tb 159: .opt.arg = &cfg.host,
1.5 jsing 160: },
161: {
162: .name = "key",
163: .argname = "file",
164: .desc = "Client private key to use, if one is required",
165: .type = OPTION_ARG,
1.38 ! tb 166: .opt.arg = &cfg.keyfile,
1.5 jsing 167: },
168: {
169: .name = "nbio",
170: .desc = "Use non-blocking I/O",
171: .type = OPTION_FLAG,
1.38 ! tb 172: .opt.flag = &cfg.nbio,
1.5 jsing 173: },
174: {
175: .name = "new",
176: .desc = "Use a new session ID for each connection",
177: .type = OPTION_VALUE,
1.38 ! tb 178: .opt.value = &cfg.perform,
1.5 jsing 179: .value = 1,
180: },
181: {
1.11 lteo 182: .name = "no_shutdown",
1.12 lteo 183: .desc = "Shut down the connection without notifying the server",
1.11 lteo 184: .type = OPTION_FLAG,
1.38 ! tb 185: .opt.flag = &cfg.no_shutdown,
1.11 lteo 186: },
187: {
1.5 jsing 188: .name = "reuse",
189: .desc = "Reuse the same session ID for each connection",
190: .type = OPTION_VALUE,
1.38 ! tb 191: .opt.value = &cfg.perform,
1.5 jsing 192: .value = 2,
193: },
194: {
195: .name = "time",
196: .argname = "seconds",
197: .desc = "Duration to perform timing tests for (default 30)",
1.16 deraadt 198: .type = OPTION_ARG_TIME,
1.38 ! tb 199: .opt.tvalue = &cfg.maxtime,
1.5 jsing 200: },
201: {
202: .name = "verify",
203: .argname = "depth",
204: .desc = "Enable peer certificate verification with given depth",
205: .type = OPTION_ARG_INT,
1.38 ! tb 206: .opt.value = &cfg.verify_depth,
1.5 jsing 207: },
208: {
209: .name = "www",
210: .argname = "page",
211: .desc = "Page to GET from the server (default none)",
212: .type = OPTION_ARG,
1.38 ! tb 213: .opt.arg = &cfg.www_path,
1.5 jsing 214: },
215: { NULL },
216: };
1.1 jsing 217:
218: static void
219: s_time_usage(void)
220: {
1.5 jsing 221: fprintf(stderr,
222: "usage: s_time "
223: "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
224: " [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
1.11 lteo 225: " [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
1.5 jsing 226: " [-verify depth] [-www page]\n\n");
227: options_usage(s_time_options);
1.1 jsing 228: }
229:
230: /***********************************************************************
231: * MAIN - main processing area for client
232: * real name depends on MONOLITH
233: */
234: int
235: s_time_main(int argc, char **argv)
236: {
1.15 deraadt 237: int ret = 1;
1.13 doug 238:
1.36 joshua 239: if (pledge("stdio rpath inet dns", NULL) == -1) {
240: perror("pledge");
241: exit(1);
1.13 doug 242: }
1.8 doug 243:
1.31 cheloha 244: s_time_meth = TLS_client_method();
1.1 jsing 245:
1.5 jsing 246: verify_depth = 0;
247:
1.38 ! tb 248: memset(&cfg, 0, sizeof(cfg));
1.5 jsing 249:
1.38 ! tb 250: cfg.host = SSL_CONNECT_NAME;
! 251: cfg.maxtime = SECONDS;
! 252: cfg.perform = 3;
! 253: cfg.verify = SSL_VERIFY_NONE;
! 254: cfg.verify_depth = -1;
1.1 jsing 255:
1.5 jsing 256: if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
257: s_time_usage();
258: goto end;
259: }
260:
1.38 ! tb 261: if (cfg.verify_depth >= 0) {
! 262: cfg.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
! 263: verify_depth = cfg.verify_depth;
1.5 jsing 264: BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
265: }
1.1 jsing 266:
1.38 ! tb 267: if (cfg.www_path != NULL &&
! 268: strlen(cfg.www_path) > MYBUFSIZ - 100) {
1.5 jsing 269: BIO_printf(bio_err, "-www option too long\n");
1.1 jsing 270: goto end;
1.5 jsing 271: }
1.1 jsing 272:
273: if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
274: return (1);
275:
276: SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
277:
1.38 ! tb 278: if (cfg.bugs)
1.1 jsing 279: SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
1.7 jsing 280:
1.38 ! tb 281: if (cfg.cipher != NULL) {
! 282: if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) {
1.7 jsing 283: BIO_printf(bio_err, "error setting cipher list\n");
284: ERR_print_errors(bio_err);
285: goto end;
286: }
287: }
288:
1.38 ! tb 289: SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL);
1.10 bcook 290:
1.38 ! tb 291: if (!set_cert_stuff(tm_ctx, cfg.certfile,
! 292: cfg.keyfile))
1.1 jsing 293: goto end;
294:
1.38 ! tb 295: if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile,
! 296: cfg.CApath)) ||
1.1 jsing 297: (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
298: /*
299: * BIO_printf(bio_err,"error setting default verify
300: * locations\n");
301: */
302: ERR_print_errors(bio_err);
303: /* goto end; */
304: }
305:
306: /* Loop and time how long it takes to make connections */
1.38 ! tb 307: if (cfg.perform & 1) {
1.26 cheloha 308: printf("Collecting connection statistics for %lld seconds\n",
1.38 ! tb 309: (long long)cfg.maxtime);
1.26 cheloha 310: if (benchmark(0))
311: goto end;
312: }
1.1 jsing 313: /*
314: * Now loop and time connections using the same session id over and
315: * over
316: */
1.38 ! tb 317: if (cfg.perform & 2) {
1.26 cheloha 318: printf("\n\nNow timing with session id reuse.\n");
319: if (benchmark(1))
320: goto end;
321: }
1.1 jsing 322: ret = 0;
1.23 jsing 323: end:
1.1 jsing 324: if (tm_ctx != NULL) {
325: SSL_CTX_free(tm_ctx);
326: tm_ctx = NULL;
327: }
328:
329: return (ret);
330: }
331:
332: /***********************************************************************
1.28 cheloha 333: * run_test - make a connection, get a file, and shut down the connection
334: *
1.1 jsing 335: * Args:
1.27 cheloha 336: * scon = SSL connection
1.1 jsing 337: * Returns:
1.27 cheloha 338: * 1 on success, 0 on error
1.1 jsing 339: */
1.27 cheloha 340: static int
1.28 cheloha 341: run_test(SSL *scon)
1.1 jsing 342: {
1.28 cheloha 343: char buf[1024 * 8];
1.3 deraadt 344: struct pollfd pfd[1];
1.1 jsing 345: BIO *conn;
1.10 bcook 346: long verify_error;
1.28 cheloha 347: int i, retval;
1.1 jsing 348:
349: if ((conn = BIO_new(BIO_s_connect())) == NULL)
1.27 cheloha 350: return 0;
1.38 ! tb 351: BIO_set_conn_hostname(conn, cfg.host);
1.27 cheloha 352: SSL_set_connect_state(scon);
353: SSL_set_bio(scon, conn, conn);
1.1 jsing 354: for (;;) {
1.27 cheloha 355: i = SSL_connect(scon);
1.1 jsing 356: if (BIO_sock_should_retry(i)) {
357: BIO_printf(bio_err, "DELAY\n");
1.27 cheloha 358: pfd[0].fd = SSL_get_fd(scon);
1.3 deraadt 359: pfd[0].events = POLLIN;
360: poll(pfd, 1, -1);
1.1 jsing 361: continue;
362: }
363: break;
364: }
365: if (i <= 0) {
366: BIO_printf(bio_err, "ERROR\n");
1.27 cheloha 367: verify_error = SSL_get_verify_result(scon);
1.1 jsing 368: if (verify_error != X509_V_OK)
369: BIO_printf(bio_err, "verify error:%s\n",
370: X509_verify_cert_error_string(verify_error));
371: else
372: ERR_print_errors(bio_err);
1.27 cheloha 373: return 0;
1.1 jsing 374: }
1.38 ! tb 375: if (cfg.www_path != NULL) {
1.28 cheloha 376: retval = snprintf(buf, sizeof buf,
1.38 ! tb 377: "GET %s HTTP/1.0\r\n\r\n", cfg.www_path);
1.33 deraadt 378: if (retval < 0 || retval >= sizeof buf) {
1.28 cheloha 379: fprintf(stderr, "URL too long\n");
380: return 0;
381: }
1.30 cheloha 382: if (SSL_write(scon, buf, retval) != retval)
383: return 0;
1.28 cheloha 384: while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
385: bytes_read += i;
386: }
1.38 ! tb 387: if (cfg.no_shutdown)
1.28 cheloha 388: SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
389: SSL_RECEIVED_SHUTDOWN);
390: else
391: SSL_shutdown(scon);
1.27 cheloha 392: return 1;
1.25 cheloha 393: }
394:
1.32 cheloha 395: static void
396: print_tally_mark(SSL *scon)
397: {
398: int ver;
399:
400: if (SSL_session_reused(scon))
401: ver = 'r';
402: else {
403: ver = SSL_version(scon);
404: if (ver == TLS1_VERSION)
405: ver = 't';
406: else
407: ver = '*';
408: }
409: fputc(ver, stdout);
410: fflush(stdout);
411: }
412:
1.25 cheloha 413: static int
414: benchmark(int reuse_session)
415: {
1.29 cheloha 416: double elapsed, totalTime;
1.25 cheloha 417: int nConn = 0;
418: SSL *scon = NULL;
419: int ret = 1;
420:
421: if (reuse_session) {
422: /* Get an SSL object so we can reuse the session id */
1.27 cheloha 423: if ((scon = SSL_new(tm_ctx)) == NULL)
424: goto end;
1.28 cheloha 425: if (!run_test(scon)) {
1.25 cheloha 426: fprintf(stderr, "Unable to get connection\n");
427: goto end;
428: }
429: printf("starting\n");
430: }
431:
432: nConn = 0;
433: bytes_read = 0;
434:
1.29 cheloha 435: app_timer_real(TM_RESET);
436: app_timer_user(TM_RESET);
1.25 cheloha 437: for (;;) {
1.29 cheloha 438: elapsed = app_timer_real(TM_GET);
1.38 ! tb 439: if (elapsed > cfg.maxtime)
1.25 cheloha 440: break;
1.27 cheloha 441: if (scon == NULL) {
442: if ((scon = SSL_new(tm_ctx)) == NULL)
443: goto end;
444: }
1.28 cheloha 445: if (!run_test(scon))
1.25 cheloha 446: goto end;
447: nConn += 1;
1.32 cheloha 448: print_tally_mark(scon);
1.25 cheloha 449: if (!reuse_session) {
450: SSL_free(scon);
451: scon = NULL;
452: }
453: }
1.29 cheloha 454: totalTime = app_timer_user(TM_GET);
1.25 cheloha 455:
456: printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
457: nConn, totalTime, ((double) nConn / totalTime), bytes_read);
1.29 cheloha 458: printf("%d connections in %.0f real seconds, %ld bytes read per connection\n",
1.35 tb 459: nConn, elapsed, nConn > 0 ? bytes_read / nConn : 0);
1.25 cheloha 460:
461: ret = 0;
462: end:
463: SSL_free(scon);
464: return ret;
1.1 jsing 465: }