openvpn3/sess__cache_8hpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//


#pragma once


#include <string>

#include <map>

#include <set>

#include <tuple>

#include <memory>

#include <utility>


#include <openssl/ssl.h>


#include <openvpn/common/rc.hpp>

#include <openvpn/common/msfind.hpp>


namespace openvpn {


// Client-side session cache.

// (We don't cache server-side sessions because we use TLS

// session resumption tickets which are stateless on the server).


class OpenSSLSessionCache : public RC<thread_unsafe_refcount>

{

  public:

    typedef RCPtr<OpenSSLSessionCache> Ptr;


    OPENVPN_EXCEPTION(openssl_sess_cache_error);


    // Wrapper for OpenSSL SSL_SESSION pointers that manages reference counts.


    class Session

    {

      public:


        Session(::SSL_SESSION *sess) // caller must pre-increment refcount on sess

            : sess_(sess)

        {

        }


        Session(Session &&other) noexcept

        {

            sess_ = other.sess_;

            other.sess_ = nullptr;

        }


        Session &operator=(Session &&other) noexcept

        {

            if (sess_)

                ::SSL_SESSION_free(sess_);

            sess_ = other.sess_;

            other.sess_ = nullptr;

            return *this;

        }


        ::SSL_SESSION *openssl_session() const

        {

            return sess_;

        }


        bool operator<(const Session &rhs) const // used when Session is a std::set key

        {

            return sess_ < rhs.sess_;

        }


        explicit operator bool() const

        {

            return sess_ != nullptr;

        }


        ~Session()

        {

            if (sess_)

                ::SSL_SESSION_free(sess_);

        }


      private:

        // These methods are deleted because we have no way to increment

        // an SSL_SESSION refcount until OpenSSL 1.1.

        Session(const Session &) = delete;

        Session &operator=(const Session &) = delete;


        ::SSL_SESSION *sess_;

    };


    class Key

    {

      public:

        typedef std::unique_ptr<Key> UPtr;


        Key(const std::string &key_arg,

            OpenSSLSessionCache::Ptr cache_arg)

            : key(key_arg),

              cache(std::move(cache_arg))

        {

            // OPENVPN_LOG("OpenSSLSessionCache::Key CONSTRUCT key=" << key);

        }


        void commit(::SSL_SESSION *sess)

        {

            if (!sess)

                return;

            auto mi = MSF::find(cache->map, key);

            if (mi)

            {

                /* auto ins = */ mi->second.emplace(sess);

                // OPENVPN_LOG("OpenSSLSessionCache::Key::commit ADD=" << ins.second << " key=" << key);

            }

            else

            {

                // OPENVPN_LOG("OpenSSLSessionCache::Key::commit CREATE key=" << key);

                auto ins = cache->map.emplace(std::piecewise_construct,

                                              std::forward_as_tuple(key),

                                              std::forward_as_tuple());

                ins.first->second.emplace(sess);

            }

        }


      private:

        const std::string key;

        OpenSSLSessionCache::Ptr cache;

    };


    // Remove a session from the map after calling func() on it.

    // This would be a lot cleaner if we had C++17 std::set::extract().

    template <typename FUNC>


    void extract(const std::string &key, FUNC func)

    {

        auto mi = MSF::find(map, key);

        if (mi)

        {

            // OPENVPN_LOG("OpenSSLSessionCache::Key::lookup EXISTS key=" << key);

            SessionSet &ss = mi->second;

            if (ss.empty())

                throw openssl_sess_cache_error("internal error: SessionSet is empty");

            auto ssi = ss.begin();

            try

            {

                func(ssi->openssl_session());

            }

            catch (...)

            {

                remove_session(mi, ss, ssi);

                throw;

            }

            remove_session(mi, ss, ssi);

        }

        else

        {

            // OPENVPN_LOG("OpenSSLSessionCache::Key::lookup NOT_FOUND key=" << key);

        }

    }


  private:


    struct SessionSet : public std::set<Session>

    {

    };


    typedef std::map<std::string, SessionSet> Map;


    void remove_session(Map::iterator mi, SessionSet &ss, SessionSet::iterator ssi)

    {

        ss.erase(ssi);

        if (ss.empty())

            map.erase(mi);

    }


    Map map;

};


} // namespace openvpn

openvpn::OpenSSLSessionCache::Key
Definition sess_cache.hpp:93

openvpn::OpenSSLSessionCache::Key::key
const std::string key
Definition sess_cache.hpp:126

openvpn::OpenSSLSessionCache::Key::Key
Key(const std::string &key_arg, OpenSSLSessionCache::Ptr cache_arg)
Definition sess_cache.hpp:97

openvpn::OpenSSLSessionCache::Key::UPtr
std::unique_ptr< Key > UPtr
Definition sess_cache.hpp:95

openvpn::OpenSSLSessionCache::Key::cache
OpenSSLSessionCache::Ptr cache
Definition sess_cache.hpp:127

openvpn::OpenSSLSessionCache::Key::commit
void commit(::SSL_SESSION *sess)
Definition sess_cache.hpp:105

openvpn::OpenSSLSessionCache::Session
Definition sess_cache.hpp:40

openvpn::OpenSSLSessionCache::Session::operator=
Session & operator=(Session &&other) noexcept
Definition sess_cache.hpp:53

openvpn::OpenSSLSessionCache::Session::operator=
Session & operator=(const Session &)=delete

openvpn::OpenSSLSessionCache::Session::Session
Session(::SSL_SESSION *sess)
Definition sess_cache.hpp:42

openvpn::OpenSSLSessionCache::Session::openssl_session
::SSL_SESSION * openssl_session() const
Definition sess_cache.hpp:62

openvpn::OpenSSLSessionCache::Session::operator<
bool operator<(const Session &rhs) const
Definition sess_cache.hpp:67

openvpn::OpenSSLSessionCache::Session::sess_
::SSL_SESSION * sess_
Definition sess_cache.hpp:89

openvpn::OpenSSLSessionCache::Session::~Session
~Session()
Definition sess_cache.hpp:77

openvpn::OpenSSLSessionCache::Session::Session
Session(Session &&other) noexcept
Definition sess_cache.hpp:47

openvpn::OpenSSLSessionCache::Session::Session
Session(const Session &)=delete

openvpn::OpenSSLSessionCache
Definition sess_cache.hpp:32

openvpn::OpenSSLSessionCache::Map
std::map< std::string, SessionSet > Map
Definition sess_cache.hpp:165

openvpn::OpenSSLSessionCache::remove_session
void remove_session(Map::iterator mi, SessionSet &ss, SessionSet::iterator ssi)
Definition sess_cache.hpp:167

openvpn::OpenSSLSessionCache::Ptr
RCPtr< OpenSSLSessionCache > Ptr
Definition sess_cache.hpp:34

openvpn::OpenSSLSessionCache::extract
void extract(const std::string &key, FUNC func)
Definition sess_cache.hpp:133

openvpn::OpenSSLSessionCache::map
Map map
Definition sess_cache.hpp:174

openvpn::OpenSSLSessionCache::OPENVPN_EXCEPTION
OPENVPN_EXCEPTION(openssl_sess_cache_error)

openvpn::RCPtr
The smart pointer class.
Definition rc.hpp:119

openvpn::RC
Reference count base class for objects tracked by RCPtr. Disallows copying and assignment.
Definition rc.hpp:912

msfind.hpp

openvpn::MSF::find
auto find(MAP_SET &ms, const KEY &k)
Definition msfind.hpp:60

openvpn
Definition ovpncli.cpp:97

rc.hpp

openvpn::OpenSSLSessionCache::SessionSet
Definition sess_cache.hpp:162

ssi
std::set< int > ssi
Definition test_ostream_containers.cpp:76