Loading ssl/ssltest.c +98 −28 Original line number Diff line number Diff line Loading @@ -62,11 +62,13 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> #include "openssl/e_os.h" #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/ssl.h> #include <openssl/err.h> Loading Loading @@ -108,7 +110,7 @@ static int s_nbio=0; static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes); int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); int doit(SSL *s_ssl,SSL *c_ssl,long bytes); static void sv_usage(void) { Loading Loading @@ -143,6 +145,51 @@ static void sv_usage(void) fprintf(stderr," -cipher arg - The cipher list\n"); fprintf(stderr," -bio_pair - Use BIO pairs\n"); fprintf(stderr," -f - Test even cases that can't work\n"); fprintf(stderr," -time - measure processor time used by client and server\n"); } static void print_details(SSL *c_ssl, const char *prefix) { SSL_CIPHER *ciph; X509 *cert; ciph=SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout,"%s%s, cipher %s %s", prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); cert=SSL_get_peer_certificate(c_ssl); if (cert != NULL) { EVP_PKEY *pkey = X509_get_pubkey(cert); if (pkey != NULL) { if (0) ; #ifndef NO_RSA else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL && pkey->pkey.rsa->n != NULL) { BIO_printf(bio_stdout, ", %d bit RSA", BN_num_bits(pkey->pkey.rsa->n)); } #endif #ifndef NO_DSA else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL && pkey->pkey.dsa->p != NULL) { BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(pkey->pkey.dsa->p)); } #endif EVP_PKEY_free(pkey); } X509_free(cert); } /* The SSL API does not allow us to look at temporary RSA/DH keys, * otherwise we should print their lengths too */ BIO_printf(bio_stdout,"\n"); } int main(int argc, char *argv[]) Loading @@ -162,12 +209,14 @@ int main(int argc, char *argv[]) SSL *c_ssl,*s_ssl; int number=1,reuse=0; long bytes=1L; SSL_CIPHER *ciph; #ifndef NO_DH DH *dh; int dhe1024 = 0, dhe1024dsa = 0; #endif int no_dhe = 0; int print_time = 0; clock_t s_time = 0, c_time = 0; verbose = 0; debug = 0; cipher = 0; Loading Loading @@ -261,6 +310,10 @@ int main(int argc, char *argv[]) { force = 1; } else if (strcmp(*argv,"-time") == 0) { print_time = 1; } else { fprintf(stderr,"unknown option %s\n",*argv); Loading @@ -279,15 +332,24 @@ bad: if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f switch to perform " "the test anyway\n" "(and -d to see what happens, " "and -bio_pair to really make it happen :-)\n" "or add one of -ssl2, -ssl3, -tls1, -reuse to " "avoid protocol mismatch.\n"); fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " "or add one of -ssl2, -ssl3, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); exit(1); } if (print_time) { if (!bio_pair) { fprintf(stderr, "Using BIO pair (-bio_pair)\n"); bio_pair = 1; } if (number < 50 && !force) fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); } /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ SSL_library_init(); Loading Loading @@ -405,21 +467,24 @@ bad: { if (!reuse) SSL_set_session(c_ssl,NULL); if (bio_pair) ret=doit_biopair(s_ssl,c_ssl,bytes); ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time); else ret=doit(s_ssl,c_ssl,bytes); } if (!verbose) { ciph=SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout,"Protocol %s, cipher %s, %s\n", SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); print_details(c_ssl, ""); } if ((number > 1) || (bytes > 1L)) BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes); if (print_time) { BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" "Approximate total client time: %6.2f s\n", (double)s_time/CLOCKS_PER_SEC, (double)c_time/CLOCKS_PER_SEC); } SSL_free(s_ssl); SSL_free(c_ssl); Loading @@ -438,12 +503,12 @@ end: EXIT(ret); } int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time, clock_t *c_time) { long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; SSL_CIPHER *ciph; int ret = 1; size_t bufsiz = 256; /* small buffer for testing */ Loading Loading @@ -516,6 +581,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) MS_STATIC char cbuf[1024*8]; int i, r; clock_t c_clock = clock(); if (debug) if (SSL_in_init(c_ssl)) Loading Loading @@ -582,6 +648,16 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) cr_num -= r; } } /* c_time and s_time increments will typically be very small * (depending on machine speed and clock tick intervals), * but sampling over a large number of connections should * result in fairly accurate figures. We cannot guarantee * a lot, however -- if each connection lasts for exactly * one clock tick, it will be counted only for the client * or only for the server or even not at all. */ *c_time += (clock() - c_clock); } { Loading @@ -589,6 +665,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) MS_STATIC char sbuf[1024*8]; int i, r; clock_t s_clock = clock(); if (debug) if (SSL_in_init(s_ssl)) Loading Loading @@ -652,6 +729,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) sr_num -= r; } } *s_time += (clock() - s_clock); } { Loading Loading @@ -777,12 +856,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); ciph = SSL_get_current_cipher(c_ssl); if (verbose) fprintf(stdout,"DONE via BIO pair, protocol %s, cipher %s, %s\n", SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); print_details(c_ssl, "DONE via BIO pair: "); end: ret = 0; Loading Loading @@ -827,7 +902,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) int done=0; int c_write,s_write; int do_server=0,do_client=0; SSL_CIPHER *ciph; c_to_s=BIO_new(BIO_s_mem()); s_to_c=BIO_new(BIO_s_mem()); Loading Loading @@ -1077,12 +1151,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if ((done & S_DONE) && (done & C_DONE)) break; } ciph=SSL_get_current_cipher(c_ssl); if (verbose) fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n", SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); print_details(c_ssl, "DONE: "); ret=0; err: /* We have to set the BIO's to NULL otherwise they will be Loading test/testssl +6 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ echo test sslv2/sslv3 via BIO pair echo test sslv2/sslv3 w/o DHE via BIO pair ./ssltest -bio_pair -no_dhe || exit 1 echo test sslv2/sslv3 with 1024bit DHE echo test sslv2/sslv3 with 1024bit DHE via BIO pair ./ssltest -bio_pair -dhe1024dsa -v || exit 1 echo test sslv2/sslv3 with server authentication Loading @@ -78,4 +78,9 @@ echo test sslv2/sslv3 with client authentication via BIO pair echo test sslv2/sslv3 with both client and server authentication via BIO pair ./ssltest -bio_pair -server_auth -client_auth -CApath ../certs || exit 1 echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1 exit 0 Loading
ssl/ssltest.c +98 −28 Original line number Diff line number Diff line Loading @@ -62,11 +62,13 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> #include "openssl/e_os.h" #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/ssl.h> #include <openssl/err.h> Loading Loading @@ -108,7 +110,7 @@ static int s_nbio=0; static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes); int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); int doit(SSL *s_ssl,SSL *c_ssl,long bytes); static void sv_usage(void) { Loading Loading @@ -143,6 +145,51 @@ static void sv_usage(void) fprintf(stderr," -cipher arg - The cipher list\n"); fprintf(stderr," -bio_pair - Use BIO pairs\n"); fprintf(stderr," -f - Test even cases that can't work\n"); fprintf(stderr," -time - measure processor time used by client and server\n"); } static void print_details(SSL *c_ssl, const char *prefix) { SSL_CIPHER *ciph; X509 *cert; ciph=SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout,"%s%s, cipher %s %s", prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); cert=SSL_get_peer_certificate(c_ssl); if (cert != NULL) { EVP_PKEY *pkey = X509_get_pubkey(cert); if (pkey != NULL) { if (0) ; #ifndef NO_RSA else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL && pkey->pkey.rsa->n != NULL) { BIO_printf(bio_stdout, ", %d bit RSA", BN_num_bits(pkey->pkey.rsa->n)); } #endif #ifndef NO_DSA else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL && pkey->pkey.dsa->p != NULL) { BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(pkey->pkey.dsa->p)); } #endif EVP_PKEY_free(pkey); } X509_free(cert); } /* The SSL API does not allow us to look at temporary RSA/DH keys, * otherwise we should print their lengths too */ BIO_printf(bio_stdout,"\n"); } int main(int argc, char *argv[]) Loading @@ -162,12 +209,14 @@ int main(int argc, char *argv[]) SSL *c_ssl,*s_ssl; int number=1,reuse=0; long bytes=1L; SSL_CIPHER *ciph; #ifndef NO_DH DH *dh; int dhe1024 = 0, dhe1024dsa = 0; #endif int no_dhe = 0; int print_time = 0; clock_t s_time = 0, c_time = 0; verbose = 0; debug = 0; cipher = 0; Loading Loading @@ -261,6 +310,10 @@ int main(int argc, char *argv[]) { force = 1; } else if (strcmp(*argv,"-time") == 0) { print_time = 1; } else { fprintf(stderr,"unknown option %s\n",*argv); Loading @@ -279,15 +332,24 @@ bad: if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f switch to perform " "the test anyway\n" "(and -d to see what happens, " "and -bio_pair to really make it happen :-)\n" "or add one of -ssl2, -ssl3, -tls1, -reuse to " "avoid protocol mismatch.\n"); fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " "or add one of -ssl2, -ssl3, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); exit(1); } if (print_time) { if (!bio_pair) { fprintf(stderr, "Using BIO pair (-bio_pair)\n"); bio_pair = 1; } if (number < 50 && !force) fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); } /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ SSL_library_init(); Loading Loading @@ -405,21 +467,24 @@ bad: { if (!reuse) SSL_set_session(c_ssl,NULL); if (bio_pair) ret=doit_biopair(s_ssl,c_ssl,bytes); ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time); else ret=doit(s_ssl,c_ssl,bytes); } if (!verbose) { ciph=SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout,"Protocol %s, cipher %s, %s\n", SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); print_details(c_ssl, ""); } if ((number > 1) || (bytes > 1L)) BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes); if (print_time) { BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" "Approximate total client time: %6.2f s\n", (double)s_time/CLOCKS_PER_SEC, (double)c_time/CLOCKS_PER_SEC); } SSL_free(s_ssl); SSL_free(c_ssl); Loading @@ -438,12 +503,12 @@ end: EXIT(ret); } int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time, clock_t *c_time) { long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; SSL_CIPHER *ciph; int ret = 1; size_t bufsiz = 256; /* small buffer for testing */ Loading Loading @@ -516,6 +581,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) MS_STATIC char cbuf[1024*8]; int i, r; clock_t c_clock = clock(); if (debug) if (SSL_in_init(c_ssl)) Loading Loading @@ -582,6 +648,16 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) cr_num -= r; } } /* c_time and s_time increments will typically be very small * (depending on machine speed and clock tick intervals), * but sampling over a large number of connections should * result in fairly accurate figures. We cannot guarantee * a lot, however -- if each connection lasts for exactly * one clock tick, it will be counted only for the client * or only for the server or even not at all. */ *c_time += (clock() - c_clock); } { Loading @@ -589,6 +665,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) MS_STATIC char sbuf[1024*8]; int i, r; clock_t s_clock = clock(); if (debug) if (SSL_in_init(s_ssl)) Loading Loading @@ -652,6 +729,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) sr_num -= r; } } *s_time += (clock() - s_clock); } { Loading Loading @@ -777,12 +856,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); ciph = SSL_get_current_cipher(c_ssl); if (verbose) fprintf(stdout,"DONE via BIO pair, protocol %s, cipher %s, %s\n", SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); print_details(c_ssl, "DONE via BIO pair: "); end: ret = 0; Loading Loading @@ -827,7 +902,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) int done=0; int c_write,s_write; int do_server=0,do_client=0; SSL_CIPHER *ciph; c_to_s=BIO_new(BIO_s_mem()); s_to_c=BIO_new(BIO_s_mem()); Loading Loading @@ -1077,12 +1151,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if ((done & S_DONE) && (done & C_DONE)) break; } ciph=SSL_get_current_cipher(c_ssl); if (verbose) fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n", SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); print_details(c_ssl, "DONE: "); ret=0; err: /* We have to set the BIO's to NULL otherwise they will be Loading
test/testssl +6 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ echo test sslv2/sslv3 via BIO pair echo test sslv2/sslv3 w/o DHE via BIO pair ./ssltest -bio_pair -no_dhe || exit 1 echo test sslv2/sslv3 with 1024bit DHE echo test sslv2/sslv3 with 1024bit DHE via BIO pair ./ssltest -bio_pair -dhe1024dsa -v || exit 1 echo test sslv2/sslv3 with server authentication Loading @@ -78,4 +78,9 @@ echo test sslv2/sslv3 with client authentication via BIO pair echo test sslv2/sslv3 with both client and server authentication via BIO pair ./ssltest -bio_pair -server_auth -client_auth -CApath ../certs || exit 1 echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1 exit 0
