summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-01-23 00:12:56 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-01-23 00:12:56 +0000
commit325bf022f705c99c9c0f162a875572e2b24aa5b5 (patch)
tree90e0c27f2d96f8f126b2e1c6549a4facb077db25
parent964db494ed8ebbda733fb79066621caccfda3306 (diff)
Move the stats struct from SSL_CTX to internal.
ok beck@
-rw-r--r--lib/libssl/d1_clnt.c10
-rw-r--r--lib/libssl/d1_srvr.c8
-rw-r--r--lib/libssl/s23_clnt.c4
-rw-r--r--lib/libssl/s23_srvr.c4
-rw-r--r--lib/libssl/s3_clnt.c10
-rw-r--r--lib/libssl/s3_srvr.c8
-rw-r--r--lib/libssl/ssl.h21
-rw-r--r--lib/libssl/ssl_lib.c30
-rw-r--r--lib/libssl/ssl_locl.h22
-rw-r--r--lib/libssl/ssl_sess.c12
10 files changed, 64 insertions, 65 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index af3196ff173..71cd845ac69 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.62 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.63 2017/01/23 00:12:54 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -205,7 +205,7 @@ dtls1_connect(SSL *s)
case SSL_ST_RENEGOTIATE:
s->renegotiate = 1;
s->state = SSL_ST_CONNECT;
- s->ctx->stats.sess_connect_renegotiate++;
+ s->ctx->internal->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
@@ -242,7 +242,7 @@ dtls1_connect(SSL *s)
/* don't push the buffering BIO quite yet */
s->state = SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
+ s->ctx->internal->stats.sess_connect++;
s->init_num = 0;
/* mark client_random uninitialized */
memset(s->s3->client_random, 0,
@@ -555,12 +555,12 @@ dtls1_connect(SSL *s)
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
if (s->hit)
- s->ctx->stats.sess_hit++;
+ s->ctx->internal->stats.sess_hit++;
ret = 1;
/* s->server=0; */
s->handshake_func = dtls1_connect;
- s->ctx->stats.sess_connect_good++;
+ s->ctx->internal->stats.sess_connect_good++;
if (cb != NULL)
cb(s, SSL_CB_HANDSHAKE_DONE, 1);
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index 8722c1690db..7cb1fdf3ded 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.72 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.73 2017/01/23 00:12:54 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -259,11 +259,11 @@ dtls1_accept(SSL *s)
}
s->state = SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
+ s->ctx->internal->stats.sess_accept++;
} else {
/* s->state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest */
- s->ctx->stats.sess_accept_renegotiate++;
+ s->ctx->internal->stats.sess_accept_renegotiate++;
s->state = SSL3_ST_SW_HELLO_REQ_A;
}
@@ -641,7 +641,7 @@ dtls1_accept(SSL *s)
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
- s->ctx->stats.sess_accept_good++;
+ s->ctx->internal->stats.sess_accept_good++;
/* s->server=1; */
s->handshake_func = dtls1_accept;
diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c
index c4fad5b0114..a7ad53fd98e 100644
--- a/lib/libssl/s23_clnt.c
+++ b/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.49 2017/01/03 16:57:15 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.50 2017/01/23 00:12:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -174,7 +174,7 @@ ssl23_connect(SSL *s)
}
s->state = SSL23_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
+ s->ctx->internal->stats.sess_connect++;
s->init_num = 0;
break;
diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c
index a80d1962900..e4cb633d06e 100644
--- a/lib/libssl/s23_srvr.c
+++ b/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.50 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.51 2017/01/23 00:12:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -164,7 +164,7 @@ ssl23_accept(SSL *s)
}
s->state = SSL23_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
+ s->ctx->internal->stats.sess_accept++;
s->init_num = 0;
break;
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 0d3f09728ec..18e34f7b7bb 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.162 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.163 2017/01/23 00:12:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -199,7 +199,7 @@ ssl3_connect(SSL *s)
case SSL_ST_RENEGOTIATE:
s->renegotiate = 1;
s->state = SSL_ST_CONNECT;
- s->ctx->stats.sess_connect_renegotiate++;
+ s->ctx->internal->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
@@ -241,7 +241,7 @@ ssl3_connect(SSL *s)
}
s->state = SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
+ s->ctx->internal->stats.sess_connect++;
s->init_num = 0;
break;
@@ -539,12 +539,12 @@ ssl3_connect(SSL *s)
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
if (s->hit)
- s->ctx->stats.sess_hit++;
+ s->ctx->internal->stats.sess_hit++;
ret = 1;
/* s->server=0; */
s->handshake_func = ssl3_connect;
- s->ctx->stats.sess_connect_good++;
+ s->ctx->internal->stats.sess_connect_good++;
if (cb != NULL)
cb(s, SSL_CB_HANDSHAKE_DONE, 1);
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 099537f7eaf..a18b2182077 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.141 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.142 2017/01/23 00:12:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -246,7 +246,7 @@ ssl3_accept(SSL *s)
}
s->state = SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
+ s->ctx->internal->stats.sess_accept++;
} else if (!S3I(s)->send_connection_binding) {
/*
* Server attempting to renegotiate with
@@ -264,7 +264,7 @@ ssl3_accept(SSL *s)
* s->state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest
*/
- s->ctx->stats.sess_accept_renegotiate++;
+ s->ctx->internal->stats.sess_accept_renegotiate++;
s->state = SSL3_ST_SW_HELLO_REQ_A;
}
break;
@@ -660,7 +660,7 @@ ssl3_accept(SSL *s)
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
- s->ctx->stats.sess_accept_good++;
+ s->ctx->internal->stats.sess_accept_good++;
/* s->server=1; */
s->handshake_func = ssl3_accept;
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index fa1027fa281..9f9343e69de 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.106 2017/01/22 06:36:49 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.107 2017/01/23 00:12:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -730,25 +730,6 @@ struct ssl_ctx_st {
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
unsigned char *data, int len, int *copy);
- struct {
- int sess_connect; /* SSL new conn - started */
- int sess_connect_renegotiate;/* SSL reneg - requested */
- int sess_connect_good; /* SSL new conne/reneg - finished */
- int sess_accept; /* SSL new accept - started */
- int sess_accept_renegotiate;/* SSL reneg - requested */
- int sess_accept_good; /* SSL accept/reneg - finished */
- int sess_miss; /* session lookup misses */
- int sess_timeout; /* reuse attempt on timeouted session */
- int sess_cache_full; /* session removed due to full cache */
- int sess_hit; /* session reuse actually done */
- int sess_cb_hit; /* session-id that was not
- * in the cache was
- * passed back via the callback. This
- * indicates that the application is
- * supplying session-id's from other
- * processes - spooky :-) */
- } stats;
-
int references;
/* if defined, these override the X509_verify_cert() calls */
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 96aea4c5dd6..f4bb2128657 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.129 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.130 2017/01/23 00:12:54 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1157,27 +1157,27 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_SESS_NUMBER:
return (lh_SSL_SESSION_num_items(ctx->sessions));
case SSL_CTRL_SESS_CONNECT:
- return (ctx->stats.sess_connect);
+ return (ctx->internal->stats.sess_connect);
case SSL_CTRL_SESS_CONNECT_GOOD:
- return (ctx->stats.sess_connect_good);
+ return (ctx->internal->stats.sess_connect_good);
case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
- return (ctx->stats.sess_connect_renegotiate);
+ return (ctx->internal->stats.sess_connect_renegotiate);
case SSL_CTRL_SESS_ACCEPT:
- return (ctx->stats.sess_accept);
+ return (ctx->internal->stats.sess_accept);
case SSL_CTRL_SESS_ACCEPT_GOOD:
- return (ctx->stats.sess_accept_good);
+ return (ctx->internal->stats.sess_accept_good);
case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
- return (ctx->stats.sess_accept_renegotiate);
+ return (ctx->internal->stats.sess_accept_renegotiate);
case SSL_CTRL_SESS_HIT:
- return (ctx->stats.sess_hit);
+ return (ctx->internal->stats.sess_hit);
case SSL_CTRL_SESS_CB_HIT:
- return (ctx->stats.sess_cb_hit);
+ return (ctx->internal->stats.sess_cb_hit);
case SSL_CTRL_SESS_MISSES:
- return (ctx->stats.sess_miss);
+ return (ctx->internal->stats.sess_miss);
case SSL_CTRL_SESS_TIMEOUTS:
- return (ctx->stats.sess_timeout);
+ return (ctx->internal->stats.sess_timeout);
case SSL_CTRL_SESS_CACHE_FULL:
- return (ctx->stats.sess_cache_full);
+ return (ctx->internal->stats.sess_cache_full);
case SSL_CTRL_OPTIONS:
return (ctx->options|=larg);
case SSL_CTRL_CLEAR_OPTIONS:
@@ -1836,7 +1836,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
ret->get_session_cb = 0;
ret->generate_session_id = 0;
- memset((char *)&ret->stats, 0, sizeof(ret->stats));
+ memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats));
ret->references = 1;
ret->quiet_shutdown = 0;
@@ -2285,8 +2285,8 @@ ssl_update_cache(SSL *s, int mode)
if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
((i & mode) == mode)) {
if ((((mode & SSL_SESS_CACHE_CLIENT) ?
- s->session_ctx->stats.sess_connect_good :
- s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
+ s->session_ctx->internal->stats.sess_connect_good :
+ s->session_ctx->internal->stats.sess_accept_good) & 0xff) == 0xff) {
SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
}
}
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index a187c8d77a6..3f63b1de2f8 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.151 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.152 2017/01/23 00:12:55 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -384,6 +384,25 @@ typedef struct ssl_ctx_internal_st {
uint16_t min_version;
uint16_t max_version;
+ struct {
+ int sess_connect; /* SSL new conn - started */
+ int sess_connect_renegotiate;/* SSL reneg - requested */
+ int sess_connect_good; /* SSL new conne/reneg - finished */
+ int sess_accept; /* SSL new accept - started */
+ int sess_accept_renegotiate;/* SSL reneg - requested */
+ int sess_accept_good; /* SSL accept/reneg - finished */
+ int sess_miss; /* session lookup misses */
+ int sess_timeout; /* reuse attempt on timeouted session */
+ int sess_cache_full; /* session removed due to full cache */
+ int sess_hit; /* session reuse actually done */
+ int sess_cb_hit; /* session-id that was not
+ * in the cache was
+ * passed back via the callback. This
+ * indicates that the application is
+ * supplying session-id's from other
+ * processes - spooky :-) */
+ } stats;
+
/* Next protocol negotiation information */
/* (for experimental NPN extension). */
@@ -422,7 +441,6 @@ typedef struct ssl_ctx_internal_st {
/* Client list of supported protocols in wire format. */
unsigned char *alpn_client_proto_list;
unsigned int alpn_client_proto_list_len;
-
} SSL_CTX_INTERNAL;
typedef struct ssl_internal_st {
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index dc4894c64cf..7f03d12d355 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.55 2017/01/22 05:14:42 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.56 2017/01/23 00:12:55 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -466,7 +466,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
if (ret == NULL)
- s->session_ctx->stats.sess_miss++;
+ s->session_ctx->internal->stats.sess_miss++;
}
if (try_session_cache && ret == NULL &&
@@ -475,7 +475,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
if ((ret = s->session_ctx->get_session_cb(s, session_id,
len, &copy))) {
- s->session_ctx->stats.sess_cb_hit++;
+ s->session_ctx->internal->stats.sess_cb_hit++;
/*
* Increment reference count now if the session
@@ -542,7 +542,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
if (ret->timeout < (time(NULL) - ret->time)) {
/* timeout */
- s->session_ctx->stats.sess_timeout++;
+ s->session_ctx->internal->stats.sess_timeout++;
if (try_session_cache) {
/* session was from the cache, so remove it */
SSL_CTX_remove_session(s->session_ctx, ret);
@@ -550,7 +550,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
goto err;
}
- s->session_ctx->stats.sess_hit++;
+ s->session_ctx->internal->stats.sess_hit++;
if (s->session != NULL)
SSL_SESSION_free(s->session);
@@ -641,7 +641,7 @@ SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
ctx->session_cache_tail, 0))
break;
else
- ctx->stats.sess_cache_full++;
+ ctx->internal->stats.sess_cache_full++;
}
}
}