Mercurial > hg > nginx
annotate src/os/unix/ngx_user.c @ 8078:5244d3b165ff
SSL: single allocation in session cache on 32-bit platforms.
Given the present typical SSL session sizes, on 32-bit platforms it is
now beneficial to store all data in a single allocation, since rbtree
node + session id + ASN1 representation of a session takes 256 bytes of
shared memory (36 + 32 + 150 = about 218 bytes plus SNI server name).
Storing all data in a single allocation is beneficial for SNI names up to
about 40 characters long and makes it possible to store about 4000 sessions
in one megabyte (instead of about 3000 sessions now). This also slightly
simplifies the code.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:40 +0300 |
parents | eca3e054e978 |
children |
rev | line source |
---|---|
503 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
503 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 | |
11 | |
12 #if (NGX_CRYPT) | |
13 | |
527 | 14 #if (NGX_HAVE_GNU_CRYPT_R) |
503 | 15 |
16 ngx_int_t | |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
3796
diff
changeset
|
17 ngx_libc_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
503 | 18 { |
19 char *value; | |
20 size_t len; | |
21 struct crypt_data cd; | |
22 | |
509 | 23 cd.initialized = 0; |
24 | |
503 | 25 value = crypt_r((char *) key, (char *) salt, &cd); |
26 | |
4982
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
27 if (value) { |
3796
7dec2852e8fd
allocate last zero byte in ngx_crypt()
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
28 len = ngx_strlen(value) + 1; |
503 | 29 |
2049 | 30 *encrypted = ngx_pnalloc(pool, len); |
4982
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
31 if (*encrypted == NULL) { |
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
32 return NGX_ERROR; |
503 | 33 } |
4982
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
34 |
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
35 ngx_memcpy(*encrypted, value, len); |
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
36 return NGX_OK; |
503 | 37 } |
38 | |
4982
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
39 ngx_log_error(NGX_LOG_CRIT, pool->log, ngx_errno, "crypt_r() failed"); |
509 | 40 |
503 | 41 return NGX_ERROR; |
42 } | |
43 | |
44 #else | |
45 | |
46 ngx_int_t | |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
3796
diff
changeset
|
47 ngx_libc_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
503 | 48 { |
49 char *value; | |
50 size_t len; | |
509 | 51 ngx_err_t err; |
503 | 52 |
53 value = crypt((char *) key, (char *) salt); | |
54 | |
55 if (value) { | |
3796
7dec2852e8fd
allocate last zero byte in ngx_crypt()
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
56 len = ngx_strlen(value) + 1; |
503 | 57 |
2049 | 58 *encrypted = ngx_pnalloc(pool, len); |
4982
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
59 if (*encrypted == NULL) { |
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
60 return NGX_ERROR; |
503 | 61 } |
509 | 62 |
4982
6ccd3a50b40f
Core: crypt_r() error handling fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4499
diff
changeset
|
63 ngx_memcpy(*encrypted, value, len); |
509 | 64 return NGX_OK; |
503 | 65 } |
66 | |
509 | 67 err = ngx_errno; |
68 | |
69 ngx_log_error(NGX_LOG_CRIT, pool->log, err, "crypt() failed"); | |
70 | |
71 return NGX_ERROR; | |
503 | 72 } |
73 | |
74 #endif | |
75 | |
76 #endif /* NGX_CRYPT */ |