Add QuicServerSessionBase::enable_reset_ssl_after_handshake that reset SSL after handshake is done to save connection level memory on the server side.

PiperOrigin-RevId: 856230801

Author: wang178c

quiche/quic/core/crypto/tls_connection.h

@@ -107,6 +107,12 @@ class QUICHE_EXPORT TlsConnection {
 
   SSL* ssl() const { return ssl_.get(); }
 
+  // ResetSsl can be called to reset the SSL and release the associated memory.
+  // After this is called, ssl() will return nullptr. Hence it should only be
+  // called when there is absolutely no expectation that ssl() will be called
+  // again.
+  void ResetSsl() { ssl_.reset(); }
+
   const QuicSSLConfig& ssl_config() const { return ssl_config_; }
 
  protected:

quiche/quic/core/http/quic_server_session_base.cc

@@ -12,6 +12,9 @@
 #include <string>
 #include <utility>
 
+#include "quiche/quic/core/frames/quic_crypto_frame.h"
+#include "quiche/quic/core/frames/quic_frame.h"
+#include "quiche/quic/core/http/quic_spdy_session.h"
 #include "quiche/quic/core/proto/cached_network_parameters_proto.h"
 #include "quiche/quic/core/quic_connection.h"
 #include "quiche/quic/core/quic_stream.h"
@@ -23,6 +26,7 @@
 #include "quiche/quic/platform/api/quic_flag_utils.h"
 #include "quiche/quic/platform/api/quic_flags.h"
 #include "quiche/quic/platform/api/quic_logging.h"
+#include "quiche/common/platform/api/quiche_flag_utils.h"
 #include "quiche/common/platform/api/quiche_logging.h"
 
 namespace quic {
@@ -304,6 +308,38 @@ QuicSSLConfig QuicServerSessionBase::GetSSLConfig() const {
   return ssl_config;
 }
 
+bool QuicServerSessionBase::OnFrameAcked(const quic::QuicFrame& frame,
+                                         quic::QuicTime::Delta ack_delay_time,
+                                         quic::QuicTime receive_timestamp,
+                                         bool is_retransmission) {
+  bool result = QuicSpdySession::OnFrameAcked(
+      frame, ack_delay_time, receive_timestamp, is_retransmission);
+  if (!reset_ssl_after_handshake_ || ssl_reset_) {
+    return result;
+  }
+  if (frame.type == quic::HANDSHAKE_DONE_FRAME) {
+    handshake_done_acked_ = true;
+  }
+  // When resumption is enabled, the resumption tickets must have been
+  // buffered at the time the handshake_done frame is ACKed.
+  if (handshake_done_acked_ && !HasUnackedCryptoData()) {
+    QUICHE_CODE_COUNT(quic_reset_ssl_after_handshake);
+    crypto_stream_->ResetSsl();
+    ssl_reset_ = true;
+  }
+  return result;
+}
+
+void QuicServerSessionBase::OnCryptoFrame(const quic::QuicCryptoFrame& frame) {
+  if (ssl_reset_) {
+    // This code path can happen due to retransmission of crypto data but
+    // should be rare. Add a code count to monitor.
+    QUICHE_CODE_COUNT(quic_reset_ssl_after_handshake);
+    return;
+  }
+  QuicSpdySession::OnCryptoFrame(frame);
+}
+
 std::optional<CachedNetworkParameters>
 QuicServerSessionBase::GenerateCachedNetworkParameters() const {
   const QuicSentPacketManager& sent_packet_manager =

quiche/quic/core/http/quic_server_session_base.h

@@ -14,9 +14,12 @@
 #include <vector>
 
 #include "quiche/quic/core/crypto/quic_compressed_certs_cache.h"
+#include "quiche/quic/core/frames/quic_crypto_frame.h"
+#include "quiche/quic/core/frames/quic_frame.h"
 #include "quiche/quic/core/http/quic_spdy_session.h"
 #include "quiche/quic/core/quic_crypto_server_stream_base.h"
 #include "quiche/quic/core/quic_packets.h"
+#include "quiche/quic/core/quic_time.h"
 #include "quiche/quic/platform/api/quic_export.h"
 
 namespace quic {
@@ -73,6 +76,15 @@ class QUICHE_EXPORT QuicServerSessionBase : public QuicSpdySession {
 
   QuicSSLConfig GetSSLConfig() const override;
 
+  // Override to reset the SSL when HANDSHAKE_DONE frame has been ACKed and
+  // there is no unacked crypto data.
+  bool OnFrameAcked(const QuicFrame& frame, QuicTime::Delta ack_delay_time,
+                    QuicTime receive_timestamp,
+                    bool is_retransmission) override;
+
+  // Override to ignore the crypto frame after resetting the SSL.
+  void OnCryptoFrame(const QuicCryptoFrame& frame) override;
+
  protected:
   // QuicSession methods(override them with return type of QuicSpdyStream*):
   QuicCryptoServerStreamBase* GetMutableCryptoStream() override;
@@ -102,6 +114,12 @@ class QUICHE_EXPORT QuicServerSessionBase : public QuicSpdySession {
 
   QuicCryptoServerStreamBase::Helper* stream_helper() { return helper_; }
 
+  void enable_reset_ssl_after_handshake() {
+    if (version().IsIetfQuic()) {
+      reset_ssl_after_handshake_ = true;
+    }
+  }
+
  private:
   friend class test::QuicServerSessionBasePeer;
   friend class test::QuicSimpleServerSessionPeer;
@@ -116,6 +134,12 @@ class QUICHE_EXPORT QuicServerSessionBase : public QuicSpdySession {
   // Whether bandwidth resumption is enabled for this connection.
   bool bandwidth_resumption_enabled_;
 
+  // Whether to reset the SSL after the handshake is done.
+  bool reset_ssl_after_handshake_ = false;
+  // Whether the SSL has been reset.
+  bool ssl_reset_ = false;
+  bool handshake_done_acked_ = false;
+
   // The cache which contains most recently compressed certs.
   // Owned by QuicDispatcher.
   QuicCompressedCertsCache* compressed_certs_cache_;

quiche/quic/core/quic_crypto_server_stream.h

@@ -14,6 +14,7 @@
 #include "quiche/quic/core/quic_session.h"
 #include "quiche/quic/core/quic_types.h"
 #include "quiche/quic/platform/api/quic_export.h"
+#include "quiche/common/platform/api/quiche_logging.h"
 
 namespace quic {
 
@@ -56,6 +57,7 @@ class QUICHE_EXPORT QuicCryptoServerStream : public QuicCryptoServerStreamBase,
   bool ShouldSendExpectCTHeader() const override;
   bool DidCertMatchSni() const override;
   const ProofSource::Details* ProofSourceDetails() const override;
+  void ResetSsl() override { QUICHE_DCHECK(false); }
 
   // From QuicCryptoStream
   ssl_early_data_reason_t EarlyDataReason() const override;

quiche/quic/core/quic_crypto_server_stream_base.h

@@ -105,6 +105,10 @@ class QUICHE_EXPORT QuicCryptoServerStreamBase : public QuicCryptoStream {
     QUICHE_NOTREACHED();
     return false;
   }
+
+  // ResetSsl can be called to reset the SSL and release the associated memory.
+  // After this is called, GetSsl() should return nullptr.
+  virtual void ResetSsl() = 0;
 };
 
 // Creates an appropriate QuicCryptoServerStream for the provided parameters,

quiche/quic/core/tls_handshaker.cc

@@ -348,6 +348,10 @@ bool TlsHandshaker::SetReadSecret(EncryptionLevel level,
       /*latch_once_used=*/false);
 }
 
+const SSL_CIPHER* TlsHandshaker::GetCipher() const {
+  return SSL_get_current_cipher(ssl());
+}
+
 std::unique_ptr<QuicDecrypter>
 TlsHandshaker::AdvanceKeysAndCreateCurrentOneRttDecrypter() {
   if (latest_read_secret_.empty() || latest_write_secret_.empty() ||
@@ -358,7 +362,7 @@ TlsHandshaker::AdvanceKeysAndCreateCurrentOneRttDecrypter() {
     CloseConnection(QUIC_INTERNAL_ERROR, error_details);
     return nullptr;
   }
-  const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
+  const SSL_CIPHER* cipher = GetCipher();
   const EVP_MD* prf = Prf(cipher);
   CryptoUtils::GenerateNextKeyPhaseSecret(
       prf, handshaker_delegate_->parsed_version(), latest_read_secret_,
@@ -387,7 +391,7 @@ std::unique_ptr<QuicEncrypter> TlsHandshaker::CreateCurrentOneRttEncrypter() {
     CloseConnection(QUIC_INTERNAL_ERROR, error_details);
     return nullptr;
   }
-  const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
+  const SSL_CIPHER* cipher = GetCipher();
   std::unique_ptr<QuicEncrypter> encrypter =
       QuicEncrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
   CryptoUtils::SetKeyAndIV(Prf(cipher), latest_write_secret_,

quiche/quic/core/tls_handshaker.h

@@ -177,6 +177,8 @@ class QUICHE_EXPORT TlsHandshaker : public TlsConnection::Delegate,
     extra_error_details_ = std::move(extra_error_details);
   }
 
+  virtual const SSL_CIPHER* GetCipher() const;
+
  private:
   // ProofVerifierCallbackImpl handles the result of an asynchronous certificate
   // verification operation.

quiche/quic/core/tls_server_handshaker.cc

@@ -344,10 +344,16 @@ bool TlsServerHandshaker::DisableResumption() {
 }
 
 bool TlsServerHandshaker::IsZeroRtt() const {
+  if (cached_ssl_info_.has_value()) {
+    return cached_ssl_info_->is_zero_rtt;
+  }
   return SSL_early_data_accepted(ssl());
 }
 
 bool TlsServerHandshaker::IsResumption() const {
+  if (cached_ssl_info_.has_value()) {
+    return cached_ssl_info_->is_resumption;
+  }
   return SSL_session_reused(ssl());
 }
 
@@ -448,6 +454,9 @@ void TlsServerHandshaker::OnConnectionClosed(
 }
 
 ssl_early_data_reason_t TlsServerHandshaker::EarlyDataReason() const {
+  if (cached_ssl_info_.has_value()) {
+    return cached_ssl_info_->early_data_reason;
+  }
   return TlsHandshaker::EarlyDataReason();
 }
 
@@ -656,7 +665,7 @@ void TlsServerHandshaker::SetWriteSecret(
   if (level == ENCRYPTION_FORWARD_SECURE) {
     encryption_established_ = true;
     // Fill crypto_negotiated_params_:
-    const SSL_CIPHER* ssl_cipher = SSL_get_current_cipher(ssl());
+    const SSL_CIPHER* ssl_cipher = GetCipher();
     if (ssl_cipher) {
       crypto_negotiated_params_->cipher_suite =
           SSL_CIPHER_get_protocol_id(ssl_cipher);
@@ -1230,7 +1239,7 @@ bool TlsServerHandshaker::WillNotCallComputeSignature() const {
 }
 
 std::optional<uint16_t> TlsServerHandshaker::GetCiphersuite() const {
-  const SSL_CIPHER* cipher = SSL_get_pending_cipher(ssl());
+  const SSL_CIPHER* cipher = GetCipher();
   if (cipher == nullptr) {
     return std::nullopt;
   }
@@ -1343,6 +1352,20 @@ TlsServerHandshaker::SetApplicationSettings(absl::string_view alpn) {
 
 SSL* TlsServerHandshaker::GetSsl() const { return ssl(); }
 
+void TlsServerHandshaker::ResetSsl() {
+  if (cached_ssl_info_.has_value()) {
+    QUIC_BUG(quic_bug_ssl_is_reset_again);
+    return;
+  }
+  cached_ssl_info_.emplace(CachedSSLInfo{
+      .is_resumption = IsResumption(),
+      .is_zero_rtt = IsZeroRtt(),
+      .early_data_reason = EarlyDataReason(),
+      .cipher = GetCipher(),
+  });
+  tls_connection_.ResetSsl();
+}
+
 bool TlsServerHandshaker::IsCryptoFrameExpectedForEncryptionLevel(
     EncryptionLevel level) const {
   return level != ENCRYPTION_ZERO_RTT;

quiche/quic/core/tls_server_handshaker.h

@@ -91,6 +91,7 @@ class QUICHE_EXPORT TlsServerHandshaker : public TlsHandshaker,
   bool ExportKeyingMaterial(absl::string_view label, absl::string_view context,
                             size_t result_len, std::string* result) override;
   SSL* GetSsl() const override;
+  void ResetSsl() override;
   bool IsCryptoFrameExpectedForEncryptionLevel(
       EncryptionLevel level) const override;
   EncryptionLevel GetEncryptionLevelToSendCryptoDataOfSpace(
@@ -223,6 +224,13 @@ class QUICHE_EXPORT TlsServerHandshaker : public TlsHandshaker,
 
   void SetIgnoreTicketOpen(bool value) { ignore_ticket_open_ = value; }
 
+  const SSL_CIPHER* GetCipher() const override {
+    if (cached_ssl_info_.has_value()) {
+      return cached_ssl_info_->cipher;
+    }
+    return TlsHandshaker::GetCipher();
+  }
+
  private:
   class QUICHE_EXPORT DecryptCallback : public ProofSource::DecryptCallback {
    public:
@@ -404,6 +412,17 @@ class QUICHE_EXPORT TlsServerHandshaker : public TlsHandshaker,
 
   std::unique_ptr<ApplicationState> application_state_;
 
+  // Used to cache the state of the SSL object after it is reset.
+  struct CachedSSLInfo {
+    bool is_resumption = false;
+    bool is_zero_rtt = false;
+    ssl_early_data_reason_t early_data_reason = ssl_early_data_unknown;
+    // Note SSL_get_current_cipher returns a static allocated pointer and as a
+    // result it is safe to cache a raw pointer here.
+    const SSL_CIPHER* cipher = nullptr;
+  };
+  std::optional<CachedSSLInfo> cached_ssl_info_;
+
   // Pre-shared key used during the handshake.
   std::string pre_shared_key_;