search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'merges'
[unleashed.git] / bin / openssl / s_time.c
blobed89160b23d4d16af755c3851bd32bcfe122f35c
1 /* $OpenBSD: s_time.c,v 1.23 2018/02/07 05:47:55 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 /*-----------------------------------------
60 s_time - SSL client connection timer program
61 Written and donated by Larry Streepy <streepy@healthcare.com>
62 -----------------------------------------*/
63
64 #include <sys/types.h>
65 #include <sys/socket.h>
66
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <limits.h>
70 #include <string.h>
71 #include <unistd.h>
72 #include <poll.h>
73
74 #include "apps.h"
75
76 #include <openssl/err.h>
77 #include <openssl/pem.h>
78 #include <openssl/ssl.h>
79 #include <openssl/x509.h>
80
81 #include "s_apps.h"
82
83 #define SSL_CONNECT_NAME "localhost:4433"
84
85 #define BUFSIZZ 1024*10
86
87 #define MYBUFSIZ 1024*8
88
89 #define SECONDS 30
90 extern int verify_depth;
91
92 static void s_time_usage(void);
93 static SSL *doConnection(SSL * scon);
94
95 static SSL_CTX *tm_ctx = NULL;
96 static const SSL_METHOD *s_time_meth = NULL;
97 static long bytes_read = 0;
98
99 struct {
100 int bugs;
101 char *CAfile;
102 char *CApath;
103 char *certfile;
104 char *cipher;
105 char *host;
106 char *keyfile;
107 time_t maxtime;
108 int nbio;
109 int no_shutdown;
110 int perform;
111 int verify;
112 int verify_depth;
113 char *www_path;
114 } s_time_config;
115
116 struct option s_time_options[] = {
117 {
118 .name = "bugs",
119 .desc = "Enable workarounds for known SSL/TLS bugs",
120 .type = OPTION_FLAG,
121 .opt.flag = &s_time_config.bugs,
122 },
123 {
124 .name = "CAfile",
125 .argname = "file",
126 .desc = "File containing trusted certificates in PEM format",
127 .type = OPTION_ARG,
128 .opt.arg = &s_time_config.CAfile,
129 },
130 {
131 .name = "CApath",
132 .argname = "path",
133 .desc = "Directory containing trusted certificates",
134 .type = OPTION_ARG,
135 .opt.arg = &s_time_config.CApath,
136 },
137 {
138 .name = "cert",
139 .argname = "file",
140 .desc = "Client certificate to use, if one is requested",
141 .type = OPTION_ARG,
142 .opt.arg = &s_time_config.certfile,
143 },
144 {
145 .name = "cipher",
146 .argname = "list",
147 .desc = "List of cipher suites to send to the server",
148 .type = OPTION_ARG,
149 .opt.arg = &s_time_config.cipher,
150 },
151 {
152 .name = "connect",
153 .argname = "host:port",
154 .desc = "Host and port to connect to (default "
155 SSL_CONNECT_NAME ")",
156 .type = OPTION_ARG,
157 .opt.arg = &s_time_config.host,
158 },
159 {
160 .name = "key",
161 .argname = "file",
162 .desc = "Client private key to use, if one is required",
163 .type = OPTION_ARG,
164 .opt.arg = &s_time_config.keyfile,
165 },
166 {
167 .name = "nbio",
168 .desc = "Use non-blocking I/O",
169 .type = OPTION_FLAG,
170 .opt.flag = &s_time_config.nbio,
171 },
172 {
173 .name = "new",
174 .desc = "Use a new session ID for each connection",
175 .type = OPTION_VALUE,
176 .opt.value = &s_time_config.perform,
177 .value = 1,
178 },
179 {
180 .name = "no_shutdown",
181 .desc = "Shut down the connection without notifying the server",
182 .type = OPTION_FLAG,
183 .opt.flag = &s_time_config.no_shutdown,
184 },
185 {
186 .name = "reuse",
187 .desc = "Reuse the same session ID for each connection",
188 .type = OPTION_VALUE,
189 .opt.value = &s_time_config.perform,
190 .value = 2,
191 },
192 {
193 .name = "time",
194 .argname = "seconds",
195 .desc = "Duration to perform timing tests for (default 30)",
196 .type = OPTION_ARG_TIME,
197 .opt.tvalue = &s_time_config.maxtime,
198 },
199 {
200 .name = "verify",
201 .argname = "depth",
202 .desc = "Enable peer certificate verification with given depth",
203 .type = OPTION_ARG_INT,
204 .opt.value = &s_time_config.verify_depth,
205 },
206 {
207 .name = "www",
208 .argname = "page",
209 .desc = "Page to GET from the server (default none)",
210 .type = OPTION_ARG,
211 .opt.arg = &s_time_config.www_path,
212 },
213 { NULL },
214 };
215
216 static void
217 s_time_usage(void)
218 {
219 fprintf(stderr,
220 "usage: s_time "
221 "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
222 " [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
223 " [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
224 " [-verify depth] [-www page]\n\n");
225 options_usage(s_time_options);
226 }
227
228 /***********************************************************************
229 * TIME - time functions
230 */
231 #define START 0
232 #define STOP 1
233
234 static double
235 tm_Time_F(int op)
236 {
237 return app_timer_user(op);
238 }
239
240 /***********************************************************************
241 * MAIN - main processing area for client
242 * real name depends on MONOLITH
243 */
244 int
245 s_time_main(int argc, char **argv)
246 {
247 double totalTime = 0.0;
248 int nConn = 0;
249 SSL *scon = NULL;
250 time_t finishtime;
251 int ret = 1;
252 char buf[1024 * 8];
253 int ver;
254
255 if (single_execution) {
256 if (pledge("stdio rpath inet dns", NULL) == -1) {
257 perror("pledge");
258 exit(1);
259 }
260 }
261
262 s_time_meth = SSLv23_client_method();
263
264 verify_depth = 0;
265
266 memset(&s_time_config, 0, sizeof(s_time_config));
267
268 s_time_config.host = SSL_CONNECT_NAME;
269 s_time_config.maxtime = SECONDS;
270 s_time_config.perform = 3;
271 s_time_config.verify = SSL_VERIFY_NONE;
272 s_time_config.verify_depth = -1;
273
274 if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
275 s_time_usage();
276 goto end;
277 }
278
279 if (s_time_config.verify_depth >= 0) {
280 s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
281 verify_depth = s_time_config.verify_depth;
282 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
283 }
284
285 if (s_time_config.www_path != NULL &&
286 strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
287 BIO_printf(bio_err, "-www option too long\n");
288 goto end;
289 }
290
291 if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
292 return (1);
293
294 SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
295
296 if (s_time_config.bugs)
297 SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
298
299 if (s_time_config.cipher != NULL) {
300 if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
301 BIO_printf(bio_err, "error setting cipher list\n");
302 ERR_print_errors(bio_err);
303 goto end;
304 }
305 }
306
307 SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);
308
309 if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
310 s_time_config.keyfile))
311 goto end;
312
313 if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
314 s_time_config.CApath)) ||
315 (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
316 /*
317 * BIO_printf(bio_err,"error setting default verify
318 * locations\n");
319 */
320 ERR_print_errors(bio_err);
321 /* goto end; */
322 }
323
324 if (!(s_time_config.perform & 1))
325 goto next;
326 printf("Collecting connection statistics for %lld seconds\n",
327 (long long)s_time_config.maxtime);
328
329 /* Loop and time how long it takes to make connections */
330
331 bytes_read = 0;
332 finishtime = time(NULL) + s_time_config.maxtime;
333 tm_Time_F(START);
334 for (;;) {
335 if (finishtime < time(NULL))
336 break;
337 if ((scon = doConnection(NULL)) == NULL)
338 goto end;
339
340 if (s_time_config.www_path != NULL) {
341 int i, retval = snprintf(buf, sizeof buf,
342 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
343 if ((size_t)retval >= sizeof buf) {
344 fprintf(stderr, "URL too long\n");
345 goto end;
346 }
347 SSL_write(scon, buf, strlen(buf));
348 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
349 bytes_read += i;
350 }
351 if (s_time_config.no_shutdown)
352 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
353 SSL_RECEIVED_SHUTDOWN);
354 else
355 SSL_shutdown(scon);
356
357 nConn += 1;
358 if (SSL_session_reused(scon))
359 ver = 'r';
360 else {
361 ver = SSL_version(scon);
362 if (ver == TLS1_VERSION)
363 ver = 't';
364 else if (ver == SSL3_VERSION)
365 ver = '3';
366 else if (ver == SSL2_VERSION)
367 ver = '2';
368 else
369 ver = '*';
370 }
371 fputc(ver, stdout);
372 fflush(stdout);
373
374 SSL_free(scon);
375 scon = NULL;
376 }
377 totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
378
379 printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
380 nConn, totalTime, ((double) nConn / totalTime), bytes_read);
381 printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
382 nConn,
383 (long long)(time(NULL) - finishtime + s_time_config.maxtime),
384 bytes_read / nConn);
385
386 /*
387 * Now loop and time connections using the same session id over and
388 * over
389 */
390
391 next:
392 if (!(s_time_config.perform & 2))
393 goto end;
394 printf("\n\nNow timing with session id reuse.\n");
395
396 /* Get an SSL object so we can reuse the session id */
397 if ((scon = doConnection(NULL)) == NULL) {
398 fprintf(stderr, "Unable to get connection\n");
399 goto end;
400 }
401 if (s_time_config.www_path != NULL) {
402 int retval = snprintf(buf, sizeof buf,
403 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
404 if ((size_t)retval >= sizeof buf) {
405 fprintf(stderr, "URL too long\n");
406 goto end;
407 }
408 SSL_write(scon, buf, strlen(buf));
409 while (SSL_read(scon, buf, sizeof(buf)) > 0);
410 }
411 if (s_time_config.no_shutdown)
412 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
413 SSL_RECEIVED_SHUTDOWN);
414 else
415 SSL_shutdown(scon);
416
417 nConn = 0;
418 totalTime = 0.0;
419
420 finishtime = time(NULL) + s_time_config.maxtime;
421
422 printf("starting\n");
423 bytes_read = 0;
424 tm_Time_F(START);
425
426 for (;;) {
427 if (finishtime < time(NULL))
428 break;
429 if ((doConnection(scon)) == NULL)
430 goto end;
431
432 if (s_time_config.www_path) {
433 int i, retval = snprintf(buf, sizeof buf,
434 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
435 if ((size_t)retval >= sizeof buf) {
436 fprintf(stderr, "URL too long\n");
437 goto end;
438 }
439 SSL_write(scon, buf, strlen(buf));
440 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
441 bytes_read += i;
442 }
443 if (s_time_config.no_shutdown)
444 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
445 SSL_RECEIVED_SHUTDOWN);
446 else
447 SSL_shutdown(scon);
448
449 nConn += 1;
450 if (SSL_session_reused(scon))
451 ver = 'r';
452 else {
453 ver = SSL_version(scon);
454 if (ver == TLS1_VERSION)
455 ver = 't';
456 else if (ver == SSL3_VERSION)
457 ver = '3';
458 else if (ver == SSL2_VERSION)
459 ver = '2';
460 else
461 ver = '*';
462 }
463 fputc(ver, stdout);
464 fflush(stdout);
465 }
466 totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
467
468 printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
469 printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
470 nConn,
471 (long long)(time(NULL) - finishtime + s_time_config.maxtime),
472 bytes_read / nConn);
473
474 ret = 0;
475 end:
476 SSL_free(scon);
477
478 if (tm_ctx != NULL) {
479 SSL_CTX_free(tm_ctx);
480 tm_ctx = NULL;
481 }
482
483 return (ret);
484 }
485
486 /***********************************************************************
487 * doConnection - make a connection
488 * Args:
489 * scon = earlier ssl connection for session id, or NULL
490 * Returns:
491 * SSL * = the connection pointer.
492 */
493 static SSL *
494 doConnection(SSL * scon)
495 {
496 struct pollfd pfd[1];
497 SSL *serverCon;
498 BIO *conn;
499 long verify_error;
500 int i;
501
502 if ((conn = BIO_new(BIO_s_connect())) == NULL)
503 return (NULL);
504
505 /* BIO_set_conn_port(conn,port);*/
506 BIO_set_conn_hostname(conn, s_time_config.host);
507
508 if (scon == NULL)
509 serverCon = SSL_new(tm_ctx);
510 else {
511 serverCon = scon;
512 SSL_set_connect_state(serverCon);
513 }
514
515 SSL_set_bio(serverCon, conn, conn);
516
517 /* ok, lets connect */
518 for (;;) {
519 i = SSL_connect(serverCon);
520 if (BIO_sock_should_retry(i)) {
521 BIO_printf(bio_err, "DELAY\n");
522
523 i = SSL_get_fd(serverCon);
524 pfd[0].fd = i;
525 pfd[0].events = POLLIN;
526 poll(pfd, 1, -1);
527 continue;
528 }
529 break;
530 }
531 if (i <= 0) {
532 BIO_printf(bio_err, "ERROR\n");
533 verify_error = SSL_get_verify_result(serverCon);
534 if (verify_error != X509_V_OK)
535 BIO_printf(bio_err, "verify error:%s\n",
536 X509_verify_cert_error_string(verify_error));
537 else
538 ERR_print_errors(bio_err);
539 if (scon == NULL)
540 SSL_free(serverCon);
541 return NULL;
542 }
543 return serverCon;
544 }
Unleashed OS