]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/s_time.c
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/opensslconf.h>
16 #ifndef OPENSSL_NO_SOCK
20 #include <openssl/x509.h>
21 #include <openssl/ssl.h>
22 #include <openssl/pem.h>
24 #include <openssl/err.h>
25 #include <internal/sockets.h>
26 #if !defined(OPENSSL_SYS_MSDOS)
30 #define SSL_CONNECT_NAME "localhost:4433"
33 #define SECONDSSTR "30"
35 static SSL
*doConnection(SSL
*scon
, const char *host
, SSL_CTX
*ctx
);
38 * Define a HTTP get command globally.
39 * Also define the size of the command, this is two bytes less than
40 * the size of the string because the %s is replaced by the URL.
42 static const char fmt_http_get_cmd
[] = "GET %s HTTP/1.0\r\n\r\n";
43 static const size_t fmt_http_get_cmd_size
= sizeof(fmt_http_get_cmd
) - 2;
45 typedef enum OPTION_choice
{
46 OPT_ERR
= -1, OPT_EOF
= 0, OPT_HELP
,
47 OPT_CONNECT
, OPT_CIPHER
, OPT_CIPHERSUITES
, OPT_CERT
, OPT_NAMEOPT
, OPT_KEY
,
48 OPT_CAPATH
, OPT_CAFILE
, OPT_CASTORE
,
49 OPT_NOCAPATH
, OPT_NOCAFILE
, OPT_NOCASTORE
,
50 OPT_NEW
, OPT_REUSE
, OPT_BUGS
, OPT_VERIFY
, OPT_TIME
, OPT_SSL3
,
51 OPT_WWW
, OPT_TLS1
, OPT_TLS1_1
, OPT_TLS1_2
, OPT_TLS1_3
,
55 const OPTIONS s_time_options
[] = {
56 OPT_SECTION("General"),
57 {"help", OPT_HELP
, '-', "Display this summary"},
59 OPT_SECTION("Connection"),
60 {"connect", OPT_CONNECT
, 's',
61 "Where to connect as post:port (default is " SSL_CONNECT_NAME
")"},
62 {"new", OPT_NEW
, '-', "Just time new connections"},
63 {"reuse", OPT_REUSE
, '-', "Just time connection reuse"},
64 {"bugs", OPT_BUGS
, '-', "Turn on SSL bug compatibility"},
65 {"cipher", OPT_CIPHER
, 's', "TLSv1.2 and below cipher list to be used"},
66 {"ciphersuites", OPT_CIPHERSUITES
, 's',
67 "Specify TLSv1.3 ciphersuites to be used"},
68 #ifndef OPENSSL_NO_SSL3
69 {"ssl3", OPT_SSL3
, '-', "Just use SSLv3"},
71 #ifndef OPENSSL_NO_TLS1
72 {"tls1", OPT_TLS1
, '-', "Just use TLSv1.0"},
74 #ifndef OPENSSL_NO_TLS1_1
75 {"tls1_1", OPT_TLS1_1
, '-', "Just use TLSv1.1"},
77 #ifndef OPENSSL_NO_TLS1_2
78 {"tls1_2", OPT_TLS1_2
, '-', "Just use TLSv1.2"},
80 #ifndef OPENSSL_NO_TLS1_3
81 {"tls1_3", OPT_TLS1_3
, '-', "Just use TLSv1.3"},
83 {"verify", OPT_VERIFY
, 'p',
84 "Turn on peer certificate verification, set depth"},
85 {"time", OPT_TIME
, 'p', "Seconds to collect data, default " SECONDSSTR
},
86 {"www", OPT_WWW
, 's', "Fetch specified page from the site"},
88 OPT_SECTION("Certificate"),
89 {"nameopt", OPT_NAMEOPT
, 's', "Various certificate name options"},
90 {"cert", OPT_CERT
, '<', "Cert file to use, PEM format assumed"},
91 {"key", OPT_KEY
, '<', "File with key, PEM; default is -cert file"},
92 {"cafile", OPT_CAFILE
, '<', "PEM format file of CA's"},
93 {"CAfile", OPT_CAFILE
, '<', "PEM format file of CA's"},
94 {"CApath", OPT_CAPATH
, '/', "PEM format directory of CA's"},
95 {"CAstore", OPT_CASTORE
, ':', "URI to store of CA's"},
96 {"no-CAfile", OPT_NOCAFILE
, '-',
97 "Do not load the default certificates file"},
98 {"no-CApath", OPT_NOCAPATH
, '-',
99 "Do not load certificates from the default certificates directory"},
100 {"no-CAstore", OPT_NOCASTORE
, '-',
101 "Do not load certificates from the default certificates store URI"},
110 static double tm_Time_F(int s
)
112 return app_tminterval(s
, 1);
115 int s_time_main(int argc
, char **argv
)
120 const SSL_METHOD
*meth
= NULL
;
121 char *CApath
= NULL
, *CAfile
= NULL
, *CAstore
= NULL
;
122 char *cipher
= NULL
, *ciphersuites
= NULL
;
123 char *www_path
= NULL
;
124 char *host
= SSL_CONNECT_NAME
, *certfile
= NULL
, *keyfile
= NULL
, *prog
;
125 double totalTime
= 0.0;
126 int noCApath
= 0, noCAfile
= 0, noCAstore
= 0;
127 int maxtime
= SECONDS
, nConn
= 0, perform
= 3, ret
= 1, i
, st_bugs
= 0;
128 long bytes_read
= 0, finishtime
= 0;
130 int min_version
= 0, max_version
= 0, ver
, buf_len
;
133 meth
= TLS_client_method();
135 prog
= opt_init(argc
, argv
, s_time_options
);
136 while ((o
= opt_next()) != OPT_EOF
) {
141 BIO_printf(bio_err
, "%s: Use -help for summary.\n", prog
);
144 opt_help(s_time_options
);
157 if (!opt_int(opt_arg(), &verify_args
.depth
))
159 BIO_printf(bio_err
, "%s: verify depth is %d\n",
160 prog
, verify_args
.depth
);
163 certfile
= opt_arg();
166 if (!set_nameopt(opt_arg()))
193 case OPT_CIPHERSUITES
:
194 ciphersuites
= opt_arg();
200 if (!opt_int(opt_arg(), &maxtime
))
204 www_path
= opt_arg();
205 buf_size
= strlen(www_path
) + fmt_http_get_cmd_size
;
206 if (buf_size
> sizeof(buf
)) {
207 BIO_printf(bio_err
, "%s: -www option is too long\n", prog
);
212 min_version
= SSL3_VERSION
;
213 max_version
= SSL3_VERSION
;
216 min_version
= TLS1_VERSION
;
217 max_version
= TLS1_VERSION
;
220 min_version
= TLS1_1_VERSION
;
221 max_version
= TLS1_1_VERSION
;
224 min_version
= TLS1_2_VERSION
;
225 max_version
= TLS1_2_VERSION
;
228 min_version
= TLS1_3_VERSION
;
229 max_version
= TLS1_3_VERSION
;
232 if (!opt_provider(o
))
237 argc
= opt_num_rest();
242 cipher
= getenv("SSL_CIPHER");
244 if ((ctx
= SSL_CTX_new(meth
)) == NULL
)
247 SSL_CTX_set_mode(ctx
, SSL_MODE_AUTO_RETRY
);
248 SSL_CTX_set_quiet_shutdown(ctx
, 1);
249 if (SSL_CTX_set_min_proto_version(ctx
, min_version
) == 0)
251 if (SSL_CTX_set_max_proto_version(ctx
, max_version
) == 0)
255 SSL_CTX_set_options(ctx
, SSL_OP_ALL
);
256 if (cipher
!= NULL
&& !SSL_CTX_set_cipher_list(ctx
, cipher
))
258 if (ciphersuites
!= NULL
&& !SSL_CTX_set_ciphersuites(ctx
, ciphersuites
))
260 if (!set_cert_stuff(ctx
, certfile
, keyfile
))
263 if (!ctx_set_verify_locations(ctx
, CAfile
, noCAfile
, CApath
, noCApath
,
264 CAstore
, noCAstore
)) {
265 ERR_print_errors(bio_err
);
270 printf("Collecting connection statistics for %d seconds\n", maxtime
);
272 /* Loop and time how long it takes to make connections */
275 finishtime
= (long)time(NULL
) + maxtime
;
278 if (finishtime
< (long)time(NULL
))
281 if ((scon
= doConnection(NULL
, host
, ctx
)) == NULL
)
284 if (www_path
!= NULL
) {
285 buf_len
= BIO_snprintf(buf
, sizeof(buf
), fmt_http_get_cmd
,
287 if (buf_len
<= 0 || SSL_write(scon
, buf
, buf_len
) <= 0)
289 while ((i
= SSL_read(scon
, buf
, sizeof(buf
))) > 0)
292 SSL_set_shutdown(scon
, SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
293 BIO_closesocket(SSL_get_fd(scon
));
296 if (SSL_session_reused(scon
)) {
299 ver
= SSL_version(scon
);
300 if (ver
== TLS1_VERSION
)
302 else if (ver
== SSL3_VERSION
)
313 totalTime
+= tm_Time_F(STOP
); /* Add the time for this iteration */
315 i
= (int)((long)time(NULL
) - finishtime
+ maxtime
);
317 ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
318 nConn
, totalTime
, ((double)nConn
/ totalTime
), bytes_read
);
320 ("%d connections in %ld real seconds, %ld bytes read per connection\n",
321 nConn
, (long)time(NULL
) - finishtime
+ maxtime
, bytes_read
/ nConn
);
324 * Now loop and time connections using the same session id over and over
330 printf("\n\nNow timing with session id reuse.\n");
332 /* Get an SSL object so we can reuse the session id */
333 if ((scon
= doConnection(NULL
, host
, ctx
)) == NULL
) {
334 BIO_printf(bio_err
, "Unable to get connection\n");
338 if (www_path
!= NULL
) {
339 buf_len
= BIO_snprintf(buf
, sizeof(buf
), fmt_http_get_cmd
, www_path
);
340 if (buf_len
<= 0 || SSL_write(scon
, buf
, buf_len
) <= 0)
342 while ((i
= SSL_read(scon
, buf
, sizeof(buf
))) > 0)
345 SSL_set_shutdown(scon
, SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
346 BIO_closesocket(SSL_get_fd(scon
));
351 finishtime
= (long)time(NULL
) + maxtime
;
353 printf("starting\n");
358 if (finishtime
< (long)time(NULL
))
361 if ((doConnection(scon
, host
, ctx
)) == NULL
)
364 if (www_path
!= NULL
) {
365 buf_len
= BIO_snprintf(buf
, sizeof(buf
), fmt_http_get_cmd
,
367 if (buf_len
<= 0 || SSL_write(scon
, buf
, buf_len
) <= 0)
369 while ((i
= SSL_read(scon
, buf
, sizeof(buf
))) > 0)
372 SSL_set_shutdown(scon
, SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
373 BIO_closesocket(SSL_get_fd(scon
));
376 if (SSL_session_reused(scon
)) {
379 ver
= SSL_version(scon
);
380 if (ver
== TLS1_VERSION
)
382 else if (ver
== SSL3_VERSION
)
390 totalTime
+= tm_Time_F(STOP
); /* Add the time for this iteration */
393 ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
394 nConn
, totalTime
, ((double)nConn
/ totalTime
), bytes_read
);
396 ("%d connections in %ld real seconds, %ld bytes read per connection\n",
397 nConn
, (long)time(NULL
) - finishtime
+ maxtime
, bytes_read
/ nConn
);
408 * doConnection - make a connection
410 static SSL
*doConnection(SSL
*scon
, const char *host
, SSL_CTX
*ctx
)
416 if ((conn
= BIO_new(BIO_s_connect())) == NULL
)
419 BIO_set_conn_hostname(conn
, host
);
420 BIO_set_conn_mode(conn
, BIO_SOCK_NODELAY
);
423 serverCon
= SSL_new(ctx
);
426 SSL_set_connect_state(serverCon
);
429 SSL_set_bio(serverCon
, conn
, conn
);
431 /* ok, lets connect */
432 i
= SSL_connect(serverCon
);
434 BIO_printf(bio_err
, "ERROR\n");
435 if (verify_args
.error
!= X509_V_OK
)
436 BIO_printf(bio_err
, "verify error:%s\n",
437 X509_verify_cert_error_string(verify_args
.error
));
439 ERR_print_errors(bio_err
);
445 #if defined(SOL_SOCKET) && defined(SO_LINGER)
447 struct linger no_linger
;
450 no_linger
.l_onoff
= 1;
451 no_linger
.l_linger
= 0;
452 fd
= SSL_get_fd(serverCon
);
454 (void)setsockopt(fd
, SOL_SOCKET
, SO_LINGER
, (char*)&no_linger
,
461 #endif /* OPENSSL_NO_SOCK */