Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.bin/openssl/s_time.c	Lines:	111	178	62.4 %
Date:	2017-11-07	Branches:	41	105	39.0 %


/* $OpenBSD: s_time.c,v 1.17 2017/01/20 08:57:12 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

/*-----------------------------------------
   s_time - SSL client connection timer program
   Written and donated by Larry Streepy <streepy@healthcare.com>
  -----------------------------------------*/

#include <sys/types.h>
#include <sys/socket.h>

#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <unistd.h>
#include <poll.h>

#include "apps.h"

#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>

#include "s_apps.h"

#define SSL_CONNECT_NAME	"localhost:4433"

#define BUFSIZZ 1024*10

#define MYBUFSIZ 1024*8

#define SECONDS	30
extern int verify_depth;
extern int verify_error;

static void s_time_usage(void);
static SSL *doConnection(SSL * scon);

static SSL_CTX *tm_ctx = NULL;
static const SSL_METHOD *s_time_meth = NULL;
static long bytes_read = 0;

struct {
	int bugs;
	char *CAfile;
	char *CApath;
	char *certfile;
	char *cipher;
	char *host;
	char *keyfile;
	time_t maxtime;
	int nbio;
	int no_shutdown;
	int perform;
	int verify;
	int verify_depth;
	char *www_path;
} s_time_config;

struct option s_time_options[] = {
	{
		.name = "bugs",
		.desc = "Enable workarounds for known SSL/TLS bugs",
		.type = OPTION_FLAG,
		.opt.flag = &s_time_config.bugs,
	},
	{
		.name = "CAfile",
		.argname = "file",
		.desc = "File containing trusted certificates in PEM format",
		.type = OPTION_ARG,
		.opt.arg = &s_time_config.CAfile,
	},
	{
		.name = "CApath",
		.argname = "path",
		.desc = "Directory containing trusted certificates",
		.type = OPTION_ARG,
		.opt.arg = &s_time_config.CApath,
	},
	{
		.name = "cert",
		.argname = "file",
		.desc = "Client certificate to use, if one is requested",
		.type = OPTION_ARG,
		.opt.arg = &s_time_config.certfile,
	},
	{
		.name = "cipher",
		.argname = "list",
		.desc = "List of cipher suites to send to the server",
		.type = OPTION_ARG,
		.opt.arg = &s_time_config.cipher,
	},
	{
		.name = "connect",
		.argname = "host:port",
		.desc = "Host and port to connect to (default "
		    SSL_CONNECT_NAME ")",
		.type = OPTION_ARG,
		.opt.arg = &s_time_config.host,
	},
	{
		.name = "key",
		.argname = "file",
		.desc = "Client private key to use, if one is required",
		.type = OPTION_ARG,
		.opt.arg = &s_time_config.keyfile,
	},
	{
		.name = "nbio",
		.desc = "Use non-blocking I/O",
		.type = OPTION_FLAG,
		.opt.flag = &s_time_config.nbio,
	},
	{
		.name = "new",
		.desc = "Use a new session ID for each connection",
		.type = OPTION_VALUE,
		.opt.value = &s_time_config.perform,
		.value = 1,
	},
	{
		.name = "no_shutdown",
		.desc = "Shut down the connection without notifying the server",
		.type = OPTION_FLAG,
		.opt.flag = &s_time_config.no_shutdown,
	},
	{
		.name = "reuse",
		.desc = "Reuse the same session ID for each connection",
		.type = OPTION_VALUE,
		.opt.value = &s_time_config.perform,
		.value = 2,
	},
	{
		.name = "time",
		.argname = "seconds",
		.desc = "Duration to perform timing tests for (default 30)",
		.type = OPTION_ARG_TIME,
		.opt.tvalue = &s_time_config.maxtime,
	},
	{
		.name = "verify",
		.argname = "depth",
		.desc = "Enable peer certificate verification with given depth",
		.type = OPTION_ARG_INT,
		.opt.value = &s_time_config.verify_depth,
	},
	{
		.name = "www",
		.argname = "page",
		.desc = "Page to GET from the server (default none)",
		.type = OPTION_ARG,
		.opt.arg = &s_time_config.www_path,
	},
	{ NULL },
};

static void
s_time_usage(void)
{
	fprintf(stderr,
	    "usage: s_time "
	    "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
	    "    [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
	    "    [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
	    "    [-verify depth] [-www page]\n\n");
	options_usage(s_time_options);
}

/***********************************************************************
 * TIME - time functions
 */
#define START	0
#define STOP	1

static double
tm_Time_F(int s)
{
	return app_tminterval(s, 1);
}

/***********************************************************************
 * MAIN - main processing area for client
 *			real name depends on MONOLITH
 */
int
s_time_main(int argc, char **argv)
{
	double totalTime = 0.0;
	int nConn = 0;
	SSL *scon = NULL;
	time_t finishtime;
	int ret = 1;
	char buf[1024 * 8];
	int ver;

	if (single_execution) {
		if (pledge("stdio rpath inet flock cpath wpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	s_time_meth = SSLv23_client_method();

	verify_depth = 0;

	memset(&s_time_config, 0, sizeof(s_time_config));

	s_time_config.host = SSL_CONNECT_NAME;
	s_time_config.maxtime = SECONDS;
	s_time_config.perform = 3;
	s_time_config.verify = SSL_VERIFY_NONE;
	s_time_config.verify_depth = -1;

	if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
		s_time_usage();
		goto end;
	}

	if (s_time_config.verify_depth >= 0) {
		s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
		verify_depth = s_time_config.verify_depth;
		BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
	}

	if (s_time_config.www_path != NULL &&
	    strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
		BIO_printf(bio_err, "-www option too long\n");
		goto end;
	}

	if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
		return (1);

	SSL_CTX_set_quiet_shutdown(tm_ctx, 1);

	if (s_time_config.bugs)
		SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);

	if (s_time_config.cipher != NULL) {
		if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
			BIO_printf(bio_err, "error setting cipher list\n");
			ERR_print_errors(bio_err);
			goto end;
		}
	}

	SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);

	if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
	    s_time_config.keyfile))
		goto end;

	if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
	    s_time_config.CApath)) ||
	    (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
		/*
		 * BIO_printf(bio_err,"error setting default verify
		 * locations\n");
		 */
		ERR_print_errors(bio_err);
		/* goto end; */
	}

	if (!(s_time_config.perform & 1))
		goto next;
	printf("Collecting connection statistics for %lld seconds\n",
	    (long long)s_time_config.maxtime);

	/* Loop and time how long it takes to make connections */

	bytes_read = 0;
	finishtime = time(NULL) + s_time_config.maxtime;
	tm_Time_F(START);
	for (;;) {
		if (finishtime < time(NULL))
			break;
		if ((scon = doConnection(NULL)) == NULL)
			goto end;

		if (s_time_config.www_path != NULL) {
			int i, retval = snprintf(buf, sizeof buf,
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
			if ((size_t)retval >= sizeof buf) {
				fprintf(stderr, "URL too long\n");
				goto end;
			}
			SSL_write(scon, buf, strlen(buf));
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
				bytes_read += i;
		}
		if (s_time_config.no_shutdown)
			SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
			    SSL_RECEIVED_SHUTDOWN);
		else
			SSL_shutdown(scon);
		shutdown(SSL_get_fd(scon), SHUT_RDWR);
		close(SSL_get_fd(scon));

		nConn += 1;
		if (SSL_session_reused(scon))
			ver = 'r';
		else {
			ver = SSL_version(scon);
			if (ver == TLS1_VERSION)
				ver = 't';
			else if (ver == SSL3_VERSION)
				ver = '3';
			else if (ver == SSL2_VERSION)
				ver = '2';
			else
				ver = '*';
		}
		fputc(ver, stdout);
		fflush(stdout);

		SSL_free(scon);
		scon = NULL;
	}
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */

	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
	    nConn, totalTime, ((double) nConn / totalTime), bytes_read);
	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
	    nConn,
	    (long long)(time(NULL) - finishtime + s_time_config.maxtime),
	    bytes_read / nConn);

	/*
	 * Now loop and time connections using the same session id over and
	 * over
	 */

next:
	if (!(s_time_config.perform & 2))
		goto end;
	printf("\n\nNow timing with session id reuse.\n");

	/* Get an SSL object so we can reuse the session id */
	if ((scon = doConnection(NULL)) == NULL) {
		fprintf(stderr, "Unable to get connection\n");
		goto end;
	}
	if (s_time_config.www_path != NULL) {
		int retval = snprintf(buf, sizeof buf,
		    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
		if ((size_t)retval >= sizeof buf) {
			fprintf(stderr, "URL too long\n");
			goto end;
		}
		SSL_write(scon, buf, strlen(buf));
		while (SSL_read(scon, buf, sizeof(buf)) > 0);
	}
	if (s_time_config.no_shutdown)
		SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
		    SSL_RECEIVED_SHUTDOWN);
	else
		SSL_shutdown(scon);
	shutdown(SSL_get_fd(scon), SHUT_RDWR);
	close(SSL_get_fd(scon));

	nConn = 0;
	totalTime = 0.0;

	finishtime = time(NULL) + s_time_config.maxtime;

	printf("starting\n");
	bytes_read = 0;
	tm_Time_F(START);

	for (;;) {
		if (finishtime < time(NULL))
			break;
		if ((doConnection(scon)) == NULL)
			goto end;

		if (s_time_config.www_path) {
			int i, retval = snprintf(buf, sizeof buf,
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
			if ((size_t)retval >= sizeof buf) {
				fprintf(stderr, "URL too long\n");
				goto end;
			}
			SSL_write(scon, buf, strlen(buf));
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
				bytes_read += i;
		}
		if (s_time_config.no_shutdown)
			SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
			    SSL_RECEIVED_SHUTDOWN);
		else
			SSL_shutdown(scon);
		shutdown(SSL_get_fd(scon), SHUT_RDWR);
		close(SSL_get_fd(scon));

		nConn += 1;
		if (SSL_session_reused(scon))
			ver = 'r';
		else {
			ver = SSL_version(scon);
			if (ver == TLS1_VERSION)
				ver = 't';
			else if (ver == SSL3_VERSION)
				ver = '3';
			else if (ver == SSL2_VERSION)
				ver = '2';
			else
				ver = '*';
		}
		fputc(ver, stdout);
		fflush(stdout);
	}
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */

	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
	    nConn,
	    (long long)(time(NULL) - finishtime + s_time_config.maxtime),
	    bytes_read / nConn);

	ret = 0;
end:
	if (scon != NULL)
		SSL_free(scon);

	if (tm_ctx != NULL) {
		SSL_CTX_free(tm_ctx);
		tm_ctx = NULL;
	}

	return (ret);
}

/***********************************************************************
 * doConnection - make a connection
 * Args:
 *		scon	= earlier ssl connection for session id, or NULL
 * Returns:
 *		SSL *	= the connection pointer.
 */
static SSL *
doConnection(SSL * scon)
{
	struct pollfd pfd[1];
	SSL *serverCon;
	BIO *conn;
	long verify_error;
	int i;

	if ((conn = BIO_new(BIO_s_connect())) == NULL)
		return (NULL);

/*	BIO_set_conn_port(conn,port);*/
	BIO_set_conn_hostname(conn, s_time_config.host);

	if (scon == NULL)
		serverCon = SSL_new(tm_ctx);
	else {
		serverCon = scon;
		SSL_set_connect_state(serverCon);
	}

	SSL_set_bio(serverCon, conn, conn);

	/* ok, lets connect */
	for (;;) {
		i = SSL_connect(serverCon);
		if (BIO_sock_should_retry(i)) {
			BIO_printf(bio_err, "DELAY\n");

			i = SSL_get_fd(serverCon);
			pfd[0].fd = i;
			pfd[0].events = POLLIN;
			poll(pfd, 1, -1);
			continue;
		}
		break;
	}
	if (i <= 0) {
		BIO_printf(bio_err, "ERROR\n");
		verify_error = SSL_get_verify_result(serverCon);
		if (verify_error != X509_V_OK)
			BIO_printf(bio_err, "verify error:%s\n",
			    X509_verify_cert_error_string(verify_error));
		else
			ERR_print_errors(bio_err);
		if (scon == NULL)
			SSL_free(serverCon);
		return NULL;
	}
	return serverCon;
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: s_time.c,v 1.17 2017/01/20 08:57:12 deraadt Exp $ */
2			/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3			* All rights reserved.
4			*
5			* This package is an SSL implementation written
6			* by Eric Young (eay@cryptsoft.com).
7			* The implementation was written so as to conform with Netscapes SSL.
8			*
9			* This library is free for commercial and non-commercial use as long as
10			* the following conditions are aheared to. The following conditions
11			* apply to all code found in this distribution, be it the RC4, RSA,
12			* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13			* included with this distribution is covered by the same copyright terms
14			* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15			*
16			* Copyright remains Eric Young's, and as such any Copyright notices in
17			* the code are not to be removed.
18			* If this package is used in a product, Eric Young should be given attribution
19			* as the author of the parts of the library used.
20			* This can be in the form of a textual message at program startup or
21			* in documentation (online or textual) provided with the package.
22			*
23			* Redistribution and use in source and binary forms, with or without
24			* modification, are permitted provided that the following conditions
25			* are met:
26			* 1. Redistributions of source code must retain the copyright
27			* notice, this list of conditions and the following disclaimer.
28			* 2. Redistributions in binary form must reproduce the above copyright
29			* notice, this list of conditions and the following disclaimer in the
30			* documentation and/or other materials provided with the distribution.
31			* 3. All advertising materials mentioning features or use of this software
32			* must display the following acknowledgement:
33			* "This product includes cryptographic software written by
34			* Eric Young (eay@cryptsoft.com)"
35			* The word 'cryptographic' can be left out if the rouines from the library
36			* being used are not cryptographic related :-).
37			* 4. If you include any Windows specific code (or a derivative thereof) from
38			* the apps directory (application code) you must include an acknowledgement:
39			* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40			*
41			* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42			* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44			* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45			* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46			* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47			* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49			* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50			* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51			* SUCH DAMAGE.
52			*
53			* The licence and distribution terms for any publically available version or
54			* derivative of this code cannot be changed. i.e. this code cannot simply be
55			* copied and put under another distribution licence
56			* [including the GNU Public Licence.]
57			*/
58
59			/*-----------------------------------------
60			s_time - SSL client connection timer program
61			Written and donated by Larry Streepy <streepy@healthcare.com>
62			-----------------------------------------*/
63
64			#include <sys/types.h>
65			#include <sys/socket.h>
66
67			#include <stdio.h>
68			#include <stdlib.h>
69			#include <limits.h>
70			#include <string.h>
71			#include <unistd.h>
72			#include <poll.h>
73
74			#include "apps.h"
75
76			#include <openssl/err.h>
77			#include <openssl/pem.h>
78			#include <openssl/ssl.h>
79			#include <openssl/x509.h>
80
81			#include "s_apps.h"
82
83			#define SSL_CONNECT_NAME "localhost:4433"
84
85			#define BUFSIZZ 1024*10
86
87			#define MYBUFSIZ 1024*8
88
89			#define SECONDS 30
90			extern int verify_depth;
91			extern int verify_error;
92
93			static void s_time_usage(void);
94			static SSL doConnection(SSL scon);
95
96			static SSL_CTX *tm_ctx = NULL;
97			static const SSL_METHOD *s_time_meth = NULL;
98			static long bytes_read = 0;
99
100			struct {
101			int bugs;
102			char *CAfile;
103			char *CApath;
104			char *certfile;
105			char *cipher;
106			char *host;
107			char *keyfile;
108			time_t maxtime;
109			int nbio;
110			int no_shutdown;
111			int perform;
112			int verify;
113			int verify_depth;
114			char *www_path;
115			} s_time_config;
116
117			struct option s_time_options[] = {
118			{
119			.name = "bugs",
120			.desc = "Enable workarounds for known SSL/TLS bugs",
121			.type = OPTION_FLAG,
122			.opt.flag = &s_time_config.bugs,
123			},
124			{
125			.name = "CAfile",
126			.argname = "file",
127			.desc = "File containing trusted certificates in PEM format",
128			.type = OPTION_ARG,
129			.opt.arg = &s_time_config.CAfile,
130			},
131			{
132			.name = "CApath",
133			.argname = "path",
134			.desc = "Directory containing trusted certificates",
135			.type = OPTION_ARG,
136			.opt.arg = &s_time_config.CApath,
137			},
138			{
139			.name = "cert",
140			.argname = "file",
141			.desc = "Client certificate to use, if one is requested",
142			.type = OPTION_ARG,
143			.opt.arg = &s_time_config.certfile,
144			},
145			{
146			.name = "cipher",
147			.argname = "list",
148			.desc = "List of cipher suites to send to the server",
149			.type = OPTION_ARG,
150			.opt.arg = &s_time_config.cipher,
151			},
152			{
153			.name = "connect",
154			.argname = "host:port",
155			.desc = "Host and port to connect to (default "
156			SSL_CONNECT_NAME ")",
157			.type = OPTION_ARG,
158			.opt.arg = &s_time_config.host,
159			},
160			{
161			.name = "key",
162			.argname = "file",
163			.desc = "Client private key to use, if one is required",
164			.type = OPTION_ARG,
165			.opt.arg = &s_time_config.keyfile,
166			},
167			{
168			.name = "nbio",
169			.desc = "Use non-blocking I/O",
170			.type = OPTION_FLAG,
171			.opt.flag = &s_time_config.nbio,
172			},
173			{
174			.name = "new",
175			.desc = "Use a new session ID for each connection",
176			.type = OPTION_VALUE,
177			.opt.value = &s_time_config.perform,
178			.value = 1,
179			},
180			{
181			.name = "no_shutdown",
182			.desc = "Shut down the connection without notifying the server",
183			.type = OPTION_FLAG,
184			.opt.flag = &s_time_config.no_shutdown,
185			},
186			{
187			.name = "reuse",
188			.desc = "Reuse the same session ID for each connection",
189			.type = OPTION_VALUE,
190			.opt.value = &s_time_config.perform,
191			.value = 2,
192			},
193			{
194			.name = "time",
195			.argname = "seconds",
196			.desc = "Duration to perform timing tests for (default 30)",
197			.type = OPTION_ARG_TIME,
198			.opt.tvalue = &s_time_config.maxtime,
199			},
200			{
201			.name = "verify",
202			.argname = "depth",
203			.desc = "Enable peer certificate verification with given depth",
204			.type = OPTION_ARG_INT,
205			.opt.value = &s_time_config.verify_depth,
206			},
207			{
208			.name = "www",
209			.argname = "page",
210			.desc = "Page to GET from the server (default none)",
211			.type = OPTION_ARG,
212			.opt.arg = &s_time_config.www_path,
213			},
214			{ NULL },
215			};
216
217			static void
218			s_time_usage(void)
219			{
220		16	fprintf(stderr,
221			"usage: s_time "
222			"[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
223			" [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
224			" [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
225			" [-verify depth] [-www page]\n\n");
226		8	options_usage(s_time_options);
227		8	}
228
229			/***********************************************************************
230			* TIME - time functions
231			*/
232			#define START 0
233			#define STOP 1
234
235			static double
236			tm_Time_F(int s)
237			{
238		64	return app_tminterval(s, 1);
239			}
240
241			/***********************************************************************
242			* MAIN - main processing area for client
243			* real name depends on MONOLITH
244			*/
245			int
246			s_time_main(int argc, char **argv)
247			{
248			double totalTime = 0.0;
249			int nConn = 0;
250			SSL *scon = NULL;
251			time_t finishtime;
252			int ret = 1;
253		32	char buf[1024 * 8];
254			int ver;
255
256	✓✗	16	if (single_execution) {
257	✗✓	16	if (pledge("stdio rpath inet flock cpath wpath", NULL) == -1) {
258			perror("pledge");
259			exit(1);
260			}
261			}
262
263		16	s_time_meth = SSLv23_client_method();
264
265		16	verify_depth = 0;
266
267		16	memset(&s_time_config, 0, sizeof(s_time_config));
268
269		16	s_time_config.host = SSL_CONNECT_NAME;
270		16	s_time_config.maxtime = SECONDS;
271		16	s_time_config.perform = 3;
272		16	s_time_config.verify = SSL_VERIFY_NONE;
273		16	s_time_config.verify_depth = -1;
274
275	✓✓	16	if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
276		8	s_time_usage();
277		8	goto end;
278			}
279
280	✗✓	8	if (s_time_config.verify_depth >= 0) {
281			s_time_config.verify = SSL_VERIFY_PEER \| SSL_VERIFY_CLIENT_ONCE;
282			verify_depth = s_time_config.verify_depth;
283			BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
284			}
285
286	✗✓✗✗	8	if (s_time_config.www_path != NULL &&
287			strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
288			BIO_printf(bio_err, "-www option too long\n");
289			goto end;
290			}
291
292	✗✓	8	if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
293			return (1);
294
295		8	SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
296
297	✗✓	8	if (s_time_config.bugs)
298			SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
299
300	✗✓	8	if (s_time_config.cipher != NULL) {
301			if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
302			BIO_printf(bio_err, "error setting cipher list\n");
303			ERR_print_errors(bio_err);
304			goto end;
305			}
306			}
307
308		8	SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);
309
310	✓✗	16	if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
311		8	s_time_config.keyfile))
312			goto end;
313
314	✗✓	24	if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
315	✓✗	16	s_time_config.CApath)) \|\|
316		8	(!SSL_CTX_set_default_verify_paths(tm_ctx))) {
317			/*
318			* BIO_printf(bio_err,"error setting default verify
319			* locations\n");
320			*/
321			ERR_print_errors(bio_err);
322			/* goto end; */
323			}
324
325	✓✗	8	if (!(s_time_config.perform & 1))
326			goto next;
327		8	printf("Collecting connection statistics for %lld seconds\n",
328		8	(long long)s_time_config.maxtime);
329
330			/* Loop and time how long it takes to make connections */
331
332		8	bytes_read = 0;
333		8	finishtime = time(NULL) + s_time_config.maxtime;
334		8	tm_Time_F(START);
335		5017	for (;;) {
336	✓✓	5017	if (finishtime < time(NULL))
337			break;
338	✓✗	5009	if ((scon = doConnection(NULL)) == NULL)
339			goto end;
340
341	✗✓	5009	if (s_time_config.www_path != NULL) {
342			int i, retval = snprintf(buf, sizeof buf,
343			"GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
344			if ((size_t)retval >= sizeof buf) {
345			fprintf(stderr, "URL too long\n");
346			goto end;
347			}
348			SSL_write(scon, buf, strlen(buf));
349			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
350			bytes_read += i;
351			}
352	✗✓	5009	if (s_time_config.no_shutdown)
353			SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN \|
354			SSL_RECEIVED_SHUTDOWN);
355			else
356		5009	SSL_shutdown(scon);
357		5009	shutdown(SSL_get_fd(scon), SHUT_RDWR);
358		5009	close(SSL_get_fd(scon));
359
360		5009	nConn += 1;
361	✗✓	5009	if (SSL_session_reused(scon))
362			ver = 'r';
363			else {
364		5009	ver = SSL_version(scon);
365	✗✓	5009	if (ver == TLS1_VERSION)
366			ver = 't';
367	✗✓	5009	else if (ver == SSL3_VERSION)
368			ver = '3';
369	✗✓	5009	else if (ver == SSL2_VERSION)
370			ver = '2';
371			else
372			ver = '*';
373			}
374		5009	fputc(ver, stdout);
375		5009	fflush(stdout);
376
377		5009	SSL_free(scon);
378			scon = NULL;
379			}
380		8	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
381
382		8	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
383		8	nConn, totalTime, ((double) nConn / totalTime), bytes_read);
384		8	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
385			nConn,
386		8	(long long)(time(NULL) - finishtime + s_time_config.maxtime),
387		8	bytes_read / nConn);
388
389			/*
390			* Now loop and time connections using the same session id over and
391			* over
392			*/
393
394			next:
395	✓✗	8	if (!(s_time_config.perform & 2))
396			goto end;
397		8	printf("\n\nNow timing with session id reuse.\n");
398
399			/* Get an SSL object so we can reuse the session id */
400	✗✓	8	if ((scon = doConnection(NULL)) == NULL) {
401			fprintf(stderr, "Unable to get connection\n");
402			goto end;
403			}
404	✗✓	8	if (s_time_config.www_path != NULL) {
405			int retval = snprintf(buf, sizeof buf,
406			"GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
407			if ((size_t)retval >= sizeof buf) {
408			fprintf(stderr, "URL too long\n");
409			goto end;
410			}
411			SSL_write(scon, buf, strlen(buf));
412			while (SSL_read(scon, buf, sizeof(buf)) > 0);
413			}
414	✗✓	8	if (s_time_config.no_shutdown)
415			SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN \|
416			SSL_RECEIVED_SHUTDOWN);
417			else
418		8	SSL_shutdown(scon);
419		8	shutdown(SSL_get_fd(scon), SHUT_RDWR);
420		8	close(SSL_get_fd(scon));
421
422			nConn = 0;
423			totalTime = 0.0;
424
425		8	finishtime = time(NULL) + s_time_config.maxtime;
426
427		8	printf("starting\n");
428		8	bytes_read = 0;
429		8	tm_Time_F(START);
430
431		33941	for (;;) {
432	✓✓	33941	if (finishtime < time(NULL))
433			break;
434	✓✗	33933	if ((doConnection(scon)) == NULL)
435			goto end;
436
437	✗✓	33933	if (s_time_config.www_path) {
438			int i, retval = snprintf(buf, sizeof buf,
439			"GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
440			if ((size_t)retval >= sizeof buf) {
441			fprintf(stderr, "URL too long\n");
442			goto end;
443			}
444			SSL_write(scon, buf, strlen(buf));
445			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
446			bytes_read += i;
447			}
448	✗✓	33933	if (s_time_config.no_shutdown)
449			SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN \|
450			SSL_RECEIVED_SHUTDOWN);
451			else
452		33933	SSL_shutdown(scon);
453		33933	shutdown(SSL_get_fd(scon), SHUT_RDWR);
454		33933	close(SSL_get_fd(scon));
455
456		33933	nConn += 1;
457	✓✗	33933	if (SSL_session_reused(scon))
458		33933	ver = 'r';
459			else {
460			ver = SSL_version(scon);
461			if (ver == TLS1_VERSION)
462			ver = 't';
463			else if (ver == SSL3_VERSION)
464			ver = '3';
465			else if (ver == SSL2_VERSION)
466			ver = '2';
467			else
468			ver = '*';
469			}
470		33933	fputc(ver, stdout);
471		33933	fflush(stdout);
472			}
473		8	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
474
475		8	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
476		8	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
477			nConn,
478		8	(long long)(time(NULL) - finishtime + s_time_config.maxtime),
479		8	bytes_read / nConn);
480
481		8	ret = 0;
482			end:
483	✓✓	16	if (scon != NULL)
484		8	SSL_free(scon);
485
486	✓✓	16	if (tm_ctx != NULL) {
487		8	SSL_CTX_free(tm_ctx);
488		8	tm_ctx = NULL;
489		8	}
490
491		16	return (ret);
492		16	}
493
494			/***********************************************************************
495			* doConnection - make a connection
496			* Args:
497			* scon = earlier ssl connection for session id, or NULL
498			* Returns:
499			* SSL * = the connection pointer.
500			*/
501			static SSL *
502			doConnection(SSL * scon)
503			{
504		77900	struct pollfd pfd[1];
505			SSL *serverCon;
506			BIO *conn;
507			long verify_error;
508			int i;
509
510	✗✓	38950	if ((conn = BIO_new(BIO_s_connect())) == NULL)
511			return (NULL);
512
513			/* BIO_set_conn_port(conn,port);*/
514		38950	BIO_set_conn_hostname(conn, s_time_config.host);
515
516	✓✓	38950	if (scon == NULL)
517		5017	serverCon = SSL_new(tm_ctx);
518			else {
519			serverCon = scon;
520		33933	SSL_set_connect_state(serverCon);
521			}
522
523		38950	SSL_set_bio(serverCon, conn, conn);
524
525			/* ok, lets connect */
526		38950	for (;;) {
527		38950	i = SSL_connect(serverCon);
528	✗✓	38950	if (BIO_sock_should_retry(i)) {
529			BIO_printf(bio_err, "DELAY\n");
530
531			i = SSL_get_fd(serverCon);
532			pfd[0].fd = i;
533			pfd[0].events = POLLIN;
534			poll(pfd, 1, -1);
535			continue;
536			}
537			break;
538			}
539	✗✓	38950	if (i <= 0) {
540			BIO_printf(bio_err, "ERROR\n");
541			verify_error = SSL_get_verify_result(serverCon);
542			if (verify_error != X509_V_OK)
543			BIO_printf(bio_err, "verify error:%s\n",
544			X509_verify_cert_error_string(verify_error));
545			else
546			ERR_print_errors(bio_err);
547			if (scon == NULL)
548			SSL_free(serverCon);
549			return NULL;
550			}
551		38950	return serverCon;
552		38950	}