diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 47 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 19 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 5 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 22 |
4 files changed, 62 insertions, 31 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4435efdb0c..c151e7e27e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2180,6 +2180,7 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { long l; + int i; /* For some cases with ctx == NULL perform syntax checks */ if (ctx == NULL) { switch (cmd) { @@ -2234,27 +2235,40 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SESS_NUMBER: return lh_SSL_SESSION_num_items(ctx->sessions); case SSL_CTRL_SESS_CONNECT: - return ctx->stats.sess_connect; + return CRYPTO_atomic_read(&ctx->stats.sess_connect, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_CONNECT_GOOD: - return ctx->stats.sess_connect_good; + return CRYPTO_atomic_read(&ctx->stats.sess_connect_good, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return ctx->stats.sess_connect_renegotiate; + return CRYPTO_atomic_read(&ctx->stats.sess_connect_renegotiate, &i, + ctx->lock) + ? i : 0; case SSL_CTRL_SESS_ACCEPT: - return ctx->stats.sess_accept; + return CRYPTO_atomic_read(&ctx->stats.sess_accept, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_ACCEPT_GOOD: - return ctx->stats.sess_accept_good; + return CRYPTO_atomic_read(&ctx->stats.sess_accept_good, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return ctx->stats.sess_accept_renegotiate; + return CRYPTO_atomic_read(&ctx->stats.sess_accept_renegotiate, &i, + ctx->lock) + ? i : 0; case SSL_CTRL_SESS_HIT: - return ctx->stats.sess_hit; + return CRYPTO_atomic_read(&ctx->stats.sess_hit, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_CB_HIT: - return ctx->stats.sess_cb_hit; + return CRYPTO_atomic_read(&ctx->stats.sess_cb_hit, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_MISSES: - return ctx->stats.sess_miss; + return CRYPTO_atomic_read(&ctx->stats.sess_miss, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_TIMEOUTS: - return ctx->stats.sess_timeout; + return CRYPTO_atomic_read(&ctx->stats.sess_timeout, &i, ctx->lock) + ? i : 0; case SSL_CTRL_SESS_CACHE_FULL: - return ctx->stats.sess_cache_full; + return CRYPTO_atomic_read(&ctx->stats.sess_cache_full, &i, ctx->lock) + ? i : 0; case SSL_CTRL_MODE: return (ctx->mode |= larg); case SSL_CTRL_CLEAR_MODE: @@ -3205,11 +3219,14 @@ void ssl_update_cache(SSL *s, int mode) /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { - if ((((mode & SSL_SESS_CACHE_CLIENT) - ? s->session_ctx->stats.sess_connect_good - : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { + int *stat, val; + if (mode & SSL_SESS_CACHE_CLIENT) + stat = &s->session_ctx->stats.sess_connect_good; + else + stat = &s->session_ctx->stats.sess_accept_good; + if (CRYPTO_atomic_read(stat, &val, s->session_ctx->lock) + && (val & 0xff) == 0xff) SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); - } } } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 9f5b016e38..c8d1cc37e5 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -461,7 +461,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) /* This is used only by servers. */ SSL_SESSION *ret = NULL; - int fatal = 0; + int fatal = 0, discard; int try_session_cache = 0; TICKET_RETURN r; @@ -512,7 +512,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) } CRYPTO_THREAD_unlock(s->session_ctx->lock); if (ret == NULL) - s->session_ctx->stats.sess_miss++; + CRYPTO_atomic_add(&s->session_ctx->stats.sess_miss, 1, &discard, + s->session_ctx->lock); } if (try_session_cache && @@ -524,7 +525,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) ©); if (ret != NULL) { - s->session_ctx->stats.sess_cb_hit++; + CRYPTO_atomic_add(&s->session_ctx->stats.sess_cb_hit, 1, &discard, + s->session_ctx->lock); /* * Increment reference count now if the session callback asks us @@ -589,7 +591,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) } if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */ - s->session_ctx->stats.sess_timeout++; + CRYPTO_atomic_add(&s->session_ctx->stats.sess_timeout, 1, &discard, + s->session_ctx->lock); if (try_session_cache) { /* session was from the cache, so remove it */ SSL_CTX_remove_session(s->session_ctx, ret); @@ -617,7 +620,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) s->session = ret; } - s->session_ctx->stats.sess_hit++; + CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard, + s->session_ctx->lock); s->verify_result = s->session->verify_result; return 1; @@ -646,7 +650,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) { - int ret = 0; + int ret = 0, discard; SSL_SESSION *s; /* @@ -713,7 +717,8 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) break; else - ctx->stats.sess_cache_full++; + CRYPTO_atomic_add(&ctx->stats.sess_cache_full, 1, &discard, + ctx->lock); } } } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index af42bcb0f3..6b1bc92700 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1266,7 +1266,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) unsigned int compression; unsigned int sversion; unsigned int context; - int protverr; + int protverr, discard; RAW_EXTENSION *extensions = NULL; #ifndef OPENSSL_NO_COMP SSL_COMP *comp; @@ -1430,7 +1430,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) || (SSL_IS_TLS13(s) && s->session->ext.tick_identity != TLSEXT_PSK_BAD_IDENTITY)) { - s->ctx->stats.sess_miss++; + CRYPTO_atomic_add(&s->ctx->stats.sess_miss, 1, &discard, + s->ctx->lock); if (!ssl_get_new_session(s, 0)) { goto f_err; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e36f98a8b4..bff3aa7402 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -111,7 +111,7 @@ int tls_setup_handshake(SSL *s) return 0; } if (SSL_IS_FIRST_HANDSHAKE(s)) { - s->ctx->stats.sess_accept++; + CRYPTO_atomic_add(&s->ctx->stats.sess_accept, 1, &i, s->ctx->lock); } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) { /* Renegotiation is disabled */ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); @@ -128,15 +128,19 @@ int tls_setup_handshake(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); return 0; } else { - s->ctx->stats.sess_accept_renegotiate++; + CRYPTO_atomic_add(&s->ctx->stats.sess_accept_renegotiate, 1, &i, + s->ctx->lock); s->s3->tmp.cert_request = 0; } } else { + int discard; if (SSL_IS_FIRST_HANDSHAKE(s)) - s->ctx->stats.sess_connect++; + CRYPTO_atomic_add(&s->ctx->stats.sess_connect, 1, &discard, + s->ctx->lock); else - s->ctx->stats.sess_connect_renegotiate++; + CRYPTO_atomic_add(&s->ctx->stats.sess_connect_renegotiate, 1, + &discard, s->ctx->lock); /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); @@ -991,6 +995,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk, */ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs) { + int discard; void (*cb) (const SSL *ssl, int type, int val) = NULL; #ifndef OPENSSL_NO_SCTP @@ -1027,7 +1032,8 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs) if (s->server) { ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - s->ctx->stats.sess_accept_good++; + CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard, + s->ctx->lock); s->handshake_func = ossl_statem_accept; } else { /* @@ -1037,10 +1043,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs) if (!SSL_IS_TLS13(s)) ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); if (s->hit) - s->ctx->stats.sess_hit++; + CRYPTO_atomic_add(&s->ctx->stats.sess_hit, 1, &discard, + s->ctx->lock); s->handshake_func = ossl_statem_connect; - s->ctx->stats.sess_connect_good++; + CRYPTO_atomic_add(&s->ctx->stats.sess_connect_good, 1, &discard, + s->ctx->lock); } if (s->info_callback != NULL) |