diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/d1_clnt.c | 10 | ||||
-rw-r--r-- | lib/libssl/d1_srvr.c | 8 | ||||
-rw-r--r-- | lib/libssl/s23_clnt.c | 4 | ||||
-rw-r--r-- | lib/libssl/s23_srvr.c | 4 | ||||
-rw-r--r-- | lib/libssl/s3_clnt.c | 10 | ||||
-rw-r--r-- | lib/libssl/s3_srvr.c | 8 | ||||
-rw-r--r-- | lib/libssl/ssl.h | 21 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 30 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 22 | ||||
-rw-r--r-- | lib/libssl/ssl_sess.c | 12 |
10 files changed, 64 insertions, 65 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index af3196ff173..71cd845ac69 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.62 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.63 2017/01/23 00:12:54 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -205,7 +205,7 @@ dtls1_connect(SSL *s) case SSL_ST_RENEGOTIATE: s->renegotiate = 1; s->state = SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; + s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: case SSL_ST_CONNECT: @@ -242,7 +242,7 @@ dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ s->state = SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; + s->ctx->internal->stats.sess_connect++; s->init_num = 0; /* mark client_random uninitialized */ memset(s->s3->client_random, 0, @@ -555,12 +555,12 @@ dtls1_connect(SSL *s) ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); if (s->hit) - s->ctx->stats.sess_hit++; + s->ctx->internal->stats.sess_hit++; ret = 1; /* s->server=0; */ s->handshake_func = dtls1_connect; - s->ctx->stats.sess_connect_good++; + s->ctx->internal->stats.sess_connect_good++; if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_DONE, 1); diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 8722c1690db..7cb1fdf3ded 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.72 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.73 2017/01/23 00:12:54 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -259,11 +259,11 @@ dtls1_accept(SSL *s) } s->state = SSL3_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; + s->ctx->internal->stats.sess_accept++; } else { /* s->state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest */ - s->ctx->stats.sess_accept_renegotiate++; + s->ctx->internal->stats.sess_accept_renegotiate++; s->state = SSL3_ST_SW_HELLO_REQ_A; } @@ -641,7 +641,7 @@ dtls1_accept(SSL *s) ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - s->ctx->stats.sess_accept_good++; + s->ctx->internal->stats.sess_accept_good++; /* s->server=1; */ s->handshake_func = dtls1_accept; diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c index c4fad5b0114..a7ad53fd98e 100644 --- a/lib/libssl/s23_clnt.c +++ b/lib/libssl/s23_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_clnt.c,v 1.49 2017/01/03 16:57:15 jsing Exp $ */ +/* $OpenBSD: s23_clnt.c,v 1.50 2017/01/23 00:12:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -174,7 +174,7 @@ ssl23_connect(SSL *s) } s->state = SSL23_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; + s->ctx->internal->stats.sess_connect++; s->init_num = 0; break; diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c index a80d1962900..e4cb633d06e 100644 --- a/lib/libssl/s23_srvr.c +++ b/lib/libssl/s23_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_srvr.c,v 1.50 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: s23_srvr.c,v 1.51 2017/01/23 00:12:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -164,7 +164,7 @@ ssl23_accept(SSL *s) } s->state = SSL23_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; + s->ctx->internal->stats.sess_accept++; s->init_num = 0; break; diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 0d3f09728ec..18e34f7b7bb 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.162 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.163 2017/01/23 00:12:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -199,7 +199,7 @@ ssl3_connect(SSL *s) case SSL_ST_RENEGOTIATE: s->renegotiate = 1; s->state = SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; + s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: case SSL_ST_CONNECT: @@ -241,7 +241,7 @@ ssl3_connect(SSL *s) } s->state = SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; + s->ctx->internal->stats.sess_connect++; s->init_num = 0; break; @@ -539,12 +539,12 @@ ssl3_connect(SSL *s) ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); if (s->hit) - s->ctx->stats.sess_hit++; + s->ctx->internal->stats.sess_hit++; ret = 1; /* s->server=0; */ s->handshake_func = ssl3_connect; - s->ctx->stats.sess_connect_good++; + s->ctx->internal->stats.sess_connect_good++; if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_DONE, 1); diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 099537f7eaf..a18b2182077 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.141 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.142 2017/01/23 00:12:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -246,7 +246,7 @@ ssl3_accept(SSL *s) } s->state = SSL3_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; + s->ctx->internal->stats.sess_accept++; } else if (!S3I(s)->send_connection_binding) { /* * Server attempting to renegotiate with @@ -264,7 +264,7 @@ ssl3_accept(SSL *s) * s->state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest */ - s->ctx->stats.sess_accept_renegotiate++; + s->ctx->internal->stats.sess_accept_renegotiate++; s->state = SSL3_ST_SW_HELLO_REQ_A; } break; @@ -660,7 +660,7 @@ ssl3_accept(SSL *s) ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - s->ctx->stats.sess_accept_good++; + s->ctx->internal->stats.sess_accept_good++; /* s->server=1; */ s->handshake_func = ssl3_accept; diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index fa1027fa281..9f9343e69de 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.106 2017/01/22 06:36:49 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.107 2017/01/23 00:12:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -730,25 +730,6 @@ struct ssl_ctx_st { SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, int len, int *copy); - struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate;/* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate;/* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not - * in the cache was - * passed back via the callback. This - * indicates that the application is - * supplying session-id's from other - * processes - spooky :-) */ - } stats; - int references; /* if defined, these override the X509_verify_cert() calls */ diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 96aea4c5dd6..f4bb2128657 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.129 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.130 2017/01/23 00:12:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1157,27 +1157,27 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SESS_NUMBER: return (lh_SSL_SESSION_num_items(ctx->sessions)); case SSL_CTRL_SESS_CONNECT: - return (ctx->stats.sess_connect); + return (ctx->internal->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: - return (ctx->stats.sess_connect_good); + return (ctx->internal->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return (ctx->stats.sess_connect_renegotiate); + return (ctx->internal->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: - return (ctx->stats.sess_accept); + return (ctx->internal->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: - return (ctx->stats.sess_accept_good); + return (ctx->internal->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return (ctx->stats.sess_accept_renegotiate); + return (ctx->internal->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: - return (ctx->stats.sess_hit); + return (ctx->internal->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: - return (ctx->stats.sess_cb_hit); + return (ctx->internal->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: - return (ctx->stats.sess_miss); + return (ctx->internal->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: - return (ctx->stats.sess_timeout); + return (ctx->internal->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: - return (ctx->stats.sess_cache_full); + return (ctx->internal->stats.sess_cache_full); case SSL_CTRL_OPTIONS: return (ctx->options|=larg); case SSL_CTRL_CLEAR_OPTIONS: @@ -1836,7 +1836,7 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->get_session_cb = 0; ret->generate_session_id = 0; - memset((char *)&ret->stats, 0, sizeof(ret->stats)); + memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats)); ret->references = 1; ret->quiet_shutdown = 0; @@ -2285,8 +2285,8 @@ ssl_update_cache(SSL *s, int mode) if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { if ((((mode & SSL_SESS_CACHE_CLIENT) ? - s->session_ctx->stats.sess_connect_good : - s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { + s->session_ctx->internal->stats.sess_connect_good : + s->session_ctx->internal->stats.sess_accept_good) & 0xff) == 0xff) { SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); } } diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index a187c8d77a6..3f63b1de2f8 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.151 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.152 2017/01/23 00:12:55 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -384,6 +384,25 @@ typedef struct ssl_ctx_internal_st { uint16_t min_version; uint16_t max_version; + struct { + int sess_connect; /* SSL new conn - started */ + int sess_connect_renegotiate;/* SSL reneg - requested */ + int sess_connect_good; /* SSL new conne/reneg - finished */ + int sess_accept; /* SSL new accept - started */ + int sess_accept_renegotiate;/* SSL reneg - requested */ + int sess_accept_good; /* SSL accept/reneg - finished */ + int sess_miss; /* session lookup misses */ + int sess_timeout; /* reuse attempt on timeouted session */ + int sess_cache_full; /* session removed due to full cache */ + int sess_hit; /* session reuse actually done */ + int sess_cb_hit; /* session-id that was not + * in the cache was + * passed back via the callback. This + * indicates that the application is + * supplying session-id's from other + * processes - spooky :-) */ + } stats; + /* Next protocol negotiation information */ /* (for experimental NPN extension). */ @@ -422,7 +441,6 @@ typedef struct ssl_ctx_internal_st { /* Client list of supported protocols in wire format. */ unsigned char *alpn_client_proto_list; unsigned int alpn_client_proto_list_len; - } SSL_CTX_INTERNAL; typedef struct ssl_internal_st { diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index dc4894c64cf..7f03d12d355 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.55 2017/01/22 05:14:42 beck Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.56 2017/01/23 00:12:55 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -466,7 +466,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); if (ret == NULL) - s->session_ctx->stats.sess_miss++; + s->session_ctx->internal->stats.sess_miss++; } if (try_session_cache && ret == NULL && @@ -475,7 +475,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { - s->session_ctx->stats.sess_cb_hit++; + s->session_ctx->internal->stats.sess_cb_hit++; /* * Increment reference count now if the session @@ -542,7 +542,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, if (ret->timeout < (time(NULL) - ret->time)) { /* timeout */ - s->session_ctx->stats.sess_timeout++; + s->session_ctx->internal->stats.sess_timeout++; if (try_session_cache) { /* session was from the cache, so remove it */ SSL_CTX_remove_session(s->session_ctx, ret); @@ -550,7 +550,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, goto err; } - s->session_ctx->stats.sess_hit++; + s->session_ctx->internal->stats.sess_hit++; if (s->session != NULL) SSL_SESSION_free(s->session); @@ -641,7 +641,7 @@ SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) ctx->session_cache_tail, 0)) break; else - ctx->stats.sess_cache_full++; + ctx->internal->stats.sess_cache_full++; } } } |