Remove SSL_CTX_sessions and properly lock SSL_CTX_sess_number.
SSL_CTX_sessions is the only think making us expose LHASH as public API and nothing uses it. Nothing can use it anyway as it's not thread-safe. I haven't actually removed it yet since SSL_CTX is public, but once the types are opaque, we could trim the number of symbols ssl.h pulls in with some work. Relatedly, fix thread safety of SSL_CTX_sess_number. Change-Id: I75a6c93509d462cd5ed3ce76c587f0d1e7cd0797 Reviewed-on: https://boringssl-review.googlesource.com/20804 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
73d42e614c
commit
9eaa3bd55d
@ -1854,9 +1854,6 @@ OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,
|
||||
// session cache.
|
||||
OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx);
|
||||
|
||||
// SSL_CTX_sessions returns |ctx|'s internal session cache.
|
||||
OPENSSL_EXPORT LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
|
||||
|
||||
// SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal
|
||||
// session cache.
|
||||
OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx);
|
||||
|
@ -1566,9 +1566,8 @@ int SSL_get_secure_renegotiation_support(const SSL *ssl) {
|
||||
ssl->s3->send_connection_binding;
|
||||
}
|
||||
|
||||
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; }
|
||||
|
||||
size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
|
||||
MutexReadLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));
|
||||
return lh_SSL_SESSION_num_items(ctx->sessions);
|
||||
}
|
||||
|
||||
|
@ -1041,7 +1041,8 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session) {
|
||||
|
||||
// Enforce any cache size limits.
|
||||
if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
|
||||
while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
|
||||
while (lh_SSL_SESSION_num_items(ctx->sessions) >
|
||||
SSL_CTX_sess_get_cache_size(ctx)) {
|
||||
if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) {
|
||||
break;
|
||||
}
|
||||
|
@ -1399,7 +1399,7 @@ static bool CacheEquals(SSL_CTX *ctx,
|
||||
|
||||
// Check the hash table.
|
||||
std::vector<SSL_SESSION*> actual, expected_copy;
|
||||
lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
|
||||
lh_SSL_SESSION_doall_arg(ctx->sessions, AppendSession, &actual);
|
||||
expected_copy = expected;
|
||||
|
||||
std::sort(actual.begin(), actual.end());
|
||||
|
Loading…
Reference in New Issue
Block a user