wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Normalize on session_ctx for stats where possible

Browse source 
For client SSL objects and before any callbacks have had a chance
to be called, we can write the stats accesses using the session_ctx,
which makes sense given that these values are all prefixed with
"sess_".

For servers after a client_hello or servername callback has been
called, retain the existing behavior of modifying the statistics
for the current (non-session) context.  This has some value,
in that it allows the statistics to be viewed on a per-vhost level.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4549)
This commit is contained in:
Benjamin Kaduk 2017-10-17 15:28:42 -05:00 committed by Ben Kaduk
parent 1fcb4e4d52
commit 0e6161bcae
2 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ssl/statem/statem_clnt.c
View file

@ -1430,8 +1430,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
|| (SSL_IS_TLS13(s) || (SSL_IS_TLS13(s)
&& s->session->ext.tick_identity && s->session->ext.tick_identity
!= TLSEXT_PSK_BAD_IDENTITY)) { != TLSEXT_PSK_BAD_IDENTITY)) {
CRYPTO_atomic_add(&s->ctx->stats.sess_miss, 1, &discard, CRYPTO_atomic_add(&s->session_ctx->stats.sess_miss, 1, &discard,
s->ctx->lock); s->session_ctx->lock);
if (!ssl_get_new_session(s, 0)) { if (!ssl_get_new_session(s, 0)) {
goto f_err; goto f_err;
} }

22
ssl/statem/statem_lib.c
View file

@ -111,7 +111,9 @@ int tls_setup_handshake(SSL *s)
return 0; return 0;
} }
if (SSL_IS_FIRST_HANDSHAKE(s)) { if (SSL_IS_FIRST_HANDSHAKE(s)) {
CRYPTO_atomic_add(&s->ctx->stats.sess_accept, 1, &i, s->ctx->lock); /* N.B. s->session_ctx == s->ctx here */
CRYPTO_atomic_add(&s->session_ctx->stats.sess_accept, 1, &i,
s->session_ctx->lock);
} else if ((s->options & SSL_OP_NO_RENEGOTIATION)) { } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
/* Renegotiation is disabled */ /* Renegotiation is disabled */
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
@ -128,6 +130,7 @@ int tls_setup_handshake(SSL *s)
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return 0; return 0;
} else { } else {
/* N.B. s->ctx may not equal s->session_ctx */
CRYPTO_atomic_add(&s->ctx->stats.sess_accept_renegotiate, 1, &i, CRYPTO_atomic_add(&s->ctx->stats.sess_accept_renegotiate, 1, &i,
s->ctx->lock); s->ctx->lock);
@ -136,11 +139,11 @@ int tls_setup_handshake(SSL *s)
} else { } else {
int discard; int discard;
if (SSL_IS_FIRST_HANDSHAKE(s)) if (SSL_IS_FIRST_HANDSHAKE(s))
CRYPTO_atomic_add(&s->ctx->stats.sess_connect, 1, &discard, CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect, 1, &discard,
s->ctx->lock); s->session_ctx->lock);
else else
CRYPTO_atomic_add(&s->ctx->stats.sess_connect_renegotiate, 1, CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_renegotiate,
&discard, s->ctx->lock); 1, &discard, s->session_ctx->lock);
/* mark client_random uninitialized */ /* mark client_random uninitialized */
memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
@ -1032,6 +1035,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
if (s->server) { if (s->server) {
ssl_update_cache(s, SSL_SESS_CACHE_SERVER); ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
/* N.B. s->ctx may not equal s->session_ctx */
CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard, CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard,
s->ctx->lock); s->ctx->lock);
s->handshake_func = ossl_statem_accept; s->handshake_func = ossl_statem_accept;
@ -1043,12 +1047,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
if (!SSL_IS_TLS13(s)) if (!SSL_IS_TLS13(s))
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
if (s->hit) if (s->hit)
CRYPTO_atomic_add(&s->ctx->stats.sess_hit, 1, &discard, CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
s->ctx->lock); s->session_ctx->lock);
s->handshake_func = ossl_statem_connect; s->handshake_func = ossl_statem_connect;
CRYPTO_atomic_add(&s->ctx->stats.sess_connect_good, 1, &discard, CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_good, 1,
s->ctx->lock); &discard, s->session_ctx->lock);
} }
if (s->info_callback != NULL) if (s->info_callback != NULL)