search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove compat strtonum implementations
[unleashed/tickless.git] / bin / openssl / s_time.c
blob3644e108f847cbee0501a2d18794808468195d6b
1 /* $OpenBSD: s_time.c,v 1.17 2017/01/20 08:57:12 deraadt Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 /*-----------------------------------------
60 s_time - SSL client connection timer program
61 Written and donated by Larry Streepy <streepy@healthcare.com>
62 -----------------------------------------*/
63
64 #include <sys/types.h>
65 #include <sys/socket.h>
66
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <limits.h>
70 #include <string.h>
71 #include <unistd.h>
72 #include <poll.h>
73
74 #include "apps.h"
75
76 #include <openssl/err.h>
77 #include <openssl/pem.h>
78 #include <openssl/ssl.h>
79 #include <openssl/x509.h>
80
81 #include "s_apps.h"
82
83 #define SSL_CONNECT_NAME "localhost:4433"
84
85 #define BUFSIZZ 1024*10
86
87 #define MYBUFSIZ 1024*8
88
89 #define SECONDS 30
90 extern int verify_depth;
91 extern int verify_error;
92
93 static void s_time_usage(void);
94 static SSL *doConnection(SSL * scon);
95
96 static SSL_CTX *tm_ctx = NULL;
97 static const SSL_METHOD *s_time_meth = NULL;
98 static long bytes_read = 0;
99
100 struct {
101 int bugs;
102 char *CAfile;
103 char *CApath;
104 char *certfile;
105 char *cipher;
106 char *host;
107 char *keyfile;
108 time_t maxtime;
109 int nbio;
110 int no_shutdown;
111 int perform;
112 int verify;
113 int verify_depth;
114 char *www_path;
115 } s_time_config;
116
117 struct option s_time_options[] = {
118 {
119 .name = "bugs",
120 .desc = "Enable workarounds for known SSL/TLS bugs",
121 .type = OPTION_FLAG,
122 .opt.flag = &s_time_config.bugs,
123 },
124 {
125 .name = "CAfile",
126 .argname = "file",
127 .desc = "File containing trusted certificates in PEM format",
128 .type = OPTION_ARG,
129 .opt.arg = &s_time_config.CAfile,
130 },
131 {
132 .name = "CApath",
133 .argname = "path",
134 .desc = "Directory containing trusted certificates",
135 .type = OPTION_ARG,
136 .opt.arg = &s_time_config.CApath,
137 },
138 {
139 .name = "cert",
140 .argname = "file",
141 .desc = "Client certificate to use, if one is requested",
142 .type = OPTION_ARG,
143 .opt.arg = &s_time_config.certfile,
144 },
145 {
146 .name = "cipher",
147 .argname = "list",
148 .desc = "List of cipher suites to send to the server",
149 .type = OPTION_ARG,
150 .opt.arg = &s_time_config.cipher,
151 },
152 {
153 .name = "connect",
154 .argname = "host:port",
155 .desc = "Host and port to connect to (default "
156 SSL_CONNECT_NAME ")",
157 .type = OPTION_ARG,
158 .opt.arg = &s_time_config.host,
159 },
160 {
161 .name = "key",
162 .argname = "file",
163 .desc = "Client private key to use, if one is required",
164 .type = OPTION_ARG,
165 .opt.arg = &s_time_config.keyfile,
166 },
167 {
168 .name = "nbio",
169 .desc = "Use non-blocking I/O",
170 .type = OPTION_FLAG,
171 .opt.flag = &s_time_config.nbio,
172 },
173 {
174 .name = "new",
175 .desc = "Use a new session ID for each connection",
176 .type = OPTION_VALUE,
177 .opt.value = &s_time_config.perform,
178 .value = 1,
179 },
180 {
181 .name = "no_shutdown",
182 .desc = "Shut down the connection without notifying the server",
183 .type = OPTION_FLAG,
184 .opt.flag = &s_time_config.no_shutdown,
185 },
186 {
187 .name = "reuse",
188 .desc = "Reuse the same session ID for each connection",
189 .type = OPTION_VALUE,
190 .opt.value = &s_time_config.perform,
191 .value = 2,
192 },
193 {
194 .name = "time",
195 .argname = "seconds",
196 .desc = "Duration to perform timing tests for (default 30)",
197 .type = OPTION_ARG_TIME,
198 .opt.tvalue = &s_time_config.maxtime,
199 },
200 {
201 .name = "verify",
202 .argname = "depth",
203 .desc = "Enable peer certificate verification with given depth",
204 .type = OPTION_ARG_INT,
205 .opt.value = &s_time_config.verify_depth,
206 },
207 {
208 .name = "www",
209 .argname = "page",
210 .desc = "Page to GET from the server (default none)",
211 .type = OPTION_ARG,
212 .opt.arg = &s_time_config.www_path,
213 },
214 { NULL },
215 };
216
217 static void
218 s_time_usage(void)
219 {
220 fprintf(stderr,
221 "usage: s_time "
222 "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
223 " [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
224 " [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
225 " [-verify depth] [-www page]\n\n");
226 options_usage(s_time_options);
227 }
228
229 /***********************************************************************
230 * TIME - time functions
231 */
232 #define START 0
233 #define STOP 1
234
235 static double
236 tm_Time_F(int s)
237 {
238 return app_tminterval(s, 1);
239 }
240
241 /***********************************************************************
242 * MAIN - main processing area for client
243 * real name depends on MONOLITH
244 */
245 int
246 s_time_main(int argc, char **argv)
247 {
248 double totalTime = 0.0;
249 int nConn = 0;
250 SSL *scon = NULL;
251 time_t finishtime;
252 int ret = 1;
253 char buf[1024 * 8];
254 int ver;
255
256 if (single_execution) {
257 if (pledge("stdio rpath inet", NULL) == -1) {
258 perror("pledge");
259 exit(1);
260 }
261 }
262
263 s_time_meth = SSLv23_client_method();
264
265 verify_depth = 0;
266
267 memset(&s_time_config, 0, sizeof(s_time_config));
268
269 s_time_config.host = SSL_CONNECT_NAME;
270 s_time_config.maxtime = SECONDS;
271 s_time_config.perform = 3;
272 s_time_config.verify = SSL_VERIFY_NONE;
273 s_time_config.verify_depth = -1;
274
275 if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
276 s_time_usage();
277 goto end;
278 }
279
280 if (s_time_config.verify_depth >= 0) {
281 s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
282 verify_depth = s_time_config.verify_depth;
283 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
284 }
285
286 if (s_time_config.www_path != NULL &&
287 strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
288 BIO_printf(bio_err, "-www option too long\n");
289 goto end;
290 }
291
292 if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
293 return (1);
294
295 SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
296
297 if (s_time_config.bugs)
298 SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
299
300 if (s_time_config.cipher != NULL) {
301 if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
302 BIO_printf(bio_err, "error setting cipher list\n");
303 ERR_print_errors(bio_err);
304 goto end;
305 }
306 }
307
308 SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);
309
310 if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
311 s_time_config.keyfile))
312 goto end;
313
314 if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
315 s_time_config.CApath)) ||
316 (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
317 /*
318 * BIO_printf(bio_err,"error setting default verify
319 * locations\n");
320 */
321 ERR_print_errors(bio_err);
322 /* goto end; */
323 }
324
325 if (!(s_time_config.perform & 1))
326 goto next;
327 printf("Collecting connection statistics for %lld seconds\n",
328 (long long)s_time_config.maxtime);
329
330 /* Loop and time how long it takes to make connections */
331
332 bytes_read = 0;
333 finishtime = time(NULL) + s_time_config.maxtime;
334 tm_Time_F(START);
335 for (;;) {
336 if (finishtime < time(NULL))
337 break;
338 if ((scon = doConnection(NULL)) == NULL)
339 goto end;
340
341 if (s_time_config.www_path != NULL) {
342 int i, retval = snprintf(buf, sizeof buf,
343 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
344 if ((size_t)retval >= sizeof buf) {
345 fprintf(stderr, "URL too long\n");
346 goto end;
347 }
348 SSL_write(scon, buf, strlen(buf));
349 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
350 bytes_read += i;
351 }
352 if (s_time_config.no_shutdown)
353 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
354 SSL_RECEIVED_SHUTDOWN);
355 else
356 SSL_shutdown(scon);
357 shutdown(SSL_get_fd(scon), SHUT_RDWR);
358 close(SSL_get_fd(scon));
359
360 nConn += 1;
361 if (SSL_session_reused(scon))
362 ver = 'r';
363 else {
364 ver = SSL_version(scon);
365 if (ver == TLS1_VERSION)
366 ver = 't';
367 else if (ver == SSL3_VERSION)
368 ver = '3';
369 else if (ver == SSL2_VERSION)
370 ver = '2';
371 else
372 ver = '*';
373 }
374 fputc(ver, stdout);
375 fflush(stdout);
376
377 SSL_free(scon);
378 scon = NULL;
379 }
380 totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
381
382 printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
383 nConn, totalTime, ((double) nConn / totalTime), bytes_read);
384 printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
385 nConn,
386 (long long)(time(NULL) - finishtime + s_time_config.maxtime),
387 bytes_read / nConn);
388
389 /*
390 * Now loop and time connections using the same session id over and
391 * over
392 */
393
394 next:
395 if (!(s_time_config.perform & 2))
396 goto end;
397 printf("\n\nNow timing with session id reuse.\n");
398
399 /* Get an SSL object so we can reuse the session id */
400 if ((scon = doConnection(NULL)) == NULL) {
401 fprintf(stderr, "Unable to get connection\n");
402 goto end;
403 }
404 if (s_time_config.www_path != NULL) {
405 int retval = snprintf(buf, sizeof buf,
406 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
407 if ((size_t)retval >= sizeof buf) {
408 fprintf(stderr, "URL too long\n");
409 goto end;
410 }
411 SSL_write(scon, buf, strlen(buf));
412 while (SSL_read(scon, buf, sizeof(buf)) > 0);
413 }
414 if (s_time_config.no_shutdown)
415 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
416 SSL_RECEIVED_SHUTDOWN);
417 else
418 SSL_shutdown(scon);
419 shutdown(SSL_get_fd(scon), SHUT_RDWR);
420 close(SSL_get_fd(scon));
421
422 nConn = 0;
423 totalTime = 0.0;
424
425 finishtime = time(NULL) + s_time_config.maxtime;
426
427 printf("starting\n");
428 bytes_read = 0;
429 tm_Time_F(START);
430
431 for (;;) {
432 if (finishtime < time(NULL))
433 break;
434 if ((doConnection(scon)) == NULL)
435 goto end;
436
437 if (s_time_config.www_path) {
438 int i, retval = snprintf(buf, sizeof buf,
439 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
440 if ((size_t)retval >= sizeof buf) {
441 fprintf(stderr, "URL too long\n");
442 goto end;
443 }
444 SSL_write(scon, buf, strlen(buf));
445 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
446 bytes_read += i;
447 }
448 if (s_time_config.no_shutdown)
449 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
450 SSL_RECEIVED_SHUTDOWN);
451 else
452 SSL_shutdown(scon);
453 shutdown(SSL_get_fd(scon), SHUT_RDWR);
454 close(SSL_get_fd(scon));
455
456 nConn += 1;
457 if (SSL_session_reused(scon))
458 ver = 'r';
459 else {
460 ver = SSL_version(scon);
461 if (ver == TLS1_VERSION)
462 ver = 't';
463 else if (ver == SSL3_VERSION)
464 ver = '3';
465 else if (ver == SSL2_VERSION)
466 ver = '2';
467 else
468 ver = '*';
469 }
470 fputc(ver, stdout);
471 fflush(stdout);
472 }
473 totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
474
475 printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
476 printf("%d connections in %lld real seconds, %ld bytes read per connection\n",
477 nConn,
478 (long long)(time(NULL) - finishtime + s_time_config.maxtime),
479 bytes_read / nConn);
480
481 ret = 0;
482 end:
483 if (scon != NULL)
484 SSL_free(scon);
485
486 if (tm_ctx != NULL) {
487 SSL_CTX_free(tm_ctx);
488 tm_ctx = NULL;
489 }
490
491 return (ret);
492 }
493
494 /***********************************************************************
495 * doConnection - make a connection
496 * Args:
497 * scon = earlier ssl connection for session id, or NULL
498 * Returns:
499 * SSL * = the connection pointer.
500 */
501 static SSL *
502 doConnection(SSL * scon)
503 {
504 struct pollfd pfd[1];
505 SSL *serverCon;
506 BIO *conn;
507 long verify_error;
508 int i;
509
510 if ((conn = BIO_new(BIO_s_connect())) == NULL)
511 return (NULL);
512
513 /* BIO_set_conn_port(conn,port);*/
514 BIO_set_conn_hostname(conn, s_time_config.host);
515
516 if (scon == NULL)
517 serverCon = SSL_new(tm_ctx);
518 else {
519 serverCon = scon;
520 SSL_set_connect_state(serverCon);
521 }
522
523 SSL_set_bio(serverCon, conn, conn);
524
525 /* ok, lets connect */
526 for (;;) {
527 i = SSL_connect(serverCon);
528 if (BIO_sock_should_retry(i)) {
529 BIO_printf(bio_err, "DELAY\n");
530
531 i = SSL_get_fd(serverCon);
532 pfd[0].fd = i;
533 pfd[0].events = POLLIN;
534 poll(pfd, 1, -1);
535 continue;
536 }
537 break;
538 }
539 if (i <= 0) {
540 BIO_printf(bio_err, "ERROR\n");
541 verify_error = SSL_get_verify_result(serverCon);
542 if (verify_error != X509_V_OK)
543 BIO_printf(bio_err, "verify error:%s\n",
544 X509_verify_cert_error_string(verify_error));
545 else
546 ERR_print_errors(bio_err);
547 if (scon == NULL)
548 SSL_free(serverCon);
549 return NULL;
550 }
551 return serverCon;
552 }
unleashed repo fork