mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-12 13:42:55 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: using static storage for NGX_SSL_MAX_SESSION_SIZE buffers.

Browse Source 
All such transient buffers are converted to the single storage in BSS.

In preparation to raise the limit.
This commit is contained in:
Sergey Kandaurov 2025-02-21 13:49:41 +04:00 committed by pluknet
parent b11ae4cfc9
commit 3d7304b527
4 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/event/ngx_event_openssl.c
View File

@ -132,6 +132,9 @@ int ngx_ssl_index;
int ngx_ssl_certificate_name_index; int ngx_ssl_certificate_name_index;
u_char ngx_ssl_session_buffer[NGX_SSL_MAX_SESSION_SIZE];
ngx_int_t ngx_int_t
ngx_ssl_init(ngx_log_t *log) ngx_ssl_init(ngx_log_t *log)
{ {
@ -3889,7 +3892,6 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
ngx_slab_pool_t *shpool; ngx_slab_pool_t *shpool;
ngx_ssl_sess_id_t *sess_id; ngx_ssl_sess_id_t *sess_id;
ngx_ssl_session_cache_t *cache; ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#ifdef TLS1_3_VERSION #ifdef TLS1_3_VERSION
@ -3916,7 +3918,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
return 0; return 0;
} }
p = buf; p = ngx_ssl_session_buffer;
i2d_SSL_SESSION(sess, &p); i2d_SSL_SESSION(sess, &p);
session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length);
@ -3980,7 +3982,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
#endif #endif
ngx_memcpy(sess_id->session, buf, len); ngx_memcpy(sess_id->session, ngx_ssl_session_buffer, len);
ngx_memcpy(sess_id->id, session_id, session_id_length); ngx_memcpy(sess_id->id, session_id, session_id_length);
hash = ngx_crc32_short(session_id, session_id_length); hash = ngx_crc32_short(session_id, session_id_length);
@ -4039,7 +4041,6 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
ngx_ssl_session_t *sess; ngx_ssl_session_t *sess;
ngx_ssl_sess_id_t *sess_id; ngx_ssl_sess_id_t *sess_id;
ngx_ssl_session_cache_t *cache; ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
hash = ngx_crc32_short((u_char *) (uintptr_t) id, (size_t) len); hash = ngx_crc32_short((u_char *) (uintptr_t) id, (size_t) len);
*copy = 0; *copy = 0;
@ -4087,11 +4088,11 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
if (sess_id->expire > ngx_time()) { if (sess_id->expire > ngx_time()) {
slen = sess_id->len; slen = sess_id->len;
ngx_memcpy(buf, sess_id->session, slen); ngx_memcpy(ngx_ssl_session_buffer, sess_id->session, slen);
ngx_shmtx_unlock(&shpool->mutex); ngx_shmtx_unlock(&shpool->mutex);
p = buf; p = ngx_ssl_session_buffer;
sess = d2i_SSL_SESSION(NULL, &p, slen); sess = d2i_SSL_SESSION(NULL, &p, slen);
return sess; return sess;

3
src/event/ngx_event_openssl.h
View File

@ -362,4 +362,7 @@ extern int ngx_ssl_index;
extern int ngx_ssl_certificate_name_index; extern int ngx_ssl_certificate_name_index;
extern u_char ngx_ssl_session_buffer[NGX_SSL_MAX_SESSION_SIZE];
#endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */

10
src/http/ngx_http_upstream_round_robin.c
View File

@ -878,7 +878,6 @@ ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
int len; int len;
const u_char *p; const u_char *p;
ngx_http_upstream_rr_peers_t *peers; ngx_http_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif #endif
peer = rrp->current; peer = rrp->current;
@ -898,12 +897,12 @@ ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
len = peer->ssl_session_len; len = peer->ssl_session_len;
ngx_memcpy(buf, peer->ssl_session, len); ngx_memcpy(ngx_ssl_session_buffer, peer->ssl_session, len);
ngx_http_upstream_rr_peer_unlock(peers, peer); ngx_http_upstream_rr_peer_unlock(peers, peer);
ngx_http_upstream_rr_peers_unlock(peers); ngx_http_upstream_rr_peers_unlock(peers);
p = buf; p = ngx_ssl_session_buffer;
ssl_session = d2i_SSL_SESSION(NULL, &p, len); ssl_session = d2i_SSL_SESSION(NULL, &p, len);
rc = ngx_ssl_set_session(pc->connection, ssl_session); rc = ngx_ssl_set_session(pc->connection, ssl_session);
@ -940,7 +939,6 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
int len; int len;
u_char *p; u_char *p;
ngx_http_upstream_rr_peers_t *peers; ngx_http_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif #endif
#if (NGX_HTTP_UPSTREAM_ZONE) #if (NGX_HTTP_UPSTREAM_ZONE)
@ -965,7 +963,7 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
return; return;
} }
p = buf; p = ngx_ssl_session_buffer;
(void) i2d_SSL_SESSION(ssl_session, &p); (void) i2d_SSL_SESSION(ssl_session, &p);
peer = rrp->current; peer = rrp->current;
@ -995,7 +993,7 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
peer->ssl_session_len = len; peer->ssl_session_len = len;
} }
ngx_memcpy(peer->ssl_session, buf, len); ngx_memcpy(peer->ssl_session, ngx_ssl_session_buffer, len);
ngx_http_upstream_rr_peer_unlock(peers, peer); ngx_http_upstream_rr_peer_unlock(peers, peer);
ngx_http_upstream_rr_peers_unlock(peers); ngx_http_upstream_rr_peers_unlock(peers);

10
src/stream/ngx_stream_upstream_round_robin.c
View File

@ -911,7 +911,6 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
int len; int len;
const u_char *p; const u_char *p;
ngx_stream_upstream_rr_peers_t *peers; ngx_stream_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif #endif
peer = rrp->current; peer = rrp->current;
@ -931,12 +930,12 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
len = peer->ssl_session_len; len = peer->ssl_session_len;
ngx_memcpy(buf, peer->ssl_session, len); ngx_memcpy(ngx_ssl_session_buffer, peer->ssl_session, len);
ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peer_unlock(peers, peer);
ngx_stream_upstream_rr_peers_unlock(peers); ngx_stream_upstream_rr_peers_unlock(peers);
p = buf; p = ngx_ssl_session_buffer;
ssl_session = d2i_SSL_SESSION(NULL, &p, len); ssl_session = d2i_SSL_SESSION(NULL, &p, len);
rc = ngx_ssl_set_session(pc->connection, ssl_session); rc = ngx_ssl_set_session(pc->connection, ssl_session);
@ -973,7 +972,6 @@ ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
int len; int len;
u_char *p; u_char *p;
ngx_stream_upstream_rr_peers_t *peers; ngx_stream_upstream_rr_peers_t *peers;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#endif #endif
#if (NGX_STREAM_UPSTREAM_ZONE) #if (NGX_STREAM_UPSTREAM_ZONE)
@ -998,7 +996,7 @@ ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
return; return;
} }
p = buf; p = ngx_ssl_session_buffer;
(void) i2d_SSL_SESSION(ssl_session, &p); (void) i2d_SSL_SESSION(ssl_session, &p);
peer = rrp->current; peer = rrp->current;
@ -1028,7 +1026,7 @@ ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
peer->ssl_session_len = len; peer->ssl_session_len = len;
} }
ngx_memcpy(peer->ssl_session, buf, len); ngx_memcpy(peer->ssl_session, ngx_ssl_session_buffer, len);
ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peer_unlock(peers, peer);
ngx_stream_upstream_rr_peers_unlock(peers); ngx_stream_upstream_rr_peers_unlock(peers);