SSL: using static storage for NGX_SSL_MAX_SESSION_SIZE buffers.

All such transient buffers are converted to the single storage in BSS. In preparation to raise the limit.
author: Sergey Kandaurov <pluknet@nginx.com> 2025-02-21 13:49:41 +0400
committer: pluknet <pluknet@nginx.com> 2025-02-26 17:40:03 +0400
commit: 3d7304b527d1fb6eb697eb8719f286ba7b8e90de (patch)
tree: f394d077a2b3dce09666a7d92f77ef7a56aa4478 /src/event/ngx_event_openssl.c
parent: b11ae4cfc9483006f67d92850dc520abe659d880 (diff)
download: nginx-3d7304b527d1fb6eb697eb8719f286ba7b8e90de.tar.gz
nginx-3d7304b527d1fb6eb697eb8719f286ba7b8e90de.tar.bz2
1 files changed, 7 insertions, 6 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 2446219a7..865c78540 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -132,6 +132,9 @@ int  ngx_ssl_index;
 int  ngx_ssl_certificate_name_index;
 
 
+u_char  ngx_ssl_session_buffer[NGX_SSL_MAX_SESSION_SIZE];
+
+
 ngx_int_t
 ngx_ssl_init(ngx_log_t *log)
 {
@@ -3889,7 +3892,6 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
     ngx_slab_pool_t          *shpool;
     ngx_ssl_sess_id_t        *sess_id;
     ngx_ssl_session_cache_t  *cache;
-    u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
 
 #ifdef TLS1_3_VERSION
 
@@ -3916,7 +3918,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
         return 0;
     }
 
-    p = buf;
+    p = ngx_ssl_session_buffer;
     i2d_SSL_SESSION(sess, &p);
 
     session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length);
@@ -3980,7 +3982,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
 
 #endif
 
-    ngx_memcpy(sess_id->session, buf, len);
+    ngx_memcpy(sess_id->session, ngx_ssl_session_buffer, len);
     ngx_memcpy(sess_id->id, session_id, session_id_length);
 
     hash = ngx_crc32_short(session_id, session_id_length);
@@ -4039,7 +4041,6 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
     ngx_ssl_session_t        *sess;
     ngx_ssl_sess_id_t        *sess_id;
     ngx_ssl_session_cache_t  *cache;
-    u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
 
     hash = ngx_crc32_short((u_char *) (uintptr_t) id, (size_t) len);
     *copy = 0;
@@ -4087,11 +4088,11 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
             if (sess_id->expire > ngx_time()) {
                 slen = sess_id->len;
 
-                ngx_memcpy(buf, sess_id->session, slen);
+                ngx_memcpy(ngx_ssl_session_buffer, sess_id->session, slen);
 
                 ngx_shmtx_unlock(&shpool->mutex);
 
-                p = buf;
+                p = ngx_ssl_session_buffer;
                 sess = d2i_SSL_SESSION(NULL, &p, slen);
 
                 return sess;
author	Sergey Kandaurov <pluknet@nginx.com>	2025-02-21 13:49:41 +0400
committer	pluknet <pluknet@nginx.com>	2025-02-26 17:40:03 +0400
commit	3d7304b527d1fb6eb697eb8719f286ba7b8e90de (patch)
tree	f394d077a2b3dce09666a7d92f77ef7a56aa4478 /src/event/ngx_event_openssl.c
parent	b11ae4cfc9483006f67d92850dc520abe659d880 (diff)
download	nginx-3d7304b527d1fb6eb697eb8719f286ba7b8e90de.tar.gz nginx-3d7304b527d1fb6eb697eb8719f286ba7b8e90de.tar.bz2