X-Git-Url: http://plrg.eecs.uci.edu/git/?p=folly.git;a=blobdiff_plain;f=folly%2Fio%2Fasync%2FSSLContext.cpp;h=5ef22353efd3cde0e8950278bf7268fa23f1d7ec;hp=f3ca89f5b4b2af57adf793083d9b030009543933;hb=9d23df15330c1c21c4719bf0f05c04b21c5e6bb3;hpb=95c8e0726ef79fd286e11e02d7a6c279be8fceae diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp index f3ca89f5..5ef22353 100644 --- a/folly/io/async/SSLContext.cpp +++ b/folly/io/async/SSLContext.cpp @@ -16,15 +16,12 @@ #include "SSLContext.h" -#include -#include -#include -#include - #include #include #include +#include #include +#include // --------------------------------------------------------------------- // SSLContext implementation @@ -105,7 +102,6 @@ SSLContext::~SSLContext() { } void SSLContext::ciphers(const std::string& ciphers) { - providedCiphersString_ = ciphers; setCiphersOrThrow(ciphers); } @@ -191,6 +187,7 @@ void SSLContext::setCiphersOrThrow(const std::string& ciphers) { if (rc == 0) { throw std::runtime_error("SSL_CTX_set_cipher_list: " + getErrors()); } + providedCiphersString_ = ciphers; } void SSLContext::setVerificationOption(const SSLContext::SSLVerifyPeerEnum& @@ -726,20 +723,32 @@ struct SSLLock { lockType(inLockType) { } - void lock() { + void lock(bool read) { if (lockType == SSLContext::LOCK_MUTEX) { mutex.lock(); } else if (lockType == SSLContext::LOCK_SPINLOCK) { spinLock.lock(); + } else if (lockType == SSLContext::LOCK_SHAREDMUTEX) { + if (read) { + sharedMutex.lock_shared(); + } else { + sharedMutex.lock(); + } } // lockType == LOCK_NONE, no-op } - void unlock() { + void unlock(bool read) { if (lockType == SSLContext::LOCK_MUTEX) { mutex.unlock(); } else if (lockType == SSLContext::LOCK_SPINLOCK) { spinLock.unlock(); + } else if (lockType == SSLContext::LOCK_SHAREDMUTEX) { + if (read) { + sharedMutex.unlock_shared(); + } else { + sharedMutex.unlock(); + } } // lockType == LOCK_NONE, no-op } @@ -747,6 +756,7 @@ struct SSLLock { SSLContext::SSLLockType lockType; folly::SpinLock spinLock{}; std::mutex mutex; + SharedMutex sharedMutex; }; // Statics are unsafe in environments that call exit(). @@ -767,22 +777,14 @@ static std::map& lockTypes() { static void callbackLocking(int mode, int n, const char*, int) { if (mode & CRYPTO_LOCK) { - locks()[size_t(n)].lock(); + locks()[size_t(n)].lock(mode & CRYPTO_READ); } else { - locks()[size_t(n)].unlock(); + locks()[size_t(n)].unlock(mode & CRYPTO_READ); } } static unsigned long callbackThreadID() { - return static_cast( -#ifdef __APPLE__ - pthread_mach_thread_np(pthread_self()) -#elif _MSC_VER - pthread_getw32threadid_np(pthread_self()) -#else - pthread_self() -#endif - ); + return static_cast(folly::getCurrentThreadID()); } static CRYPTO_dynlock_value* dyn_create(const char*, int) { @@ -805,10 +807,38 @@ static void dyn_destroy(struct CRYPTO_dynlock_value* lock, const char*, int) { delete lock; } -void SSLContext::setSSLLockTypes(std::map inLockTypes) { +void SSLContext::setSSLLockTypesLocked(std::map inLockTypes) { lockTypes() = inLockTypes; } +void SSLContext::setSSLLockTypes(std::map inLockTypes) { + std::lock_guard g(initMutex()); + if (initialized_) { + // We set the locks on initialization, so if we are already initialized + // this would have no affect. + LOG(INFO) << "Ignoring setSSLLockTypes after initialization"; + return; + } + setSSLLockTypesLocked(std::move(inLockTypes)); +} + +void SSLContext::setSSLLockTypesAndInitOpenSSL( + std::map inLockTypes) { + std::lock_guard g(initMutex()); + CHECK(!initialized_) << "OpenSSL is already initialized"; + setSSLLockTypesLocked(std::move(inLockTypes)); + initializeOpenSSLLocked(); +} + +bool SSLContext::isSSLLockDisabled(int lockId) { + std::lock_guard g(initMutex()); + CHECK(initialized_) << "OpenSSL is not initialized yet"; + const auto& sslLocks = lockTypes(); + const auto it = sslLocks.find(lockId); + return it != sslLocks.end() && + it->second == SSLContext::SSLLockType::LOCK_NONE; +} + #if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH) void SSLContext::enableFalseStart() { SSL_CTX_set_mode(ctx_, SSL_MODE_HANDSHAKE_CUTTHROUGH);