Normalize on session_ctx for stats where possible
authorBenjamin Kaduk <bkaduk@akamai.com>
Tue, 17 Oct 2017 20:28:42 +0000 (15:28 -0500)
committerBen Kaduk <kaduk@mit.edu>
Mon, 30 Oct 2017 15:21:10 +0000 (10:21 -0500)
For client SSL objects and before any callbacks have had a chance
to be called, we can write the stats accesses using the session_ctx,
which makes sense given that these values are all prefixed with
"sess_".

For servers after a client_hello or servername callback has been
called, retain the existing behavior of modifying the statistics
for the current (non-session) context.  This has some value,
in that it allows the statistics to be viewed on a per-vhost level.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4549)

ssl/statem/statem_clnt.c
ssl/statem/statem_lib.c

index 6b1bc92..0a68264 100644 (file)
@@ -1430,8 +1430,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
                 || (SSL_IS_TLS13(s)
                     && s->session->ext.tick_identity
                        != TLSEXT_PSK_BAD_IDENTITY)) {
-            CRYPTO_atomic_add(&s->ctx->stats.sess_miss, 1, &discard,
-                              s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_miss, 1, &discard,
+                              s->session_ctx->lock);
             if (!ssl_get_new_session(s, 0)) {
                 goto f_err;
             }
index bff3aa7..6db8816 100644 (file)
@@ -111,7 +111,9 @@ int tls_setup_handshake(SSL *s)
             return 0;
         }
         if (SSL_IS_FIRST_HANDSHAKE(s)) {
-            CRYPTO_atomic_add(&s->ctx->stats.sess_accept, 1, &i, s->ctx->lock);
+            /* N.B. s->session_ctx == s->ctx here */
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_accept, 1, &i,
+                              s->session_ctx->lock);
         } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
             /* Renegotiation is disabled */
             ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
@@ -128,6 +130,7 @@ int tls_setup_handshake(SSL *s)
             ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
             return 0;
         } else {
+            /* N.B. s->ctx may not equal s->session_ctx */
             CRYPTO_atomic_add(&s->ctx->stats.sess_accept_renegotiate, 1, &i,
                               s->ctx->lock);
 
@@ -136,11 +139,11 @@ int tls_setup_handshake(SSL *s)
     } else {
         int discard;
         if (SSL_IS_FIRST_HANDSHAKE(s))
-            CRYPTO_atomic_add(&s->ctx->stats.sess_connect, 1, &discard,
-                              s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect, 1, &discard,
+                              s->session_ctx->lock);
         else
-            CRYPTO_atomic_add(&s->ctx->stats.sess_connect_renegotiate, 1,
-                              &discard, s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_renegotiate,
+                              1, &discard, s->session_ctx->lock);
 
         /* mark client_random uninitialized */
         memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
@@ -1032,6 +1035,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
         if (s->server) {
             ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
 
+            /* N.B. s->ctx may not equal s->session_ctx */
             CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard,
                               s->ctx->lock);
             s->handshake_func = ossl_statem_accept;
@@ -1043,12 +1047,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
             if (!SSL_IS_TLS13(s))
                 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
             if (s->hit)
-                CRYPTO_atomic_add(&s->ctx->stats.sess_hit, 1, &discard,
-                                  s->ctx->lock);
+                CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
+                                  s->session_ctx->lock);
 
             s->handshake_func = ossl_statem_connect;
-            CRYPTO_atomic_add(&s->ctx->stats.sess_connect_good, 1, &discard,
-                              s->ctx->lock);
+            CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_good, 1,
+                              &discard, s->session_ctx->lock);
         }
 
         if (s->info_callback != NULL)