From 412c2d4294ec2135ed9b3a994fa7eacd98fa5e15 Mon Sep 17 00:00:00 2001 From: Henry Case Date: Tue, 23 Jul 2019 18:16:52 +0100 Subject: [PATCH] WiP: make it possible to set DH group id for setting CECPQ2 / 2b --- src/conn.c | 11 +++++- src/httperf.c | 92 +++++++++++++++++++++++++++------------------------ src/httperf.h | 5 +-- 3 files changed, 62 insertions(+), 46 deletions(-) diff --git a/src/conn.c b/src/conn.c index b9a3f97..a265b04 100755 --- a/src/conn.c +++ b/src/conn.c @@ -126,7 +126,7 @@ conn_init(Conn *conn) { SSL_set_tlsext_host_name(conn->ssl, param.tls_server_name); } - + if (param.ssl_cipher_list) { /* set order of ciphers */ int ssl_err = SSL_set_cipher_list(conn->ssl, param.ssl_cipher_list); @@ -136,6 +136,15 @@ conn_init(Conn *conn) "core_ssl_connect: set_cipher_list returned %d\n", ssl_err); } + + if (param.ssl_groups) { + int ssl_err = SSL_set1_curves_list(conn->ssl, param.ssl_groups); + + if (DBG > 2) + fprintf(stderr, + "core_ssl_connect: set_grtou returned %d\n", + ssl_err); + } } #endif } diff --git a/src/httperf.c b/src/httperf.c index 5dbba07..03aed26 100755 --- a/src/httperf.c +++ b/src/httperf.c @@ -1,56 +1,56 @@ /* * Copyright (C) 2000-2007 Hewlett-Packard Company * Copyright (C) 2007 Ted Bullock - * + * * This file is part of httperf, a web server performance measurment tool. - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at your option) * any later version. - * + * * In addition, as a special exception, the copyright holders give permission * to link the code of this work with the OpenSSL project's "OpenSSL" library - * (or with modified versions of it that use the same license as the "OpenSSL" + * (or with modified versions of it that use the same license as the "OpenSSL" * library), and distribute linked combinations including the two. You must * obey the GNU General Public License in all respects for all of the code * used other than "OpenSSL". If you modify this file, you may extend this * exception to your version of the file, but you are not obligated to do so. * If you do not wish to do so, delete this exception statement from your * version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT + * + * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * more details. - * + * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., 51 - * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* * Fundamentals: - * + * * There are three subsystems to httperf: - * + * * 1) The load generator which determines what URI is fetched next. - * + * * 2) The core engine that handles the mechanics of issuing a request. - * + * * 3) The instrumentation infrastructure that measures various aspects of the * transaction(s). - * - * Since there is considerable potential variation in all three, it seems like + * + * Since there is considerable potential variation in all three, it seems like * an event-based approach might be ideal in tying the three together. * Ideally, it should be possible to write a new load generator without - * modifications to the other subsystems. Similarly, it should be possible to - * add instrumentation without requiring changes to the load generator or http + * modifications to the other subsystems. Similarly, it should be possible to + * add instrumentation without requiring changes to the load generator or http * engine. - * + * * Axioms: - The only point at which the client will fall back is if the * client itself is overloaded. There is no point trying to fix up this - * case---simply declare defeat and abort the test. + * case---simply declare defeat and abort the test. */ #include "config.h" @@ -144,6 +144,7 @@ static struct option longopts[] = { #ifdef HAVE_SSL {"ssl", no_argument, ¶m.use_ssl, 1}, {"ssl-ciphers", required_argument, (int *) ¶m.ssl_cipher_list, 0}, + {"ssl-groups", required_argument, (int *) ¶m.ssl_groups, 0}, {"tls-server-name", required_argument, (int *) ¶m.tls_server_name, 0}, {"ssl-no-reuse", no_argument, ¶m.ssl_reuse, 0}, {"ssl-certificate", required_argument, (int *) ¶m.ssl_cert, 0}, @@ -186,6 +187,7 @@ usage(void) "\t[--ssl-certificate file] [--ssl-key file]\n" "\t[--ssl-ca-file file] [--ssl-ca-path path]\n" "\t[--ssl-verify [yes|no]] [--ssl-protocol S]\n" + "\t[--ssl-groups L]\n" #endif "\t[--think-timeout X] [--timeout X] [--verbose] [--version]\n" "\t[--wlog y|n,file] [--wsess N,N,X] [--wsesslog N,X,file]\n" @@ -220,7 +222,7 @@ perf_sample(struct Timer *t, Any_Type regarg) event_signal(EV_PERF_SAMPLE, 0, callarg); /* - * prepare for next sample interval: + * prepare for next sample interval: */ perf_sample_start = timer_now(); if (timer_schedule(perf_sample, regarg, RATE_INTERVAL) == NULL) @@ -261,7 +263,7 @@ main(int argc, char **argv) /* * This works around a bug in earlier versions of FreeBSD that cause * non-finite IEEE arithmetic to cause SIGFPE instead of the - * non-finite arithmetic as defined by IEEE. + * non-finite arithmetic as defined by IEEE. */ fpsetmask(0); #endif @@ -279,7 +281,7 @@ main(int argc, char **argv) param.num_conns = 1; /* * These should be set to the minimum of 2*bandwidth*delay and the - * maximum request/reply size for single-call connections. + * maximum request/reply size for single-call connections. */ param.send_buffer_size = 4096; param.recv_buffer_size = 16384; @@ -291,7 +293,7 @@ main(int argc, char **argv) #endif /* - * get program name: + * get program name: */ prog_name = strrchr(argv[0], '/'); if (prog_name) @@ -300,7 +302,7 @@ main(int argc, char **argv) prog_name = argv[0]; /* - * process command line options: + * process command line options: */ while ((ch = getopt_long(argc, argv, "d:hvVn", longopts, &longindex)) >= 0) { @@ -428,7 +430,7 @@ main(int argc, char **argv) param.rate.mean_iat = 1 / param.rate.rate_param; param.rate.dist = DETERMINISTIC; - } else if (flag == ¶m.rate.mean_iat) { /* --period + } else if (flag == ¶m.rate.mean_iat) { /* --period */ param.rate.dist = DETERMINISTIC; if (!isdigit(*optarg)) @@ -457,7 +459,7 @@ main(int argc, char **argv) /* * remaining params depend on selected - * distribution: + * distribution: */ errno = 0; switch (param.rate.dist) { @@ -647,6 +649,8 @@ main(int argc, char **argv) #ifdef HAVE_SSL else if (flag == ¶m.ssl_cipher_list) param.ssl_cipher_list = optarg; + else if (flag == ¶m.ssl_groups) + param.ssl_groups = optarg; else if (flag == ¶m.ssl_cert) param.ssl_cert = optarg; else if (flag == ¶m.ssl_key) @@ -877,18 +881,18 @@ main(int argc, char **argv) optarg = end + 1; /* - * simulate parsing of string + * simulate parsing of string */ param.wsesslog.file = optarg; if ((end = strchr(optarg, ',')) == NULL) /* - * must be last param, position end at - * final \0 + * must be last param, position end at + * final \0 */ end = optarg + strlen(optarg); else /* - * terminate end of string + * terminate end of string */ *end++ = '\0'; optarg = end; @@ -996,7 +1000,7 @@ main(int argc, char **argv) * Invalid or ambiguous option name or extraneous * parameter. getopt_long () already issued an * explanation to the user, so all we do is call it - * quites. + * quites. */ exit(1); @@ -1034,7 +1038,7 @@ main(int argc, char **argv) switch (param.ssl_protocol) { /* 0/auto for highest available */ - case 0: + case 0: #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ssl_ctx = SSL_CTX_new (TLS_client_method ()); break; #else @@ -1043,7 +1047,7 @@ main(int argc, char **argv) #ifndef OPENSSL_NO_SSL2 /* 2/SSLv2 */ - case 2: + case 2: #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ssl_ctx = SSL_CTX_new (TLS_client_method ()); #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) @@ -1058,7 +1062,7 @@ main(int argc, char **argv) #ifndef OPENSSL_NO_SSL3 /* 3/SSLv3 */ - case 3: + case 3: #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ssl_ctx = SSL_CTX_new (TLS_client_method ()); SSL_CTX_set_min_proto_version(ssl_ctx, SSL3_VERSION); @@ -1069,9 +1073,9 @@ main(int argc, char **argv) #endif #endif /* 4/TLSv1.0 */ - case 4: + case 4: #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) - ssl_ctx = SSL_CTX_new (TLS_client_method ()); + ssl_ctx = SSL_CTX_new (TLS_client_method ()); SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION); SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION); break; @@ -1114,7 +1118,7 @@ main(int argc, char **argv) #endif } - + if (!ssl_ctx) { ERR_print_errors_fp(stderr); exit(-1); @@ -1122,7 +1126,7 @@ main(int argc, char **argv) memset(buf, 0, sizeof(buf)); RAND_seed(buf, sizeof(buf)); - + /* set server certificate verification */ if (param.ssl_verify == 1) SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, NULL); @@ -1175,7 +1179,7 @@ main(int argc, char **argv) "SSL certificate and key failed consistency check\n"); exit (1); } - } + } } #endif if (param.port < 0) @@ -1199,7 +1203,7 @@ main(int argc, char **argv) gen[num_gen++] = &misc; /* - * echo command invocation for logging purposes: + * echo command invocation for logging purposes: */ printf("%s", prog_name); if (verbose) @@ -1265,7 +1269,7 @@ main(int argc, char **argv) case DETERMINISTIC: /* * for backwards compatibility, continue to use - * --rate: + * --rate: */ printf(" --rate=%g", param.rate.rate_param); break; @@ -1310,6 +1314,8 @@ main(int argc, char **argv) printf(" --ssl-ciphers=%s", param.ssl_cipher_list); if (param.tls_server_name) printf(" --tls-server-name=%s", param.tls_server_name); + if (param.ssl_groups) + printf(" --ssl-groups=%s", param.ssl_groups); if (!param.ssl_reuse) printf(" --ssl-no-reuse"); if (param.ssl_cert) printf (" --ssl-cert=%s", param.ssl_cert); @@ -1345,7 +1351,7 @@ main(int argc, char **argv) if (param.wsesslog.num_sessions) { /* * This overrides any --wsess, --num-conns, --num-calls, - * --burst-length and any uri generator + * --burst-length and any uri generator */ printf(" --wsesslog=%u,%.3f,%s", param.wsesslog.num_sessions, param.wsesslog.think_time, param.wsesslog.file); @@ -1390,12 +1396,12 @@ main(int argc, char **argv) /* * Update `now'. This is to keep things accurate even when some of - * the initialization routines take a long time to execute. + * the initialization routines take a long time to execute. */ timer_now_forced(); /* - * ensure that clients sample rates at different times: + * ensure that clients sample rates at different times: */ t = (param.client.id + 1.0) * RATE_INTERVAL / param.client.num_clients; arg.l = 0; diff --git a/src/httperf.h b/src/httperf.h index e51b4ac..0bed7db 100755 --- a/src/httperf.h +++ b/src/httperf.h @@ -9,7 +9,7 @@ modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + In addition, as a special exception, the copyright holders give permission to link the code of this work with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same @@ -27,7 +27,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -127,6 +127,7 @@ typedef struct Cmdline_Params const char *ssl_key; /* client key file name */ const char *ssl_ca_file; /* certificate authority file */ const char *ssl_ca_path; /* certificate authority path */ + const char *ssl_groups; /* client's list of SSL key exchange algorithms */ #endif int use_timer_cache; const char *additional_header; /* additional request header(s) */