Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / ad4e26ea9e7c90109bee504e977acef2f101303f^! / . / resolv / DnsTlsSessionCache.h
commitad4e26ea9e7c90109bee504e977acef2f101303f[log] [tgz]
authorBernie Innocenti <codewiz@google.com>Wed Jan 30 11:16:36 2019 +0900
committerBernie Innocenti <codewiz@google.com>Fri Feb 01 20:10:13 2019 +0900
treecce009cdf140471c591a6e0e39e02714ba7a55b0
parent0b8bbc5fe3e4ee20b3b521c74cad2c6efa6323e3 [diff] [blame]
Make all the DnsTls headers private to libnetd_resolv

Test: m libnetd_resolv netd
Test: atest resolv_integration_test
Change-Id: Icae95641733abe7fe86b903dd3bcf69b08c83285

diff --git a/resolv/DnsTlsSessionCache.h b/resolv/DnsTlsSessionCache.h
new file mode 100644
index 0000000..e1a88cf
--- /dev/null
+++ b/resolv/DnsTlsSessionCache.h

@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _DNS_DNSTLSSESSIONCACHE_H
+#define _DNS_DNSTLSSESSIONCACHE_H
+
+#include <deque>
+#include <mutex>
+
+#include <openssl/ssl.h>
+
+#include <android-base/thread_annotations.h>
+
+namespace android {
+namespace net {
+
+// Cache of recently seen SSL_SESSIONs.  This is used to support session tickets.
+// This class is thread-safe.
+class DnsTlsSessionCache {
+  public:
+    // Prepare SSL objects to use this session cache.  These methods must be called
+    // before making use of either object.
+    void prepareSslContext(SSL_CTX* _Nonnull ssl_ctx);
+    bool prepareSsl(SSL* _Nonnull ssl);
+
+    // Get the most recently discovered session.  For TLS 1.3 compatibility and
+    // maximum privacy, each session will only be returned once, so the caller
+    // gains ownership of the session.  (Here and throughout,
+    // bssl::UniquePtr<SSL_SESSION> is actually serving as a reference counted
+    // pointer.)
+    bssl::UniquePtr<SSL_SESSION> getSession() EXCLUDES(mLock);
+
+  private:
+    static constexpr size_t kMaxSize = 5;
+    static int newSessionCallback(SSL* _Nullable ssl, SSL_SESSION* _Nullable session);
+
+    std::mutex mLock;
+    void recordSession(SSL_SESSION* _Nullable session) EXCLUDES(mLock);
+
+    // Queue of sessions, from least recently added to most recently.
+    std::deque<bssl::UniquePtr<SSL_SESSION>> mSessions GUARDED_BY(mLock);
+};
+
+}  // end of namespace net
+}  // end of namespace android
+
+#endif  // _DNS_DNSTLSSESSIONCACHE_H