From 0728751208b9eaddd1734fe44046ee7c48705db3 Mon Sep 17 00:00:00 2001 From: Richard Soderberg Date: Sat, 5 Sep 2015 00:03:55 -0700 Subject: [PATCH 1/3] move bash4 detection as early as possible in the script to permit logic later on --- cipherscan | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/cipherscan b/cipherscan index 21d52c6..b80d347 100755 --- a/cipherscan +++ b/cipherscan @@ -10,6 +10,14 @@ DOBENCHMARK=0 BENCHMARKITER=30 + +# cipherscan requires bash4, which doesn't come by default in OSX +if [[ ${BASH_VERSINFO[0]} -lt 4 ]]; then + echo "Bash version 4 is required to run cipherscan." + echo "Please upgrade your version of bash (ex: brew install bash)." + exit 1 +fi + DIRNAMEPATH=$(dirname "$0") REALPATH="$DIRNAMEPATH" # make sure this doesn't error out when readlink -f isn't available (OSX) @@ -25,13 +33,6 @@ if ! [[ $OPENSSLBINHELP =~ -connect ]]; then exit 1 fi -# cipherscan requires bash4, which doesn't come by default in OSX -if [[ ${BASH_VERSINFO[0]} -lt 4 ]]; then - echo "Bash version 4 is required to run cipherscan." - echo "Please upgrade your version of bash (ex: brew install bash)." - exit 1 -fi - # test that timeout or gtimeout (darwin) are present TIMEOUTBIN="$(which timeout)" From 12ede6488266485ba3e7dc9e3e5c6079ae324119 Mon Sep 17 00:00:00 2001 From: Richard Soderberg Date: Sat, 5 Sep 2015 05:02:29 -0700 Subject: [PATCH 2/3] bash4 version check failure should go to STDERR. --- cipherscan | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cipherscan b/cipherscan index b80d347..280a57e 100755 --- a/cipherscan +++ b/cipherscan @@ -13,8 +13,8 @@ BENCHMARKITER=30 # cipherscan requires bash4, which doesn't come by default in OSX if [[ ${BASH_VERSINFO[0]} -lt 4 ]]; then - echo "Bash version 4 is required to run cipherscan." - echo "Please upgrade your version of bash (ex: brew install bash)." + echo "Bash version 4 is required to run cipherscan." 1>&2 + echo "Please upgrade your version of bash (ex: brew install bash)." 1>&2 exit 1 fi From 4b87301eb46a349d47e6eda4e21f65e7283cbc60 Mon Sep 17 00:00:00 2001 From: Richard Soderberg Date: Thu, 3 Sep 2015 23:52:58 -0700 Subject: [PATCH 3/3] separate darwin and non-darwin OS autodetection, add NOAUTODETECT support for top1m performance This patch implements two structural changes. First, OS-level detection routines are broken out into a case statement. Darwin doesn't need to test for readlink/timeout nor Busybox, so this noticeably improves performance over multiple runs on Darwin. Linux suffers no additional penalty, since we already ran if $(uname) every time anyways, and continues to use the more complex timeout/gtimeout/busybox logic at the (preexisting, unaffected) cost to performance over multiple runs. Second, if NOAUTODETECT is set, then the script assumes (and verifies) that you're providing TIMEOUTBIN and OPENSSLBIN values. If both of those values are executable files, then the script will proceed, else it will abort. In this scenario, readlink is unnecessary and is thus unused. The combination of these two changes will improve performance over multiple runs both on Darwin and when NOAUTODETECT is set for top1m. --- cipherscan | 97 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 73 insertions(+), 24 deletions(-) diff --git a/cipherscan b/cipherscan index 280a57e..3591b83 100755 --- a/cipherscan +++ b/cipherscan @@ -18,14 +18,80 @@ if [[ ${BASH_VERSINFO[0]} -lt 4 ]]; then exit 1 fi -DIRNAMEPATH=$(dirname "$0") -REALPATH="$DIRNAMEPATH" -# make sure this doesn't error out when readlink -f isn't available (OSX) -readlink -f "$0" &>/dev/null && REALPATH=$(dirname "$(readlink -f "$0")") -if [[ "$(uname -s)" == "Darwin" ]]; then - OPENSSLBIN="${REALPATH}/openssl-darwin64" +if [[ -n $NOAUTODETECT ]]; then + if ! [[ -f $TIMEOUTBIN && -x $TIMEOUTBIN ]]; then + echo "NOAUTODETECT set, but TIMEOUTBIN is not an executable file" 1>&2 + exit 1 + fi + if ! [[ -f $OPENSSLBIN && -x $OPENSSLBIN ]]; then + echo "NOAUTODETECT set, but OPENSSLBIN is not an executable file" 1>&2 + exit 1 + fi else - OPENSSLBIN="${REALPATH}/openssl" + case "$(uname -s)" in + Darwin) + opensslbin_name="openssl-darwin64" + + READLINKBIN=$(which greadlink 2>/dev/null) + if [[ -z $READLINKBIN ]]; then + echo "greadlink not found. (try: brew install coreutils)" 1>&2 + exit 1 + fi + TIMEOUTBIN=$(which gtimeout 2>/dev/null) + if [[ -z $TIMEOUTBIN ]]; then + echo "gtimeout not found. (try: brew install coreutils)" 1>&2 + exit 1 + fi + ;; + *) + opensslbin_name="openssl" + + # test that readlink or greadlink (darwin) are present + READLINKBIN="$(which readlink)" + + if [[ "$READLINKBIN" == "" ]]; then + READLINKBIN="$(which greadlink)" + if [[ "$READLINKBIN" == "" ]]; then + echo "neither readlink nor greadlink are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 + exit 1 + fi + fi + + # test that timeout or gtimeout (darwin) are present + TIMEOUTBIN="$(which timeout)" + + if [[ "$TIMEOUTBIN" == "" ]]; then + TIMEOUTBIN="$(which gtimeout)" + if [[ "$TIMEOUTBIN" == "" ]]; then + echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 + exit 1 + fi + fi + + # Check for busybox, which has different arguments + TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)" + if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then + TIMEOUTBIN="$TIMEOUTBIN -t" + fi + + ;; + esac +fi + +DIRNAMEPATH=$(dirname "$0") + +if [[ -z $OPENSSLBIN ]]; then + readlink_result=$("$READLINKBIN" -f "$0") + if [[ -z $readlink_result ]]; then + echo "$READLINKBIN -f $0 failed, aborting." 1>&2 + exit 1 + fi + REALPATH=$(dirname "$readlink_result") + if [[ -z $REALPATH ]]; then + echo "dirname $REALPATH failed, aborting." 1>&2 + exit 1 + fi + OPENSSLBIN="${REALPATH}/${opensslbin_name}" fi OPENSSLBINHELP="$($OPENSSLBIN s_client -help 2>&1)" if ! [[ $OPENSSLBINHELP =~ -connect ]]; then @@ -33,23 +99,6 @@ if ! [[ $OPENSSLBINHELP =~ -connect ]]; then exit 1 fi -# test that timeout or gtimeout (darwin) are present -TIMEOUTBIN="$(which timeout)" - -if [[ "$TIMEOUTBIN" == "" ]]; then - TIMEOUTBIN="$(which gtimeout)" - if [[ "$TIMEOUTBIN" == "" ]]; then - echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" - exit 1 - fi -fi - -# Check for busybox, which has different arguments -TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)" -if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then - TIMEOUTBIN="$TIMEOUTBIN -t" -fi - # use custom config file to enable GOST ciphers if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then export OPENSSL_CONF="$DIRNAMEPATH/openssl.cnf"