Normalize on session_ctx for stats where possible

For client SSL objects and before any callbacks have had a chance to be called, we can write the stats accesses using the session_ctx, which makes sense given that these values are all prefixed with "sess_". For servers after a client_hello or servername callback has been called, retain the existing behavior of modifying the statistics for the current (non-session) context. This has some value, in that it allows the statistics to be viewed on a per-vhost level. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4549)
author: Benjamin Kaduk <bkaduk@akamai.com> 2017-10-17 15:28:42 -0500
committer: Ben Kaduk <kaduk@mit.edu> 2017-10-30 10:21:10 -0500
commit: 0e6161bcae451ed17346c51db1ddc61fea5f3ec2 (patch)
tree: 9ba1609e9cce9f7034cd611ad0d07331d94e305f
parent: 1fcb4e4d521971caccb61df215541bf55f7ca9a5 (diff)
download: openssl-0e6161bcae451ed17346c51db1ddc61fea5f3ec2.tar.gz
2 files changed, 15 insertions, 11 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 6b1bc92700..0a68264b66 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1430,8 +1430,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
                 || (SSL_IS_TLS13(s)
                     && s->session->ext.tick_identity
                        != TLSEXT_PSK_BAD_IDENTITY)) {
-            CRYPTO_atomic_add(&s->ctx->stats.sess_miss, 1, &discard,
-                              s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_miss, 1, &discard,
+                              s->session_ctx->lock);
             if (!ssl_get_new_session(s, 0)) {
                 goto f_err;
             }
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index bff3aa7402..6db881630e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -111,7 +111,9 @@ int tls_setup_handshake(SSL *s)
             return 0;
         }
         if (SSL_IS_FIRST_HANDSHAKE(s)) {
-            CRYPTO_atomic_add(&s->ctx->stats.sess_accept, 1, &i, s->ctx->lock);
+            /* N.B. s->session_ctx == s->ctx here */
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_accept, 1, &i,
+                              s->session_ctx->lock);
         } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
             /* Renegotiation is disabled */
             ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
@@ -128,6 +130,7 @@ int tls_setup_handshake(SSL *s)
             ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
             return 0;
         } else {
+            /* N.B. s->ctx may not equal s->session_ctx */
             CRYPTO_atomic_add(&s->ctx->stats.sess_accept_renegotiate, 1, &i,
                               s->ctx->lock);
 
@@ -136,11 +139,11 @@ int tls_setup_handshake(SSL *s)
     } else {
         int discard;
         if (SSL_IS_FIRST_HANDSHAKE(s))
-            CRYPTO_atomic_add(&s->ctx->stats.sess_connect, 1, &discard,
-                              s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect, 1, &discard,
+                              s->session_ctx->lock);
         else
-            CRYPTO_atomic_add(&s->ctx->stats.sess_connect_renegotiate, 1,
-                              &discard, s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_renegotiate,
+                              1, &discard, s->session_ctx->lock);
 
         /* mark client_random uninitialized */
         memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
@@ -1032,6 +1035,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
         if (s->server) {
             ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
 
+            /* N.B. s->ctx may not equal s->session_ctx */
             CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard,
                               s->ctx->lock);
             s->handshake_func = ossl_statem_accept;
@@ -1043,12 +1047,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
             if (!SSL_IS_TLS13(s))
                 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
             if (s->hit)
-                CRYPTO_atomic_add(&s->ctx->stats.sess_hit, 1, &discard,
-                                  s->ctx->lock);
+                CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
+                                  s->session_ctx->lock);
 
             s->handshake_func = ossl_statem_connect;
-            CRYPTO_atomic_add(&s->ctx->stats.sess_connect_good, 1, &discard,
-                              s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_good, 1,
+                              &discard, s->session_ctx->lock);
         }
 
         if (s->info_callback != NULL)
author	Benjamin Kaduk <bkaduk@akamai.com>	2017-10-17 15:28:42 -0500
committer	Ben Kaduk <kaduk@mit.edu>	2017-10-30 10:21:10 -0500
commit	0e6161bcae451ed17346c51db1ddc61fea5f3ec2 (patch)
tree	9ba1609e9cce9f7034cd611ad0d07331d94e305f
parent	1fcb4e4d521971caccb61df215541bf55f7ca9a5 (diff)
download	openssl-0e6161bcae451ed17346c51db1ddc61fea5f3ec2.tar.gz