1 files changed, 178 insertions, 201 deletions
diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c
index 89f0d6becc..ed9da3e4e8 100644
--- a/src/usr.bin/openssl/s_time.c
+++ b/src/usr.bin/openssl/s_time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_time.c,v 1.4 2015/02/08 10:22:45 doug Exp $ */
+/* $OpenBSD: s_time.c,v 1.5 2015/04/14 11:45:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -84,8 +84,6 @@
 #define SSL_CONNECT_NAME        "localhost:4433"
- /*#define TEST_CERT "client.pem" *//* no default cert. */
 #define BUFSIZZ 1024*10
 #define MYBUFSIZ 1024*8
@@ -100,188 +98,139 @@ extern int verify_depth;
 extern int verify_error;
 static void s_time_usage(void);
-static int parseArgs(int argc, char **argv);
 static SSL *doConnection(SSL * scon);
-static void s_time_init(void);
-/***********************************************************************
- * Static data declarations
- */
-/* static char *port=PORT_STR;*/
-static char *host = SSL_CONNECT_NAME;
-static char *t_cert_file = NULL;
-static char *t_key_file = NULL;
-static char *CApath = NULL;
-static char *CAfile = NULL;
-static char *tm_cipher = NULL;
-static int tm_verify = SSL_VERIFY_NONE;
-static int maxTime = SECONDS;
 static SSL_CTX *tm_ctx = NULL;
 static const SSL_METHOD *s_time_meth = NULL;
-static char *s_www_path = NULL;
 static long bytes_read = 0;
-static int st_bugs = 0;
-static int perform = 0;
-static int t_nbio = 0;
-static void
+struct {
-s_time_init(void)
+        int bugs;
-{
+        char *CAfile;
-        host = SSL_CONNECT_NAME;
+        char *CApath;
-        t_cert_file = NULL;
+        char *certfile;
-        t_key_file = NULL;
+        char *cipher;
-        CApath = NULL;
+        char *host;
-        CAfile = NULL;
+        char *keyfile;
-        tm_cipher = NULL;
+        int maxtime;
-        tm_verify = SSL_VERIFY_NONE;
+        int nbio;
-        maxTime = SECONDS;
+        int perform;
-        tm_ctx = NULL;
+        int ssl3;
-        s_time_meth = NULL;
+        int verify;
-        s_www_path = NULL;
+        int verify_depth;
-        bytes_read = 0;
+        char *www_path;
-        st_bugs = 0;
+} s_time_config;
-        perform = 0;
+struct option s_time_options[] = {
+        {
+                .name = "bugs",
+                .desc = "Enable workarounds for known SSL/TLS bugs",
+                .type = OPTION_FLAG,
+                .opt.flag = &s_time_config.bugs,
+        },
+        {
+                .name = "CAfile",
+                .argname = "file",
+                .desc = "File containing trusted certificates in PEM format",
+                .type = OPTION_ARG,
+                .opt.arg = &s_time_config.CAfile,
+        },
+        {
+                .name = "CApath",
+                .argname = "path",
+                .desc = "Directory containing trusted certificates",
+                .type = OPTION_ARG,
+                .opt.arg = &s_time_config.CApath,
+        },
+        {
+                .name = "cert",
+                .argname = "file",
+                .desc = "Client certificate to use, if one is requested",
+                .type = OPTION_ARG,
+                .opt.arg = &s_time_config.certfile,
+        },
+        {
+                .name = "cipher",
+                .argname = "list",
+                .desc = "List of cipher suites to send to the server",
+                .type = OPTION_ARG,
+                .opt.arg = &s_time_config.cipher,
+        },
+        {
+                .name = "connect",
+                .argname = "host:port",
+                .desc = "Host and port to connect to (default "
+                    SSL_CONNECT_NAME ")",
+                .type = OPTION_ARG,
+                .opt.arg = &s_time_config.host,
+        },
+        {
+                .name = "key",
+                .argname = "file",
+                .desc = "Client private key to use, if one is required",
+                .type = OPTION_ARG,
+                .opt.arg = &s_time_config.keyfile,
+        },
+        {
+                .name = "nbio",
+                .desc = "Use non-blocking I/O",
+                .type = OPTION_FLAG,
+                .opt.flag = &s_time_config.nbio,
+        },
+        {
+                .name = "new",
+                .desc = "Use a new session ID for each connection",
+                .type = OPTION_VALUE,
+                .opt.value = &s_time_config.perform,
+                .value = 1,
+        },
+        {
+                .name = "reuse",
+                .desc = "Reuse the same session ID for each connection",
+                .type = OPTION_VALUE,
+                .opt.value = &s_time_config.perform,
+                .value = 2,
+        },
+        {
+                .name = "ssl3",
+                .desc = "Only use SSLv3",
+                .type = OPTION_FLAG,
+                .opt.flag = &s_time_config.ssl3,
+        },
+        {
+                .name = "time",
+                .argname = "seconds",
+                .desc = "Duration to perform timing tests for (default 30)",
+                .type = OPTION_ARG_INT,
+                .opt.value = &s_time_config.maxtime,
+        },
+        {
+                .name = "verify",
+                .argname = "depth",
+                .desc = "Enable peer certificate verification with given depth",
+                .type = OPTION_ARG_INT,
+                .opt.value = &s_time_config.verify_depth,
+        },
+        {
+                .name = "www",
+                .argname = "page",
+                .desc = "Page to GET from the server (default none)",
+                .type = OPTION_ARG,
+                .opt.arg = &s_time_config.www_path,
+        },
+        { NULL },
+};
-        t_nbio = 0;
-}
-/***********************************************************************
- * usage - display usage message
- */
 static void
 s_time_usage(void)
 {
-        static const char umsg[] = "\
+        fprintf(stderr,
-time arg     - max number of seconds to collect data, default %d\n\
+            "usage: s_time "
-verify arg   - turn on peer certificate verification, arg == depth\n\
+            "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
-cert arg     - certificate file to use, PEM format assumed\n\
+            "    [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
-key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
+            "    [-nbio] [-new] [-reuse] [-ssl3] [-time seconds]\n"
-                file if not specified by this option\n\
+            "    [-verify depth] [-www page]\n\n");
-CApath arg   - PEM format directory of CA's\n\
+        options_usage(s_time_options);
-CAfile arg   - PEM format file of CA's\n\
-cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
-        printf("usage: s_time <args>\n\n");
-        printf("-connect host:port - host:port to connect to (default is %s)\n", SSL_CONNECT_NAME);
-        printf("-nbio         - Run with non-blocking IO\n");
-        printf("-ssl2         - Just use SSLv2\n");
-        printf("-ssl3         - Just use SSLv3\n");
-        printf("-bugs         - Turn on SSL bug compatibility\n");
-        printf("-new          - Just time new connections\n");
-        printf("-reuse        - Just time connection reuse\n");
-        printf("-www page     - Retrieve 'page' from the site\n");
-        printf(umsg, SECONDS);
-}
-/***********************************************************************
- * parseArgs - Parse command line arguments and initialize data
- *
- * Returns 0 if ok, -1 on bad args
- */
-static int
-parseArgs(int argc, char **argv)
-{
-        int badop = 0;
-        const char *errstr;
-        verify_depth = 0;
-        verify_error = X509_V_OK;
-        argc--;
-        argv++;
-        while (argc >= 1) {
-                if (strcmp(*argv, "-connect") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        host = *(++argv);
-                }
-                else if (strcmp(*argv, "-reuse") == 0)
-                        perform = 2;
-                else if (strcmp(*argv, "-new") == 0)
-                        perform = 1;
-                else if (strcmp(*argv, "-verify") == 0) {
-                        tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
-                        if (--argc < 1)
-                                goto bad;
-                        verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
-                        if (errstr)
-                                goto bad;
-                        BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
-                } else if (strcmp(*argv, "-cert") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        t_cert_file = *(++argv);
-                } else if (strcmp(*argv, "-key") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        t_key_file = *(++argv);
-                } else if (strcmp(*argv, "-CApath") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        CApath = *(++argv);
-                } else if (strcmp(*argv, "-CAfile") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        CAfile = *(++argv);
-                } else if (strcmp(*argv, "-cipher") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        tm_cipher = *(++argv);
-                }
-                else if (strcmp(*argv, "-nbio") == 0) {
-                        t_nbio = 1;
-                }
-                else if (strcmp(*argv, "-www") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        s_www_path = *(++argv);
-                        if (strlen(s_www_path) > MYBUFSIZ - 100) {
-                                BIO_printf(bio_err, "-www option too long\n");
-                                badop = 1;
-                        }
-                } else if (strcmp(*argv, "-bugs") == 0)
-                        st_bugs = 1;
-                else if (strcmp(*argv, "-ssl3") == 0)
-                        s_time_meth = SSLv3_client_method();
-                else if (strcmp(*argv, "-time") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        maxTime = strtonum(*(++argv), 0, INT_MAX, &errstr);
-                        if (errstr)
-                                goto bad;
-                } else {
-                        BIO_printf(bio_err, "unknown option %s\n", *argv);
-                        badop = 1;
-                        break;
-                }
-                argc--;
-                argv++;
-        }
-        if (perform == 0)
-                perform = 3;
-        if (badop) {
-bad:
-                s_time_usage();
-                return -1;
-        }
-        return 0;               /* Valid args */
 }
 /***********************************************************************
@@ -312,27 +261,54 @@ s_time_main(int argc, char **argv)
        int ret = 1, i;
        char buf[1024 * 8];
        int ver;
+        
+        s_time_meth = SSLv23_client_method();
-        s_time_init();
+        verify_depth = 0;
+        verify_error = X509_V_OK;
-        s_time_meth = SSLv23_client_method();
+        memset(&s_time_config, 0, sizeof(s_time_config));
+        s_time_config.host = SSL_CONNECT_NAME;
+        s_time_config.maxtime = SECONDS;
+        s_time_config.perform = 3;
+        s_time_config.verify = SSL_VERIFY_NONE;
+        s_time_config.verify_depth = -1;
+        if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
+                s_time_usage();
+                goto end;
+        }
+        if (s_time_config.ssl3)
+                s_time_meth = SSLv3_client_method();
-        /* parse the command line arguments */
+        if (s_time_config.verify_depth >= 0) {
-        if (parseArgs(argc, argv) < 0)
+                s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+                verify_depth = s_time_config.verify_depth;
+                BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+        }
+        if (s_time_config.www_path != NULL &&
+            strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
+                BIO_printf(bio_err, "-www option too long\n");
                goto end;
+        }
        if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
                return (1);
        SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
-        if (st_bugs)
+        if (s_time_config.bugs)
                SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
-        SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
+        SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher);
-        if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
+        if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
+            s_time_config.keyfile))
                goto end;
-        if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
+        if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
+            s_time_config.CApath)) ||
            (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
                /*
                 * BIO_printf(bio_err,"error setting default verify
@@ -341,20 +317,21 @@ s_time_main(int argc, char **argv)
                ERR_print_errors(bio_err);
                /* goto end; */
        }
-        if (tm_cipher == NULL)
+        if (s_time_config.cipher == NULL)
-                tm_cipher = getenv("SSL_CIPHER");
+                s_time_config.cipher = getenv("SSL_CIPHER");
-        if (tm_cipher == NULL) {
+        if (s_time_config.cipher == NULL) {
                fprintf(stderr, "No CIPHER specified\n");
        }
-        if (!(perform & 1))
+        if (!(s_time_config.perform & 1))
                goto next;
-        printf("Collecting connection statistics for %d seconds\n", maxTime);
+        printf("Collecting connection statistics for %d seconds\n",
+            s_time_config.maxtime);
        /* Loop and time how long it takes to make connections */
        bytes_read = 0;
-        finishtime = (long) time(NULL) + maxTime;
+        finishtime = (long) time(NULL) + s_time_config.maxtime;
        tm_Time_F(START);
        for (;;) {
                if (finishtime < (long) time(NULL))
@@ -362,9 +339,9 @@ s_time_main(int argc, char **argv)
                if ((scon = doConnection(NULL)) == NULL)
                        goto end;
-                if (s_www_path != NULL) {
+                if (s_time_config.www_path != NULL) {
                        int retval = snprintf(buf, sizeof buf,
-                            "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+                            "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
                        if ((size_t)retval >= sizeof buf) {
                                fprintf(stderr, "URL too long\n");
                                goto end;
@@ -403,9 +380,9 @@ s_time_main(int argc, char **argv)
        }
        totalTime += tm_Time_F(STOP);   /* Add the time for this iteration */
-        i = (int) ((long) time(NULL) - finishtime + maxTime);
+        i = (int) ((long) time(NULL) - finishtime + s_time_config.maxtime);
        printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
-        printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
+        printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);
        /*
         * Now loop and time connections using the same session id over and
@@ -413,7 +390,7 @@ s_time_main(int argc, char **argv)
         */
 next:
-        if (!(perform & 2))
+        if (!(s_time_config.perform & 2))
                goto end;
        printf("\n\nNow timing with session id reuse.\n");
@@ -422,9 +399,9 @@ next:
                fprintf(stderr, "Unable to get connection\n");
                goto end;
        }
-        if (s_www_path != NULL) {
+        if (s_time_config.www_path != NULL) {
                int retval = snprintf(buf, sizeof buf,
-                    "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+                    "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
                if ((size_t)retval >= sizeof buf) {
                        fprintf(stderr, "URL too long\n");
                        goto end;
@@ -443,7 +420,7 @@ next:
        nConn = 0;
        totalTime = 0.0;
-        finishtime = (long) time(NULL) + maxTime;
+        finishtime = (long) time(NULL) + s_time_config.maxtime;
        printf("starting\n");
        bytes_read = 0;
@@ -455,9 +432,9 @@ next:
                if ((doConnection(scon)) == NULL)
                        goto end;
-                if (s_www_path) {
+                if (s_time_config.www_path) {
                        int retval = snprintf(buf, sizeof buf,
-                            "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+                            "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
                        if ((size_t)retval >= sizeof buf) {
                                fprintf(stderr, "URL too long\n");
                                goto end;
@@ -495,7 +472,7 @@ next:
        printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
-        printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
+        printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);
        ret = 0;
 end:
@@ -529,7 +506,7 @@ doConnection(SSL * scon)
                return (NULL);
 /*      BIO_set_conn_port(conn,port);*/
-        BIO_set_conn_hostname(conn, host);
+        BIO_set_conn_hostname(conn, s_time_config.host);
        if (scon == NULL)
                serverCon = SSL_new(tm_ctx);

diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c index 89f0d6becc..ed9da3e4e8 100644 --- a/src/usr.bin/openssl/s_time.c +++ b/src/usr.bin/openssl/s_time.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_time.c,v 1.4 2015/02/08 10:22:45 doug Exp $ */	1	/* $OpenBSD: s_time.c,v 1.5 2015/04/14 11:45:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -84,8 +84,6 @@
84		84
85	#define SSL_CONNECT_NAME "localhost:4433"	85	#define SSL_CONNECT_NAME "localhost:4433"
86		86
87	/#define TEST_CERT "client.pem" //* no default cert. */
88
89	#define BUFSIZZ 1024*10	87	#define BUFSIZZ 1024*10
90		88
91	#define MYBUFSIZ 1024*8	89	#define MYBUFSIZ 1024*8
@@ -100,188 +98,139 @@ extern int verify_depth;
100	extern int verify_error;	98	extern int verify_error;
101		99
102	static void s_time_usage(void);	100	static void s_time_usage(void);
103	static int parseArgs(int argc, char **argv);
104	static SSL doConnection(SSL scon);	101	static SSL doConnection(SSL scon);
105	static void s_time_init(void);
106
107	/***********************************************************************
108	* Static data declarations
109	*/
110		102
111	/* static char port=PORT_STR;/
112	static char *host = SSL_CONNECT_NAME;
113	static char *t_cert_file = NULL;
114	static char *t_key_file = NULL;
115	static char *CApath = NULL;
116	static char *CAfile = NULL;
117	static char *tm_cipher = NULL;
118	static int tm_verify = SSL_VERIFY_NONE;
119	static int maxTime = SECONDS;
120	static SSL_CTX *tm_ctx = NULL;	103	static SSL_CTX *tm_ctx = NULL;
121	static const SSL_METHOD *s_time_meth = NULL;	104	static const SSL_METHOD *s_time_meth = NULL;
122	static char *s_www_path = NULL;
123	static long bytes_read = 0;	105	static long bytes_read = 0;
124	static int st_bugs = 0;
125	static int perform = 0;
126	static int t_nbio = 0;
127		106
128	static void	107	struct {
129	s_time_init(void)	108	int bugs;
130	{	109	char *CAfile;
131	host = SSL_CONNECT_NAME;	110	char *CApath;
132	t_cert_file = NULL;	111	char *certfile;
133	t_key_file = NULL;	112	char *cipher;
134	CApath = NULL;	113	char *host;
135	CAfile = NULL;	114	char *keyfile;
136	tm_cipher = NULL;	115	int maxtime;
137	tm_verify = SSL_VERIFY_NONE;	116	int nbio;
138	maxTime = SECONDS;	117	int perform;
139	tm_ctx = NULL;	118	int ssl3;
140	s_time_meth = NULL;	119	int verify;
141	s_www_path = NULL;	120	int verify_depth;
142	bytes_read = 0;	121	char *www_path;
143	st_bugs = 0;	122	} s_time_config;
144	perform = 0;	123
		124	struct option s_time_options[] = {
		125	{
		126	.name = "bugs",
		127	.desc = "Enable workarounds for known SSL/TLS bugs",
		128	.type = OPTION_FLAG,
		129	.opt.flag = &s_time_config.bugs,
		130	},
		131	{
		132	.name = "CAfile",
		133	.argname = "file",
		134	.desc = "File containing trusted certificates in PEM format",
		135	.type = OPTION_ARG,
		136	.opt.arg = &s_time_config.CAfile,
		137	},
		138	{
		139	.name = "CApath",
		140	.argname = "path",
		141	.desc = "Directory containing trusted certificates",
		142	.type = OPTION_ARG,
		143	.opt.arg = &s_time_config.CApath,
		144	},
		145	{
		146	.name = "cert",
		147	.argname = "file",
		148	.desc = "Client certificate to use, if one is requested",
		149	.type = OPTION_ARG,
		150	.opt.arg = &s_time_config.certfile,
		151	},
		152	{
		153	.name = "cipher",
		154	.argname = "list",
		155	.desc = "List of cipher suites to send to the server",
		156	.type = OPTION_ARG,
		157	.opt.arg = &s_time_config.cipher,
		158	},
		159	{
		160	.name = "connect",
		161	.argname = "host:port",
		162	.desc = "Host and port to connect to (default "
		163	SSL_CONNECT_NAME ")",
		164	.type = OPTION_ARG,
		165	.opt.arg = &s_time_config.host,
		166	},
		167	{
		168	.name = "key",
		169	.argname = "file",
		170	.desc = "Client private key to use, if one is required",
		171	.type = OPTION_ARG,
		172	.opt.arg = &s_time_config.keyfile,
		173	},
		174	{
		175	.name = "nbio",
		176	.desc = "Use non-blocking I/O",
		177	.type = OPTION_FLAG,
		178	.opt.flag = &s_time_config.nbio,
		179	},
		180	{
		181	.name = "new",
		182	.desc = "Use a new session ID for each connection",
		183	.type = OPTION_VALUE,
		184	.opt.value = &s_time_config.perform,
		185	.value = 1,
		186	},
		187	{
		188	.name = "reuse",
		189	.desc = "Reuse the same session ID for each connection",
		190	.type = OPTION_VALUE,
		191	.opt.value = &s_time_config.perform,
		192	.value = 2,
		193	},
		194	{
		195	.name = "ssl3",
		196	.desc = "Only use SSLv3",
		197	.type = OPTION_FLAG,
		198	.opt.flag = &s_time_config.ssl3,
		199	},
		200	{
		201	.name = "time",
		202	.argname = "seconds",
		203	.desc = "Duration to perform timing tests for (default 30)",
		204	.type = OPTION_ARG_INT,
		205	.opt.value = &s_time_config.maxtime,
		206	},
		207	{
		208	.name = "verify",
		209	.argname = "depth",
		210	.desc = "Enable peer certificate verification with given depth",
		211	.type = OPTION_ARG_INT,
		212	.opt.value = &s_time_config.verify_depth,
		213	},
		214	{
		215	.name = "www",
		216	.argname = "page",
		217	.desc = "Page to GET from the server (default none)",
		218	.type = OPTION_ARG,
		219	.opt.arg = &s_time_config.www_path,
		220	},
		221	{ NULL },
		222	};
145		223
146	t_nbio = 0;
147	}
148
149	/***********************************************************************
150	* usage - display usage message
151	*/
152	static void	224	static void
153	s_time_usage(void)	225	s_time_usage(void)
154	{	226	{
155	static const char umsg[] = "\	227	fprintf(stderr,
156	-time arg - max number of seconds to collect data, default %d\n\	228	"usage: s_time "
157	-verify arg - turn on peer certificate verification, arg == depth\n\	229	"[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
158	-cert arg - certificate file to use, PEM format assumed\n\	230	" [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
159	-key arg - RSA file to use, PEM format assumed, key is in cert file\n\	231	" [-nbio] [-new] [-reuse] [-ssl3] [-time seconds]\n"
160	file if not specified by this option\n\	232	" [-verify depth] [-www page]\n\n");
161	-CApath arg - PEM format directory of CA's\n\	233	options_usage(s_time_options);
162	-CAfile arg - PEM format file of CA's\n\
163	-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
164
165	printf("usage: s_time <args>\n\n");
166
167	printf("-connect host:port - host:port to connect to (default is %s)\n", SSL_CONNECT_NAME);
168	printf("-nbio - Run with non-blocking IO\n");
169	printf("-ssl2 - Just use SSLv2\n");
170	printf("-ssl3 - Just use SSLv3\n");
171	printf("-bugs - Turn on SSL bug compatibility\n");
172	printf("-new - Just time new connections\n");
173	printf("-reuse - Just time connection reuse\n");
174	printf("-www page - Retrieve 'page' from the site\n");
175	printf(umsg, SECONDS);
176	}
177
178	/***********************************************************************
179	* parseArgs - Parse command line arguments and initialize data
180	*
181	* Returns 0 if ok, -1 on bad args
182	*/
183	static int
184	parseArgs(int argc, char **argv)
185	{
186	int badop = 0;
187	const char *errstr;
188
189	verify_depth = 0;
190	verify_error = X509_V_OK;
191
192	argc--;
193	argv++;
194
195	while (argc >= 1) {
196	if (strcmp(*argv, "-connect") == 0) {
197	if (--argc < 1)
198	goto bad;
199	host = *(++argv);
200	}
201	else if (strcmp(*argv, "-reuse") == 0)
202	perform = 2;
203	else if (strcmp(*argv, "-new") == 0)
204	perform = 1;
205	else if (strcmp(*argv, "-verify") == 0) {
206	tm_verify = SSL_VERIFY_PEER \| SSL_VERIFY_CLIENT_ONCE;
207	if (--argc < 1)
208	goto bad;
209	verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
210	if (errstr)
211	goto bad;
212	BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
213
214	} else if (strcmp(*argv, "-cert") == 0) {
215
216	if (--argc < 1)
217	goto bad;
218	t_cert_file = *(++argv);
219
220	} else if (strcmp(*argv, "-key") == 0) {
221
222	if (--argc < 1)
223	goto bad;
224	t_key_file = *(++argv);
225
226	} else if (strcmp(*argv, "-CApath") == 0) {
227
228	if (--argc < 1)
229	goto bad;
230	CApath = *(++argv);
231
232	} else if (strcmp(*argv, "-CAfile") == 0) {
233
234	if (--argc < 1)
235	goto bad;
236	CAfile = *(++argv);
237
238	} else if (strcmp(*argv, "-cipher") == 0) {
239
240	if (--argc < 1)
241	goto bad;
242	tm_cipher = *(++argv);
243	}
244	else if (strcmp(*argv, "-nbio") == 0) {
245	t_nbio = 1;
246	}
247	else if (strcmp(*argv, "-www") == 0) {
248	if (--argc < 1)
249	goto bad;
250	s_www_path = *(++argv);
251	if (strlen(s_www_path) > MYBUFSIZ - 100) {
252	BIO_printf(bio_err, "-www option too long\n");
253	badop = 1;
254	}
255	} else if (strcmp(*argv, "-bugs") == 0)
256	st_bugs = 1;
257	else if (strcmp(*argv, "-ssl3") == 0)
258	s_time_meth = SSLv3_client_method();
259	else if (strcmp(*argv, "-time") == 0) {
260
261	if (--argc < 1)
262	goto bad;
263	maxTime = strtonum(*(++argv), 0, INT_MAX, &errstr);
264	if (errstr)
265	goto bad;
266	} else {
267	BIO_printf(bio_err, "unknown option %s\n", *argv);
268	badop = 1;
269	break;
270	}
271
272	argc--;
273	argv++;
274	}
275
276	if (perform == 0)
277	perform = 3;
278
279	if (badop) {
280	bad:
281	s_time_usage();
282	return -1;
283	}
284	return 0; /* Valid args */
285	}	234	}
286		235
287	/***********************************************************************	236	/***********************************************************************
@@ -312,27 +261,54 @@ s_time_main(int argc, char **argv)
312	int ret = 1, i;	261	int ret = 1, i;
313	char buf[1024 * 8];	262	char buf[1024 * 8];
314	int ver;	263	int ver;
		264
		265	s_time_meth = SSLv23_client_method();
315		266
316	s_time_init();	267	verify_depth = 0;
		268	verify_error = X509_V_OK;
317		269
318	s_time_meth = SSLv23_client_method();	270	memset(&s_time_config, 0, sizeof(s_time_config));
		271
		272	s_time_config.host = SSL_CONNECT_NAME;
		273	s_time_config.maxtime = SECONDS;
		274	s_time_config.perform = 3;
		275	s_time_config.verify = SSL_VERIFY_NONE;
		276	s_time_config.verify_depth = -1;
		277
		278	if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
		279	s_time_usage();
		280	goto end;
		281	}
		282
		283	if (s_time_config.ssl3)
		284	s_time_meth = SSLv3_client_method();
319		285
320	/* parse the command line arguments */	286	if (s_time_config.verify_depth >= 0) {
321	if (parseArgs(argc, argv) < 0)	287	s_time_config.verify = SSL_VERIFY_PEER \| SSL_VERIFY_CLIENT_ONCE;
		288	verify_depth = s_time_config.verify_depth;
		289	BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
		290	}
		291
		292	if (s_time_config.www_path != NULL &&
		293	strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
		294	BIO_printf(bio_err, "-www option too long\n");
322	goto end;	295	goto end;
		296	}
323		297
324	if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)	298	if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
325	return (1);	299	return (1);
326		300
327	SSL_CTX_set_quiet_shutdown(tm_ctx, 1);	301	SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
328		302
329	if (st_bugs)	303	if (s_time_config.bugs)
330	SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);	304	SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
331	SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);	305	SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher);
332	if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))	306	if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
		307	s_time_config.keyfile))
333	goto end;	308	goto end;
334		309
335	if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) \|\|	310	if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
		311	s_time_config.CApath)) \|\|
336	(!SSL_CTX_set_default_verify_paths(tm_ctx))) {	312	(!SSL_CTX_set_default_verify_paths(tm_ctx))) {
337	/*	313	/*
338	* BIO_printf(bio_err,"error setting default verify	314	* BIO_printf(bio_err,"error setting default verify
@@ -341,20 +317,21 @@ s_time_main(int argc, char **argv)
341	ERR_print_errors(bio_err);	317	ERR_print_errors(bio_err);
342	/* goto end; */	318	/* goto end; */
343	}	319	}
344	if (tm_cipher == NULL)	320	if (s_time_config.cipher == NULL)
345	tm_cipher = getenv("SSL_CIPHER");	321	s_time_config.cipher = getenv("SSL_CIPHER");
346		322
347	if (tm_cipher == NULL) {	323	if (s_time_config.cipher == NULL) {
348	fprintf(stderr, "No CIPHER specified\n");	324	fprintf(stderr, "No CIPHER specified\n");
349	}	325	}
350	if (!(perform & 1))	326	if (!(s_time_config.perform & 1))
351	goto next;	327	goto next;
352	printf("Collecting connection statistics for %d seconds\n", maxTime);	328	printf("Collecting connection statistics for %d seconds\n",
		329	s_time_config.maxtime);
353		330
354	/* Loop and time how long it takes to make connections */	331	/* Loop and time how long it takes to make connections */
355		332
356	bytes_read = 0;	333	bytes_read = 0;
357	finishtime = (long) time(NULL) + maxTime;	334	finishtime = (long) time(NULL) + s_time_config.maxtime;
358	tm_Time_F(START);	335	tm_Time_F(START);
359	for (;;) {	336	for (;;) {
360	if (finishtime < (long) time(NULL))	337	if (finishtime < (long) time(NULL))
@@ -362,9 +339,9 @@ s_time_main(int argc, char **argv)
362	if ((scon = doConnection(NULL)) == NULL)	339	if ((scon = doConnection(NULL)) == NULL)
363	goto end;	340	goto end;
364		341
365	if (s_www_path != NULL) {	342	if (s_time_config.www_path != NULL) {
366	int retval = snprintf(buf, sizeof buf,	343	int retval = snprintf(buf, sizeof buf,
367	"GET %s HTTP/1.0\r\n\r\n", s_www_path);	344	"GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
368	if ((size_t)retval >= sizeof buf) {	345	if ((size_t)retval >= sizeof buf) {
369	fprintf(stderr, "URL too long\n");	346	fprintf(stderr, "URL too long\n");
370	goto end;	347	goto end;
@@ -403,9 +380,9 @@ s_time_main(int argc, char **argv)
403	}	380	}
404	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */	381	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
405		382
406	i = (int) ((long) time(NULL) - finishtime + maxTime);	383	i = (int) ((long) time(NULL) - finishtime + s_time_config.maxtime);
407	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);	384	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
408	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);	385	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);
409		386
410	/*	387	/*
411	* Now loop and time connections using the same session id over and	388	* Now loop and time connections using the same session id over and
@@ -413,7 +390,7 @@ s_time_main(int argc, char **argv)
413	*/	390	*/
414		391
415	next:	392	next:
416	if (!(perform & 2))	393	if (!(s_time_config.perform & 2))
417	goto end;	394	goto end;
418	printf("\n\nNow timing with session id reuse.\n");	395	printf("\n\nNow timing with session id reuse.\n");
419		396
@@ -422,9 +399,9 @@ next:
422	fprintf(stderr, "Unable to get connection\n");	399	fprintf(stderr, "Unable to get connection\n");
423	goto end;	400	goto end;
424	}	401	}
425	if (s_www_path != NULL) {	402	if (s_time_config.www_path != NULL) {
426	int retval = snprintf(buf, sizeof buf,	403	int retval = snprintf(buf, sizeof buf,
427	"GET %s HTTP/1.0\r\n\r\n", s_www_path);	404	"GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
428	if ((size_t)retval >= sizeof buf) {	405	if ((size_t)retval >= sizeof buf) {
429	fprintf(stderr, "URL too long\n");	406	fprintf(stderr, "URL too long\n");
430	goto end;	407	goto end;
@@ -443,7 +420,7 @@ next:
443	nConn = 0;	420	nConn = 0;
444	totalTime = 0.0;	421	totalTime = 0.0;
445		422
446	finishtime = (long) time(NULL) + maxTime;	423	finishtime = (long) time(NULL) + s_time_config.maxtime;
447		424
448	printf("starting\n");	425	printf("starting\n");
449	bytes_read = 0;	426	bytes_read = 0;
@@ -455,9 +432,9 @@ next:
455	if ((doConnection(scon)) == NULL)	432	if ((doConnection(scon)) == NULL)
456	goto end;	433	goto end;
457		434
458	if (s_www_path) {	435	if (s_time_config.www_path) {
459	int retval = snprintf(buf, sizeof buf,	436	int retval = snprintf(buf, sizeof buf,
460	"GET %s HTTP/1.0\r\n\r\n", s_www_path);	437	"GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
461	if ((size_t)retval >= sizeof buf) {	438	if ((size_t)retval >= sizeof buf) {
462	fprintf(stderr, "URL too long\n");	439	fprintf(stderr, "URL too long\n");
463	goto end;	440	goto end;
@@ -495,7 +472,7 @@ next:
495		472
496		473
497	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);	474	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
498	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);	475	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + s_time_config.maxtime, bytes_read / nConn);
499		476
500	ret = 0;	477	ret = 0;
501	end:	478	end:
@@ -529,7 +506,7 @@ doConnection(SSL * scon)
529	return (NULL);	506	return (NULL);
530		507
531	/* BIO_set_conn_port(conn,port);*/	508	/* BIO_set_conn_port(conn,port);*/
532	BIO_set_conn_hostname(conn, host);	509	BIO_set_conn_hostname(conn, s_time_config.host);
533		510
534	if (scon == NULL)	511	if (scon == NULL)
535	serverCon = SSL_new(tm_ctx);	512	serverCon = SSL_new(tm_ctx);