kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove SSL_CTX_sessions and properly lock SSL_CTX_sess_number.

Browse Source 
SSL_CTX_sessions is the only think making us expose LHASH as public API
and nothing uses it. Nothing can use it anyway as it's not thread-safe.
I haven't actually removed it yet since SSL_CTX is public, but once the
types are opaque, we could trim the number of symbols ssl.h pulls in
with some work.

Relatedly, fix thread safety of SSL_CTX_sess_number.

Change-Id: I75a6c93509d462cd5ed3ce76c587f0d1e7cd0797
Reviewed-on: https://boringssl-review.googlesource.com/20804
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-09-27 17:03:54 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 73d42e614c
commit 9eaa3bd55d
4 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/openssl/ssl.h
View File

@ -1854,9 +1854,6 @@ OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,
// session cache. // session cache.
OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx); OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx);
// SSL_CTX_sessions returns |ctx|'s internal session cache.
OPENSSL_EXPORT LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
// SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal // SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal
// session cache. // session cache.
OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx); OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx);

3
ssl/ssl_lib.cc
View File

@ -1566,9 +1566,8 @@ int SSL_get_secure_renegotiation_support(const SSL *ssl) {
ssl->s3->send_connection_binding; ssl->s3->send_connection_binding;
} }
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; }
size_t SSL_CTX_sess_number(const SSL_CTX *ctx) { size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
MutexReadLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));
return lh_SSL_SESSION_num_items(ctx->sessions); return lh_SSL_SESSION_num_items(ctx->sessions);
} }

3
ssl/ssl_session.cc
View File

@ -1041,7 +1041,8 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session) {
// Enforce any cache size limits. // Enforce any cache size limits.
if (SSL_CTX_sess_get_cache_size(ctx) > 0) { if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { while (lh_SSL_SESSION_num_items(ctx->sessions) >
SSL_CTX_sess_get_cache_size(ctx)) {
if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) {
break; break;
} }

2
ssl/ssl_test.cc
View File

@ -1399,7 +1399,7 @@ static bool CacheEquals(SSL_CTX *ctx,
// Check the hash table. // Check the hash table.
std::vector<SSL_SESSION*> actual, expected_copy; std::vector<SSL_SESSION*> actual, expected_copy;
lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual); lh_SSL_SESSION_doall_arg(ctx->sessions, AppendSession, &actual);
expected_copy = expected; expected_copy = expected;
std::sort(actual.begin(), actual.end()); std::sort(actual.begin(), actual.end());