]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
d02b48c6 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
58964a49 | 10 | #define NO_SHUTDOWN |
d02b48c6 | 11 | |
d02b48c6 RE |
12 | #include <stdio.h> |
13 | #include <stdlib.h> | |
14 | #include <string.h> | |
15 | ||
f9e55034 MC |
16 | #include <openssl/opensslconf.h> |
17 | ||
18 | #ifndef OPENSSL_NO_SOCK | |
19 | ||
a4a8f7b3 RL |
20 | #define USE_SOCKETS |
21 | #include "apps.h" | |
ec577822 BM |
22 | #include <openssl/x509.h> |
23 | #include <openssl/ssl.h> | |
24 | #include <openssl/pem.h> | |
d02b48c6 | 25 | #include "s_apps.h" |
ec577822 | 26 | #include <openssl/err.h> |
f559f31b | 27 | #if !defined(OPENSSL_SYS_MSDOS) |
0f113f3e | 28 | # include OPENSSL_UNISTD |
f559f31b | 29 | #endif |
d02b48c6 | 30 | |
7d7d2cbc | 31 | #undef ioctl |
d02b48c6 RE |
32 | #define ioctl ioctlsocket |
33 | ||
0f113f3e | 34 | #define SSL_CONNECT_NAME "localhost:4433" |
d02b48c6 | 35 | |
e636e2ac | 36 | /* no default cert. */ |
0f113f3e MC |
37 | /* |
38 | * #define TEST_CERT "client.pem" | |
39 | */ | |
d02b48c6 | 40 | |
3e83e686 RL |
41 | #undef min |
42 | #undef max | |
d02b48c6 RE |
43 | #define min(a,b) (((a) < (b)) ? (a) : (b)) |
44 | #define max(a,b) (((a) > (b)) ? (a) : (b)) | |
45 | ||
46 | #undef SECONDS | |
0f113f3e | 47 | #define SECONDS 30 |
7e1b7485 RS |
48 | #define SECONDSSTR "30" |
49 | ||
7e1b7485 | 50 | static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); |
d02b48c6 | 51 | |
7606c231 F |
52 | static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n"; |
53 | ||
7e1b7485 RS |
54 | typedef enum OPTION_choice { |
55 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
56 | OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH, | |
2b6bcb70 MC |
57 | OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, |
58 | OPT_VERIFY, OPT_TIME, OPT_SSL3, | |
7e1b7485 RS |
59 | OPT_WWW |
60 | } OPTION_CHOICE; | |
61 | ||
62 | OPTIONS s_time_options[] = { | |
63 | {"help", OPT_HELP, '-', "Display this summary"}, | |
64 | {"connect", OPT_CONNECT, 's', | |
65 | "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"}, | |
66 | {"cipher", OPT_CIPHER, 's', "Cipher to use, see 'openssl ciphers'"}, | |
67 | {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"}, | |
68 | {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, | |
69 | {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, | |
70 | {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, | |
2b6bcb70 MC |
71 | {"no-CAfile", OPT_NOCAFILE, '-', |
72 | "Do not load the default certificates file"}, | |
73 | {"no-CApath", OPT_NOCAPATH, '-', | |
74 | "Do not load certificates from the default certificates directory"}, | |
7e1b7485 RS |
75 | {"new", OPT_NEW, '-', "Just time new connections"}, |
76 | {"reuse", OPT_REUSE, '-', "Just time connection reuse"}, | |
77 | {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"}, | |
78 | {"verify", OPT_VERIFY, 'p', | |
79 | "Turn on peer certificate verification, set depth"}, | |
0d5301af | 80 | {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR}, |
7e1b7485 RS |
81 | {"www", OPT_WWW, 's', "Fetch specified page from the site"}, |
82 | #ifndef OPENSSL_NO_SSL3 | |
83 | {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, | |
d02b48c6 | 84 | #endif |
7e1b7485 RS |
85 | {NULL} |
86 | }; | |
d02b48c6 | 87 | |
7e1b7485 RS |
88 | #define START 0 |
89 | #define STOP 1 | |
58964a49 | 90 | |
7e1b7485 | 91 | static double tm_Time_F(int s) |
d02b48c6 | 92 | { |
7e1b7485 | 93 | return app_tminterval(s, 1); |
d02b48c6 RE |
94 | } |
95 | ||
7e1b7485 | 96 | int s_time_main(int argc, char **argv) |
d02b48c6 | 97 | { |
7e1b7485 RS |
98 | char buf[1024 * 8]; |
99 | SSL *scon = NULL; | |
100 | SSL_CTX *ctx = NULL; | |
101 | const SSL_METHOD *meth = NULL; | |
102 | char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL; | |
103 | char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog; | |
104 | double totalTime = 0.0; | |
2b6bcb70 | 105 | int noCApath = 0, noCAfile = 0; |
7606c231 | 106 | int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0; |
7e1b7485 RS |
107 | long bytes_read = 0, finishtime = 0; |
108 | OPTION_CHOICE o; | |
7606c231 F |
109 | int max_version = 0, ver, buf_len; |
110 | size_t buf_size; | |
d02b48c6 | 111 | |
13c9bb3e | 112 | meth = TLS_client_method(); |
d02b48c6 | 113 | |
7e1b7485 RS |
114 | prog = opt_init(argc, argv, s_time_options); |
115 | while ((o = opt_next()) != OPT_EOF) { | |
116 | switch (o) { | |
117 | case OPT_EOF: | |
118 | case OPT_ERR: | |
119 | opthelp: | |
120 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
121 | goto end; | |
122 | case OPT_HELP: | |
123 | opt_help(s_time_options); | |
124 | ret = 0; | |
125 | goto end; | |
126 | case OPT_CONNECT: | |
127 | host = opt_arg(); | |
128 | break; | |
129 | case OPT_REUSE: | |
0f113f3e | 130 | perform = 2; |
7e1b7485 RS |
131 | break; |
132 | case OPT_NEW: | |
0f113f3e | 133 | perform = 1; |
7e1b7485 RS |
134 | break; |
135 | case OPT_VERIFY: | |
acc00492 | 136 | if (!opt_int(opt_arg(), &verify_args.depth)) |
7e1b7485 RS |
137 | goto opthelp; |
138 | BIO_printf(bio_err, "%s: verify depth is %d\n", | |
acc00492 | 139 | prog, verify_args.depth); |
7e1b7485 RS |
140 | break; |
141 | case OPT_CERT: | |
142 | certfile = opt_arg(); | |
143 | break; | |
144 | case OPT_KEY: | |
145 | keyfile = opt_arg(); | |
146 | break; | |
147 | case OPT_CAPATH: | |
148 | CApath = opt_arg(); | |
149 | break; | |
150 | case OPT_CAFILE: | |
151 | CAfile = opt_arg(); | |
152 | break; | |
2b6bcb70 MC |
153 | case OPT_NOCAPATH: |
154 | noCApath = 1; | |
155 | break; | |
156 | case OPT_NOCAFILE: | |
157 | noCAfile = 1; | |
158 | break; | |
7e1b7485 RS |
159 | case OPT_CIPHER: |
160 | cipher = opt_arg(); | |
161 | break; | |
162 | case OPT_BUGS: | |
0f113f3e | 163 | st_bugs = 1; |
7e1b7485 RS |
164 | break; |
165 | case OPT_TIME: | |
166 | if (!opt_int(opt_arg(), &maxtime)) | |
167 | goto opthelp; | |
168 | break; | |
169 | case OPT_WWW: | |
170 | www_path = opt_arg(); | |
7606c231 F |
171 | buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2; /* 2 is for %s */ |
172 | if (buf_size > sizeof(buf)) { | |
173 | BIO_printf(bio_err, "%s: -www option is too long\n", prog); | |
7e1b7485 | 174 | goto end; |
dfef52f6 | 175 | } |
0f113f3e | 176 | break; |
7e1b7485 | 177 | case OPT_SSL3: |
0d5301af | 178 | max_version = SSL3_VERSION; |
9c3bcfa0 | 179 | break; |
0f113f3e | 180 | } |
d02b48c6 | 181 | } |
7e1b7485 | 182 | argc = opt_num_rest(); |
03358517 KR |
183 | if (argc != 0) |
184 | goto opthelp; | |
d02b48c6 | 185 | |
7e1b7485 RS |
186 | if (cipher == NULL) |
187 | cipher = getenv("SSL_CIPHER"); | |
188 | if (cipher == NULL) { | |
7768e116 | 189 | BIO_printf(bio_err, "No CIPHER specified\n"); |
7e1b7485 | 190 | goto end; |
d02b48c6 RE |
191 | } |
192 | ||
7e1b7485 | 193 | if ((ctx = SSL_CTX_new(meth)) == NULL) |
0f113f3e MC |
194 | goto end; |
195 | ||
7e1b7485 | 196 | SSL_CTX_set_quiet_shutdown(ctx, 1); |
0d5301af KR |
197 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) |
198 | goto end; | |
0f113f3e MC |
199 | |
200 | if (st_bugs) | |
7e1b7485 RS |
201 | SSL_CTX_set_options(ctx, SSL_OP_ALL); |
202 | if (!SSL_CTX_set_cipher_list(ctx, cipher)) | |
ac59d705 | 203 | goto end; |
7e1b7485 | 204 | if (!set_cert_stuff(ctx, certfile, keyfile)) |
0f113f3e MC |
205 | goto end; |
206 | ||
2b6bcb70 | 207 | if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) { |
0f113f3e | 208 | ERR_print_errors(bio_err); |
7e1b7485 | 209 | goto end; |
0f113f3e | 210 | } |
0f113f3e MC |
211 | if (!(perform & 1)) |
212 | goto next; | |
7e1b7485 | 213 | printf("Collecting connection statistics for %d seconds\n", maxtime); |
d02b48c6 | 214 | |
0f113f3e | 215 | /* Loop and time how long it takes to make connections */ |
d02b48c6 | 216 | |
0f113f3e | 217 | bytes_read = 0; |
7e1b7485 | 218 | finishtime = (long)time(NULL) + maxtime; |
0f113f3e MC |
219 | tm_Time_F(START); |
220 | for (;;) { | |
221 | if (finishtime < (long)time(NULL)) | |
222 | break; | |
d02b48c6 | 223 | |
7e1b7485 | 224 | if ((scon = doConnection(NULL, host, ctx)) == NULL) |
0f113f3e | 225 | goto end; |
d02b48c6 | 226 | |
7e1b7485 | 227 | if (www_path != NULL) { |
7606c231 F |
228 | buf_len = BIO_snprintf(buf, sizeof buf, |
229 | fmt_http_get_cmd, www_path); | |
230 | if (SSL_write(scon, buf, buf_len) <= 0) | |
ac59d705 | 231 | goto end; |
0f113f3e MC |
232 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) |
233 | bytes_read += i; | |
234 | } | |
d02b48c6 | 235 | #ifdef NO_SHUTDOWN |
0f113f3e | 236 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
d02b48c6 | 237 | #else |
0f113f3e | 238 | SSL_shutdown(scon); |
d02b48c6 | 239 | #endif |
8731a4fc | 240 | BIO_closesocket(SSL_get_fd(scon)); |
0f113f3e MC |
241 | |
242 | nConn += 1; | |
243 | if (SSL_session_reused(scon)) | |
244 | ver = 'r'; | |
245 | else { | |
246 | ver = SSL_version(scon); | |
247 | if (ver == TLS1_VERSION) | |
248 | ver = 't'; | |
249 | else if (ver == SSL3_VERSION) | |
250 | ver = '3'; | |
251 | else | |
252 | ver = '*'; | |
253 | } | |
254 | fputc(ver, stdout); | |
255 | fflush(stdout); | |
256 | ||
257 | SSL_free(scon); | |
258 | scon = NULL; | |
259 | } | |
260 | totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ | |
261 | ||
7e1b7485 | 262 | i = (int)((long)time(NULL) - finishtime + maxtime); |
0f113f3e MC |
263 | printf |
264 | ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", | |
265 | nConn, totalTime, ((double)nConn / totalTime), bytes_read); | |
266 | printf | |
267 | ("%d connections in %ld real seconds, %ld bytes read per connection\n", | |
7e1b7485 | 268 | nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); |
0f113f3e MC |
269 | |
270 | /* | |
271 | * Now loop and time connections using the same session id over and over | |
272 | */ | |
273 | ||
274 | next: | |
275 | if (!(perform & 2)) | |
276 | goto end; | |
277 | printf("\n\nNow timing with session id reuse.\n"); | |
278 | ||
279 | /* Get an SSL object so we can reuse the session id */ | |
7e1b7485 | 280 | if ((scon = doConnection(NULL, host, ctx)) == NULL) { |
7768e116 | 281 | BIO_printf(bio_err, "Unable to get connection\n"); |
0f113f3e MC |
282 | goto end; |
283 | } | |
284 | ||
7e1b7485 | 285 | if (www_path != NULL) { |
7606c231 F |
286 | buf_len = BIO_snprintf(buf, sizeof buf, |
287 | fmt_http_get_cmd, www_path); | |
288 | if (SSL_write(scon, buf, buf_len) <= 0) | |
ac59d705 | 289 | goto end; |
7e1b7485 RS |
290 | while (SSL_read(scon, buf, sizeof(buf)) > 0) |
291 | continue; | |
0f113f3e | 292 | } |
d02b48c6 | 293 | #ifdef NO_SHUTDOWN |
0f113f3e | 294 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
d02b48c6 | 295 | #else |
0f113f3e | 296 | SSL_shutdown(scon); |
d02b48c6 | 297 | #endif |
8731a4fc | 298 | BIO_closesocket(SSL_get_fd(scon)); |
0f113f3e MC |
299 | |
300 | nConn = 0; | |
301 | totalTime = 0.0; | |
d02b48c6 | 302 | |
7e1b7485 | 303 | finishtime = (long)time(NULL) + maxtime; |
d02b48c6 | 304 | |
0f113f3e MC |
305 | printf("starting\n"); |
306 | bytes_read = 0; | |
307 | tm_Time_F(START); | |
d02b48c6 | 308 | |
0f113f3e MC |
309 | for (;;) { |
310 | if (finishtime < (long)time(NULL)) | |
311 | break; | |
d02b48c6 | 312 | |
7e1b7485 | 313 | if ((doConnection(scon, host, ctx)) == NULL) |
0f113f3e | 314 | goto end; |
d02b48c6 | 315 | |
7e1b7485 | 316 | if (www_path) { |
0f113f3e | 317 | BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", |
7e1b7485 | 318 | www_path); |
61986d32 | 319 | if (SSL_write(scon, buf, strlen(buf)) <= 0) |
ac59d705 | 320 | goto end; |
0f113f3e MC |
321 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) |
322 | bytes_read += i; | |
323 | } | |
d02b48c6 | 324 | #ifdef NO_SHUTDOWN |
0f113f3e | 325 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
d02b48c6 | 326 | #else |
0f113f3e | 327 | SSL_shutdown(scon); |
d02b48c6 | 328 | #endif |
8731a4fc | 329 | BIO_closesocket(SSL_get_fd(scon)); |
0f113f3e MC |
330 | |
331 | nConn += 1; | |
332 | if (SSL_session_reused(scon)) | |
333 | ver = 'r'; | |
334 | else { | |
335 | ver = SSL_version(scon); | |
336 | if (ver == TLS1_VERSION) | |
337 | ver = 't'; | |
338 | else if (ver == SSL3_VERSION) | |
339 | ver = '3'; | |
340 | else | |
341 | ver = '*'; | |
342 | } | |
343 | fputc(ver, stdout); | |
344 | fflush(stdout); | |
345 | } | |
346 | totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ | |
347 | ||
348 | printf | |
349 | ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", | |
350 | nConn, totalTime, ((double)nConn / totalTime), bytes_read); | |
351 | printf | |
352 | ("%d connections in %ld real seconds, %ld bytes read per connection\n", | |
7e1b7485 | 353 | nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); |
0f113f3e MC |
354 | |
355 | ret = 0; | |
7e1b7485 | 356 | |
0f113f3e | 357 | end: |
62adbcee | 358 | SSL_free(scon); |
7e1b7485 RS |
359 | SSL_CTX_free(ctx); |
360 | return (ret); | |
0f113f3e | 361 | } |
d02b48c6 | 362 | |
c80fd6b2 | 363 | /*- |
d02b48c6 | 364 | * doConnection - make a connection |
d02b48c6 | 365 | */ |
7e1b7485 | 366 | static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) |
0f113f3e MC |
367 | { |
368 | BIO *conn; | |
369 | SSL *serverCon; | |
370 | int width, i; | |
371 | fd_set readfds; | |
372 | ||
373 | if ((conn = BIO_new(BIO_s_connect())) == NULL) | |
374 | return (NULL); | |
375 | ||
0f113f3e MC |
376 | BIO_set_conn_hostname(conn, host); |
377 | ||
378 | if (scon == NULL) | |
7e1b7485 | 379 | serverCon = SSL_new(ctx); |
0f113f3e MC |
380 | else { |
381 | serverCon = scon; | |
382 | SSL_set_connect_state(serverCon); | |
383 | } | |
d02b48c6 | 384 | |
0f113f3e | 385 | SSL_set_bio(serverCon, conn, conn); |
d02b48c6 | 386 | |
0f113f3e MC |
387 | /* ok, lets connect */ |
388 | for (;;) { | |
389 | i = SSL_connect(serverCon); | |
390 | if (BIO_sock_should_retry(i)) { | |
391 | BIO_printf(bio_err, "DELAY\n"); | |
392 | ||
393 | i = SSL_get_fd(serverCon); | |
394 | width = i + 1; | |
395 | FD_ZERO(&readfds); | |
396 | openssl_fdset(i, &readfds); | |
397 | /* | |
398 | * Note: under VMS with SOCKETSHR the 2nd parameter is currently | |
399 | * of type (int *) whereas under other systems it is (void *) if | |
400 | * you don't have a cast it will choke the compiler: if you do | |
401 | * have a cast then you can either go for (int *) or (void *). | |
402 | */ | |
403 | select(width, (void *)&readfds, NULL, NULL, NULL); | |
404 | continue; | |
405 | } | |
406 | break; | |
407 | } | |
408 | if (i <= 0) { | |
409 | BIO_printf(bio_err, "ERROR\n"); | |
acc00492 | 410 | if (verify_args.error != X509_V_OK) |
0f113f3e | 411 | BIO_printf(bio_err, "verify error:%s\n", |
acc00492 | 412 | X509_verify_cert_error_string(verify_args.error)); |
0f113f3e MC |
413 | else |
414 | ERR_print_errors(bio_err); | |
415 | if (scon == NULL) | |
416 | SSL_free(serverCon); | |
417 | return NULL; | |
418 | } | |
d02b48c6 | 419 | |
0f113f3e MC |
420 | return serverCon; |
421 | } | |
f9e55034 | 422 | #endif /* OPENSSL_NO_SOCK */ |