[331] | 1 | /*
|
---|
| 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | #define NO_SHUTDOWN
|
---|
| 11 |
|
---|
| 12 | #include <stdio.h>
|
---|
| 13 | #include <stdlib.h>
|
---|
| 14 | #include <string.h>
|
---|
| 15 |
|
---|
| 16 | #include <openssl/opensslconf.h>
|
---|
| 17 |
|
---|
| 18 | #ifndef OPENSSL_NO_SOCK
|
---|
| 19 |
|
---|
| 20 | #define USE_SOCKETS
|
---|
| 21 | #include "apps.h"
|
---|
| 22 | #include <openssl/x509.h>
|
---|
| 23 | #include <openssl/ssl.h>
|
---|
| 24 | #include <openssl/pem.h>
|
---|
| 25 | #include "s_apps.h"
|
---|
| 26 | #include <openssl/err.h>
|
---|
| 27 | #if !defined(OPENSSL_SYS_MSDOS)
|
---|
| 28 | # include OPENSSL_UNISTD
|
---|
| 29 | #endif
|
---|
| 30 |
|
---|
| 31 | #undef ioctl
|
---|
| 32 | #define ioctl ioctlsocket
|
---|
| 33 |
|
---|
| 34 | #define SSL_CONNECT_NAME "localhost:4433"
|
---|
| 35 |
|
---|
| 36 | /* no default cert. */
|
---|
| 37 | /*
|
---|
| 38 | * #define TEST_CERT "client.pem"
|
---|
| 39 | */
|
---|
| 40 |
|
---|
| 41 | #undef min
|
---|
| 42 | #undef max
|
---|
| 43 | #define min(a,b) (((a) < (b)) ? (a) : (b))
|
---|
| 44 | #define max(a,b) (((a) > (b)) ? (a) : (b))
|
---|
| 45 |
|
---|
| 46 | #undef SECONDS
|
---|
| 47 | #define SECONDS 30
|
---|
| 48 | #define SECONDSSTR "30"
|
---|
| 49 |
|
---|
| 50 | static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
|
---|
| 51 |
|
---|
| 52 | static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
|
---|
| 53 |
|
---|
| 54 | typedef enum OPTION_choice {
|
---|
| 55 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
---|
| 56 | OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
|
---|
| 57 | OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS,
|
---|
| 58 | OPT_VERIFY, OPT_TIME, OPT_SSL3,
|
---|
| 59 | OPT_WWW
|
---|
| 60 | } OPTION_CHOICE;
|
---|
| 61 |
|
---|
| 62 | OPTIONS s_time_options[] = {
|
---|
| 63 | {"help", OPT_HELP, '-', "Display this summary"},
|
---|
| 64 | {"connect", OPT_CONNECT, 's',
|
---|
| 65 | "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
|
---|
| 66 | {"cipher", OPT_CIPHER, 's', "Cipher to use, see 'openssl ciphers'"},
|
---|
| 67 | {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
|
---|
| 68 | {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
|
---|
| 69 | {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
|
---|
| 70 | {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
|
---|
| 71 | {"no-CAfile", OPT_NOCAFILE, '-',
|
---|
| 72 | "Do not load the default certificates file"},
|
---|
| 73 | {"no-CApath", OPT_NOCAPATH, '-',
|
---|
| 74 | "Do not load certificates from the default certificates directory"},
|
---|
| 75 | {"new", OPT_NEW, '-', "Just time new connections"},
|
---|
| 76 | {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
|
---|
| 77 | {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
|
---|
| 78 | {"verify", OPT_VERIFY, 'p',
|
---|
| 79 | "Turn on peer certificate verification, set depth"},
|
---|
| 80 | {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
|
---|
| 81 | {"www", OPT_WWW, 's', "Fetch specified page from the site"},
|
---|
| 82 | #ifndef OPENSSL_NO_SSL3
|
---|
| 83 | {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
|
---|
| 84 | #endif
|
---|
| 85 | {NULL}
|
---|
| 86 | };
|
---|
| 87 |
|
---|
| 88 | #define START 0
|
---|
| 89 | #define STOP 1
|
---|
| 90 |
|
---|
| 91 | static double tm_Time_F(int s)
|
---|
| 92 | {
|
---|
| 93 | return app_tminterval(s, 1);
|
---|
| 94 | }
|
---|
| 95 |
|
---|
| 96 | int s_time_main(int argc, char **argv)
|
---|
| 97 | {
|
---|
| 98 | char buf[1024 * 8];
|
---|
| 99 | SSL *scon = NULL;
|
---|
| 100 | SSL_CTX *ctx = NULL;
|
---|
| 101 | const SSL_METHOD *meth = NULL;
|
---|
| 102 | char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL;
|
---|
| 103 | char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
|
---|
| 104 | double totalTime = 0.0;
|
---|
| 105 | int noCApath = 0, noCAfile = 0;
|
---|
| 106 | int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
|
---|
| 107 | long bytes_read = 0, finishtime = 0;
|
---|
| 108 | OPTION_CHOICE o;
|
---|
| 109 | int max_version = 0, ver, buf_len;
|
---|
| 110 | size_t buf_size;
|
---|
| 111 |
|
---|
| 112 | meth = TLS_client_method();
|
---|
| 113 |
|
---|
| 114 | prog = opt_init(argc, argv, s_time_options);
|
---|
| 115 | while ((o = opt_next()) != OPT_EOF) {
|
---|
| 116 | switch (o) {
|
---|
| 117 | case OPT_EOF:
|
---|
| 118 | case OPT_ERR:
|
---|
| 119 | opthelp:
|
---|
| 120 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
---|
| 121 | goto end;
|
---|
| 122 | case OPT_HELP:
|
---|
| 123 | opt_help(s_time_options);
|
---|
| 124 | ret = 0;
|
---|
| 125 | goto end;
|
---|
| 126 | case OPT_CONNECT:
|
---|
| 127 | host = opt_arg();
|
---|
| 128 | break;
|
---|
| 129 | case OPT_REUSE:
|
---|
| 130 | perform = 2;
|
---|
| 131 | break;
|
---|
| 132 | case OPT_NEW:
|
---|
| 133 | perform = 1;
|
---|
| 134 | break;
|
---|
| 135 | case OPT_VERIFY:
|
---|
| 136 | if (!opt_int(opt_arg(), &verify_args.depth))
|
---|
| 137 | goto opthelp;
|
---|
| 138 | BIO_printf(bio_err, "%s: verify depth is %d\n",
|
---|
| 139 | prog, verify_args.depth);
|
---|
| 140 | break;
|
---|
| 141 | case OPT_CERT:
|
---|
| 142 | certfile = opt_arg();
|
---|
| 143 | break;
|
---|
| 144 | case OPT_KEY:
|
---|
| 145 | keyfile = opt_arg();
|
---|
| 146 | break;
|
---|
| 147 | case OPT_CAPATH:
|
---|
| 148 | CApath = opt_arg();
|
---|
| 149 | break;
|
---|
| 150 | case OPT_CAFILE:
|
---|
| 151 | CAfile = opt_arg();
|
---|
| 152 | break;
|
---|
| 153 | case OPT_NOCAPATH:
|
---|
| 154 | noCApath = 1;
|
---|
| 155 | break;
|
---|
| 156 | case OPT_NOCAFILE:
|
---|
| 157 | noCAfile = 1;
|
---|
| 158 | break;
|
---|
| 159 | case OPT_CIPHER:
|
---|
| 160 | cipher = opt_arg();
|
---|
| 161 | break;
|
---|
| 162 | case OPT_BUGS:
|
---|
| 163 | st_bugs = 1;
|
---|
| 164 | break;
|
---|
| 165 | case OPT_TIME:
|
---|
| 166 | if (!opt_int(opt_arg(), &maxtime))
|
---|
| 167 | goto opthelp;
|
---|
| 168 | break;
|
---|
| 169 | case OPT_WWW:
|
---|
| 170 | www_path = opt_arg();
|
---|
| 171 | buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2; /* 2 is for %s */
|
---|
| 172 | if (buf_size > sizeof(buf)) {
|
---|
| 173 | BIO_printf(bio_err, "%s: -www option is too long\n", prog);
|
---|
| 174 | goto end;
|
---|
| 175 | }
|
---|
| 176 | break;
|
---|
| 177 | case OPT_SSL3:
|
---|
| 178 | max_version = SSL3_VERSION;
|
---|
| 179 | break;
|
---|
| 180 | }
|
---|
| 181 | }
|
---|
| 182 | argc = opt_num_rest();
|
---|
| 183 | if (argc != 0)
|
---|
| 184 | goto opthelp;
|
---|
| 185 |
|
---|
| 186 | if (cipher == NULL)
|
---|
| 187 | cipher = getenv("SSL_CIPHER");
|
---|
| 188 | if (cipher == NULL) {
|
---|
| 189 | BIO_printf(bio_err, "No CIPHER specified\n");
|
---|
| 190 | goto end;
|
---|
| 191 | }
|
---|
| 192 |
|
---|
| 193 | if ((ctx = SSL_CTX_new(meth)) == NULL)
|
---|
| 194 | goto end;
|
---|
| 195 |
|
---|
| 196 | SSL_CTX_set_quiet_shutdown(ctx, 1);
|
---|
| 197 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
|
---|
| 198 | goto end;
|
---|
| 199 |
|
---|
| 200 | if (st_bugs)
|
---|
| 201 | SSL_CTX_set_options(ctx, SSL_OP_ALL);
|
---|
| 202 | if (!SSL_CTX_set_cipher_list(ctx, cipher))
|
---|
| 203 | goto end;
|
---|
| 204 | if (!set_cert_stuff(ctx, certfile, keyfile))
|
---|
| 205 | goto end;
|
---|
| 206 |
|
---|
| 207 | if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
|
---|
| 208 | ERR_print_errors(bio_err);
|
---|
| 209 | goto end;
|
---|
| 210 | }
|
---|
| 211 | if (!(perform & 1))
|
---|
| 212 | goto next;
|
---|
| 213 | printf("Collecting connection statistics for %d seconds\n", maxtime);
|
---|
| 214 |
|
---|
| 215 | /* Loop and time how long it takes to make connections */
|
---|
| 216 |
|
---|
| 217 | bytes_read = 0;
|
---|
| 218 | finishtime = (long)time(NULL) + maxtime;
|
---|
| 219 | tm_Time_F(START);
|
---|
| 220 | for (;;) {
|
---|
| 221 | if (finishtime < (long)time(NULL))
|
---|
| 222 | break;
|
---|
| 223 |
|
---|
| 224 | if ((scon = doConnection(NULL, host, ctx)) == NULL)
|
---|
| 225 | goto end;
|
---|
| 226 |
|
---|
| 227 | if (www_path != NULL) {
|
---|
| 228 | buf_len = BIO_snprintf(buf, sizeof buf,
|
---|
| 229 | fmt_http_get_cmd, www_path);
|
---|
| 230 | if (SSL_write(scon, buf, buf_len) <= 0)
|
---|
| 231 | goto end;
|
---|
| 232 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
|
---|
| 233 | bytes_read += i;
|
---|
| 234 | }
|
---|
| 235 | #ifdef NO_SHUTDOWN
|
---|
| 236 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
---|
| 237 | #else
|
---|
| 238 | SSL_shutdown(scon);
|
---|
| 239 | #endif
|
---|
| 240 | BIO_closesocket(SSL_get_fd(scon));
|
---|
| 241 |
|
---|
| 242 | nConn += 1;
|
---|
| 243 | if (SSL_session_reused(scon))
|
---|
| 244 | ver = 'r';
|
---|
| 245 | else {
|
---|
| 246 | ver = SSL_version(scon);
|
---|
| 247 | if (ver == TLS1_VERSION)
|
---|
| 248 | ver = 't';
|
---|
| 249 | else if (ver == SSL3_VERSION)
|
---|
| 250 | ver = '3';
|
---|
| 251 | else
|
---|
| 252 | ver = '*';
|
---|
| 253 | }
|
---|
| 254 | fputc(ver, stdout);
|
---|
| 255 | fflush(stdout);
|
---|
| 256 |
|
---|
| 257 | SSL_free(scon);
|
---|
| 258 | scon = NULL;
|
---|
| 259 | }
|
---|
| 260 | totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
|
---|
| 261 |
|
---|
| 262 | i = (int)((long)time(NULL) - finishtime + maxtime);
|
---|
| 263 | printf
|
---|
| 264 | ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
|
---|
| 265 | nConn, totalTime, ((double)nConn / totalTime), bytes_read);
|
---|
| 266 | printf
|
---|
| 267 | ("%d connections in %ld real seconds, %ld bytes read per connection\n",
|
---|
| 268 | nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
|
---|
| 269 |
|
---|
| 270 | /*
|
---|
| 271 | * Now loop and time connections using the same session id over and over
|
---|
| 272 | */
|
---|
| 273 |
|
---|
| 274 | next:
|
---|
| 275 | if (!(perform & 2))
|
---|
| 276 | goto end;
|
---|
| 277 | printf("\n\nNow timing with session id reuse.\n");
|
---|
| 278 |
|
---|
| 279 | /* Get an SSL object so we can reuse the session id */
|
---|
| 280 | if ((scon = doConnection(NULL, host, ctx)) == NULL) {
|
---|
| 281 | BIO_printf(bio_err, "Unable to get connection\n");
|
---|
| 282 | goto end;
|
---|
| 283 | }
|
---|
| 284 |
|
---|
| 285 | if (www_path != NULL) {
|
---|
| 286 | buf_len = BIO_snprintf(buf, sizeof buf,
|
---|
| 287 | fmt_http_get_cmd, www_path);
|
---|
| 288 | if (SSL_write(scon, buf, buf_len) <= 0)
|
---|
| 289 | goto end;
|
---|
| 290 | while (SSL_read(scon, buf, sizeof(buf)) > 0)
|
---|
| 291 | continue;
|
---|
| 292 | }
|
---|
| 293 | #ifdef NO_SHUTDOWN
|
---|
| 294 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
---|
| 295 | #else
|
---|
| 296 | SSL_shutdown(scon);
|
---|
| 297 | #endif
|
---|
| 298 | BIO_closesocket(SSL_get_fd(scon));
|
---|
| 299 |
|
---|
| 300 | nConn = 0;
|
---|
| 301 | totalTime = 0.0;
|
---|
| 302 |
|
---|
| 303 | finishtime = (long)time(NULL) + maxtime;
|
---|
| 304 |
|
---|
| 305 | printf("starting\n");
|
---|
| 306 | bytes_read = 0;
|
---|
| 307 | tm_Time_F(START);
|
---|
| 308 |
|
---|
| 309 | for (;;) {
|
---|
| 310 | if (finishtime < (long)time(NULL))
|
---|
| 311 | break;
|
---|
| 312 |
|
---|
| 313 | if ((doConnection(scon, host, ctx)) == NULL)
|
---|
| 314 | goto end;
|
---|
| 315 |
|
---|
| 316 | if (www_path) {
|
---|
| 317 | BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
|
---|
| 318 | www_path);
|
---|
| 319 | if (SSL_write(scon, buf, strlen(buf)) <= 0)
|
---|
| 320 | goto end;
|
---|
| 321 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
|
---|
| 322 | bytes_read += i;
|
---|
| 323 | }
|
---|
| 324 | #ifdef NO_SHUTDOWN
|
---|
| 325 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
---|
| 326 | #else
|
---|
| 327 | SSL_shutdown(scon);
|
---|
| 328 | #endif
|
---|
| 329 | BIO_closesocket(SSL_get_fd(scon));
|
---|
| 330 |
|
---|
| 331 | nConn += 1;
|
---|
| 332 | if (SSL_session_reused(scon))
|
---|
| 333 | ver = 'r';
|
---|
| 334 | else {
|
---|
| 335 | ver = SSL_version(scon);
|
---|
| 336 | if (ver == TLS1_VERSION)
|
---|
| 337 | ver = 't';
|
---|
| 338 | else if (ver == SSL3_VERSION)
|
---|
| 339 | ver = '3';
|
---|
| 340 | else
|
---|
| 341 | ver = '*';
|
---|
| 342 | }
|
---|
| 343 | fputc(ver, stdout);
|
---|
| 344 | fflush(stdout);
|
---|
| 345 | }
|
---|
| 346 | totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
|
---|
| 347 |
|
---|
| 348 | printf
|
---|
| 349 | ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
|
---|
| 350 | nConn, totalTime, ((double)nConn / totalTime), bytes_read);
|
---|
| 351 | printf
|
---|
| 352 | ("%d connections in %ld real seconds, %ld bytes read per connection\n",
|
---|
| 353 | nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
|
---|
| 354 |
|
---|
| 355 | ret = 0;
|
---|
| 356 |
|
---|
| 357 | end:
|
---|
| 358 | SSL_free(scon);
|
---|
| 359 | SSL_CTX_free(ctx);
|
---|
| 360 | return (ret);
|
---|
| 361 | }
|
---|
| 362 |
|
---|
| 363 | /*-
|
---|
| 364 | * doConnection - make a connection
|
---|
| 365 | */
|
---|
| 366 | static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
|
---|
| 367 | {
|
---|
| 368 | BIO *conn;
|
---|
| 369 | SSL *serverCon;
|
---|
| 370 | int width, i;
|
---|
| 371 | fd_set readfds;
|
---|
| 372 |
|
---|
| 373 | if ((conn = BIO_new(BIO_s_connect())) == NULL)
|
---|
| 374 | return (NULL);
|
---|
| 375 |
|
---|
| 376 | BIO_set_conn_hostname(conn, host);
|
---|
| 377 |
|
---|
| 378 | if (scon == NULL)
|
---|
| 379 | serverCon = SSL_new(ctx);
|
---|
| 380 | else {
|
---|
| 381 | serverCon = scon;
|
---|
| 382 | SSL_set_connect_state(serverCon);
|
---|
| 383 | }
|
---|
| 384 |
|
---|
| 385 | SSL_set_bio(serverCon, conn, conn);
|
---|
| 386 |
|
---|
| 387 | /* ok, lets connect */
|
---|
| 388 | for (;;) {
|
---|
| 389 | i = SSL_connect(serverCon);
|
---|
| 390 | if (BIO_sock_should_retry(i)) {
|
---|
| 391 | BIO_printf(bio_err, "DELAY\n");
|
---|
| 392 |
|
---|
| 393 | i = SSL_get_fd(serverCon);
|
---|
| 394 | width = i + 1;
|
---|
| 395 | FD_ZERO(&readfds);
|
---|
| 396 | openssl_fdset(i, &readfds);
|
---|
| 397 | /*
|
---|
| 398 | * Note: under VMS with SOCKETSHR the 2nd parameter is currently
|
---|
| 399 | * of type (int *) whereas under other systems it is (void *) if
|
---|
| 400 | * you don't have a cast it will choke the compiler: if you do
|
---|
| 401 | * have a cast then you can either go for (int *) or (void *).
|
---|
| 402 | */
|
---|
| 403 | select(width, (void *)&readfds, NULL, NULL, NULL);
|
---|
| 404 | continue;
|
---|
| 405 | }
|
---|
| 406 | break;
|
---|
| 407 | }
|
---|
| 408 | if (i <= 0) {
|
---|
| 409 | BIO_printf(bio_err, "ERROR\n");
|
---|
| 410 | if (verify_args.error != X509_V_OK)
|
---|
| 411 | BIO_printf(bio_err, "verify error:%s\n",
|
---|
| 412 | X509_verify_cert_error_string(verify_args.error));
|
---|
| 413 | else
|
---|
| 414 | ERR_print_errors(bio_err);
|
---|
| 415 | if (scon == NULL)
|
---|
| 416 | SSL_free(serverCon);
|
---|
| 417 | return NULL;
|
---|
| 418 | }
|
---|
| 419 |
|
---|
| 420 | return serverCon;
|
---|
| 421 | }
|
---|
| 422 | #endif /* OPENSSL_NO_SOCK */
|
---|