diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2017-10-17 15:28:42 -0500 |
---|---|---|
committer | Ben Kaduk <kaduk@mit.edu> | 2017-10-30 10:21:10 -0500 |
commit | 0e6161bcae451ed17346c51db1ddc61fea5f3ec2 (patch) | |
tree | 9ba1609e9cce9f7034cd611ad0d07331d94e305f /ssl/statem | |
parent | 1fcb4e4d521971caccb61df215541bf55f7ca9a5 (diff) | |
download | openssl-0e6161bcae451ed17346c51db1ddc61fea5f3ec2.tar.gz |
Normalize on session_ctx for stats where possible
For client SSL objects and before any callbacks have had a chance
to be called, we can write the stats accesses using the session_ctx,
which makes sense given that these values are all prefixed with
"sess_".
For servers after a client_hello or servername callback has been
called, retain the existing behavior of modifying the statistics
for the current (non-session) context. This has some value,
in that it allows the statistics to be viewed on a per-vhost level.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4549)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 22 |
2 files changed, 15 insertions, 11 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6b1bc92700..0a68264b66 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1430,8 +1430,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) || (SSL_IS_TLS13(s) && s->session->ext.tick_identity != TLSEXT_PSK_BAD_IDENTITY)) { - CRYPTO_atomic_add(&s->ctx->stats.sess_miss, 1, &discard, - s->ctx->lock); + CRYPTO_atomic_add(&s->session_ctx->stats.sess_miss, 1, &discard, + s->session_ctx->lock); if (!ssl_get_new_session(s, 0)) { goto f_err; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index bff3aa7402..6db881630e 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -111,7 +111,9 @@ int tls_setup_handshake(SSL *s) return 0; } if (SSL_IS_FIRST_HANDSHAKE(s)) { - CRYPTO_atomic_add(&s->ctx->stats.sess_accept, 1, &i, s->ctx->lock); + /* N.B. s->session_ctx == s->ctx here */ + CRYPTO_atomic_add(&s->session_ctx->stats.sess_accept, 1, &i, + s->session_ctx->lock); } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) { /* Renegotiation is disabled */ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); @@ -128,6 +130,7 @@ int tls_setup_handshake(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); return 0; } else { + /* N.B. s->ctx may not equal s->session_ctx */ CRYPTO_atomic_add(&s->ctx->stats.sess_accept_renegotiate, 1, &i, s->ctx->lock); @@ -136,11 +139,11 @@ int tls_setup_handshake(SSL *s) } else { int discard; if (SSL_IS_FIRST_HANDSHAKE(s)) - CRYPTO_atomic_add(&s->ctx->stats.sess_connect, 1, &discard, - s->ctx->lock); + CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect, 1, &discard, + s->session_ctx->lock); else - CRYPTO_atomic_add(&s->ctx->stats.sess_connect_renegotiate, 1, - &discard, s->ctx->lock); + CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_renegotiate, + 1, &discard, s->session_ctx->lock); /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); @@ -1032,6 +1035,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs) if (s->server) { ssl_update_cache(s, SSL_SESS_CACHE_SERVER); + /* N.B. s->ctx may not equal s->session_ctx */ CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard, s->ctx->lock); s->handshake_func = ossl_statem_accept; @@ -1043,12 +1047,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs) if (!SSL_IS_TLS13(s)) ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); if (s->hit) - CRYPTO_atomic_add(&s->ctx->stats.sess_hit, 1, &discard, - s->ctx->lock); + CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard, + s->session_ctx->lock); s->handshake_func = ossl_statem_connect; - CRYPTO_atomic_add(&s->ctx->stats.sess_connect_good, 1, &discard, - s->ctx->lock); + CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_good, 1, + &discard, s->session_ctx->lock); } if (s->info_callback != NULL) |