mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-11 04:12:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: using static storage for NGX_SSL_MAX_SESSION_SIZE buffers.

Browse Source 
All such transient buffers are converted to the single storage in BSS.

In preparation to raise the limit.
This commit is contained in:
Sergey Kandaurov 2025-02-21 13:49:41 +04:00 committed by pluknet
parent b11ae4cfc9
commit 3d7304b527
4 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/event/ngx_event_openssl.c
View File

@ -132,6 +132,9 @@ int ngx_ssl_index;
int ngx_ssl_certificate_name_index;
u_char ngx_ssl_session_buffer[NGX_SSL_MAX_SESSION_SIZE];
ngx_int_t
ngx_ssl_init(ngx_log_t *log)
{
@ -3889,7 +3892,6 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
ngx_slab_pool_t *shpool;
ngx_ssl_sess_id_t *sess_id;
ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#ifdef TLS1_3_VERSION
@ -3916,7 +3918,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
return 0;
}
p = buf;
p = ngx_ssl_session_buffer;
i2d_SSL_SESSION(sess, &p);
session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length);
@ -3980,7 +3982,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
#endif
ngx_memcpy(sess_id->session, buf, len);
ngx_memcpy(sess_id->session, ngx_ssl_session_buffer, len);
ngx_memcpy(sess_id->id, session_id, session_id_length);
hash = ngx_crc32_short(session_id, session_id_length);
@ -4039,7 +4041,6 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
ngx_ssl_session_t *sess;
ngx_ssl_sess_id_t *sess_id;
ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
hash = ngx_crc32_short((u_char *) (uintptr_t) id, (size_t) len);
*copy = 0;
@ -4087,11 +4088,11 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
if (sess_id->expire > ngx_time()) {
slen = sess_id->len;
ngx_memcpy(buf, sess_id->session, slen);
ngx_memcpy(ngx_ssl_session_buffer, sess_id->session, slen);
ngx_shmtx_unlock(&shpool->mutex);
p = buf;
p = ngx_ssl_session_buffer;
sess = d2i_SSL_SESSION(NULL, &p, slen);
return sess;

3
src/event/ngx_event_openssl.h
View File

@ -362,4 +362,7 @@ extern int ngx_ssl_index;
extern int ngx_ssl_certificate_name_index;
extern u_char ngx_ssl_session_buffer[NGX_SSL_MAX_SESSION_SIZE];
#endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */

10
src/http/ngx_http_upstream_round_robin.c
View File

@ -878,7 +878,6 @@ ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
int len;
const u_char *p;
ngx_http_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif
peer = rrp->current;
@ -898,12 +897,12 @@ ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
len = peer->ssl_session_len;
ngx_memcpy(buf, peer->ssl_session, len);
ngx_memcpy(ngx_ssl_session_buffer, peer->ssl_session, len);
ngx_http_upstream_rr_peer_unlock(peers, peer);
ngx_http_upstream_rr_peers_unlock(peers);
p = buf;
p = ngx_ssl_session_buffer;
ssl_session = d2i_SSL_SESSION(NULL, &p, len);
rc = ngx_ssl_set_session(pc->connection, ssl_session);
@ -940,7 +939,6 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
int len;
u_char *p;
ngx_http_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif
#if (NGX_HTTP_UPSTREAM_ZONE)
@ -965,7 +963,7 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
return;
}
p = buf;
p = ngx_ssl_session_buffer;
(void) i2d_SSL_SESSION(ssl_session, &p);
peer = rrp->current;
@ -995,7 +993,7 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
peer->ssl_session_len = len;
}
ngx_memcpy(peer->ssl_session, buf, len);
ngx_memcpy(peer->ssl_session, ngx_ssl_session_buffer, len);
ngx_http_upstream_rr_peer_unlock(peers, peer);
ngx_http_upstream_rr_peers_unlock(peers);

10
src/stream/ngx_stream_upstream_round_robin.c
View File

@ -911,7 +911,6 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
int len;
const u_char *p;
ngx_stream_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif
peer = rrp->current;
@ -931,12 +930,12 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
len = peer->ssl_session_len;
ngx_memcpy(buf, peer->ssl_session, len);
ngx_memcpy(ngx_ssl_session_buffer, peer->ssl_session, len);
ngx_stream_upstream_rr_peer_unlock(peers, peer);
ngx_stream_upstream_rr_peers_unlock(peers);
p = buf;
p = ngx_ssl_session_buffer;
ssl_session = d2i_SSL_SESSION(NULL, &p, len);
rc = ngx_ssl_set_session(pc->connection, ssl_session);
@ -973,7 +972,6 @@ ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
int len;
u_char *p;
ngx_stream_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif
#if (NGX_STREAM_UPSTREAM_ZONE)
@ -998,7 +996,7 @@ ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
return;
}
p = buf;
p = ngx_ssl_session_buffer;
(void) i2d_SSL_SESSION(ssl_session, &p);
peer = rrp->current;
@ -1028,7 +1026,7 @@ ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
peer->ssl_session_len = len;
}
ngx_memcpy(peer->ssl_session, buf, len);
ngx_memcpy(peer->ssl_session, ngx_ssl_session_buffer, len);
ngx_stream_upstream_rr_peer_unlock(peers, peer);
ngx_stream_upstream_rr_peers_unlock(peers);