diff options
Diffstat (limited to 'apps/s_time.c')
| -rw-r--r-- | apps/s_time.c | 158 |
1 files changed, 91 insertions, 67 deletions
diff --git a/apps/s_time.c b/apps/s_time.c index 598e1069ed05..6bdd9e23cee9 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -24,10 +24,10 @@ #include <openssl/err.h> #include "internal/sockets.h" #if !defined(OPENSSL_SYS_MSDOS) -# include <unistd.h> +#include <unistd.h> #endif -#define SSL_CONNECT_NAME "localhost:4433" +#define SSL_CONNECT_NAME "localhost:4433" #define SECONDS 30 #define SECONDSSTR "30" @@ -44,68 +44,86 @@ static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2; typedef enum OPTION_choice { OPT_COMMON, - OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY, - OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3, - OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3, + OPT_CONNECT, + OPT_CIPHER, + OPT_CIPHERSUITES, + OPT_CERT, + OPT_NAMEOPT, + OPT_KEY, + OPT_CAPATH, + OPT_CAFILE, + OPT_CASTORE, + OPT_NOCAPATH, + OPT_NOCAFILE, + OPT_NOCASTORE, + OPT_NEW, + OPT_REUSE, + OPT_BUGS, + OPT_VERIFY, + OPT_TIME, + OPT_SSL3, + OPT_WWW, + OPT_TLS1, + OPT_TLS1_1, + OPT_TLS1_2, + OPT_TLS1_3, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS s_time_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Connection"), - {"connect", OPT_CONNECT, 's', - "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"}, - {"new", OPT_NEW, '-', "Just time new connections"}, - {"reuse", OPT_REUSE, '-', "Just time connection reuse"}, - {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"}, - {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"}, - {"ciphersuites", OPT_CIPHERSUITES, 's', - "Specify TLSv1.3 ciphersuites to be used"}, + { "connect", OPT_CONNECT, 's', + "Where to connect as post:port (default is " SSL_CONNECT_NAME ")" }, + { "new", OPT_NEW, '-', "Just time new connections" }, + { "reuse", OPT_REUSE, '-', "Just time connection reuse" }, + { "bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility" }, + { "cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used" }, + { "ciphersuites", OPT_CIPHERSUITES, 's', + "Specify TLSv1.3 ciphersuites to be used" }, #ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, + { "ssl3", OPT_SSL3, '-', "Just use SSLv3" }, #endif #ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Just use TLSv1.0"}, + { "tls1", OPT_TLS1, '-', "Just use TLSv1.0" }, #endif #ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, + { "tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1" }, #endif #ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, + { "tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2" }, #endif #ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, + { "tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3" }, #endif - {"verify", OPT_VERIFY, 'p', - "Turn on peer certificate verification, set depth"}, - {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR}, - {"www", OPT_WWW, 's', "Fetch specified page from the site"}, + { "verify", OPT_VERIFY, 'p', + "Turn on peer certificate verification, set depth" }, + { "time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR }, + { "www", OPT_WWW, 's', "Fetch specified page from the site" }, OPT_SECTION("Certificate"), - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"}, - {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, - {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store URI"}, + { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" }, + { "cert", OPT_CERT, '<', "Cert file to use, PEM format assumed" }, + { "key", OPT_KEY, '<', "File with key, PEM; default is -cert file" }, + { "cafile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" }, + { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store URI" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; -#define START 0 -#define STOP 1 +#define START 0 +#define STOP 1 static double tm_Time_F(int s) { @@ -137,7 +155,7 @@ int s_time_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -156,7 +174,7 @@ int s_time_main(int argc, char **argv) case OPT_VERIFY: verify_args.depth = opt_int_arg(); BIO_printf(bio_err, "%s: verify depth is %d\n", - prog, verify_args.depth); + prog, verify_args.depth); break; case OPT_CERT: certfile = opt_arg(); @@ -259,7 +277,7 @@ int s_time_main(int argc, char **argv) goto end; if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) { + CAstore, noCAstore)) { ERR_print_errors(bio_err); goto end; } @@ -281,7 +299,7 @@ int s_time_main(int argc, char **argv) if (www_path != NULL) { buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, - www_path); + www_path); if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) @@ -310,19 +328,17 @@ int s_time_main(int argc, char **argv) } totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ - printf - ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", - nConn, totalTime, ((double)nConn / totalTime), bytes_read); - printf - ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, - nConn > 0 ? bytes_read / nConn : 0l); + printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", + nConn, totalTime, ((double)nConn / totalTime), bytes_read); + printf("%d connections in %ld real seconds, %ld bytes read per connection\n", + nConn, (long)time(NULL) - finishtime + maxtime, + nConn > 0 ? bytes_read / nConn : 0l); /* * Now loop and time connections using the same session id over and over */ - next: +next: if (!(perform & 2)) { ret = 0; goto end; @@ -364,7 +380,7 @@ int s_time_main(int argc, char **argv) if (www_path != NULL) { buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, - www_path); + www_path); if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) @@ -391,19 +407,17 @@ int s_time_main(int argc, char **argv) } totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ - printf - ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", - nConn, totalTime, ((double)nConn / totalTime), bytes_read); + printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", + nConn, totalTime, ((double)nConn / totalTime), bytes_read); if (nConn > 0) - printf - ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); + printf("%d connections in %ld real seconds, %ld bytes read per connection\n", + nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); else printf("0 connections in %ld real seconds\n", - (long)time(NULL) - finishtime + maxtime); + (long)time(NULL) - finishtime + maxtime); ret = 0; - end: +end: SSL_free(scon); SSL_CTX_free(ctx); return ret; @@ -422,7 +436,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) return NULL; if (BIO_set_conn_hostname(conn, host) <= 0 - || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) { + || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) { BIO_free(conn); return NULL; } @@ -435,6 +449,16 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) } } else { serverCon = scon; + /* + * Reset the SSL object before reusing it for a new connection. + * This clears prior handshake and I/O state while keeping + * configuration inherited from the SSL_CTX. + */ + if (!SSL_clear(serverCon)) { + ERR_print_errors(bio_err); + BIO_free(conn); + return NULL; + } SSL_set_connect_state(serverCon); } @@ -446,7 +470,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) BIO_printf(bio_err, "ERROR\n"); if (verify_args.error != X509_V_OK) BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_args.error)); + X509_verify_cert_error_string(verify_args.error)); else ERR_print_errors(bio_err); if (scon == NULL) @@ -459,12 +483,12 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) struct linger no_linger; int fd; - no_linger.l_onoff = 1; + no_linger.l_onoff = 1; no_linger.l_linger = 0; fd = SSL_get_fd(serverCon); if (fd >= 0) - (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger, - sizeof(no_linger)); + (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&no_linger, + sizeof(no_linger)); } #endif |