Change SSLContext to use a ThreadLocalPRNG

Summary:Use a ThreadLocalPRNG insteaad of a per context RNG. This avoids calls to Random::seed on context creation which can get expensive when many are created in an application. Reviewed By: siyengar Differential Revision: D3105501 fb-gh-sync-id: 92d987c27a1f190a98035ca25c23b994ca915007 fbshipit-source-id: 92d987c27a1f190a98035ca25c23b994ca915007

Change SSLContext to use a ThreadLocalPRNG
Summary:Use a ThreadLocalPRNG insteaad of a per context RNG. This avoids calls to Random::seed on context creation which can get expensive when many are created in an application. Reviewed By: siyengar Differential Revision: D3105501 fb-gh-sync-id: 92d987c27a1f190a98035ca25c23b994ca915007 fbshipit-source-id: 92d987c27a1f190a98035ca25c23b994ca915007
03afacaf · Neel Goyal · Facebook Github Bot 2 · 8063649a · 03afacaf · 03afacaf
Commit 03afacaf authored Mar 29, 2016 by Neel Goyal Committed by Facebook Github Bot 2 Mar 29, 2016
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 7 deletions

folly/io/async/SSLContext.cpp folly/io/async/SSLContext.cpp +5 -4

folly/io/async/SSLContext.h folly/io/async/SSLContext.h +0 -3

No files found.
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -23,6 +23,7 @@
 #include <folly/Format.h>
 #include <folly/Memory.h>
+#include <folly/Random.h>
 #include <folly/SpinLock.h>
 // ---------------------------------------------------------------------
@@ -85,8 +86,6 @@ SSLContext::SSLContext(SSLVersion version) {
  SSL_CTX_set_tlsext_servername_callback(ctx_, baseServerNameOpenSSLCallback);
  SSL_CTX_set_tlsext_servername_arg(ctx_, this);
 #endif
-  Random::seed(randomGenerator_);
 }
 SSLContext::~SSLContext() {
@@ -359,7 +358,8 @@ void SSLContext::switchCiphersIfTLS11(
      cipherListPicker_.reset(
          new std::discrete_distribution<int>(weights.begin(), weights.end()));
    }
-    auto index = (*cipherListPicker_)(randomGenerator_);
+    auto rng = ThreadLocalPRNG();
+    auto index = (*cipherListPicker_)(rng);
    if ((size_t)index >= tls11AltCipherlist.size()) {
      LOG(ERROR) << "Trying to pick alt TLS11 cipher index " << index
                 << ", but tls11AltCipherlist is of length "
@@ -499,7 +499,8 @@ void SSLContext::unsetNextProtocols() {
 size_t SSLContext::pickNextProtocols() {
  CHECK(!advertisedNextProtocols_.empty()) << "Failed to pickNextProtocols";
-  return nextProtocolDistribution_(randomGenerator_);
+  auto rng = ThreadLocalPRNG();
+  return nextProtocolDistribution_(rng);
 }
 int SSLContext::advertisedNextProtocolCallback(SSL* ssl,

--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -36,7 +36,6 @@
 #include <folly/folly-config.h>
 #endif
-#include <folly/Random.h>
 #include <folly/Range.h>
 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
 #include <folly/io/async/ssl/OpenSSLUtils.h>
@@ -494,8 +493,6 @@ class SSLContext {
  static bool initialized_;
-  // Used in randomized next-proto pick / randomized cipherlist
-  Random::DefaultGenerator randomGenerator_;
  // To provide control over choice of server ciphersuites
  std::unique_ptr<std::discrete_distribution<int>> cipherListPicker_;