Bug Summary

File:src/usr.bin/openssl/s_time.c
Warning:line 463, column 17
Division by zero

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name s_time.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/openssl/obj -resource-dir /usr/local/lib/clang/13.0.0 -D LIBRESSL_INTERNAL -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/openssl/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/openssl/s_time.c
1/* $OpenBSD: s_time.c,v 1.34 2019/07/14 03:30:46 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/*-----------------------------------------
60 s_time - SSL client connection timer program
61 Written and donated by Larry Streepy <streepy@healthcare.com>
62 -----------------------------------------*/
63
64#include <sys/types.h>
65#include <sys/socket.h>
66
67#include <stdio.h>
68#include <stdlib.h>
69#include <limits.h>
70#include <string.h>
71#include <unistd.h>
72#include <poll.h>
73
74#include "apps.h"
75
76#include <openssl/err.h>
77#include <openssl/pem.h>
78#include <openssl/ssl.h>
79#include <openssl/x509.h>
80
81#include "s_apps.h"
82
83#define SSL_CONNECT_NAME"localhost:4433" "localhost:4433"
84
85#define BUFSIZZ1024*10 1024*10
86
87#define MYBUFSIZ1024*8 1024*8
88
89#define SECONDS30 30
90extern int verify_depth;
91
92static void s_time_usage(void);
93static int run_test(SSL *);
94static int benchmark(int);
95static void print_tally_mark(SSL *);
96
97static SSL_CTX *tm_ctx = NULL((void*)0);
98static const SSL_METHOD *s_time_meth = NULL((void*)0);
99static long bytes_read = 0;
100
101struct {
102 int bugs;
103 char *CAfile;
104 char *CApath;
105 char *certfile;
106 char *cipher;
107 char *host;
108 char *keyfile;
109 time_t maxtime;
110 int nbio;
111 int no_shutdown;
112 int perform;
113 int verify;
114 int verify_depth;
115 char *www_path;
116} s_time_config;
117
118static const struct option s_time_options[] = {
119 {
120 .name = "bugs",
121 .desc = "Enable workarounds for known SSL/TLS bugs",
122 .type = OPTION_FLAG,
123 .opt.flag = &s_time_config.bugs,
124 },
125 {
126 .name = "CAfile",
127 .argname = "file",
128 .desc = "File containing trusted certificates in PEM format",
129 .type = OPTION_ARG,
130 .opt.arg = &s_time_config.CAfile,
131 },
132 {
133 .name = "CApath",
134 .argname = "path",
135 .desc = "Directory containing trusted certificates",
136 .type = OPTION_ARG,
137 .opt.arg = &s_time_config.CApath,
138 },
139 {
140 .name = "cert",
141 .argname = "file",
142 .desc = "Client certificate to use, if one is requested",
143 .type = OPTION_ARG,
144 .opt.arg = &s_time_config.certfile,
145 },
146 {
147 .name = "cipher",
148 .argname = "list",
149 .desc = "List of cipher suites to send to the server",
150 .type = OPTION_ARG,
151 .opt.arg = &s_time_config.cipher,
152 },
153 {
154 .name = "connect",
155 .argname = "host:port",
156 .desc = "Host and port to connect to (default "
157 SSL_CONNECT_NAME"localhost:4433" ")",
158 .type = OPTION_ARG,
159 .opt.arg = &s_time_config.host,
160 },
161 {
162 .name = "key",
163 .argname = "file",
164 .desc = "Client private key to use, if one is required",
165 .type = OPTION_ARG,
166 .opt.arg = &s_time_config.keyfile,
167 },
168 {
169 .name = "nbio",
170 .desc = "Use non-blocking I/O",
171 .type = OPTION_FLAG,
172 .opt.flag = &s_time_config.nbio,
173 },
174 {
175 .name = "new",
176 .desc = "Use a new session ID for each connection",
177 .type = OPTION_VALUE,
178 .opt.value = &s_time_config.perform,
179 .value = 1,
180 },
181 {
182 .name = "no_shutdown",
183 .desc = "Shut down the connection without notifying the server",
184 .type = OPTION_FLAG,
185 .opt.flag = &s_time_config.no_shutdown,
186 },
187 {
188 .name = "reuse",
189 .desc = "Reuse the same session ID for each connection",
190 .type = OPTION_VALUE,
191 .opt.value = &s_time_config.perform,
192 .value = 2,
193 },
194 {
195 .name = "time",
196 .argname = "seconds",
197 .desc = "Duration to perform timing tests for (default 30)",
198 .type = OPTION_ARG_TIME,
199 .opt.tvalue = &s_time_config.maxtime,
200 },
201 {
202 .name = "verify",
203 .argname = "depth",
204 .desc = "Enable peer certificate verification with given depth",
205 .type = OPTION_ARG_INT,
206 .opt.value = &s_time_config.verify_depth,
207 },
208 {
209 .name = "www",
210 .argname = "page",
211 .desc = "Page to GET from the server (default none)",
212 .type = OPTION_ARG,
213 .opt.arg = &s_time_config.www_path,
214 },
215 { NULL((void*)0) },
216};
217
218static void
219s_time_usage(void)
220{
221 fprintf(stderr(&__sF[2]),
222 "usage: s_time "
223 "[-bugs] [-CAfile file] [-CApath directory] [-cert file]\n"
224 " [-cipher cipherlist] [-connect host:port] [-key keyfile]\n"
225 " [-nbio] [-new] [-no_shutdown] [-reuse] [-time seconds]\n"
226 " [-verify depth] [-www page]\n\n");
227 options_usage(s_time_options);
228}
229
230/***********************************************************************
231 * MAIN - main processing area for client
232 * real name depends on MONOLITH
233 */
234int
235s_time_main(int argc, char **argv)
236{
237 int ret = 1;
238
239 if (single_execution) {
1
Assuming 'single_execution' is 0
2
Taking false branch
240 if (pledge("stdio rpath inet dns", NULL((void*)0)) == -1) {
241 perror("pledge");
242 exit(1);
243 }
244 }
245
246 s_time_meth = TLS_client_method();
247
248 verify_depth = 0;
249
250 memset(&s_time_config, 0, sizeof(s_time_config));
251
252 s_time_config.host = SSL_CONNECT_NAME"localhost:4433";
253 s_time_config.maxtime = SECONDS30;
254 s_time_config.perform = 3;
255 s_time_config.verify = SSL_VERIFY_NONE0x00;
256 s_time_config.verify_depth = -1;
257
258 if (options_parse(argc, argv, s_time_options, NULL((void*)0), NULL((void*)0)) != 0) {
3
Assuming the condition is false
4
Taking false branch
259 s_time_usage();
260 goto end;
261 }
262
263 if (s_time_config.verify_depth >= 0) {
5
Assuming field 'verify_depth' is < 0
6
Taking false branch
264 s_time_config.verify = SSL_VERIFY_PEER0x01 | SSL_VERIFY_CLIENT_ONCE0x04;
265 verify_depth = s_time_config.verify_depth;
266 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
267 }
268
269 if (s_time_config.www_path != NULL((void*)0) &&
7
Assuming field 'www_path' is equal to NULL
270 strlen(s_time_config.www_path) > MYBUFSIZ1024*8 - 100) {
271 BIO_printf(bio_err, "-www option too long\n");
272 goto end;
273 }
274
275 if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL((void*)0))
8
Assuming the condition is false
9
Taking false branch
276 return (1);
277
278 SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
279
280 if (s_time_config.bugs)
10
Assuming field 'bugs' is 0
11
Taking false branch
281 SSL_CTX_set_options(tm_ctx, SSL_OP_ALL)SSL_CTX_ctrl((tm_ctx),32,((0x00000004L)),((void*)0));
282
283 if (s_time_config.cipher != NULL((void*)0)) {
12
Assuming field 'cipher' is equal to NULL
13
Taking false branch
284 if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
285 BIO_printf(bio_err, "error setting cipher list\n");
286 ERR_print_errors(bio_err);
287 goto end;
288 }
289 }
290
291 SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL((void*)0));
292
293 if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
14
Assuming the condition is false
15
Taking false branch
294 s_time_config.keyfile))
295 goto end;
296
297 if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
16
Assuming the condition is true
298 s_time_config.CApath)) ||
299 (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
300 /*
301 * BIO_printf(bio_err,"error setting default verify
302 * locations\n");
303 */
304 ERR_print_errors(bio_err);
305 /* goto end; */
306 }
307
308 /* Loop and time how long it takes to make connections */
309 if (s_time_config.perform & 1) {
17
Assuming the condition is true
18
Taking true branch
310 printf("Collecting connection statistics for %lld seconds\n",
311 (long long)s_time_config.maxtime);
312 if (benchmark(0))
19
Calling 'benchmark'
313 goto end;
314 }
315 /*
316 * Now loop and time connections using the same session id over and
317 * over
318 */
319 if (s_time_config.perform & 2) {
320 printf("\n\nNow timing with session id reuse.\n");
321 if (benchmark(1))
322 goto end;
323 }
324 ret = 0;
325 end:
326 if (tm_ctx != NULL((void*)0)) {
327 SSL_CTX_free(tm_ctx);
328 tm_ctx = NULL((void*)0);
329 }
330
331 return (ret);
332}
333
334/***********************************************************************
335 * run_test - make a connection, get a file, and shut down the connection
336 *
337 * Args:
338 * scon = SSL connection
339 * Returns:
340 * 1 on success, 0 on error
341 */
342static int
343run_test(SSL *scon)
344{
345 char buf[1024 * 8];
346 struct pollfd pfd[1];
347 BIO *conn;
348 long verify_error;
349 int i, retval;
350
351 if ((conn = BIO_new(BIO_s_connect())) == NULL((void*)0))
352 return 0;
353 BIO_set_conn_hostname(conn, s_time_config.host)BIO_ctrl(conn,100,0,(char *)s_time_config.host);
354 SSL_set_connect_state(scon);
355 SSL_set_bio(scon, conn, conn);
356 for (;;) {
357 i = SSL_connect(scon);
358 if (BIO_sock_should_retry(i)) {
359 BIO_printf(bio_err, "DELAY\n");
360 pfd[0].fd = SSL_get_fd(scon);
361 pfd[0].events = POLLIN0x0001;
362 poll(pfd, 1, -1);
363 continue;
364 }
365 break;
366 }
367 if (i <= 0) {
368 BIO_printf(bio_err, "ERROR\n");
369 verify_error = SSL_get_verify_result(scon);
370 if (verify_error != X509_V_OK0)
371 BIO_printf(bio_err, "verify error:%s\n",
372 X509_verify_cert_error_string(verify_error));
373 else
374 ERR_print_errors(bio_err);
375 return 0;
376 }
377 if (s_time_config.www_path != NULL((void*)0)) {
378 retval = snprintf(buf, sizeof buf,
379 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
380 if (retval < 0 || retval >= sizeof buf) {
381 fprintf(stderr(&__sF[2]), "URL too long\n");
382 return 0;
383 }
384 if (SSL_write(scon, buf, retval) != retval)
385 return 0;
386 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
387 bytes_read += i;
388 }
389 if (s_time_config.no_shutdown)
390 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN1 |
391 SSL_RECEIVED_SHUTDOWN2);
392 else
393 SSL_shutdown(scon);
394 return 1;
395}
396
397static void
398print_tally_mark(SSL *scon)
399{
400 int ver;
401
402 if (SSL_session_reused(scon)SSL_ctrl((scon),8,0,((void*)0)))
403 ver = 'r';
404 else {
405 ver = SSL_version(scon);
406 if (ver == TLS1_VERSION0x0301)
407 ver = 't';
408 else
409 ver = '*';
410 }
411 fputc(ver, stdout(&__sF[1]));
412 fflush(stdout(&__sF[1]));
413}
414
415static int
416benchmark(int reuse_session)
417{
418 double elapsed, totalTime;
419 int nConn = 0;
420 SSL *scon = NULL((void*)0);
421 int ret = 1;
422
423 if (reuse_session
19.1
'reuse_session' is 0
) {
20
Taking false branch
424 /* Get an SSL object so we can reuse the session id */
425 if ((scon = SSL_new(tm_ctx)) == NULL((void*)0))
426 goto end;
427 if (!run_test(scon)) {
428 fprintf(stderr(&__sF[2]), "Unable to get connection\n");
429 goto end;
430 }
431 printf("starting\n");
432 }
433
434 nConn = 0;
21
The value 0 is assigned to 'nConn'
435 bytes_read = 0;
436
437 app_timer_real(TM_RESET0);
438 app_timer_user(TM_RESET0);
439 for (;;) {
22
Loop condition is true. Entering loop body
440 elapsed = app_timer_real(TM_GET1);
441 if (elapsed > s_time_config.maxtime)
23
Assuming 'elapsed' is > field 'maxtime'
24
Taking true branch
442 break;
25
 Execution continues on line 456
443 if (scon == NULL((void*)0)) {
444 if ((scon = SSL_new(tm_ctx)) == NULL((void*)0))
445 goto end;
446 }
447 if (!run_test(scon))
448 goto end;
449 nConn += 1;
450 print_tally_mark(scon);
451 if (!reuse_session) {
452 SSL_free(scon);
453 scon = NULL((void*)0);
454 }
455 }
456 totalTime = app_timer_user(TM_GET1);
457
458 printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
459 nConn, totalTime, ((double) nConn / totalTime), bytes_read);
460 printf("%d connections in %.0f real seconds, %ld bytes read per connection\n",
461 nConn,
462 elapsed,
463 bytes_read / nConn);
26
Division by zero
464
465 ret = 0;
466 end:
467 SSL_free(scon);
468 return ret;
469}