net: Implement new SSL session cache for OpenSSL sockets.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/err.h>
 #include <openssl/opensslv.h>
 #include <openssl/ssl.h>
 
 #include "base/bind.h"
 #include "base/callback_helpers.h"
 #include "base/memory/singleton.h"
 #include "base/metrics/histogram.h"
 #include "base/synchronization/lock.h"
 #include "crypto/ec_private_key.h"
 #include "crypto/openssl_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/single_request_cert_verifier.h"
 #include "net/cert/x509_certificate_net_log_param.h"
 #include "net/socket/ssl_error_params.h"
+#include "net/socket/ssl_session_cache_openssl.h"
 #include "net/ssl/openssl_client_key_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
 
 namespace net {
 
 namespace {
 
 // Enable this to see logging for state machine state transitions.
 #if 0
 #define GotoState(s) do { DVLOG(2) << (void *)this << " " << __FUNCTION__ << \
                            " jump to state " << s; \
                            next_handshake_state_ = s; } while (0)
 #else
 #define GotoState(s) next_handshake_state_ = s
 #endif
 
-const int kSessionCacheTimeoutSeconds = 60 * 60;
-const size_t kSessionCacheMaxEntires = 1024;
-
 // This constant can be any non-negative/non-zero value (eg: it does not
 // overlap with any value of the net::Error range, including net::OK).
 const int kNoPendingReadResult = 1;
 
 // If a client doesn't have a list of protocols that it supports, but
 // the server supports NPN, choosing "http/1.1" is the best answer.
 const char kDefaultSupportedNPNProtocol[] = "http/1.1";
 
 #if OPENSSL_VERSION_NUMBER < 0x1000103fL
 // This method doesn't seem to have made it into the OpenSSL headers.
@@ skipping 151 matching lines @@
   }
 }
 
 // We do certificate verification after handshake, so we disable the default
 // by registering a no-op verify function.
 int NoOpVerifyCallback(X509_STORE_CTX*, void *) {
   DVLOG(3) << "skipping cert verify";
   return 1;
 }
 
-// OpenSSL manages a cache of SSL_SESSION, this class provides the application
-// side policy for that cache about session re-use: we retain one session per
-// unique HostPortPair, per shard.
-class SSLSessionCache {
- public:
-  SSLSessionCache() {}
-
-  void OnSessionAdded(const HostPortPair& host_and_port,
-                      const std::string& shard,
-                      SSL_SESSION* session) {
-    // Declare the session cleaner-upper before the lock, so any call into
-    // OpenSSL to free the session will happen after the lock is released.
-    crypto::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free;
-    base::AutoLock lock(lock_);
-
-    DCHECK_EQ(0U, session_map_.count(session));
-    const std::string cache_key = GetCacheKey(host_and_port, shard);
-
-    std::pair<HostPortMap::iterator, bool> res =
-        host_port_map_.insert(std::make_pair(cache_key, session));
-    if (!res.second) {  // Already exists: replace old entry.
-      session_to_free.reset(res.first->second);
-      session_map_.erase(session_to_free.get());
-      res.first->second = session;
-    }
-    DVLOG(2) << "Adding session " << session << " => "
-             << cache_key << ", new entry = " << res.second;
-    DCHECK(host_port_map_[cache_key] == session);
-    session_map_[session] = res.first;
-    DCHECK_EQ(host_port_map_.size(), session_map_.size());
-    DCHECK_LE(host_port_map_.size(), kSessionCacheMaxEntires);
-  }
-
-  void OnSessionRemoved(SSL_SESSION* session) {
-    // Declare the session cleaner-upper before the lock, so any call into
-    // OpenSSL to free the session will happen after the lock is released.
-    crypto::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free;
-    base::AutoLock lock(lock_);
-
-    SessionMap::iterator it = session_map_.find(session);
-    if (it == session_map_.end())
-      return;
-    DVLOG(2) << "Remove session " << session << " => " << it->second->first;
-    DCHECK(it->second->second == session);
-    host_port_map_.erase(it->second);
-    session_map_.erase(it);
-    session_to_free.reset(session);
-    DCHECK_EQ(host_port_map_.size(), session_map_.size());
-  }
-
-  // Looks up the host:port in the cache, and if a session is found it is added
-  // to |ssl|, returning true on success.
-  bool SetSSLSession(SSL* ssl, const HostPortPair& host_and_port,
-                     const std::string& shard) {
-    base::AutoLock lock(lock_);
-    const std::string cache_key = GetCacheKey(host_and_port, shard);
-    HostPortMap::iterator it = host_port_map_.find(cache_key);
-    if (it == host_port_map_.end())
-      return false;
-    DVLOG(2) << "Lookup session: " << it->second << " => " << cache_key;
-    SSL_SESSION* session = it->second;
-    DCHECK(session);
-    DCHECK(session_map_[session] == it);
-    // Ideally we'd release |lock_| before calling into OpenSSL here, however
-    // that opens a small risk |session| will go out of scope before it is used.
-    // Alternatively we would take a temporary local refcount on |session|,
-    // except OpenSSL does not provide a public API for adding a ref (c.f.
-    // SSL_SESSION_free which decrements the ref).
-    return SSL_set_session(ssl, session) == 1;
-  }
-
-  // Flush removes all entries from the cache. This is called when a client
-  // certificate is added.
-  void Flush() {
-    base::AutoLock lock(lock_);
-    for (HostPortMap::iterator i = host_port_map_.begin();
-         i != host_port_map_.end(); i++) {
-      SSL_SESSION_free(i->second);
-    }
-    host_port_map_.clear();
-    session_map_.clear();
-  }
-
- private:
-  static std::string GetCacheKey(const HostPortPair& host_and_port,
-                                 const std::string& shard) {
-    return host_and_port.ToString() + "/" + shard;
-  }
-
-  // A pair of maps to allow bi-directional lookups between host:port and an
-  // associated session.
-  typedef std::map<std::string, SSL_SESSION*> HostPortMap;
-  typedef std::map<SSL_SESSION*, HostPortMap::iterator> SessionMap;
-  HostPortMap host_port_map_;
-  SessionMap session_map_;
-
-  // Protects access to both the above maps.
-  base::Lock lock_;
-
-  DISALLOW_COPY_AND_ASSIGN(SSLSessionCache);
-};
-
 // Utility to construct the appropriate set & clear masks for use the OpenSSL
 // options and mode configuration functions. (SSL_set_options etc)
 struct SslSetClearMask {
   SslSetClearMask() : set_mask(0), clear_mask(0) {}
   void ConfigureFlag(long flag, bool state) {
     (state ? set_mask : clear_mask) |= flag;
     // Make sure we haven't got any intersection in the set & clear options.
     DCHECK_EQ(0, set_mask & clear_mask) << flag << ":" << state;
   }
   long set_mask;
   long clear_mask;
 };
 
+// Compute a unique key string for the SSL session cache. |socket| is an
+// input socket object. Return a string.
+std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) {
+  std::string result = socket.host_and_port().ToString();
+  result.append("/");
+  result.append(socket.ssl_session_cache_shard());
+  return result;
+}
+
 }  // namespace
 
 class SSLClientSocketOpenSSL::SSLContext {
  public:
   static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); }
   SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); }
-  SSLSessionCache* session_cache() { return &session_cache_; }
+  SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; }
 
-  SSLClientSocketOpenSSL* GetClientSocketFromSSL(SSL* ssl) {
+  SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) {
     DCHECK(ssl);
     SSLClientSocketOpenSSL* socket = static_cast<SSLClientSocketOpenSSL*>(
         SSL_get_ex_data(ssl, ssl_socket_data_index_));
     DCHECK(socket);
     return socket;
   }
 
   bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) {
     return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0;
   }
 
  private:
   friend struct DefaultSingletonTraits<SSLContext>;
 
   SSLContext() {
     crypto::EnsureOpenSSLInit();
     ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0);
     DCHECK_NE(ssl_socket_data_index_, -1);
     ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method()));
+    session_cache_.Reset(ssl_ctx_.get(), kDefaultSessionCacheConfig);
     SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), NoOpVerifyCallback, NULL);
-    SSL_CTX_set_session_cache_mode(ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT);
-    SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallbackStatic);
-    SSL_CTX_sess_set_remove_cb(ssl_ctx_.get(), RemoveSessionCallbackStatic);
-    SSL_CTX_set_timeout(ssl_ctx_.get(), kSessionCacheTimeoutSeconds);
-    SSL_CTX_sess_set_cache_size(ssl_ctx_.get(), kSessionCacheMaxEntires);
     SSL_CTX_set_client_cert_cb(ssl_ctx_.get(), ClientCertCallback);
     SSL_CTX_set_channel_id_cb(ssl_ctx_.get(), ChannelIDCallback);
 #if defined(OPENSSL_NPN_NEGOTIATED)
     // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty.
     // It would be better if the callback were not a global setting,
     // but that is an OpenSSL issue.
     SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
                                      NULL);
 #endif
   }
 
-  static int NewSessionCallbackStatic(SSL* ssl, SSL_SESSION* session) {
-    return GetInstance()->NewSessionCallback(ssl, session);
+  static std::string GetSessionCacheKey(const SSL* ssl) {
+    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    DCHECK(socket);
+    return GetSocketSessionCacheKey(*socket);
   }
 
-  int NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
-    SSLClientSocketOpenSSL* socket = GetClientSocketFromSSL(ssl);
-    session_cache_.OnSessionAdded(socket->host_and_port(),
-                                  socket->ssl_session_cache_shard(),
-                                  session);
-    return 1;  // 1 => We took ownership of |session|.
-  }
-
-  static void RemoveSessionCallbackStatic(SSL_CTX* ctx, SSL_SESSION* session) {
-    return GetInstance()->RemoveSessionCallback(ctx, session);
-  }
-
-  void RemoveSessionCallback(SSL_CTX* ctx, SSL_SESSION* session) {
-    DCHECK(ctx == ssl_ctx());
-    session_cache_.OnSessionRemoved(session);
-  }
+  static SSLSessionCacheOpenSSL::Config kDefaultSessionCacheConfig;
 
   static int ClientCertCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
     return socket->ClientCertRequestCallback(ssl, x509, pkey);
   }
 
   static void ChannelIDCallback(SSL* ssl, EVP_PKEY** pkey) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
     socket->ChannelIDRequestCallback(ssl, pkey);
   }
 
   static int SelectNextProtoCallback(SSL* ssl,
                                      unsigned char** out, unsigned char* outlen,
                                      const unsigned char* in,
                                      unsigned int inlen, void* arg) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->SelectNextProtoCallback(out, outlen, in, inlen);
   }
 
   // This is the index used with SSL_get_ex_data to retrieve the owner
   // SSLClientSocketOpenSSL object from an SSL instance.
   int ssl_socket_data_index_;
 
-  // session_cache_ must appear before |ssl_ctx_| because the destruction of
-  // |ssl_ctx_| may trigger callbacks into |session_cache_|. Therefore,
-  // |session_cache_| must be destructed after |ssl_ctx_|.
-  SSLSessionCache session_cache_;
   crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_;
+  // |session_cache_| must be destroyed before |ssl_ctx_|.
+  SSLSessionCacheOpenSSL session_cache_;
 };
 
 // static
+SSLSessionCacheOpenSSL::Config
+    SSLClientSocketOpenSSL::SSLContext::kDefaultSessionCacheConfig = {
+        &GetSessionCacheKey,  // key_func
+        1024,                 // max_entries
+        256,                  // expiration_check_count
+        60 * 60,              // timeout_seconds
+};
+
+// static
 void SSLClientSocket::ClearSessionCache() {
   SSLClientSocketOpenSSL::SSLContext* context =
       SSLClientSocketOpenSSL::SSLContext::GetInstance();
   context->session_cache()->Flush();
 }
 
 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
     scoped_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
@@ skipping 305 matching lines @@
   SSLContext* context = SSLContext::GetInstance();
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   ssl_ = SSL_new(context->ssl_ctx());
   if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this))
     return false;
 
   if (!SSL_set_tlsext_host_name(ssl_, host_and_port_.host().c_str()))
     return false;
 
-  trying_cached_session_ =
-      context->session_cache()->SetSSLSession(ssl_, host_and_port_,
-                                              ssl_session_cache_shard_);
+  trying_cached_session_ = context->session_cache()->SetSSLSessionWithKey(
+      ssl_, GetSocketSessionCacheKey(*this));
 
   BIO* ssl_bio = NULL;
   // 0 => use default buffer sizes.
   if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0))
     return false;
   DCHECK(ssl_bio);
   DCHECK(transport_bio_);
 
   SSL_set_bio(ssl_, ssl_bio, ssl_bio);
 
@@ skipping 723 matching lines @@
   }
 
   npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
   server_protos_.assign(reinterpret_cast<const char*>(in), inlen);
   DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
 #endif
   return SSL_TLSEXT_ERR_OK;
 }
 
 }  // namespace net