From e7231fdbd91f883b0e16e7ea3505d8233612885c Mon Sep 17 00:00:00 2001
From: Neel Goyal <ngoyal@fb.com>
Date: Thu, 13 Apr 2017 12:14:40 -0700
Subject: [PATCH] Add method to check if SSL Lock is disabled

Summary:
Add a method where users can determine if a SSL lock is disabled.

This can help when it comes to making decisions about things like whether reusing SSL Contexts is safe in multithreaded programs.

Reviewed By: siyengar

Differential Revision: D4875780

fbshipit-source-id: 91e9259fee25856be1b77823559d16d0679bde5b
---
 folly/io/async/SSLContext.cpp               |  7 +++++++
 folly/io/async/SSLContext.h                 | 10 ++++++++++
 folly/io/async/test/AsyncSSLSocketTest2.cpp | 14 ++++++++++++++
 3 files changed, 31 insertions(+)

diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index 76bb4aa6..630b34d2 100644
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -804,6 +804,13 @@ void SSLContext::setSSLLockTypes(std::map<int, SSLLockType> inLockTypes) {
   lockTypes() = inLockTypes;
 }
 
+bool SSLContext::isSSLLockDisabled(int lockId) {
+  const auto& sslLocks = lockTypes();
+  const auto it = sslLocks.find(lockId);
+  return it != sslLocks.end() &&
+      it->second == SSLContext::SSLLockType::LOCK_NONE;
+}
+
 #if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH)
 void SSLContext::enableFalseStart() {
   SSL_CTX_set_mode(ctx_, SSL_MODE_HANDSHAKE_CUTTHROUGH);
diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h
index f4a638ef..5e539e0c 100644
--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -449,6 +449,16 @@ class SSLContext {
    */
   static void setSSLLockTypes(std::map<int, SSLLockType> lockTypes);
 
+  /**
+   * Determine if the SSL lock with the specified id (i.e.
+   * CRYPTO_LOCK_SSL_SESSION) is disabled.  This should be called after
+   * initializeOpenSSL.  This will only check if the specified lock has been
+   * explicitly set to LOCK_NONE.
+   *
+   * This is not safe to call while setSSLLockTypes is being called.
+   */
+  static bool isSSLLockDisabled(int lockId);
+
   /**
    * Examine OpenSSL's error stack, and return a string description of the
    * errors.
diff --git a/folly/io/async/test/AsyncSSLSocketTest2.cpp b/folly/io/async/test/AsyncSSLSocketTest2.cpp
index 06b6db7d..bd85d533 100644
--- a/folly/io/async/test/AsyncSSLSocketTest2.cpp
+++ b/folly/io/async/test/AsyncSSLSocketTest2.cpp
@@ -191,6 +191,20 @@ TEST(AsyncSSLSocketTest2, AttachDetachSSLContext) {
   EXPECT_TRUE(f.within(std::chrono::seconds(3)).get());
 }
 
+TEST(AsyncSSLSocketTest2, SSLContextLocks) {
+  SSLContext::initializeOpenSSL();
+// these are checks based on the locks that are set in the main below
+#ifdef CRYPTO_LOCK_EVP_PKEY
+  EXPECT_TRUE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_EVP_PKEY));
+#endif
+#ifdef CRYPTO_LOCK_SSL_SESSION
+  EXPECT_FALSE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_SSL_SESSION));
+#endif
+#ifdef CRYPTO_LOCK_ERR
+  EXPECT_FALSE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_ERR));
+#endif
+}
+
 }  // folly
 
 int main(int argc, char *argv[]) {
-- 
2.34.1