Add method to check if SSL Lock is disabled

Summary: Add a method where users can determine if a SSL lock is disabled. This can help when it comes to making decisions about things like whether reusing SSL Contexts is safe in multithreaded programs. Reviewed By: siyengar Differential Revision: D4875780 fbshipit-source-id: 91e9259fee25856be1b77823559d16d0679bde5b

Add method to check if SSL Lock is disabled
Summary: Add a method where users can determine if a SSL lock is disabled. This can help when it comes to making decisions about things like whether reusing SSL Contexts is safe in multithreaded programs. Reviewed By: siyengar Differential Revision: D4875780 fbshipit-source-id: 91e9259fee25856be1b77823559d16d0679bde5b
e7231fdb · Neel Goyal · Facebook Github Bot · 37af0398 · e7231fdb · e7231fdb
Commit e7231fdb authored Apr 13, 2017 by Neel Goyal Committed by Facebook Github Bot Apr 13, 2017
3 changed files
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -804,6 +804,13 @@ void SSLContext::setSSLLockTypes(std::map<int, SSLLockType> inLockTypes) {
  lockTypes() = inLockTypes;
 }

+bool SSLContext::isSSLLockDisabled(int lockId) {
+  const auto& sslLocks = lockTypes();
+  const auto it = sslLocks.find(lockId);
+  return it != sslLocks.end() &&
+      it->second == SSLContext::SSLLockType::LOCK_NONE;
+}
+
 #if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH)
 void SSLContext::enableFalseStart() {
  SSL_CTX_set_mode(ctx_, SSL_MODE_HANDSHAKE_CUTTHROUGH);

--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -449,6 +449,16 @@ class SSLContext {
   */
  static void setSSLLockTypes(std::map<int, SSLLockType> lockTypes);

+  /**
+   * Determine if the SSL lock with the specified id (i.e.
+   * CRYPTO_LOCK_SSL_SESSION) is disabled.  This should be called after
+   * initializeOpenSSL.  This will only check if the specified lock has been
+   * explicitly set to LOCK_NONE.
+   *
+   * This is not safe to call while setSSLLockTypes is being called.
+   */
+  static bool isSSLLockDisabled(int lockId);
+
  /**
   * Examine OpenSSL's error stack, and return a string description of the
   * errors.

--- a/folly/io/async/test/AsyncSSLSocketTest2.cpp
+++ b/folly/io/async/test/AsyncSSLSocketTest2.cpp
@@ -191,6 +191,20 @@ TEST(AsyncSSLSocketTest2, AttachDetachSSLContext) {
  EXPECT_TRUE(f.within(std::chrono::seconds(3)).get());
 }

+TEST(AsyncSSLSocketTest2, SSLContextLocks) {
+  SSLContext::initializeOpenSSL();
+// these are checks based on the locks that are set in the main below
+#ifdef CRYPTO_LOCK_EVP_PKEY
+  EXPECT_TRUE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_EVP_PKEY));
+#endif
+#ifdef CRYPTO_LOCK_SSL_SESSION
+  EXPECT_FALSE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_SSL_SESSION));
+#endif
+#ifdef CRYPTO_LOCK_ERR
+  EXPECT_FALSE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_ERR));
+#endif
+}
+
 }  // folly

 int main(int argc, char *argv[]) {