Re: openssl s_time: different tally marks for different TLS versions

Scott Cheloha Sat, 15 Sep 2018 12:21:47 -0700
Bump.

On Tue, Aug 28, 2018 at 10:33:34AM -0500, Scott Cheloha wrote:
> Two diffs here.
> 
> First, move the tally mark printing out of the benchmark loop.
> 
> Second, print '0' for TLS 1.0, '1' for TLS 1.1, etc.
> 
> This breaks stdout compatibility with OpenSSL s_time, and prior
> versions of s_time in general, because 't' was used for TLS 1.0
> (behavior change) and '2' was used for SSLv2 (marker collision).
> 
> (The choice of a single character as the mark predated any plans
> for a successor to SSL.  The choice of 't' predated any plans for
> a revision to TLS.)
> 
> I think the utility of distinguishing between the various TLS
> versions at a glance outweighs the value of compatibility with
> older versions of the software.  Especially given how haphazard
> the stdout behavior of this code is anyway, I don't think we're
> going to break a zillion scripts.  The primary utility of this
> app is interactive testing and eyeballing your performance.
> 
> But... if this is unacceptable the alternative is to just print
> 't' for any and all TLS versions.  I think this is less useful,
> but one can always use s_client, so it isn't the end of the world.
> 
> Thoughts?  ok?
> 
> PS. Using DTLS to encrypt HTTP isn't a thing, right?  It isn't
> useful to check for DTLS1_VERSION from SSL_version(3)?
> 
> Diff 1:
> 
> Index: s_time.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/s_time.c,v
> retrieving revision 1.31
> diff -u -p -r1.31 s_time.c
> --- s_time.c  28 Aug 2018 14:30:48 -0000      1.31
> +++ s_time.c  28 Aug 2018 15:13:18 -0000
> @@ -92,6 +92,7 @@ extern int verify_depth;
>  static void s_time_usage(void);
>  static int run_test(SSL *);
>  static int benchmark(int);
> +static void print_tally_mark(SSL *);
>  
>  static SSL_CTX *tm_ctx = NULL;
>  static const SSL_METHOD *s_time_meth = NULL;
> @@ -393,6 +394,24 @@ run_test(SSL *scon)
>       return 1;
>  }
>  
> +static void
> +print_tally_mark(SSL *scon)
> +{
> +     int ver;
> +
> +     if (SSL_session_reused(scon))
> +             ver = 'r';
> +     else {
> +             ver = SSL_version(scon);
> +             if (ver == TLS1_VERSION)
> +                     ver = 't';
> +             else
> +                     ver = '*';
> +     }
> +     fputc(ver, stdout);
> +     fflush(stdout);
> +}
> +
>  static int
>  benchmark(int reuse_session)
>  {
> @@ -400,7 +419,6 @@ benchmark(int reuse_session)
>       int nConn = 0;
>       SSL *scon = NULL;
>       int ret = 1;
> -     int ver;
>  
>       if (reuse_session) {
>               /* Get an SSL object so we can reuse the session id */
> @@ -429,18 +447,7 @@ benchmark(int reuse_session)
>               if (!run_test(scon))
>                       goto end;
>               nConn += 1;
> -             if (SSL_session_reused(scon))
> -                     ver = 'r';
> -             else {
> -                     ver = SSL_version(scon);
> -                     if (ver == TLS1_VERSION)
> -                             ver = 't';
> -                     else
> -                             ver = '*';
> -             }
> -             fputc(ver, stdout);
> -             fflush(stdout);
> -
> +             print_tally_mark(scon);
>               if (!reuse_session) {
>                       SSL_free(scon);
>                       scon = NULL;
> 
> Diff 1+2:
> 
> Index: s_time.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/s_time.c,v
> retrieving revision 1.31
> diff -u -p -r1.31 s_time.c
> --- s_time.c  28 Aug 2018 14:30:48 -0000      1.31
> +++ s_time.c  28 Aug 2018 15:15:27 -0000
> @@ -92,6 +92,7 @@ extern int verify_depth;
>  static void s_time_usage(void);
>  static int run_test(SSL *);
>  static int benchmark(int);
> +static void print_tally_mark(SSL *);
>  
>  static SSL_CTX *tm_ctx = NULL;
>  static const SSL_METHOD *s_time_meth = NULL;
> @@ -393,6 +394,33 @@ run_test(SSL *scon)
>       return 1;
>  }
>  
> +static void
> +print_tally_mark(SSL *scon)
> +{
> +     int mark;
> +
> +     if (SSL_session_reused(scon)) {
> +             mark = 'r';
> +             goto print;
> +     }
> +     switch (SSL_version(scon)) {
> +     case TLS1_VERSION:
> +             mark = '0';
> +             break;
> +     case TLS1_1_VERSION:
> +             mark = '1';
> +             break;
> +     case TLS1_2_VERSION:
> +             mark = '2';
> +             break;
> +     default:
> +             mark = '*';
> +     }
> + print:
> +     fputc(mark, stdout);
> +     fflush(stdout);
> +}
> +
>  static int
>  benchmark(int reuse_session)
>  {
> @@ -400,7 +428,6 @@ benchmark(int reuse_session)
>       int nConn = 0;
>       SSL *scon = NULL;
>       int ret = 1;
> -     int ver;
>  
>       if (reuse_session) {
>               /* Get an SSL object so we can reuse the session id */
> @@ -429,18 +456,7 @@ benchmark(int reuse_session)
>               if (!run_test(scon))
>                       goto end;
>               nConn += 1;
> -             if (SSL_session_reused(scon))
> -                     ver = 'r';
> -             else {
> -                     ver = SSL_version(scon);
> -                     if (ver == TLS1_VERSION)
> -                             ver = 't';
> -                     else
> -                             ver = '*';
> -             }
> -             fputc(ver, stdout);
> -             fflush(stdout);
> -
> +             print_tally_mark(scon);
>               if (!reuse_session) {
>                       SSL_free(scon);
>                       scon = NULL;
Re: openssl s_time: different tally marks for different TLS versions

Reply via email to
