1a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved.
2a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
3a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// found in the LICENSE file.
4a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
5a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/socket/ssl_session_cache_openssl.h"
6a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
7a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include <list>
8a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include <map>
9a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
10a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include <openssl/rand.h>
11a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include <openssl/ssl.h>
12a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
13a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/containers/hash_tables.h"
14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/lazy_instance.h"
15a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/logging.h"
16a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/synchronization/lock.h"
17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
18a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace net {
19a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
20a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace {
21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
22a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// A helper class to lazily create a new EX_DATA index to map SSL_CTX handles
23a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// to their corresponding SSLSessionCacheOpenSSLImpl object.
24a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class SSLContextExIndex {
25a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)public:
26a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  SSLContextExIndex() {
275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    context_index_ = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    DCHECK_NE(-1, context_index_);
295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    session_index_ = SSL_SESSION_get_ex_new_index(0, NULL, NULL, NULL, NULL);
305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    DCHECK_NE(-1, session_index_);
31a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
32a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  int context_index() const { return context_index_; }
345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  int session_index() const { return session_index_; }
35a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
36a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) private:
375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  int context_index_;
385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  int session_index_;
39a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)};
40a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
41a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// static
42a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)base::LazyInstance<SSLContextExIndex>::Leaky s_ssl_context_ex_instance =
43a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    LAZY_INSTANCE_INITIALIZER;
44a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
45a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Retrieve the global EX_DATA index, created lazily on first call, to
46a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// be used with SSL_CTX_set_ex_data() and SSL_CTX_get_ex_data().
47a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)static int GetSSLContextExIndex() {
485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return s_ssl_context_ex_instance.Get().context_index();
495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Retrieve the global EX_DATA index, created lazily on first call, to
525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// be used with SSL_SESSION_set_ex_data() and SSL_SESSION_get_ex_data().
535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)static int GetSSLSessionExIndex() {
545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return s_ssl_context_ex_instance.Get().session_index();
55a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}
56a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
57a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Helper struct used to store session IDs in a SessionIdIndex container
58a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// (see definition below). To save memory each entry only holds a pointer
59a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// to the session ID buffer, which must outlive the entry itself. On the
60a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// other hand, a hash is included to minimize the number of hashing
61a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// computations during cache operations.
62a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)struct SessionId {
63a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  SessionId(const unsigned char* a_id, unsigned a_id_len)
64a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      : id(a_id), id_len(a_id_len), hash(ComputeHash(a_id, a_id_len)) {}
65a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
66a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  explicit SessionId(const SessionId& other)
67a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      : id(other.id), id_len(other.id_len), hash(other.hash) {}
68a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
69a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  explicit SessionId(SSL_SESSION* session)
70a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      : id(session->session_id),
71a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        id_len(session->session_id_length),
72a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        hash(ComputeHash(session->session_id, session->session_id_length)) {}
73a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
74a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  bool operator==(const SessionId& other) const {
75a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return hash == other.hash && id_len == other.id_len &&
76a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)           !memcmp(id, other.id, id_len);
77a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
78a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
79a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  const unsigned char* id;
80a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  unsigned id_len;
81a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  size_t hash;
82a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
83a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) private:
84a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Session ID are random strings of bytes. This happens to compute the same
85a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // value as std::hash<std::string> without the extra string copy. See
86a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // base/containers/hash_tables.h. Other hashing computations are possible,
87a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // this one is just simple enough to do the job.
88a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  size_t ComputeHash(const unsigned char* id, unsigned id_len) {
89a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    size_t result = 0;
90a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    for (unsigned n = 0; n < id_len; ++n)
91a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      result += 131 * id[n];
92a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return result;
93a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
94a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)};
95a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
96a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}  // namespace
97a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
98a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}  // namespace net
99a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
100a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace BASE_HASH_NAMESPACE {
101a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
102a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)template <>
103a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)struct hash<net::SessionId> {
104a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  std::size_t operator()(const net::SessionId& entry) const {
105a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return entry.hash;
106a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
107a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)};
108a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
109a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}  // namespace BASE_HASH_NAMESPACE
110a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
111a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace net {
112a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
113a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Implementation of the real SSLSessionCache.
114a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
115a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// The implementation is inspired by base::MRUCache, except that the deletor
116a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// also needs to remove the entry from other containers. In a nutshell, this
117a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// uses several basic containers:
118a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
119a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   |ordering_| is a doubly-linked list of SSL_SESSION handles, ordered in
120a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   MRU order.
121a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
122a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   |key_index_| is a hash table mapping unique cache keys (e.g. host/port
123a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   values) to a single iterator of |ordering_|. It is used to efficiently
124a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   find the cached session associated with a given key.
125a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
126a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   |id_index_| is a hash table mapping SessionId values to iterators
127a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   of |key_index_|. If is used to efficiently remove sessions from the cache,
128a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   as well as check for the existence of a session ID value in the cache.
129a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
130a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   SSL_SESSION objects are reference-counted, and owned by the cache. This
131a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   means that their reference count is incremented when they are added, and
132a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//   decremented when they are removed.
133a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
134a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Assuming an average key size of 100 characters, each node requires the
135a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// following memory usage on 32-bit Android, when linked against STLport:
136a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
137a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//      12   (ordering_ node, including SSL_SESSION handle)
138a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//     100   (key characters)
139a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//    + 24   (std::string header/minimum size)
140a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//    +  8   (key_index_ node, excluding the 2 lines above for the key).
141a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//    + 20   (id_index_ node)
142a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//  --------
143a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//     164   bytes/node
144a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
145a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Hence, 41 KiB for a full cache with a maximum of 1024 entries, excluding
146a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// the size of SSL_SESSION objects and heap fragmentation.
147a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)//
148a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
149a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class SSLSessionCacheOpenSSLImpl {
150a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) public:
151a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Construct new instance. This registers various hooks into the SSL_CTX
152a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // context |ctx|. OpenSSL will call back during SSL connection
153a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // operations. |key_func| is used to map a SSL handle to a unique cache
154a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // string, according to the client's preferences.
155a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  SSLSessionCacheOpenSSLImpl(SSL_CTX* ctx,
156a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                             const SSLSessionCacheOpenSSL::Config& config)
157a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      : ctx_(ctx), config_(config), expiration_check_(0) {
158a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK(ctx);
159a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
160a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // NO_INTERNAL_STORE disables OpenSSL's builtin cache, and
161a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // NO_AUTO_CLEAR disables the call to SSL_CTX_flush_sessions
162a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // every 256 connections (this number is hard-coded in the library
163a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // and can't be changed).
164a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_set_session_cache_mode(ctx_,
165a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                                   SSL_SESS_CACHE_CLIENT |
166a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                                       SSL_SESS_CACHE_NO_INTERNAL_STORE |
167a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                                       SSL_SESS_CACHE_NO_AUTO_CLEAR);
168a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
169a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_sess_set_new_cb(ctx_, NewSessionCallbackStatic);
170a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_sess_set_remove_cb(ctx_, RemoveSessionCallbackStatic);
171a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_set_generate_session_id(ctx_, GenerateSessionIdStatic);
172a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_set_timeout(ctx_, config_.timeout_seconds);
173a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
174a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_set_ex_data(ctx_, GetSSLContextExIndex(), this);
175a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
176a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
177a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Destroy this instance. Must happen before |ctx_| is destroyed.
178a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  ~SSLSessionCacheOpenSSLImpl() {
179a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    Flush();
180a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_set_ex_data(ctx_, GetSSLContextExIndex(), NULL);
181a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_sess_set_new_cb(ctx_, NULL);
182a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_sess_set_remove_cb(ctx_, NULL);
183a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_CTX_set_generate_session_id(ctx_, NULL);
184a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
185a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
186a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Return the number of items in this cache.
187a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  size_t size() const { return key_index_.size(); }
188a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
189a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Retrieve the cache key from |ssl| and look for a corresponding
190a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // cached session ID. If one is found, call SSL_set_session() to associate
191a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // it with the |ssl| connection.
192a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  //
193a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Will also check for expired sessions every |expiration_check_count|
194a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // calls.
195a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  //
196a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Return true if a cached session ID was found, false otherwise.
197a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  bool SetSSLSession(SSL* ssl) {
198a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    std::string cache_key = config_.key_func(ssl);
199a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (cache_key.empty())
200a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      return false;
201a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
202a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return SetSSLSessionWithKey(ssl, cache_key);
203a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
204a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
205a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Variant of SetSSLSession to be used when the client already has computed
206a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // the cache key. Avoid a call to the configuration's |key_func| function.
207a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  bool SetSSLSessionWithKey(SSL* ssl, const std::string& cache_key) {
208a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    base::AutoLock locked(lock_);
209a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
210a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_EQ(config_.key_func(ssl), cache_key);
211a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
212a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (++expiration_check_ >= config_.expiration_check_count) {
213a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      expiration_check_ = 0;
214a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      FlushExpiredSessionsLocked();
215a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    }
216a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
217a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    KeyIndex::iterator it = key_index_.find(cache_key);
218a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (it == key_index_.end())
219a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      return false;
220a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
221a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_SESSION* session = *it->second;
222a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK(session);
223a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
224a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DVLOG(2) << "Lookup session: " << session << " for " << cache_key;
225a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
2265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    void* session_is_good =
2275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)        SSL_SESSION_get_ex_data(session, GetSSLSessionExIndex());
2285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    if (!session_is_good)
2295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      return false;  // Session has not yet been marked good. Treat as a miss.
2305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
231a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // Move to front of MRU list.
232a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    ordering_.push_front(session);
233a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    ordering_.erase(it->second);
234a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    it->second = ordering_.begin();
235a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
236a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return SSL_set_session(ssl, session) == 1;
237a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
238a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
2395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)  // Return true iff a cached session was associated with the given |cache_key|.
2405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)  bool SSLSessionIsInCache(const std::string& cache_key) const {
2415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    base::AutoLock locked(lock_);
2425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    KeyIndex::const_iterator it = key_index_.find(cache_key);
2435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    if (it == key_index_.end())
2445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)      return false;
2455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)
2465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    SSL_SESSION* session = *it->second;
2475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    DCHECK(session);
2485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)
2495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    void* session_is_good =
2505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)        SSL_SESSION_get_ex_data(session, GetSSLSessionExIndex());
2515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)
2525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    return session_is_good;
2535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)  }
2545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)
2555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  void MarkSSLSessionAsGood(SSL* ssl) {
2565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    SSL_SESSION* session = SSL_get_session(ssl);
2575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    CHECK(session);
2585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
2595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    // Mark the session as good, allowing it to be used for future connections.
2605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    SSL_SESSION_set_ex_data(
2615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)        session, GetSSLSessionExIndex(), reinterpret_cast<void*>(1));
2625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  }
2635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
264a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Flush all entries from the cache.
265a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  void Flush() {
266a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    base::AutoLock lock(lock_);
267a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    id_index_.clear();
268a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    key_index_.clear();
269a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    while (!ordering_.empty()) {
270a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      SSL_SESSION* session = ordering_.front();
271a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      ordering_.pop_front();
272a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      SSL_SESSION_free(session);
273a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    }
274a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
275a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
276a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) private:
277a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Type for list of SSL_SESSION handles, ordered in MRU order.
278a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  typedef std::list<SSL_SESSION*> MRUSessionList;
279a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Type for a dictionary from unique cache keys to session list nodes.
280a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  typedef base::hash_map<std::string, MRUSessionList::iterator> KeyIndex;
281a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Type for a dictionary from SessionId values to key index nodes.
282a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  typedef base::hash_map<SessionId, KeyIndex::iterator> SessionIdIndex;
283a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
284a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Return the key associated with a given session, or the empty string if
285a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // none exist. This shall only be used for debugging.
286a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  std::string SessionKey(SSL_SESSION* session) {
287a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (!session)
288a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      return std::string("<null-session>");
289a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
290a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (session->session_id_length == 0)
291a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      return std::string("<empty-session-id>");
292a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
293a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SessionIdIndex::iterator it = id_index_.find(SessionId(session));
294a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (it == id_index_.end())
295a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      return std::string("<unknown-session>");
296a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
297a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return it->second->first;
298a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
299a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
300a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Remove a given |session| from the cache. Lock must be held.
301a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  void RemoveSessionLocked(SSL_SESSION* session) {
302a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    lock_.AssertAcquired();
303a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK(session);
304a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_GT(session->session_id_length, 0U);
305a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SessionId session_id(session);
306a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SessionIdIndex::iterator id_it = id_index_.find(session_id);
307a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (id_it == id_index_.end()) {
308a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      LOG(ERROR) << "Trying to remove unknown session from cache: " << session;
309a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      return;
310a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    }
311a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    KeyIndex::iterator key_it = id_it->second;
312a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK(key_it != key_index_.end());
313a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_EQ(session, *key_it->second);
314a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
315a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    id_index_.erase(session_id);
316a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    ordering_.erase(key_it->second);
317a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    key_index_.erase(key_it);
318a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
319a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL_SESSION_free(session);
320a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
321a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_EQ(key_index_.size(), id_index_.size());
322a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
323a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
324a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Used internally to flush expired sessions. Lock must be held.
325a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  void FlushExpiredSessionsLocked() {
326a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    lock_.AssertAcquired();
327a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
328a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // Unfortunately, OpenSSL initializes |session->time| with a time()
329a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // timestamps, which makes mocking / unit testing difficult.
330a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    long timeout_secs = static_cast<long>(::time(NULL));
331a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    MRUSessionList::iterator it = ordering_.begin();
332a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    while (it != ordering_.end()) {
333a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      SSL_SESSION* session = *it++;
334a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
335a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      // Important, use <= instead of < here to allow unit testing to
336a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      // work properly. That's because unit tests that check the expiration
337a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      // behaviour will use a session timeout of 0 seconds.
338a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      if (session->time + session->timeout <= timeout_secs) {
339a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        DVLOG(2) << "Expiring session " << session << " for "
340a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                 << SessionKey(session);
341a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        RemoveSessionLocked(session);
342a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      }
343a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    }
344a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
345a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
346a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Retrieve the cache associated with a given SSL context |ctx|.
347a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  static SSLSessionCacheOpenSSLImpl* GetCache(SSL_CTX* ctx) {
348a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK(ctx);
349a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    void* result = SSL_CTX_get_ex_data(ctx, GetSSLContextExIndex());
350a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK(result);
351a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return reinterpret_cast<SSLSessionCacheOpenSSLImpl*>(result);
352a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
353a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
354a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Called by OpenSSL when a new |session| was created and added to a given
355a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // |ssl| connection. Note that the session's reference count was already
356a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // incremented before the function is entered. The function must return 1
357a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // to indicate that it took ownership of the session, i.e. that the caller
358a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // should not decrement its reference count after completion.
359a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  static int NewSessionCallbackStatic(SSL* ssl, SSL_SESSION* session) {
3605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    SSLSessionCacheOpenSSLImpl* cache = GetCache(ssl->ctx);
3615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    cache->OnSessionAdded(ssl, session);
362a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return 1;
363a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
364a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
365a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Called by OpenSSL to indicate that a session must be removed from the
366a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // cache. This happens when SSL_CTX is destroyed.
367a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  static void RemoveSessionCallbackStatic(SSL_CTX* ctx, SSL_SESSION* session) {
368a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    GetCache(ctx)->OnSessionRemoved(session);
369a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
370a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
371a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Called by OpenSSL to generate a new session ID. This happens during a
372a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // SSL connection operation, when the SSL object doesn't have a session yet.
373a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  //
374a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // A session ID is a random string of bytes used to uniquely identify the
375a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // session between a client and a server.
376a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  //
377a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // |ssl| is a SSL connection handle. Ignored here.
378a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // |id| is the target buffer where the ID must be generated.
379a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // |*id_len| is, on input, the size of the desired ID. It will be 16 for
380a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // SSLv2, and 32 for anything else. OpenSSL allows an implementation
381a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // to change it on output, but this will not happen here.
382a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  //
383a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // The function must ensure the generated ID is really unique, i.e. that
384a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // another session in the cache doesn't already use the same value. It must
385a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // return 1 to indicate success, or 0 for failure.
386a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  static int GenerateSessionIdStatic(const SSL* ssl,
387a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                                     unsigned char* id,
388a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                                     unsigned* id_len) {
389a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (!GetCache(ssl->ctx)->OnGenerateSessionId(id, *id_len))
390a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      return 0;
391a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
392a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return 1;
393a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
394a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
395a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Add |session| to the cache in association with |cache_key|. If a session
396a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // already exists, it is replaced with the new one. This assumes that the
397a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // caller already incremented the session's reference count.
398a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  void OnSessionAdded(SSL* ssl, SSL_SESSION* session) {
399a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    base::AutoLock locked(lock_);
400a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK(ssl);
401a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_GT(session->session_id_length, 0U);
402a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    std::string cache_key = config_.key_func(ssl);
403a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    KeyIndex::iterator it = key_index_.find(cache_key);
404a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (it == key_index_.end()) {
405a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      DVLOG(2) << "Add session " << session << " for " << cache_key;
406a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      // This is a new session. Add it to the cache.
407a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      ordering_.push_front(session);
408a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      std::pair<KeyIndex::iterator, bool> ret =
409a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)          key_index_.insert(std::make_pair(cache_key, ordering_.begin()));
410a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      DCHECK(ret.second);
411a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      it = ret.first;
412a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      DCHECK(it != key_index_.end());
413a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    } else {
414a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      // An existing session exists for this key, so replace it if needed.
415a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      DVLOG(2) << "Replace session " << *it->second << " with " << session
416a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)               << " for " << cache_key;
417a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      SSL_SESSION* old_session = *it->second;
418a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      if (old_session != session) {
419a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        id_index_.erase(SessionId(old_session));
420a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        SSL_SESSION_free(old_session);
421a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      }
422a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      ordering_.erase(it->second);
423a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      ordering_.push_front(session);
424a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      it->second = ordering_.begin();
425a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    }
426a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
427a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    id_index_[SessionId(session)] = it;
428a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
429a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    if (key_index_.size() > config_.max_entries)
430a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      ShrinkCacheLocked();
431a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
432a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_EQ(key_index_.size(), id_index_.size());
433a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_LE(key_index_.size(), config_.max_entries);
434a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
435a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
436a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Shrink the cache to ensure no more than config_.max_entries entries,
437a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // starting with older entries first. Lock must be acquired.
438a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  void ShrinkCacheLocked() {
439a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    lock_.AssertAcquired();
440a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_EQ(key_index_.size(), ordering_.size());
441a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DCHECK_EQ(key_index_.size(), id_index_.size());
442a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
443a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    while (key_index_.size() > config_.max_entries) {
444a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      MRUSessionList::reverse_iterator it = ordering_.rbegin();
445a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      DCHECK(it != ordering_.rend());
446a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
447a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      SSL_SESSION* session = *it;
448a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      DCHECK(session);
449a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      DVLOG(2) << "Evicting session " << session << " for "
450a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)               << SessionKey(session);
451a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      RemoveSessionLocked(session);
452a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    }
453a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
454a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
455a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Remove |session| from the cache.
456a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  void OnSessionRemoved(SSL_SESSION* session) {
457a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    base::AutoLock locked(lock_);
458a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DVLOG(2) << "Remove session " << session << " for " << SessionKey(session);
459a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    RemoveSessionLocked(session);
460a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
461a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
462a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // See GenerateSessionIdStatic for a description of what this function does.
463a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  bool OnGenerateSessionId(unsigned char* id, unsigned id_len) {
464a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    base::AutoLock locked(lock_);
465a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // This mimics def_generate_session_id() in openssl/ssl/ssl_sess.cc,
466a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // I.e. try to generate a pseudo-random bit string, and check that no
467a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    // other entry in the cache has the same value.
468a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    const size_t kMaxTries = 10;
469a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    for (size_t tries = 0; tries < kMaxTries; ++tries) {
470a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      if (RAND_pseudo_bytes(id, id_len) <= 0) {
471a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        DLOG(ERROR) << "Couldn't generate " << id_len
472a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                    << " pseudo random bytes?";
473a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        return false;
474a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      }
475a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      if (id_index_.find(SessionId(id, id_len)) == id_index_.end())
476a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)        return true;
477a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    }
478a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    DLOG(ERROR) << "Couldn't generate unique session ID of " << id_len
479a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                << "bytes after " << kMaxTries << " tries.";
480a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    return false;
481a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  }
482a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
483a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  SSL_CTX* ctx_;
484a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  SSLSessionCacheOpenSSL::Config config_;
485a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
486a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // method to get the index which can later be used with SSL_CTX_get_ex_data()
487a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // or SSL_CTX_set_ex_data().
4885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)  mutable base::Lock lock_;  // Protects access to containers below.
489a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
490a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  MRUSessionList ordering_;
491a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  KeyIndex key_index_;
492a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  SessionIdIndex id_index_;
493a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
494a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  size_t expiration_check_;
495a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)};
496a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
497a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)SSLSessionCacheOpenSSL::~SSLSessionCacheOpenSSL() { delete impl_; }
498a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
499a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)size_t SSLSessionCacheOpenSSL::size() const { return impl_->size(); }
500a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
501a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)void SSLSessionCacheOpenSSL::Reset(SSL_CTX* ctx, const Config& config) {
502a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  if (impl_)
503a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    delete impl_;
504a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
505a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  impl_ = new SSLSessionCacheOpenSSLImpl(ctx, config);
506a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}
507a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
508a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)bool SSLSessionCacheOpenSSL::SetSSLSession(SSL* ssl) {
509a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  return impl_->SetSSLSession(ssl);
510a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}
511a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
512a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)bool SSLSessionCacheOpenSSL::SetSSLSessionWithKey(
513a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    SSL* ssl,
514a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)    const std::string& cache_key) {
515a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  return impl_->SetSSLSessionWithKey(ssl, cache_key);
516a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}
517a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
5185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)bool SSLSessionCacheOpenSSL::SSLSessionIsInCache(
5195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)    const std::string& cache_key) const {
5205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)  return impl_->SSLSessionIsInCache(cache_key);
5215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}
5225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)
5235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void SSLSessionCacheOpenSSL::MarkSSLSessionAsGood(SSL* ssl) {
5245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return impl_->MarkSSLSessionAsGood(ssl);
5255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
5265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
527a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)void SSLSessionCacheOpenSSL::Flush() { impl_->Flush(); }
528a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
529a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}  // namespace net
530