nginx-vendor-current: src/event/ngx_event

comparison src/event/ngx_event_openssl.c @ 274:052a7b1d40e5 NGINX_0_5_7

nginx 0.5.7 *) Feature: the ssl_session_cache storage optimization. *) Bugfixes in the "ssl_session_cache" and "limit_zone" directives. *) Bugfix: the segmentation fault was occurred on start or while reconfiguration if the "ssl_session_cache" or "limit_zone" directives were used on 64-bit platforms. *) Bugfix: a segmentation fault occurred if the "add_before_body" or "add_after_body" directives were used and there was no "Content-Type" header line in response. *) Bugfix: the OpenSSL library was always built with the threads support. Thanks to Den Ivanov. *) Bugfix: the PCRE-6.5+ library and the icc compiler compatibility.

author	Igor Sysoev <http://sysoev.ru>
date	Mon, 15 Jan 2007 00:00:00 +0300
parents	29a6403156b0
children	c5c2b2883984

comparison

equal deleted inserted replaced

-:60df8db42ffb
+:052a7b1d40e5
 static ngx_ssl_session_t *ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
 u_char *id, int len, int *copy);
 static void ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
 static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
 ngx_slab_pool_t *shpool, ngx_uint_t n);
+static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
+ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
 static char *ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf);
 static void ngx_openssl_exit(ngx_cycle_t *cycle);
 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) {
 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) {
 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache);
 }
+}
-SSL_CTX_set_timeout(ssl->ctx, timeout);
-}
+SSL_CTX_set_timeout(ssl->ctx, timeout);
 if (shm_zone) {
 shm_zone->init = ngx_ssl_session_cache_init;
 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
 ngx_rbtree_sentinel_init(sentinel);
 cache->session_rbtree->root = sentinel;
 cache->session_rbtree->sentinel = sentinel;
-cache->session_rbtree->insert = ngx_rbtree_insert_value;
+cache->session_rbtree->insert = ngx_ssl_session_rbtree_insert_value;
 shm_zone->data = cache;
 return NGX_OK;
 }
 /*
+* The length of the session id is 16 bytes for SSLv2 sessions and
+* between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
+* It seems that the typical length of the external ASN1 representation
+* of a session is 118 or 119 bytes for SSLv3/TSLv1.
+*
+* Thus on 32-bit platforms we allocate separately an rbtree node,
+* a session id, and an ASN1 representation, they take accordingly
+* 64, 32, and 128 bytes.
+*
+* On 64-bit platforms we allocate separately an rbtree node + session_id,
+* and an ASN1 representation, they take accordingly 128 and 128 bytes.
+*
 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
 * so they are outside the code locked by shared pool mutex
 */
 static int
 ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
 {
 int                       len;
-u_char                   *p, *id;
+u_char                   *p, *id, *cached_sess;
 uint32_t                  hash;
 SSL_CTX                  *ssl_ctx;
 ngx_time_t               *tp;
 ngx_shm_zone_t           *shm_zone;
 ngx_connection_t         *c;
 ngx_slab_pool_t          *shpool;
 ngx_ssl_sess_id_t        *sess_id;
-ngx_ssl_cached_sess_t    *cached_sess;
 ngx_ssl_session_cache_t  *cache;
 u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
 len = i2d_SSL_SESSION(sess, NULL);
 ngx_shmtx_lock(&shpool->mutex);
 /* drop one or two expired sessions */
 ngx_ssl_expire_sessions(cache, shpool, 1);
-cached_sess = ngx_slab_alloc_locked(shpool,
+cached_sess = ngx_slab_alloc_locked(shpool, len);
-offsetof(ngx_ssl_cached_sess_t, asn1) + len);
 if (cached_sess == NULL) {
 /* drop the oldest non-expired session and try once more */
 ngx_ssl_expire_sessions(cache, shpool, 0);
-cached_sess = ngx_slab_alloc_locked(shpool,
+cached_sess = ngx_slab_alloc_locked(shpool, len);
-offsetof(ngx_ssl_cached_sess_t, asn1) + len);
 if (cached_sess == NULL) {
-id = NULL;
+sess_id = NULL;
 goto failed;
 }
 }
+sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
+if (sess_id == NULL) {
+goto failed;
+}
+#if (NGX_PTR_SIZE == 8)
+id = sess_id->sess_id;
+#else
 id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
 if (id == NULL) {
 goto failed;
 }
-sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
+#endif
-if (sess_id == NULL) {
-goto failed;
+ngx_memcpy(cached_sess, buf, len);
-}
-ngx_memcpy(&cached_sess->asn1[0], buf, len);
 ngx_memcpy(id, sess->session_id, sess->session_id_length);
 hash = ngx_crc32_short(sess->session_id, sess->session_id_length);
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "http ssl new session: %08XD:%d:%d",
 hash, sess->session_id_length, len);
+tp = ngx_timeofday();
 sess_id->node.key = hash;
 sess_id->node.data = (u_char) sess->session_id_length;
 sess_id->id = id;
 sess_id->len = len;
 sess_id->session = cached_sess;
-tp = ngx_timeofday();
+sess_id->expire = tp->sec + SSL_CTX_get_timeout(ssl_ctx);
-cached_sess->expire = tp->sec + SSL_CTX_get_timeout(ssl_ctx);
+sess_id->next = cache->session_cache_head.next;
-cached_sess->sess_id = sess_id;
+sess_id->next->prev = sess_id;
+sess_id->prev = &cache->session_cache_head;
-cached_sess->next = cache->session_cache_head.next;
+cache->session_cache_head.next = sess_id;
-cached_sess->next->prev = cached_sess;
-cached_sess->prev = &cache->session_cache_head;
-cache->session_cache_head.next = cached_sess;
 ngx_rbtree_insert(cache->session_rbtree, &sess_id->node);
 ngx_shmtx_unlock(&shpool->mutex);
 if (cached_sess) {
 ngx_slab_free_locked(shpool, cached_sess);
 }
-if (id) {
+if (sess_id) {
-ngx_slab_free_locked(shpool, id);
+ngx_slab_free_locked(shpool, sess_id);
 }
 ngx_shmtx_unlock(&shpool->mutex);
 ngx_log_error(NGX_LOG_ALERT, c->log, 0,
 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL
 const
 #endif
 u_char                   *p;
 uint32_t                  hash;
+ngx_int_t                 rc;
 ngx_time_t               *tp;
 ngx_shm_zone_t           *shm_zone;
 ngx_slab_pool_t          *shpool;
 ngx_connection_t         *c;
 ngx_rbtree_node_t        *node, *sentinel;
 ngx_ssl_session_t        *sess;
 ngx_ssl_sess_id_t        *sess_id;
-ngx_ssl_cached_sess_t    *cached_sess;
 ngx_ssl_session_cache_t  *cache;
 u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
 c = ngx_ssl_get_connection(ssl_conn);
-hash = ngx_crc32_short(id, len);
+hash = ngx_crc32_short(id, (size_t) len);
 *copy = 0;
 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "http ssl get session: %08XD:%d", hash, len);
 if (hash > node->key) {
 node = node->right;
 continue;
 }
-if (hash == node->key && (u_char) len == node->data) {
+/* hash == node->key */
+do {
 sess_id = (ngx_ssl_sess_id_t *) node;
-if (ngx_strncmp(id, sess_id->id, len) == 0) {
+rc = ngx_memn2cmp(id, sess_id->id,
+(size_t) len, (size_t) node->data);
-cached_sess = sess_id->session;
+if (rc == 0) {
 tp = ngx_timeofday();
-if (cached_sess->expire > tp->sec) {
+if (sess_id->expire > tp->sec) {
-ngx_memcpy(buf, &cached_sess->asn1[0], sess_id->len);
+ngx_memcpy(buf, sess_id->session, sess_id->len);
 ngx_shmtx_unlock(&shpool->mutex);
 p = buf;
 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
 return sess;
 }
-cached_sess->next->prev = cached_sess->prev;
+sess_id->next->prev = sess_id->prev;
-cached_sess->prev->next = cached_sess->next;
+sess_id->prev->next = sess_id->next;
 ngx_rbtree_delete(cache->session_rbtree, node);
-ngx_slab_free_locked(shpool, cached_sess);
+ngx_slab_free_locked(shpool, sess_id->session);
+#if (NGX_PTR_SIZE == 4)
 ngx_slab_free_locked(shpool, sess_id->id);
+#endif
 ngx_slab_free_locked(shpool, sess_id);
 sess = NULL;
-break;
+goto done;
 }
-}
+node = (rc < 0) ? node->left : node->right;
-node = node->right;
-}
+} while (node != sentinel && hash == node->key);
+break;
+}
+done:
 ngx_shmtx_unlock(&shpool->mutex);
 return sess;
 }
 static void
 ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
 {
-u_char                   *id, len;
+size_t                    len;
+u_char                   *id;
 uint32_t                  hash;
+ngx_int_t                 rc;
 ngx_shm_zone_t           *shm_zone;
 ngx_slab_pool_t          *shpool;
 ngx_rbtree_node_t        *node, *sentinel;
 ngx_ssl_sess_id_t        *sess_id;
-ngx_ssl_cached_sess_t    *cached_sess;
 ngx_ssl_session_cache_t  *cache;
 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
 cache = shm_zone->data;
 id = sess->session_id;
-len = (u_char) sess->session_id_length;
+len = (size_t) sess->session_id_length;
-hash = ngx_crc32_short(id, (size_t) len);
+hash = ngx_crc32_short(id, len);
 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
-"http ssl remove session: %08XD:%d", hash, len);
+"http ssl remove session: %08XD:%uz", hash, len);
 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
 ngx_shmtx_lock(&shpool->mutex);
 if (hash > node->key) {
 node = node->right;
 continue;
 }
-if (hash == node->key && len == node->data) {
+/* hash == node->key */
+do {
 sess_id = (ngx_ssl_sess_id_t *) node;
-if (ngx_strncmp(id, sess_id->id, (size_t) len) == 0) {
+rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data);
-cached_sess = sess_id->session;
+if (rc == 0) {
+sess_id->next->prev = sess_id->prev;
-cached_sess->next->prev = cached_sess->prev;
+sess_id->prev->next = sess_id->next;
-cached_sess->prev->next = cached_sess->next;
 ngx_rbtree_delete(cache->session_rbtree, node);
-ngx_slab_free_locked(shpool, cached_sess);
+ngx_slab_free_locked(shpool, sess_id->session);
+#if (NGX_PTR_SIZE == 4)
 ngx_slab_free_locked(shpool, sess_id->id);
+#endif
 ngx_slab_free_locked(shpool, sess_id);
-break;
+goto done;
 }
-}
+node = (rc < 0) ? node->left : node->right;
-node = node->right;
-}
+} while (node != sentinel && hash == node->key);
+break;
+}
+done:
 ngx_shmtx_unlock(&shpool->mutex);
 }
 static void
 ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
 ngx_slab_pool_t *shpool, ngx_uint_t n)
 {
-ngx_time_t                  *tp;
+ngx_time_t         *tp;
-ngx_ssl_sess_id_t      *sess_id;
+ngx_ssl_sess_id_t  *sess_id;
-ngx_ssl_cached_sess_t  *sess;
 tp = ngx_timeofday();
 while (n < 3) {
-sess = cache->session_cache_tail.prev;
+sess_id = cache->session_cache_tail.prev;
-if (sess == &cache->session_cache_head) {
+if (sess_id == &cache->session_cache_head) {
 return;
 }
-if (n++ != 0 && sess->expire > tp->sec) {
+if (n++ != 0 && sess_id->expire > tp->sec) {
 break;
 }
-sess->next->prev = sess->prev;
+sess_id->next->prev = sess_id->prev;
-sess->prev->next = sess->next;
+sess_id->prev->next = sess_id->next;
-sess_id = sess->sess_id;
 ngx_rbtree_delete(cache->session_rbtree, &sess_id->node);
 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
 "expire session: %08Xi", sess_id->node.key);
-ngx_slab_free_locked(shpool, sess);
+ngx_slab_free_locked(shpool, sess_id->session);
+#if (NGX_PTR_SIZE == 4)
 ngx_slab_free_locked(shpool, sess_id->id);
+#endif
 ngx_slab_free_locked(shpool, sess_id);
 }
 }
+static void
+ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
+ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
+{
+ngx_ssl_sess_id_t  *sess_id, *sess_id_temp;
+for ( ;; ) {
+if (node->key < temp->key) {
+if (temp->left == sentinel) {
+temp->left = node;
+break;
+}
+temp = temp->left;
+} else if (node->key > temp->key) {
+if (temp->right == sentinel) {
+temp->right = node;
+break;
+}
+temp = temp->right;
+} else { /* node->key == temp->key */
+sess_id = (ngx_ssl_sess_id_t *) node;
+sess_id_temp = (ngx_ssl_sess_id_t *) temp;
+if (ngx_memn2cmp(sess_id->id, sess_id_temp->id,
+(size_t) node->data, (size_t) temp->data)
+< 0)
+{
+if (temp->left == sentinel) {
+temp->left = node;
+break;
+}
+temp = temp->left;
+} else {
+if (temp->right == sentinel) {
+temp->right = node;
+break;
+}
+temp = temp->right;
+}
+}
+}
+node->parent = temp;
+node->left = sentinel;
+node->right = sentinel;
+ngx_rbt_red(node);
+}
 void
 ngx_ssl_cleanup_ctx(void *data)
 {

Mercurial > hg > nginx-vendor-current

comparison src/event/ngx_event_openssl.c @ 274:052a7b1d40e5 NGINX_0_5_7