Commit 03afacaf authored by Neel Goyal's avatar Neel Goyal Committed by Facebook Github Bot 2

Change SSLContext to use a ThreadLocalPRNG

Summary:Use a ThreadLocalPRNG insteaad of a per context RNG.  This avoids
calls to Random::seed on context creation which can get expensive
when many are created in an application.

Reviewed By: siyengar

Differential Revision: D3105501

fb-gh-sync-id: 92d987c27a1f190a98035ca25c23b994ca915007
fbshipit-source-id: 92d987c27a1f190a98035ca25c23b994ca915007
parent 8063649a
......@@ -23,6 +23,7 @@
#include <folly/Format.h>
#include <folly/Memory.h>
#include <folly/Random.h>
#include <folly/SpinLock.h>
// ---------------------------------------------------------------------
......@@ -85,8 +86,6 @@ SSLContext::SSLContext(SSLVersion version) {
SSL_CTX_set_tlsext_servername_callback(ctx_, baseServerNameOpenSSLCallback);
SSL_CTX_set_tlsext_servername_arg(ctx_, this);
#endif
Random::seed(randomGenerator_);
}
SSLContext::~SSLContext() {
......@@ -359,7 +358,8 @@ void SSLContext::switchCiphersIfTLS11(
cipherListPicker_.reset(
new std::discrete_distribution<int>(weights.begin(), weights.end()));
}
auto index = (*cipherListPicker_)(randomGenerator_);
auto rng = ThreadLocalPRNG();
auto index = (*cipherListPicker_)(rng);
if ((size_t)index >= tls11AltCipherlist.size()) {
LOG(ERROR) << "Trying to pick alt TLS11 cipher index " << index
<< ", but tls11AltCipherlist is of length "
......@@ -499,7 +499,8 @@ void SSLContext::unsetNextProtocols() {
size_t SSLContext::pickNextProtocols() {
CHECK(!advertisedNextProtocols_.empty()) << "Failed to pickNextProtocols";
return nextProtocolDistribution_(randomGenerator_);
auto rng = ThreadLocalPRNG();
return nextProtocolDistribution_(rng);
}
int SSLContext::advertisedNextProtocolCallback(SSL* ssl,
......
......@@ -36,7 +36,6 @@
#include <folly/folly-config.h>
#endif
#include <folly/Random.h>
#include <folly/Range.h>
#include <folly/io/async/ssl/OpenSSLPtrTypes.h>
#include <folly/io/async/ssl/OpenSSLUtils.h>
......@@ -494,8 +493,6 @@ class SSLContext {
static bool initialized_;
// Used in randomized next-proto pick / randomized cipherlist
Random::DefaultGenerator randomGenerator_;
// To provide control over choice of server ciphersuites
std::unique_ptr<std::discrete_distribution<int>> cipherListPicker_;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment