D2741855 broke my wangle. Reverting

Summary: Revert D2741855

Reviewed By: mzlee

Differential Revision: D2744015

fb-gh-sync-id: b1e9b0a5ab95cb988d2b5c08c86139452b092465

diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index 4e8ea69f5a4b5d82a1d73b416fa33fbcf7785c51..7ab01c301f8be6d56ed9b35a95a0202330b2773b 100644 (file)
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -84,10 +84,6 @@ SSLContext::SSLContext(SSLVersion version) {
   SSL_CTX_set_tlsext_servername_callback(ctx_, baseServerNameOpenSSLCallback);
   SSL_CTX_set_tlsext_servername_arg(ctx_, this);
 #endif
-
-#ifdef OPENSSL_NPN_NEGOTIATED
-  Random::seed(nextProtocolPicker_);
-#endif
 }
 
 SSLContext::~SSLContext() {
@@ -378,16 +374,16 @@ bool SSLContext::setRandomizedAdvertisedNextProtocols(
       dst += protoLength;
     }
     total_weight += item.weight;
+    advertised_item.probability = item.weight;
     advertisedNextProtocols_.push_back(advertised_item);
-    advertisedNextProtocolWeights_.push_back(item.weight);
   }
   if (total_weight == 0) {
     deleteNextProtocolsStrings();
     return false;
   }
-  nextProtocolDistribution_ =
-      std::discrete_distribution<>(advertisedNextProtocolWeights_.begin(),
-                                   advertisedNextProtocolWeights_.end());
+  for (auto& advertised_item : advertisedNextProtocols_) {
+    advertised_item.probability /= total_weight;
+  }
   if ((uint8_t)protocolType & (uint8_t)NextProtocolType::NPN) {
     SSL_CTX_set_next_protos_advertised_cb(
         ctx_, advertisedNextProtocolCallback, this);
@@ -410,7 +406,6 @@ void SSLContext::deleteNextProtocolsStrings() {
     delete[] protocols.protocols;
   }
   advertisedNextProtocols_.clear();
-  advertisedNextProtocolWeights_.clear();
 }
 
 void SSLContext::unsetNextProtocols() {
@@ -424,8 +419,18 @@ void SSLContext::unsetNextProtocols() {
 }
 
 size_t SSLContext::pickNextProtocols() {
-  CHECK(!advertisedNextProtocols_.empty()) << "Failed to pickNextProtocols";
-  return nextProtocolDistribution_(nextProtocolPicker_);
+  unsigned char random_byte;
+  RAND_bytes(&random_byte, 1);
+  double random_value = random_byte / 255.0;
+  double sum = 0;
+  for (size_t i = 0; i < advertisedNextProtocols_.size(); ++i) {
+    sum += advertisedNextProtocols_[i].probability;
+    if (sum < random_value && i + 1 < advertisedNextProtocols_.size()) {
+      continue;
+    }
+    return i;
+  }
+  CHECK(false) << "Failed to pickNextProtocols";
 }
 
 int SSLContext::advertisedNextProtocolCallback(SSL* ssl,

diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h
index e20b093b4007839c95722e47e931f35ce49adac7..316fc1e33ba8e007fe07d853b6407eea5debe062 100644 (file)
--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -22,7 +22,6 @@
 #include <vector>
 #include <memory>
 #include <string>
-#include <random>
 
 #include <openssl/ssl.h>
 #include <openssl/tls1.h>
@@ -36,8 +35,6 @@
 #include <folly/folly-config.h>
 #endif
 
-#include <folly/Random.h>
-
 namespace folly {
 
 /**
@@ -90,6 +87,12 @@ class SSLContext {
     std::list<std::string> protocols;
   };
 
+  struct AdvertisedNextProtocolsItem {
+    unsigned char* protocols;
+    unsigned length;
+    double probability;
+  };
+
   // Function that selects a client protocol given the server's list
   using ClientProtocolFilterCallback = bool (*)(unsigned char**, unsigned int*,
                                         const unsigned char*, unsigned int);
@@ -455,20 +458,10 @@ class SSLContext {
   static bool initialized_;
 
 #ifdef OPENSSL_NPN_NEGOTIATED
-
-  struct AdvertisedNextProtocolsItem {
-    unsigned char* protocols;
-    unsigned length;
-  };
-
   /**
    * Wire-format list of advertised protocols for use in NPN.
    */
   std::vector<AdvertisedNextProtocolsItem> advertisedNextProtocols_;
-  std::vector<int> advertisedNextProtocolWeights_;
-  std::discrete_distribution<int> nextProtocolDistribution_;
-  Random::DefaultGenerator nextProtocolPicker_;
-
   static int sNextProtocolsExDataIndex_;
 
   static int advertisedNextProtocolCallback(SSL* ssl,