WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #274 from cconlon/WolfSSLAuthStoreLock 

Reduce synchronization overhead in WolfSSLAuthStore
master
JacobBarthelmeh 2025-06-10 16:33:58 -06:00 committed by GitHub
parent 3577420751 81bc1c0deb
commit b85d4a18a4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 126 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/java/com/wolfssl/WolfSSLDebug.java
View File

@ -548,9 +548,13 @@ public class WolfSSLDebug {
}
/**
* Check if debug logging is enabled for the specified component
* Check if debug logging is enabled for the specified component.
*
* @param component the component to check (JNI or JSSE)
*
* @return true if debug logging is enabled for the component,
*/
private static boolean isDebugEnabled(Component component) {
public static boolean isDebugEnabled(Component component) {
if (component == Component.JSSE && DEBUG) {
return true;
}

36
src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java
View File

@ -314,13 +314,14 @@ public class WolfSSLAuthStore {
* object if not in cache, called on server side, or host
* is null
*/
protected synchronized WolfSSLImplementSSLSession getSession(
protected WolfSSLImplementSSLSession getSession(
WolfSSLSession ssl, int port, String host, boolean clientMode,
String[] enabledCipherSuites, String[] enabledProtocols) {
boolean needNewSession = false;
WolfSSLImplementSSLSession ses = null;
String toHash = null;
int hashCode = 0;
if (ssl == null) {
return null;
@ -339,22 +340,25 @@ public class WolfSSLAuthStore {
* Synchronizes on storeLock internally. */
printSessionStoreStatus();
/* Lock on static/global storeLock, since Java session cache table
* is shared between all threads */
/* Generate cache key hash (host:port), outside lock */
toHash = host.concat(Integer.toString(port));
hashCode = toHash.hashCode();
/* Lock on static/global storeLock while getting session out of
* store, since Java session cache table is shared between all
* threads */
synchronized (storeLock) {
/* Generate cache key hash (host:port) */
toHash = host.concat(Integer.toString(port));
/* Try getting session out of Java store */
ses = store.get(toHash.hashCode());
ses = store.get(hashCode);
/* Remove old entry from table. TLS 1.3 binder changes between
* resumptions and stored session should only be used to
* resume once. New session structure/object will be cached
* after the resumed session completes the handshake, for
* subsequent resumption attempts to use. */
store.remove(toHash.hashCode());
store.remove(hashCode);
}
/* Check conditions where we need to create a new new session:
* 1. Session not found in cache
@ -437,7 +441,6 @@ public class WolfSSLAuthStore {
return ses;
}
}
/**
* Check if cipher suite from original WOLFSSL_SESSION
@ -531,6 +534,11 @@ public class WolfSSLAuthStore {
* prints out host:port of all sessions stored in the store.
* Called by getSession(). */
private void printSessionStoreStatus() {
if (!WolfSSLDebug.isDebugEnabled(WolfSSLDebug.Component.JSSE)) {
return;
}
synchronized (storeLock) {
Collection<WolfSSLImplementSSLSession> values =
store.values();
@ -640,8 +648,6 @@ public class WolfSSLAuthStore {
return WolfSSL.SSL_FAILURE;
}
/* Lock access to store while adding new session, store is global */
synchronized (storeLock) {
if (session.getPeerHost() != null) {
/* Generate key for storing into session table (host:port) */
toHash = session.getPeerHost().concat(Integer.toString(
@ -669,10 +675,14 @@ public class WolfSSLAuthStore {
session.getPeerHost() + ", port: " +
session.getPeerPort() + ") " + "hashCode = " + hashCode +
" side = " + session.getSideString());
store.put(hashCode, session);
session.isInTable = true;
printSessionStoreStatus();
/* Lock access to store while adding new session, store is global */
synchronized (storeLock) {
store.put(hashCode, session);
}
printSessionStoreStatus();
}
return WolfSSL.SSL_SUCCESS;