Bug Summary

File:out/../deps/openssl/openssl/apps/s_time.c
Warning:line 342, column 17
Although the value stored to 'i' is used in the enclosing expression, the value is never actually read from 'i'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name s_time.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_API_COMPAT=0x10100001L -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl/apps/include -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/config/archs/linux-x86_64/asm -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/apps/s_time.c
1/*
2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <string.h>
13
14#include <openssl/opensslconf.h>
15
16#ifndef OPENSSL_NO_SOCK
17
18#include "apps.h"
19#include "progs.h"
20#include <openssl/x509.h>
21#include <openssl/ssl.h>
22#include <openssl/pem.h>
23#include "s_apps.h"
24#include <openssl/err.h>
25#include "internal/sockets.h"
26#if !defined(OPENSSL_SYS_MSDOS)
27# include <unistd.h>
28#endif
29
30#define SSL_CONNECT_NAME"localhost:4433" "localhost:4433"
31
32#define SECONDS30 30
33#define SECONDSSTR"30" "30"
34
35static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
36
37/*
38 * Define a HTTP get command globally.
39 * Also define the size of the command, this is two bytes less than
40 * the size of the string because the %s is replaced by the URL.
41 */
42static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
43static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
44
45typedef enum OPTION_choice {
46 OPT_COMMONOPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
47 OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
48 OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
49 OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
50 OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
51 OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3,
52 OPT_PROV_ENUMOPT_PROV__FIRST=1600, OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH
, OPT_PROV_PROPQUERY, OPT_PROV__LAST
53} OPTION_CHOICE;
54
55const OPTIONS s_time_options[] = {
56 OPT_SECTION("General"){ OPT_SECTION_STR, 1, '-', "General" " options:\n" },
57 {"help", OPT_HELP, '-', "Display this summary"},
58
59 OPT_SECTION("Connection"){ OPT_SECTION_STR, 1, '-', "Connection" " options:\n" },
60 {"connect", OPT_CONNECT, 's',
61 "Where to connect as post:port (default is " SSL_CONNECT_NAME"localhost:4433" ")"},
62 {"new", OPT_NEW, '-', "Just time new connections"},
63 {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
64 {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
65 {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"},
66 {"ciphersuites", OPT_CIPHERSUITES, 's',
67 "Specify TLSv1.3 ciphersuites to be used"},
68#ifndef OPENSSL_NO_SSL3
69 {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
70#endif
71#ifndef OPENSSL_NO_TLS1
72 {"tls1", OPT_TLS1, '-', "Just use TLSv1.0"},
73#endif
74#ifndef OPENSSL_NO_TLS1_1
75 {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
76#endif
77#ifndef OPENSSL_NO_TLS1_2
78 {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
79#endif
80#ifndef OPENSSL_NO_TLS1_3
81 {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
82#endif
83 {"verify", OPT_VERIFY, 'p',
84 "Turn on peer certificate verification, set depth"},
85 {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR"30"},
86 {"www", OPT_WWW, 's', "Fetch specified page from the site"},
87
88 OPT_SECTION("Certificate"){ OPT_SECTION_STR, 1, '-', "Certificate" " options:\n" },
89 {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
90 {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
91 {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
92 {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
93 {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
94 {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
95 {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"},
96 {"no-CAfile", OPT_NOCAFILE, '-',
97 "Do not load the default certificates file"},
98 {"no-CApath", OPT_NOCAPATH, '-',
99 "Do not load certificates from the default certificates directory"},
100 {"no-CAstore", OPT_NOCASTORE, '-',
101 "Do not load certificates from the default certificates store URI"},
102
103 OPT_PROV_OPTIONS{ OPT_SECTION_STR, 1, '-', "Provider" " options:\n" }, { "provider-path"
, OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)"
}, { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)"
}, { "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms"
},
104 {NULL((void*)0)}
105};
106
107#define START0 0
108#define STOP1 1
109
110static double tm_Time_F(int s)
111{
112 return app_tminterval(s, 1);
113}
114
115int s_time_main(int argc, char **argv)
116{
117 char buf[1024 * 8];
118 SSL *scon = NULL((void*)0);
119 SSL_CTX *ctx = NULL((void*)0);
120 const SSL_METHOD *meth = NULL((void*)0);
121 char *CApath = NULL((void*)0), *CAfile = NULL((void*)0), *CAstore = NULL((void*)0);
122 char *cipher = NULL((void*)0), *ciphersuites = NULL((void*)0);
123 char *www_path = NULL((void*)0);
124 char *host = SSL_CONNECT_NAME"localhost:4433", *certfile = NULL((void*)0), *keyfile = NULL((void*)0), *prog;
125 double totalTime = 0.0;
126 int noCApath = 0, noCAfile = 0, noCAstore = 0;
127 int maxtime = SECONDS30, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
128 long bytes_read = 0, finishtime = 0;
129 OPTION_CHOICE o;
130 int min_version = 0, max_version = 0, ver, buf_len, fd;
131 size_t buf_size;
132
133 meth = TLS_client_method();
134
135 prog = opt_init(argc, argv, s_time_options);
136 while ((o = opt_next()) != OPT_EOF) {
137 switch (o) {
138 case OPT_EOF:
139 case OPT_ERR:
140 opthelp:
141 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
142 goto end;
143 case OPT_HELP:
144 opt_help(s_time_options);
145 ret = 0;
146 goto end;
147 case OPT_CONNECT:
148 host = opt_arg();
149 break;
150 case OPT_REUSE:
151 perform = 2;
152 break;
153 case OPT_NEW:
154 perform = 1;
155 break;
156 case OPT_VERIFY:
157 verify_args.depth = opt_int_arg();
158 BIO_printf(bio_err, "%s: verify depth is %d\n",
159 prog, verify_args.depth);
160 break;
161 case OPT_CERT:
162 certfile = opt_arg();
163 break;
164 case OPT_NAMEOPT:
165 if (!set_nameopt(opt_arg()))
166 goto end;
167 break;
168 case OPT_KEY:
169 keyfile = opt_arg();
170 break;
171 case OPT_CAPATH:
172 CApath = opt_arg();
173 break;
174 case OPT_CAFILE:
175 CAfile = opt_arg();
176 break;
177 case OPT_NOCAPATH:
178 noCApath = 1;
179 break;
180 case OPT_NOCAFILE:
181 noCAfile = 1;
182 break;
183 case OPT_CASTORE:
184 CAstore = opt_arg();
185 break;
186 case OPT_NOCASTORE:
187 noCAstore = 1;
188 break;
189 case OPT_CIPHER:
190 cipher = opt_arg();
191 break;
192 case OPT_CIPHERSUITES:
193 ciphersuites = opt_arg();
194 break;
195 case OPT_BUGS:
196 st_bugs = 1;
197 break;
198 case OPT_TIME:
199 maxtime = opt_int_arg();
200 break;
201 case OPT_WWW:
202 www_path = opt_arg();
203 buf_size = strlen(www_path) + fmt_http_get_cmd_size;
204 if (buf_size > sizeof(buf)) {
205 BIO_printf(bio_err, "%s: -www option is too long\n", prog);
206 goto end;
207 }
208 break;
209 case OPT_SSL3:
210 min_version = SSL3_VERSION0x0300;
211 max_version = SSL3_VERSION0x0300;
212 break;
213 case OPT_TLS1:
214 min_version = TLS1_VERSION0x0301;
215 max_version = TLS1_VERSION0x0301;
216 break;
217 case OPT_TLS1_1:
218 min_version = TLS1_1_VERSION0x0302;
219 max_version = TLS1_1_VERSION0x0302;
220 break;
221 case OPT_TLS1_2:
222 min_version = TLS1_2_VERSION0x0303;
223 max_version = TLS1_2_VERSION0x0303;
224 break;
225 case OPT_TLS1_3:
226 min_version = TLS1_3_VERSION0x0304;
227 max_version = TLS1_3_VERSION0x0304;
228 break;
229 case OPT_PROV_CASESOPT_PROV__FIRST: case OPT_PROV__LAST: break; case OPT_PROV_PROVIDER
: case OPT_PROV_PROVIDER_PATH: case OPT_PROV_PROPQUERY:
230 if (!opt_provider(o))
231 goto end;
232 break;
233 }
234 }
235
236 /* No extra arguments. */
237 argc = opt_num_rest();
238 if (argc != 0)
239 goto opthelp;
240
241 if (cipher == NULL((void*)0))
242 cipher = getenv("SSL_CIPHER");
243
244 if ((ctx = SSL_CTX_new(meth)) == NULL((void*)0))
245 goto end;
246
247 SSL_CTX_set_quiet_shutdown(ctx, 1);
248 if (SSL_CTX_set_min_proto_version(ctx, min_version)SSL_CTX_ctrl(ctx, 123, min_version, ((void*)0)) == 0)
249 goto end;
250 if (SSL_CTX_set_max_proto_version(ctx, max_version)SSL_CTX_ctrl(ctx, 124, max_version, ((void*)0)) == 0)
251 goto end;
252
253 if (st_bugs)
254 SSL_CTX_set_options(ctx, SSL_OP_ALL( ((uint64_t)1 << (uint64_t)31) | ((uint64_t)1 <<
(uint64_t)11) | ((uint64_t)1 << (uint64_t)4) | ((uint64_t
)1 << (uint64_t)6) ));
255 if (cipher != NULL((void*)0) && !SSL_CTX_set_cipher_list(ctx, cipher))
256 goto end;
257 if (ciphersuites != NULL((void*)0) && !SSL_CTX_set_ciphersuites(ctx, ciphersuites))
258 goto end;
259 if (!set_cert_stuff(ctx, certfile, keyfile))
260 goto end;
261
262 if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath,
263 CAstore, noCAstore)) {
264 ERR_print_errors(bio_err);
265 goto end;
266 }
267 if (!(perform & 1))
268 goto next;
269 printf("Collecting connection statistics for %d seconds\n", maxtime);
270
271 /* Loop and time how long it takes to make connections */
272
273 bytes_read = 0;
274 finishtime = (long)time(NULL((void*)0)) + maxtime;
275 tm_Time_F(START0);
276 for (;;) {
277 if (finishtime < (long)time(NULL((void*)0)))
278 break;
279
280 if ((scon = doConnection(NULL((void*)0), host, ctx)) == NULL((void*)0))
281 goto end;
282
283 if (www_path != NULL((void*)0)) {
284 buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
285 www_path);
286 if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
287 goto end;
288 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
289 bytes_read += i;
290 }
291 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN1 | SSL_RECEIVED_SHUTDOWN2);
292 BIO_closesocket(SSL_get_fd(scon));
293
294 nConn += 1;
295 if (SSL_session_reused(scon)) {
296 ver = 'r';
297 } else {
298 ver = SSL_version(scon);
299 if (ver == TLS1_VERSION0x0301)
300 ver = 't';
301 else if (ver == SSL3_VERSION0x0300)
302 ver = '3';
303 else
304 ver = '*';
305 }
306 fputc(ver, stdoutstdout);
307 fflush(stdoutstdout);
308
309 SSL_free(scon);
310 scon = NULL((void*)0);
311 }
312 totalTime += tm_Time_F(STOP1); /* Add the time for this iteration */
313
314 i = (int)((long)time(NULL((void*)0)) - finishtime + maxtime);
315 printf
316 ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
317 nConn, totalTime, ((double)nConn / totalTime), bytes_read);
318 printf
319 ("%d connections in %ld real seconds, %ld bytes read per connection\n",
320 nConn, (long)time(NULL((void*)0)) - finishtime + maxtime,
321 nConn > 0 ? bytes_read / nConn : 0l);
322
323 /*
324 * Now loop and time connections using the same session id over and over
325 */
326
327 next:
328 if (!(perform & 2))
329 goto end;
330 printf("\n\nNow timing with session id reuse.\n");
331
332 /* Get an SSL object so we can reuse the session id */
333 if ((scon = doConnection(NULL((void*)0), host, ctx)) == NULL((void*)0)) {
334 BIO_printf(bio_err, "Unable to get connection\n");
335 goto end;
336 }
337
338 if (www_path != NULL((void*)0)) {
339 buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path);
340 if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
341 goto end;
342 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
Although the value stored to 'i' is used in the enclosing expression, the value is never actually read from 'i'
343 continue;
344 }
345 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN1 | SSL_RECEIVED_SHUTDOWN2);
346 if ((fd = SSL_get_fd(scon)) >= 0)
347 BIO_closesocket(fd);
348
349 nConn = 0;
350 totalTime = 0.0;
351
352 finishtime = (long)time(NULL((void*)0)) + maxtime;
353
354 printf("starting\n");
355 bytes_read = 0;
356 tm_Time_F(START0);
357
358 for (;;) {
359 if (finishtime < (long)time(NULL((void*)0)))
360 break;
361
362 if ((doConnection(scon, host, ctx)) == NULL((void*)0))
363 goto end;
364
365 if (www_path != NULL((void*)0)) {
366 buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
367 www_path);
368 if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
369 goto end;
370 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
371 bytes_read += i;
372 }
373 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN1 | SSL_RECEIVED_SHUTDOWN2);
374 if ((fd = SSL_get_fd(scon)) >= 0)
375 BIO_closesocket(fd);
376
377 nConn += 1;
378 if (SSL_session_reused(scon)) {
379 ver = 'r';
380 } else {
381 ver = SSL_version(scon);
382 if (ver == TLS1_VERSION0x0301)
383 ver = 't';
384 else if (ver == SSL3_VERSION0x0300)
385 ver = '3';
386 else
387 ver = '*';
388 }
389 fputc(ver, stdoutstdout);
390 fflush(stdoutstdout);
391 }
392 totalTime += tm_Time_F(STOP1); /* Add the time for this iteration */
393
394 printf
395 ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
396 nConn, totalTime, ((double)nConn / totalTime), bytes_read);
397 if (nConn > 0)
398 printf
399 ("%d connections in %ld real seconds, %ld bytes read per connection\n",
400 nConn, (long)time(NULL((void*)0)) - finishtime + maxtime, bytes_read / nConn);
401 else
402 printf("0 connections in %ld real seconds\n",
403 (long)time(NULL((void*)0)) - finishtime + maxtime);
404 ret = 0;
405
406 end:
407 SSL_free(scon);
408 SSL_CTX_free(ctx);
409 return ret;
410}
411
412/*-
413 * doConnection - make a connection
414 */
415static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
416{
417 BIO *conn;
418 SSL *serverCon;
419 int i;
420
421 if ((conn = BIO_new(BIO_s_connect())) == NULL((void*)0))
422 return NULL((void*)0);
423
424 if (BIO_set_conn_hostname(conn, host)BIO_ctrl(conn,100,0, (char *)(host)) <= 0
425 || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY)BIO_ctrl(conn,155,(0x10),((void*)0)) <= 0) {
426 BIO_free(conn);
427 return NULL((void*)0);
428 }
429
430 if (scon == NULL((void*)0)) {
431 serverCon = SSL_new(ctx);
432 if (serverCon == NULL((void*)0)) {
433 BIO_free(conn);
434 return NULL((void*)0);
435 }
436 } else {
437 serverCon = scon;
438 SSL_set_connect_state(serverCon);
439 }
440
441 SSL_set_bio(serverCon, conn, conn);
442
443 /* ok, lets connect */
444 i = SSL_connect(serverCon);
445 if (i <= 0) {
446 BIO_printf(bio_err, "ERROR\n");
447 if (verify_args.error != X509_V_OK0)
448 BIO_printf(bio_err, "verify error:%s\n",
449 X509_verify_cert_error_string(verify_args.error));
450 else
451 ERR_print_errors(bio_err);
452 if (scon == NULL((void*)0))
453 SSL_free(serverCon);
454 return NULL((void*)0);
455 }
456
457#if defined(SOL_SOCKET1) && defined(SO_LINGER13)
458 {
459 struct linger no_linger;
460 int fd;
461
462 no_linger.l_onoff = 1;
463 no_linger.l_linger = 0;
464 fd = SSL_get_fd(serverCon);
465 if (fd >= 0)
466 (void)setsockopt(fd, SOL_SOCKET1, SO_LINGER13, (char*)&no_linger,
467 sizeof(no_linger));
468 }
469#endif
470
471 return serverCon;
472}
473#endif /* OPENSSL_NO_SOCK */