From: Neel Goyal <ngoyal@fb.com>
Date: Tue, 29 Mar 2016 17:47:14 +0000 (-0700)
Subject: Change SSLContext to use a ThreadLocalPRNG
X-Git-Tag: 2016.07.26~401
X-Git-Url: http://plrg.eecs.uci.edu/git/?p=folly.git;a=commitdiff_plain;h=03afacaf318c61b99ad09cd66ef028a38046fb48

Change SSLContext to use a ThreadLocalPRNG

Summary:Use a ThreadLocalPRNG insteaad of a per context RNG.  This avoids
calls to Random::seed on context creation which can get expensive
when many are created in an application.

Reviewed By: siyengar

Differential Revision: D3105501

fb-gh-sync-id: 92d987c27a1f190a98035ca25c23b994ca915007
fbshipit-source-id: 92d987c27a1f190a98035ca25c23b994ca915007
---

diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index eb9920a7..ac032da2 100644
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -23,6 +23,7 @@
 
 #include <folly/Format.h>
 #include <folly/Memory.h>
+#include <folly/Random.h>
 #include <folly/SpinLock.h>
 
 // ---------------------------------------------------------------------
@@ -85,8 +86,6 @@ SSLContext::SSLContext(SSLVersion version) {
   SSL_CTX_set_tlsext_servername_callback(ctx_, baseServerNameOpenSSLCallback);
   SSL_CTX_set_tlsext_servername_arg(ctx_, this);
 #endif
-
-  Random::seed(randomGenerator_);
 }
 
 SSLContext::~SSLContext() {
@@ -359,7 +358,8 @@ void SSLContext::switchCiphersIfTLS11(
       cipherListPicker_.reset(
           new std::discrete_distribution<int>(weights.begin(), weights.end()));
     }
-    auto index = (*cipherListPicker_)(randomGenerator_);
+    auto rng = ThreadLocalPRNG();
+    auto index = (*cipherListPicker_)(rng);
     if ((size_t)index >= tls11AltCipherlist.size()) {
       LOG(ERROR) << "Trying to pick alt TLS11 cipher index " << index
                  << ", but tls11AltCipherlist is of length "
@@ -499,7 +499,8 @@ void SSLContext::unsetNextProtocols() {
 
 size_t SSLContext::pickNextProtocols() {
   CHECK(!advertisedNextProtocols_.empty()) << "Failed to pickNextProtocols";
-  return nextProtocolDistribution_(randomGenerator_);
+  auto rng = ThreadLocalPRNG();
+  return nextProtocolDistribution_(rng);
 }
 
 int SSLContext::advertisedNextProtocolCallback(SSL* ssl,
diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h
index 7b1df4ad..e3ebaf5f 100644
--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -36,7 +36,6 @@
 #include <folly/folly-config.h>
 #endif
 
-#include <folly/Random.h>
 #include <folly/Range.h>
 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
 #include <folly/io/async/ssl/OpenSSLUtils.h>
@@ -494,8 +493,6 @@ class SSLContext {
 
   static bool initialized_;
 
-  // Used in randomized next-proto pick / randomized cipherlist
-  Random::DefaultGenerator randomGenerator_;
   // To provide control over choice of server ciphersuites
   std::unique_ptr<std::discrete_distribution<int>> cipherListPicker_;