1 files changed, 0 insertions, 463 deletions
diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c
deleted file mode 100644
index c90be33f28..0000000000
--- a/src/usr.bin/openssl/s_time.c
+++ /dev/null
@@ -1,463 +0,0 @@
-/* $OpenBSD: s_time.c,v 1.39 2025/01/02 13:10:03 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/*-----------------------------------------
-   s_time - SSL client connection timer program
-   Written and donated by Larry Streepy <streepy@healthcare.com>
-  -----------------------------------------*/
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <string.h>
-#include <unistd.h>
-#include <poll.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#define SSL_CONNECT_NAME        "localhost:4433"
-#define BUFSIZZ 1024*10
-#define MYBUFSIZ 1024*8
-#define SECONDS 30
-extern int verify_depth;
-static void s_time_usage(void);
-static int run_test(SSL *);
-static int benchmark(int);
-static void print_tally_mark(SSL *);
-static SSL_CTX *tm_ctx = NULL;
-static const SSL_METHOD *s_time_meth = NULL;
-static long bytes_read = 0;
-static struct {
-        int bugs;
-        char *CAfile;
-        char *CApath;
-        char *certfile;
-        char *cipher;
-        char *host;
-        char *keyfile;
-        time_t maxtime;
-        int nbio;
-        int no_shutdown;
-        int perform;
-        int verify;
-        int verify_depth;
-        char *www_path;
-} cfg;
-static const struct option s_time_options[] = {
-        {
-                .name = "bugs",
-                .desc = "Enable workarounds for known SSL/TLS bugs",
-                .type = OPTION_FLAG,
-                .opt.flag = &cfg.bugs,
-        },
-        {
-                .name = "CAfile",
-                .argname = "file",
-                .desc = "File containing trusted certificates in PEM format",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.CAfile,
-        },
-        {
-                .name = "CApath",
-                .argname = "path",
-                .desc = "Directory containing trusted certificates",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.CApath,
-        },
-        {
-                .name = "cert",
-                .argname = "file",
-                .desc = "Client certificate to use, if one is requested",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.certfile,
-        },
-        {
-                .name = "cipher",
-                .argname = "list",
-                .desc = "List of cipher suites to send to the server",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.cipher,
-        },
-        {
-                .name = "connect",
-                .argname = "host:port",
-                .desc = "Host and port to connect to (default "
-                    SSL_CONNECT_NAME ")",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.host,
-        },
-        {
-                .name = "key",
-                .argname = "file",
-                .desc = "Client private key to use, if one is required",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.keyfile,
-        },
-        {
-                .name = "nbio",
-                .desc = "Use non-blocking I/O",
-                .type = OPTION_FLAG,
-                .opt.flag = &cfg.nbio,
-        },
-        {
-                .name = "new",
-                .desc = "Use a new session ID for each connection",
-                .type = OPTION_VALUE,
-                .opt.value = &cfg.perform,
-                .value = 1,
-        },
-        {
-                .name = "no_shutdown",
-                .desc = "Shut down the connection without notifying the server",
-                .type = OPTION_FLAG,
-                .opt.flag = &cfg.no_shutdown,
-        },
-        {
-                .name = "reuse",
-                .desc = "Reuse the same session ID for each connection",
-                .type = OPTION_VALUE,
-                .opt.value = &cfg.perform,
-                .value = 2,
-        },
-        {
-                .name = "time",
-                .argname = "seconds",
-                .desc = "Duration to perform timing tests for (default 30)",
-                .type = OPTION_ARG_TIME,
-                .opt.tvalue = &cfg.maxtime,
-        },
-        {
-                .name = "verify",
-                .argname = "depth",
-                .desc = "Enable peer certificate verification with given depth",
-                .type = OPTION_ARG_INT,
-                .opt.value = &cfg.verify_depth,
-        },
-        {
-                .name = "www",
-                .argname = "page",
-                .desc = "Page to GET from the server (default none)",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.www_path,
-        },
-        { NULL },
-};
-static void
-s_time_usage(void)
-{
-        fprintf(stderr,
-            "usage: s_time "
-            "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
-            "    [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
-            "    [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
-            "    [-verify depth] [-www page]\n\n");
-        options_usage(s_time_options);
-}
-/***********************************************************************
- * MAIN - main processing area for client
- *                      real name depends on MONOLITH
- */
-int
-s_time_main(int argc, char **argv)
-{
-        int ret = 1;
-        if (pledge("stdio rpath inet dns", NULL) == -1) {
-                perror("pledge");
-                exit(1);
-        }
-        s_time_meth = TLS_client_method();
-        verify_depth = 0;
-        memset(&cfg, 0, sizeof(cfg));
-        cfg.host = SSL_CONNECT_NAME;
-        cfg.maxtime = SECONDS;
-        cfg.perform = 3;
-        cfg.verify = SSL_VERIFY_NONE;
-        cfg.verify_depth = -1;
-        if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
-                s_time_usage();
-                goto end;
-        }
-        if (cfg.verify_depth >= 0) {
-                cfg.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
-                verify_depth = cfg.verify_depth;
-                BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
-        }
-        if (cfg.www_path != NULL &&
-            strlen(cfg.www_path) > MYBUFSIZ - 100) {
-                BIO_printf(bio_err, "-www option too long\n");
-                goto end;
-        }
-        if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
-                return (1);
-        SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
-        if (cfg.bugs)
-                SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
-        if (cfg.cipher != NULL) {
-                if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) {
-                        BIO_printf(bio_err, "error setting cipher list\n");
-                        ERR_print_errors(bio_err);
-                        goto end;
-                }
-        }
-        SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL);
-        if (!set_cert_stuff(tm_ctx, cfg.certfile,
-            cfg.keyfile))
-                goto end;
-        if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile,
-            cfg.CApath)) ||
-            (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
-                /*
-                 * BIO_printf(bio_err,"error setting default verify
-                 * locations\n");
-                 */
-                ERR_print_errors(bio_err);
-                /* goto end; */
-        }
-        /* Loop and time how long it takes to make connections */
-        if (cfg.perform & 1) {
-                printf("Collecting connection statistics for %lld seconds\n",
-                    (long long)cfg.maxtime);
-                if (benchmark(0))
-                        goto end;
-        }
-        /*
-         * Now loop and time connections using the same session id over and
-         * over
-         */
-        if (cfg.perform & 2) {
-                printf("\n\nNow timing with session id reuse.\n");
-                if (benchmark(1))
-                        goto end;
-        }
-        ret = 0;
- end:
-        if (tm_ctx != NULL) {
-                SSL_CTX_free(tm_ctx);
-                tm_ctx = NULL;
-        }
-        return (ret);
-}
-/***********************************************************************
- * run_test - make a connection, get a file, and shut down the connection
- *      
- * Args:
- *              scon    = SSL connection
- * Returns:
- *              1 on success, 0 on error
- */
-static int
-run_test(SSL *scon)
-{
-        char buf[1024 * 8];
-        struct pollfd pfd[1];
-        BIO *conn;
-        long verify_error;
-        int i, retval;
-        if ((conn = BIO_new(BIO_s_connect())) == NULL)
-                return 0;
-        BIO_set_conn_hostname(conn, cfg.host);
-        SSL_set_connect_state(scon);
-        SSL_set_bio(scon, conn, conn);
-        for (;;) {
-                i = SSL_connect(scon);
-                if (BIO_sock_should_retry(i)) {
-                        BIO_printf(bio_err, "DELAY\n");
-                        pfd[0].fd = SSL_get_fd(scon);
-                        pfd[0].events = POLLIN;
-                        poll(pfd, 1, -1);
-                        continue;
-                }
-                break;
-        }
-        if (i <= 0) {
-                BIO_printf(bio_err, "ERROR\n");
-                verify_error = SSL_get_verify_result(scon);
-                if (verify_error != X509_V_OK)
-                        BIO_printf(bio_err, "verify error:%s\n",
-                            X509_verify_cert_error_string(verify_error));
-                else
-                        ERR_print_errors(bio_err);
-                return 0;
-        }
-        if (cfg.www_path != NULL) {
-                retval = snprintf(buf, sizeof buf,
-                    "GET %s HTTP/1.0\r\n\r\n", cfg.www_path);
-                if (retval < 0 || retval >= sizeof buf) {
-                        fprintf(stderr, "URL too long\n");
-                        return 0;
-                }
-                if (SSL_write(scon, buf, retval) != retval)
-                        return 0;
-                while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
-                        bytes_read += i;
-        }
-        if (cfg.no_shutdown)
-                SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
-                    SSL_RECEIVED_SHUTDOWN);
-        else
-                SSL_shutdown(scon);
-        return 1;
-}
-static void
-print_tally_mark(SSL *scon)
-{
-        int ver;
-        if (SSL_session_reused(scon))
-                ver = 'r';
-        else {
-                ver = SSL_version(scon);
-                if (ver == TLS1_VERSION)
-                        ver = 't';
-                else
-                        ver = '*';
-        }
-        fputc(ver, stdout);
-        fflush(stdout);
-}
-static int
-benchmark(int reuse_session)
-{
-        double elapsed, totalTime;
-        int nConn = 0;
-        SSL *scon = NULL;
-        int ret = 1;
-        if (reuse_session) {
-                /* Get an SSL object so we can reuse the session id */
-                if ((scon = SSL_new(tm_ctx)) == NULL)
-                        goto end;
-                if (!run_test(scon)) {
-                        fprintf(stderr, "Unable to get connection\n");
-                        goto end;
-                }
-                printf("starting\n");
-        }
-        nConn = 0;
-        bytes_read = 0;
-        app_timer_real(TM_RESET);
-        app_timer_user(TM_RESET);
-        for (;;) {
-                elapsed = app_timer_real(TM_GET);
-                if (elapsed > cfg.maxtime)
-                        break;
-                if (scon == NULL) {
-                        if ((scon = SSL_new(tm_ctx)) == NULL)
-                                goto end;
-                }
-                if (!run_test(scon))
-                        goto end;
-                nConn += 1;
-                print_tally_mark(scon);
-                if (!reuse_session) {
-                        SSL_free(scon);
-                        scon = NULL;
-                }
-        }
-        totalTime = app_timer_user(TM_GET);
-        printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
-            nConn, totalTime, ((double) nConn / totalTime), bytes_read);
-        printf("%d connections in %.0f real seconds, %ld bytes read per connection\n",
-            nConn, elapsed, nConn > 0 ? bytes_read / nConn : 0);
-        ret = 0;
- end:
-        SSL_free(scon);
-        return ret;
-}

diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c deleted file mode 100644 index c90be33f28..0000000000 --- a/src/usr.bin/openssl/s_time.c +++ /dev/null
@@ -1,463 +0,0 @@
1	/* $OpenBSD: s_time.c,v 1.39 2025/01/02 13:10:03 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	/*-----------------------------------------
60	s_time - SSL client connection timer program
61	Written and donated by Larry Streepy <streepy@healthcare.com>
62	-----------------------------------------*/
63
64	#include <sys/types.h>
65	#include <sys/socket.h>
66
67	#include <stdio.h>
68	#include <stdlib.h>
69	#include <limits.h>
70	#include <string.h>
71	#include <unistd.h>
72	#include <poll.h>
73
74	#include "apps.h"
75
76	#include <openssl/err.h>
77	#include <openssl/pem.h>
78	#include <openssl/ssl.h>
79	#include <openssl/x509.h>
80
81	#define SSL_CONNECT_NAME "localhost:4433"
82
83	#define BUFSIZZ 1024*10
84
85	#define MYBUFSIZ 1024*8
86
87	#define SECONDS 30
88	extern int verify_depth;
89
90	static void s_time_usage(void);
91	static int run_test(SSL *);
92	static int benchmark(int);
93	static void print_tally_mark(SSL *);
94
95	static SSL_CTX *tm_ctx = NULL;
96	static const SSL_METHOD *s_time_meth = NULL;
97	static long bytes_read = 0;
98
99	static struct {
100	int bugs;
101	char *CAfile;
102	char *CApath;
103	char *certfile;
104	char *cipher;
105	char *host;
106	char *keyfile;
107	time_t maxtime;
108	int nbio;
109	int no_shutdown;
110	int perform;
111	int verify;
112	int verify_depth;
113	char *www_path;
114	} cfg;
115
116	static const struct option s_time_options[] = {
117	{
118	.name = "bugs",
119	.desc = "Enable workarounds for known SSL/TLS bugs",
120	.type = OPTION_FLAG,
121	.opt.flag = &cfg.bugs,
122	},
123	{
124	.name = "CAfile",
125	.argname = "file",
126	.desc = "File containing trusted certificates in PEM format",
127	.type = OPTION_ARG,
128	.opt.arg = &cfg.CAfile,
129	},
130	{
131	.name = "CApath",
132	.argname = "path",
133	.desc = "Directory containing trusted certificates",
134	.type = OPTION_ARG,
135	.opt.arg = &cfg.CApath,
136	},
137	{
138	.name = "cert",
139	.argname = "file",
140	.desc = "Client certificate to use, if one is requested",
141	.type = OPTION_ARG,
142	.opt.arg = &cfg.certfile,
143	},
144	{
145	.name = "cipher",
146	.argname = "list",
147	.desc = "List of cipher suites to send to the server",
148	.type = OPTION_ARG,
149	.opt.arg = &cfg.cipher,
150	},
151	{
152	.name = "connect",
153	.argname = "host:port",
154	.desc = "Host and port to connect to (default "
155	SSL_CONNECT_NAME ")",
156	.type = OPTION_ARG,
157	.opt.arg = &cfg.host,
158	},
159	{
160	.name = "key",
161	.argname = "file",
162	.desc = "Client private key to use, if one is required",
163	.type = OPTION_ARG,
164	.opt.arg = &cfg.keyfile,
165	},
166	{
167	.name = "nbio",
168	.desc = "Use non-blocking I/O",
169	.type = OPTION_FLAG,
170	.opt.flag = &cfg.nbio,
171	},
172	{
173	.name = "new",
174	.desc = "Use a new session ID for each connection",
175	.type = OPTION_VALUE,
176	.opt.value = &cfg.perform,
177	.value = 1,
178	},
179	{
180	.name = "no_shutdown",
181	.desc = "Shut down the connection without notifying the server",
182	.type = OPTION_FLAG,
183	.opt.flag = &cfg.no_shutdown,
184	},
185	{
186	.name = "reuse",
187	.desc = "Reuse the same session ID for each connection",
188	.type = OPTION_VALUE,
189	.opt.value = &cfg.perform,
190	.value = 2,
191	},
192	{
193	.name = "time",
194	.argname = "seconds",
195	.desc = "Duration to perform timing tests for (default 30)",
196	.type = OPTION_ARG_TIME,
197	.opt.tvalue = &cfg.maxtime,
198	},
199	{
200	.name = "verify",
201	.argname = "depth",
202	.desc = "Enable peer certificate verification with given depth",
203	.type = OPTION_ARG_INT,
204	.opt.value = &cfg.verify_depth,
205	},
206	{
207	.name = "www",
208	.argname = "page",
209	.desc = "Page to GET from the server (default none)",
210	.type = OPTION_ARG,
211	.opt.arg = &cfg.www_path,
212	},
213	{ NULL },
214	};
215
216	static void
217	s_time_usage(void)
218	{
219	fprintf(stderr,
220	"usage: s_time "
221	"[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
222	" [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
223	" [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
224	" [-verify depth] [-www page]\n\n");
225	options_usage(s_time_options);
226	}
227
228	/***********************************************************************
229	* MAIN - main processing area for client
230	* real name depends on MONOLITH
231	*/
232	int
233	s_time_main(int argc, char **argv)
234	{
235	int ret = 1;
236
237	if (pledge("stdio rpath inet dns", NULL) == -1) {
238	perror("pledge");
239	exit(1);
240	}
241
242	s_time_meth = TLS_client_method();
243
244	verify_depth = 0;
245
246	memset(&cfg, 0, sizeof(cfg));
247
248	cfg.host = SSL_CONNECT_NAME;
249	cfg.maxtime = SECONDS;
250	cfg.perform = 3;
251	cfg.verify = SSL_VERIFY_NONE;
252	cfg.verify_depth = -1;
253
254	if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
255	s_time_usage();
256	goto end;
257	}
258
259	if (cfg.verify_depth >= 0) {
260	cfg.verify = SSL_VERIFY_PEER \| SSL_VERIFY_CLIENT_ONCE;
261	verify_depth = cfg.verify_depth;
262	BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
263	}
264
265	if (cfg.www_path != NULL &&
266	strlen(cfg.www_path) > MYBUFSIZ - 100) {
267	BIO_printf(bio_err, "-www option too long\n");
268	goto end;
269	}
270
271	if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
272	return (1);
273
274	SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
275
276	if (cfg.bugs)
277	SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
278
279	if (cfg.cipher != NULL) {
280	if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) {
281	BIO_printf(bio_err, "error setting cipher list\n");
282	ERR_print_errors(bio_err);
283	goto end;
284	}
285	}
286
287	SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL);
288
289	if (!set_cert_stuff(tm_ctx, cfg.certfile,
290	cfg.keyfile))
291	goto end;
292
293	if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile,
294	cfg.CApath)) \|\|
295	(!SSL_CTX_set_default_verify_paths(tm_ctx))) {
296	/*
297	* BIO_printf(bio_err,"error setting default verify
298	* locations\n");
299	*/
300	ERR_print_errors(bio_err);
301	/* goto end; */
302	}
303
304	/* Loop and time how long it takes to make connections */
305	if (cfg.perform & 1) {
306	printf("Collecting connection statistics for %lld seconds\n",
307	(long long)cfg.maxtime);
308	if (benchmark(0))
309	goto end;
310	}
311	/*
312	* Now loop and time connections using the same session id over and
313	* over
314	*/
315	if (cfg.perform & 2) {
316	printf("\n\nNow timing with session id reuse.\n");
317	if (benchmark(1))
318	goto end;
319	}
320	ret = 0;
321	end:
322	if (tm_ctx != NULL) {
323	SSL_CTX_free(tm_ctx);
324	tm_ctx = NULL;
325	}
326
327	return (ret);
328	}
329
330	/***********************************************************************
331	* run_test - make a connection, get a file, and shut down the connection
332	*
333	* Args:
334	* scon = SSL connection
335	* Returns:
336	* 1 on success, 0 on error
337	*/
338	static int
339	run_test(SSL *scon)
340	{
341	char buf[1024 * 8];
342	struct pollfd pfd[1];
343	BIO *conn;
344	long verify_error;
345	int i, retval;
346
347	if ((conn = BIO_new(BIO_s_connect())) == NULL)
348	return 0;
349	BIO_set_conn_hostname(conn, cfg.host);
350	SSL_set_connect_state(scon);
351	SSL_set_bio(scon, conn, conn);
352	for (;;) {
353	i = SSL_connect(scon);
354	if (BIO_sock_should_retry(i)) {
355	BIO_printf(bio_err, "DELAY\n");
356	pfd[0].fd = SSL_get_fd(scon);
357	pfd[0].events = POLLIN;
358	poll(pfd, 1, -1);
359	continue;
360	}
361	break;
362	}
363	if (i <= 0) {
364	BIO_printf(bio_err, "ERROR\n");
365	verify_error = SSL_get_verify_result(scon);
366	if (verify_error != X509_V_OK)
367	BIO_printf(bio_err, "verify error:%s\n",
368	X509_verify_cert_error_string(verify_error));
369	else
370	ERR_print_errors(bio_err);
371	return 0;
372	}
373	if (cfg.www_path != NULL) {
374	retval = snprintf(buf, sizeof buf,
375	"GET %s HTTP/1.0\r\n\r\n", cfg.www_path);
376	if (retval < 0 \|\| retval >= sizeof buf) {
377	fprintf(stderr, "URL too long\n");
378	return 0;
379	}
380	if (SSL_write(scon, buf, retval) != retval)
381	return 0;
382	while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
383	bytes_read += i;
384	}
385	if (cfg.no_shutdown)
386	SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN \|
387	SSL_RECEIVED_SHUTDOWN);
388	else
389	SSL_shutdown(scon);
390	return 1;
391	}
392
393	static void
394	print_tally_mark(SSL *scon)
395	{
396	int ver;
397
398	if (SSL_session_reused(scon))
399	ver = 'r';
400	else {
401	ver = SSL_version(scon);
402	if (ver == TLS1_VERSION)
403	ver = 't';
404	else
405	ver = '*';
406	}
407	fputc(ver, stdout);
408	fflush(stdout);
409	}
410
411	static int
412	benchmark(int reuse_session)
413	{
414	double elapsed, totalTime;
415	int nConn = 0;
416	SSL *scon = NULL;
417	int ret = 1;
418
419	if (reuse_session) {
420	/* Get an SSL object so we can reuse the session id */
421	if ((scon = SSL_new(tm_ctx)) == NULL)
422	goto end;
423	if (!run_test(scon)) {
424	fprintf(stderr, "Unable to get connection\n");
425	goto end;
426	}
427	printf("starting\n");
428	}
429
430	nConn = 0;
431	bytes_read = 0;
432
433	app_timer_real(TM_RESET);
434	app_timer_user(TM_RESET);
435	for (;;) {
436	elapsed = app_timer_real(TM_GET);
437	if (elapsed > cfg.maxtime)
438	break;
439	if (scon == NULL) {
440	if ((scon = SSL_new(tm_ctx)) == NULL)
441	goto end;
442	}
443	if (!run_test(scon))
444	goto end;
445	nConn += 1;
446	print_tally_mark(scon);
447	if (!reuse_session) {
448	SSL_free(scon);
449	scon = NULL;
450	}
451	}
452	totalTime = app_timer_user(TM_GET);
453
454	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
455	nConn, totalTime, ((double) nConn / totalTime), bytes_read);
456	printf("%d connections in %.0f real seconds, %ld bytes read per connection\n",
457	nConn, elapsed, nConn > 0 ? bytes_read / nConn : 0);
458
459	ret = 0;
460	end:
461	SSL_free(scon);
462	return ret;
463	}