xref: /freebsd/crypto/openssl/apps/s_time.c (revision 3ff01b231dfa83d518854c63e7c9cd1debd1139e)
1 /*
2  * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 
14 #include <openssl/opensslconf.h>
15 
16 #ifndef OPENSSL_NO_SOCK
17 
18 #include "apps.h"
19 #include "progs.h"
20 #include <openssl/x509.h>
21 #include <openssl/ssl.h>
22 #include <openssl/pem.h>
23 #include "s_apps.h"
24 #include <openssl/err.h>
25 #include <internal/sockets.h>
26 #if !defined(OPENSSL_SYS_MSDOS)
27 # include OPENSSL_UNISTD
28 #endif
29 
30 #define SSL_CONNECT_NAME        "localhost:4433"
31 
32 #define SECONDS 30
33 #define SECONDSSTR "30"
34 
35 static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
36 
37 /*
38  * Define a HTTP get command globally.
39  * Also define the size of the command, this is two bytes less than
40  * the size of the string because the %s is replaced by the URL.
41  */
42 static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
43 static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
44 
45 typedef enum OPTION_choice {
46     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
47     OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
48     OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE,
49     OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
50     OPT_WWW
51 } OPTION_CHOICE;
52 
53 const OPTIONS s_time_options[] = {
54     {"help", OPT_HELP, '-', "Display this summary"},
55     {"connect", OPT_CONNECT, 's',
56      "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
57     {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"},
58     {"ciphersuites", OPT_CIPHERSUITES, 's',
59      "Specify TLSv1.3 ciphersuites to be used"},
60     {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
61     {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
62     {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
63     {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
64     {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
65     {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
66     {"no-CAfile", OPT_NOCAFILE, '-',
67      "Do not load the default certificates file"},
68     {"no-CApath", OPT_NOCAPATH, '-',
69      "Do not load certificates from the default certificates directory"},
70     {"new", OPT_NEW, '-', "Just time new connections"},
71     {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
72     {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
73     {"verify", OPT_VERIFY, 'p',
74      "Turn on peer certificate verification, set depth"},
75     {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
76     {"www", OPT_WWW, 's', "Fetch specified page from the site"},
77 #ifndef OPENSSL_NO_SSL3
78     {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
79 #endif
80     {NULL}
81 };
82 
83 #define START   0
84 #define STOP    1
85 
86 static double tm_Time_F(int s)
87 {
88     return app_tminterval(s, 1);
89 }
90 
91 int s_time_main(int argc, char **argv)
92 {
93     char buf[1024 * 8];
94     SSL *scon = NULL;
95     SSL_CTX *ctx = NULL;
96     const SSL_METHOD *meth = NULL;
97     char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *ciphersuites = NULL;
98     char *www_path = NULL;
99     char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
100     double totalTime = 0.0;
101     int noCApath = 0, noCAfile = 0;
102     int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
103     long bytes_read = 0, finishtime = 0;
104     OPTION_CHOICE o;
105     int max_version = 0, ver, buf_len;
106     size_t buf_size;
107 
108     meth = TLS_client_method();
109 
110     prog = opt_init(argc, argv, s_time_options);
111     while ((o = opt_next()) != OPT_EOF) {
112         switch (o) {
113         case OPT_EOF:
114         case OPT_ERR:
115  opthelp:
116             BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
117             goto end;
118         case OPT_HELP:
119             opt_help(s_time_options);
120             ret = 0;
121             goto end;
122         case OPT_CONNECT:
123             host = opt_arg();
124             break;
125         case OPT_REUSE:
126             perform = 2;
127             break;
128         case OPT_NEW:
129             perform = 1;
130             break;
131         case OPT_VERIFY:
132             if (!opt_int(opt_arg(), &verify_args.depth))
133                 goto opthelp;
134             BIO_printf(bio_err, "%s: verify depth is %d\n",
135                        prog, verify_args.depth);
136             break;
137         case OPT_CERT:
138             certfile = opt_arg();
139             break;
140         case OPT_NAMEOPT:
141             if (!set_nameopt(opt_arg()))
142                 goto end;
143             break;
144         case OPT_KEY:
145             keyfile = opt_arg();
146             break;
147         case OPT_CAPATH:
148             CApath = opt_arg();
149             break;
150         case OPT_CAFILE:
151             CAfile = opt_arg();
152             break;
153         case OPT_NOCAPATH:
154             noCApath = 1;
155             break;
156         case OPT_NOCAFILE:
157             noCAfile = 1;
158             break;
159         case OPT_CIPHER:
160             cipher = opt_arg();
161             break;
162         case OPT_CIPHERSUITES:
163             ciphersuites = opt_arg();
164             break;
165         case OPT_BUGS:
166             st_bugs = 1;
167             break;
168         case OPT_TIME:
169             if (!opt_int(opt_arg(), &maxtime))
170                 goto opthelp;
171             break;
172         case OPT_WWW:
173             www_path = opt_arg();
174             buf_size = strlen(www_path) + fmt_http_get_cmd_size;
175             if (buf_size > sizeof(buf)) {
176                 BIO_printf(bio_err, "%s: -www option is too long\n", prog);
177                 goto end;
178             }
179             break;
180         case OPT_SSL3:
181             max_version = SSL3_VERSION;
182             break;
183         }
184     }
185     argc = opt_num_rest();
186     if (argc != 0)
187         goto opthelp;
188 
189     if (cipher == NULL)
190         cipher = getenv("SSL_CIPHER");
191 
192     if ((ctx = SSL_CTX_new(meth)) == NULL)
193         goto end;
194 
195     SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
196     SSL_CTX_set_quiet_shutdown(ctx, 1);
197     if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
198         goto end;
199 
200     if (st_bugs)
201         SSL_CTX_set_options(ctx, SSL_OP_ALL);
202     if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
203         goto end;
204     if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites))
205         goto end;
206     if (!set_cert_stuff(ctx, certfile, keyfile))
207         goto end;
208 
209     if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
210         ERR_print_errors(bio_err);
211         goto end;
212     }
213     if (!(perform & 1))
214         goto next;
215     printf("Collecting connection statistics for %d seconds\n", maxtime);
216 
217     /* Loop and time how long it takes to make connections */
218 
219     bytes_read = 0;
220     finishtime = (long)time(NULL) + maxtime;
221     tm_Time_F(START);
222     for (;;) {
223         if (finishtime < (long)time(NULL))
224             break;
225 
226         if ((scon = doConnection(NULL, host, ctx)) == NULL)
227             goto end;
228 
229         if (www_path != NULL) {
230             buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
231                                    www_path);
232             if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
233                 goto end;
234             while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
235                 bytes_read += i;
236         }
237         SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
238         BIO_closesocket(SSL_get_fd(scon));
239 
240         nConn += 1;
241         if (SSL_session_reused(scon)) {
242             ver = 'r';
243         } else {
244             ver = SSL_version(scon);
245             if (ver == TLS1_VERSION)
246                 ver = 't';
247             else if (ver == SSL3_VERSION)
248                 ver = '3';
249             else
250                 ver = '*';
251         }
252         fputc(ver, stdout);
253         fflush(stdout);
254 
255         SSL_free(scon);
256         scon = NULL;
257     }
258     totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
259 
260     i = (int)((long)time(NULL) - finishtime + maxtime);
261     printf
262         ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
263          nConn, totalTime, ((double)nConn / totalTime), bytes_read);
264     printf
265         ("%d connections in %ld real seconds, %ld bytes read per connection\n",
266          nConn, (long)time(NULL) - finishtime + maxtime,
267          nConn > 0 ? bytes_read / nConn : 0l);
268 
269     /*
270      * Now loop and time connections using the same session id over and over
271      */
272 
273  next:
274     if (!(perform & 2))
275         goto end;
276     printf("\n\nNow timing with session id reuse.\n");
277 
278     /* Get an SSL object so we can reuse the session id */
279     if ((scon = doConnection(NULL, host, ctx)) == NULL) {
280         BIO_printf(bio_err, "Unable to get connection\n");
281         goto end;
282     }
283 
284     if (www_path != NULL) {
285         buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path);
286         if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
287             goto end;
288         while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
289             continue;
290     }
291     SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
292     BIO_closesocket(SSL_get_fd(scon));
293 
294     nConn = 0;
295     totalTime = 0.0;
296 
297     finishtime = (long)time(NULL) + maxtime;
298 
299     printf("starting\n");
300     bytes_read = 0;
301     tm_Time_F(START);
302 
303     for (;;) {
304         if (finishtime < (long)time(NULL))
305             break;
306 
307         if ((doConnection(scon, host, ctx)) == NULL)
308             goto end;
309 
310         if (www_path != NULL) {
311             buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
312                                    www_path);
313             if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
314                 goto end;
315             while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
316                 bytes_read += i;
317         }
318         SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
319         BIO_closesocket(SSL_get_fd(scon));
320 
321         nConn += 1;
322         if (SSL_session_reused(scon)) {
323             ver = 'r';
324         } else {
325             ver = SSL_version(scon);
326             if (ver == TLS1_VERSION)
327                 ver = 't';
328             else if (ver == SSL3_VERSION)
329                 ver = '3';
330             else
331                 ver = '*';
332         }
333         fputc(ver, stdout);
334         fflush(stdout);
335     }
336     totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
337 
338     printf
339         ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
340          nConn, totalTime, ((double)nConn / totalTime), bytes_read);
341     printf
342         ("%d connections in %ld real seconds, %ld bytes read per connection\n",
343          nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
344 
345     ret = 0;
346 
347  end:
348     SSL_free(scon);
349     SSL_CTX_free(ctx);
350     return ret;
351 }
352 
353 /*-
354  * doConnection - make a connection
355  */
356 static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
357 {
358     BIO *conn;
359     SSL *serverCon;
360     int i;
361 
362     if ((conn = BIO_new(BIO_s_connect())) == NULL)
363         return NULL;
364 
365     BIO_set_conn_hostname(conn, host);
366     BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
367 
368     if (scon == NULL)
369         serverCon = SSL_new(ctx);
370     else {
371         serverCon = scon;
372         SSL_set_connect_state(serverCon);
373     }
374 
375     SSL_set_bio(serverCon, conn, conn);
376 
377     /* ok, lets connect */
378     i = SSL_connect(serverCon);
379     if (i <= 0) {
380         BIO_printf(bio_err, "ERROR\n");
381         if (verify_args.error != X509_V_OK)
382             BIO_printf(bio_err, "verify error:%s\n",
383                        X509_verify_cert_error_string(verify_args.error));
384         else
385             ERR_print_errors(bio_err);
386         if (scon == NULL)
387             SSL_free(serverCon);
388         return NULL;
389     }
390 
391 #if defined(SOL_SOCKET) && defined(SO_LINGER)
392     {
393         struct linger no_linger;
394         int fd;
395 
396         no_linger.l_onoff  = 1;
397         no_linger.l_linger = 0;
398         fd = SSL_get_fd(serverCon);
399         if (fd >= 0)
400             (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
401                              sizeof(no_linger));
402     }
403 #endif
404 
405     return serverCon;
406 }
407 #endif /* OPENSSL_NO_SOCK */
408