GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/openssl/s_time.c Lines: 111 178 62.4 %
Date: 2017-11-13 Branches: 41 105 39.0 %

Line Branch Exec Source
1
/* $OpenBSD: s_time.c,v 1.18 2017/11/02 00:31:49 mestre Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
59
/*-----------------------------------------
60
   s_time - SSL client connection timer program
61
   Written and donated by Larry Streepy <streepy@healthcare.com>
62
  -----------------------------------------*/
63
64
#include <sys/types.h>
65
#include <sys/socket.h>
66
67
#include <stdio.h>
68
#include <stdlib.h>
69
#include <limits.h>
70
#include <string.h>
71
#include <unistd.h>
72
#include <poll.h>
73
74
#include "apps.h"
75
76
#include <openssl/err.h>
77
#include <openssl/pem.h>
78
#include <openssl/ssl.h>
79
#include <openssl/x509.h>
80
81
#include "s_apps.h"
82
83
#define SSL_CONNECT_NAME	"localhost:4433"
84
85
#define BUFSIZZ 1024*10
86
87
#define MYBUFSIZ 1024*8
88
89
#define SECONDS	30
90
extern int verify_depth;
91
extern int verify_error;
92
93
static void s_time_usage(void);
94
static SSL *doConnection(SSL * scon);
95
96
static SSL_CTX *tm_ctx = NULL;
97
static const SSL_METHOD *s_time_meth = NULL;
98
static long bytes_read = 0;
99
100
struct {
101
	int bugs;
102
	char *CAfile;
103
	char *CApath;
104
	char *certfile;
105
	char *cipher;
106
	char *host;
107
	char *keyfile;
108
	time_t maxtime;
109
	int nbio;
110
	int no_shutdown;
111
	int perform;
112
	int verify;
113
	int verify_depth;
114
	char *www_path;
115
} s_time_config;
116
117
struct option s_time_options[] = {
118
	{
119
		.name = "bugs",
120
		.desc = "Enable workarounds for known SSL/TLS bugs",
121
		.type = OPTION_FLAG,
122
		.opt.flag = &s_time_config.bugs,
123
	},
124
	{
125
		.name = "CAfile",
126
		.argname = "file",
127
		.desc = "File containing trusted certificates in PEM format",
128
		.type = OPTION_ARG,
129
		.opt.arg = &s_time_config.CAfile,
130
	},
131
	{
132
		.name = "CApath",
133
		.argname = "path",
134
		.desc = "Directory containing trusted certificates",
135
		.type = OPTION_ARG,
136
		.opt.arg = &s_time_config.CApath,
137
	},
138
	{
139
		.name = "cert",
140
		.argname = "file",
141
		.desc = "Client certificate to use, if one is requested",
142
		.type = OPTION_ARG,
143
		.opt.arg = &s_time_config.certfile,
144
	},
145
	{
146
		.name = "cipher",
147
		.argname = "list",
148
		.desc = "List of cipher suites to send to the server",
149
		.type = OPTION_ARG,
150
		.opt.arg = &s_time_config.cipher,
151
	},
152
	{
153
		.name = "connect",
154
		.argname = "host:port",
155
		.desc = "Host and port to connect to (default "
156
		    SSL_CONNECT_NAME ")",
157
		.type = OPTION_ARG,
158
		.opt.arg = &s_time_config.host,
159
	},
160
	{
161
		.name = "key",
162
		.argname = "file",
163
		.desc = "Client private key to use, if one is required",
164
		.type = OPTION_ARG,
165
		.opt.arg = &s_time_config.keyfile,
166
	},
167
	{
168
		.name = "nbio",
169
		.desc = "Use non-blocking I/O",
170
		.type = OPTION_FLAG,
171
		.opt.flag = &s_time_config.nbio,
172
	},
173
	{
174
		.name = "new",
175
		.desc = "Use a new session ID for each connection",
176
		.type = OPTION_VALUE,
177
		.opt.value = &s_time_config.perform,
178
		.value = 1,
179
	},
180
	{
181
		.name = "no_shutdown",
182
		.desc = "Shut down the connection without notifying the server",
183
		.type = OPTION_FLAG,
184
		.opt.flag = &s_time_config.no_shutdown,
185
	},
186
	{
187
		.name = "reuse",
188
		.desc = "Reuse the same session ID for each connection",
189
		.type = OPTION_VALUE,
190
		.opt.value = &s_time_config.perform,
191
		.value = 2,
192
	},
193
	{
194
		.name = "time",
195
		.argname = "seconds",
196
		.desc = "Duration to perform timing tests for (default 30)",
197
		.type = OPTION_ARG_TIME,
198
		.opt.tvalue = &s_time_config.maxtime,
199
	},
200
	{
201
		.name = "verify",
202
		.argname = "depth",
203
		.desc = "Enable peer certificate verification with given depth",
204
		.type = OPTION_ARG_INT,
205
		.opt.value = &s_time_config.verify_depth,
206
	},
207
	{
208
		.name = "www",
209
		.argname = "page",
210
		.desc = "Page to GET from the server (default none)",
211
		.type = OPTION_ARG,
212
		.opt.arg = &s_time_config.www_path,
213
	},
214
	{ NULL },
215
};
216
217
static void
218
s_time_usage(void)
219
{
220
8
	fprintf(stderr,
221
	    "usage: s_time "
222
	    "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
223
	    "    [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
224
	    "    [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
225
	    "    [-verify depth] [-www page]\n\n");
226
4
	options_usage(s_time_options);
227
4
}
228
229
/***********************************************************************
230
 * TIME - time functions
231
 */
232
#define START	0
233
#define STOP	1
234
235
static double
236
tm_Time_F(int s)
237
{
238
32
	return app_tminterval(s, 1);
239
}
240
241
/***********************************************************************
242
 * MAIN - main processing area for client
243
 *			real name depends on MONOLITH
244
 */
245
int
246
s_time_main(int argc, char **argv)
247
{
248
	double totalTime = 0.0;
249
	int nConn = 0;
250
	SSL *scon = NULL;
251
	time_t finishtime;
252
	int ret = 1;
253
16
	char buf[1024 * 8];
254
	int ver;
255
256
8
	if (single_execution) {
257
8
		if (pledge("stdio rpath inet dns flock cpath wpath", NULL) == -1) {
258
			perror("pledge");
259
			exit(1);
260
		}
261
	}
262
263
8
	s_time_meth = SSLv23_client_method();
264
265
8
	verify_depth = 0;
266
267
8
	memset(&s_time_config, 0, sizeof(s_time_config));
268
269
8
	s_time_config.host = SSL_CONNECT_NAME;
270
8
	s_time_config.maxtime = SECONDS;
271
8
	s_time_config.perform = 3;
272
8
	s_time_config.verify = SSL_VERIFY_NONE;
273
8
	s_time_config.verify_depth = -1;
274
275
8
	if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
276
4
		s_time_usage();
277
4
		goto end;
278
	}
279
280
4
	if (s_time_config.verify_depth >= 0) {
281
		s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
282
		verify_depth = s_time_config.verify_depth;
283
		BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
284
	}
285
286

4
	if (s_time_config.www_path != NULL &&
287
	    strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
288
		BIO_printf(bio_err, "-www option too long\n");
289
		goto end;
290
	}
291
292
4
	if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
293
		return (1);
294
295
4
	SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
296
297
4
	if (s_time_config.bugs)
298
		SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
299
300
4
	if (s_time_config.cipher != NULL) {
301
		if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
302
			BIO_printf(bio_err, "error setting cipher list\n");
303
			ERR_print_errors(bio_err);
304
			goto end;
305
		}
306
	}
307
308
4
	SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);
309
310
8
	if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
311
4
	    s_time_config.keyfile))
312
		goto end;
313
314
12
	if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
315
8
	    s_time_config.CApath)) ||
316
4
	    (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
317
		/*
318
		 * BIO_printf(bio_err,"error setting default verify
319
		 * locations\n");
320
		 */
321
		ERR_print_errors(bio_err);
322
		/* goto end; */
323
	}
324
325
4
	if (!(s_time_config.perform & 1))
326
		goto next;
327
4
	printf("Collecting connection statistics for %lld seconds\n",
328
4
	    (long long)s_time_config.maxtime);
329
330
	/* Loop and time how long it takes to make connections */
331
332
4
	bytes_read = 0;
333
4
	finishtime = time(NULL) + s_time_config.maxtime;
334
4
	tm_Time_F(START);
335
2533
	for (;;) {
336
2533
		if (finishtime < time(NULL))
337
			break;
338
2529
		if ((scon = doConnection(NULL)) == NULL)
339
			goto end;
340
341
2529
		if (s_time_config.www_path != NULL) {
342
			int i, retval = snprintf(buf, sizeof buf,
343
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
344
			if ((size_t)retval >= sizeof buf) {
345
				fprintf(stderr, "URL too long\n");
346
				goto end;
347
			}
348
			SSL_write(scon, buf, strlen(buf));
349
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
350
				bytes_read += i;
351
		}
352
2529
		if (s_time_config.no_shutdown)
353
			SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
354
			    SSL_RECEIVED_SHUTDOWN);
355
		else
356
2529
			SSL_shutdown(scon);
357
2529
		shutdown(SSL_get_fd(scon), SHUT_RDWR);
358
2529
		close(SSL_get_fd(scon));
359
360
2529
		nConn += 1;
361
2529
		if (SSL_session_reused(scon))
362
			ver = 'r';
363
		else {
364
2529
			ver = SSL_version(scon);
365
2529
			if (ver == TLS1_VERSION)
366
				ver = 't';
367
2529
			else if (ver == SSL3_VERSION)
368
				ver = '3';
369
2529
			else if (ver == SSL2_VERSION)
370
				ver = '2';
371
			else
372
				ver = '*';
373
		}
374
2529
		fputc(ver, stdout);
375
2529
		fflush(stdout);
376
377
2529
		SSL_free(scon);
378
		scon = NULL;
379
	}
380
4
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */
381
382
4
	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
383
4
	    nConn, totalTime, ((double) nConn / totalTime), bytes_read);
384
4
	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
385
	    nConn,
386
4
	    (long long)(time(NULL) - finishtime + s_time_config.maxtime),
387
4
	    bytes_read / nConn);
388
389
	/*
390
	 * Now loop and time connections using the same session id over and
391
	 * over
392
	 */
393
394
next:
395
4
	if (!(s_time_config.perform & 2))
396
		goto end;
397
4
	printf("\n\nNow timing with session id reuse.\n");
398
399
	/* Get an SSL object so we can reuse the session id */
400
4
	if ((scon = doConnection(NULL)) == NULL) {
401
		fprintf(stderr, "Unable to get connection\n");
402
		goto end;
403
	}
404
4
	if (s_time_config.www_path != NULL) {
405
		int retval = snprintf(buf, sizeof buf,
406
		    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
407
		if ((size_t)retval >= sizeof buf) {
408
			fprintf(stderr, "URL too long\n");
409
			goto end;
410
		}
411
		SSL_write(scon, buf, strlen(buf));
412
		while (SSL_read(scon, buf, sizeof(buf)) > 0);
413
	}
414
4
	if (s_time_config.no_shutdown)
415
		SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
416
		    SSL_RECEIVED_SHUTDOWN);
417
	else
418
4
		SSL_shutdown(scon);
419
4
	shutdown(SSL_get_fd(scon), SHUT_RDWR);
420
4
	close(SSL_get_fd(scon));
421
422
	nConn = 0;
423
	totalTime = 0.0;
424
425
4
	finishtime = time(NULL) + s_time_config.maxtime;
426
427
4
	printf("starting\n");
428
4
	bytes_read = 0;
429
4
	tm_Time_F(START);
430
431
32037
	for (;;) {
432
32037
		if (finishtime < time(NULL))
433
			break;
434
32033
		if ((doConnection(scon)) == NULL)
435
			goto end;
436
437
32033
		if (s_time_config.www_path) {
438
			int i, retval = snprintf(buf, sizeof buf,
439
			    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
440
			if ((size_t)retval >= sizeof buf) {
441
				fprintf(stderr, "URL too long\n");
442
				goto end;
443
			}
444
			SSL_write(scon, buf, strlen(buf));
445
			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
446
				bytes_read += i;
447
		}
448
32033
		if (s_time_config.no_shutdown)
449
			SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
450
			    SSL_RECEIVED_SHUTDOWN);
451
		else
452
32033
			SSL_shutdown(scon);
453
32033
		shutdown(SSL_get_fd(scon), SHUT_RDWR);
454
32033
		close(SSL_get_fd(scon));
455
456
32033
		nConn += 1;
457
32033
		if (SSL_session_reused(scon))
458
32033
			ver = 'r';
459
		else {
460
			ver = SSL_version(scon);
461
			if (ver == TLS1_VERSION)
462
				ver = 't';
463
			else if (ver == SSL3_VERSION)
464
				ver = '3';
465
			else if (ver == SSL2_VERSION)
466
				ver = '2';
467
			else
468
				ver = '*';
469
		}
470
32033
		fputc(ver, stdout);
471
32033
		fflush(stdout);
472
	}
473
4
	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */
474
475
4
	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
476
4
	printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
477
	    nConn,
478
4
	    (long long)(time(NULL) - finishtime + s_time_config.maxtime),
479
4
	    bytes_read / nConn);
480
481
4
	ret = 0;
482
end:
483
8
	if (scon != NULL)
484
4
		SSL_free(scon);
485
486
8
	if (tm_ctx != NULL) {
487
4
		SSL_CTX_free(tm_ctx);
488
4
		tm_ctx = NULL;
489
4
	}
490
491
8
	return (ret);
492
8
}
493
494
/***********************************************************************
495
 * doConnection - make a connection
496
 * Args:
497
 *		scon	= earlier ssl connection for session id, or NULL
498
 * Returns:
499
 *		SSL *	= the connection pointer.
500
 */
501
static SSL *
502
doConnection(SSL * scon)
503
{
504
69132
	struct pollfd pfd[1];
505
	SSL *serverCon;
506
	BIO *conn;
507
	long verify_error;
508
	int i;
509
510
34566
	if ((conn = BIO_new(BIO_s_connect())) == NULL)
511
		return (NULL);
512
513
/*	BIO_set_conn_port(conn,port);*/
514
34566
	BIO_set_conn_hostname(conn, s_time_config.host);
515
516
34566
	if (scon == NULL)
517
2533
		serverCon = SSL_new(tm_ctx);
518
	else {
519
		serverCon = scon;
520
32033
		SSL_set_connect_state(serverCon);
521
	}
522
523
34566
	SSL_set_bio(serverCon, conn, conn);
524
525
	/* ok, lets connect */
526
34566
	for (;;) {
527
34566
		i = SSL_connect(serverCon);
528
34566
		if (BIO_sock_should_retry(i)) {
529
			BIO_printf(bio_err, "DELAY\n");
530
531
			i = SSL_get_fd(serverCon);
532
			pfd[0].fd = i;
533
			pfd[0].events = POLLIN;
534
			poll(pfd, 1, -1);
535
			continue;
536
		}
537
		break;
538
	}
539
34566
	if (i <= 0) {
540
		BIO_printf(bio_err, "ERROR\n");
541
		verify_error = SSL_get_verify_result(serverCon);
542
		if (verify_error != X509_V_OK)
543
			BIO_printf(bio_err, "verify error:%s\n",
544
			    X509_verify_cert_error_string(verify_error));
545
		else
546
			ERR_print_errors(bio_err);
547
		if (scon == NULL)
548
			SSL_free(serverCon);
549
		return NULL;
550
	}
551
34566
	return serverCon;
552
34566
}