Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 8939:f106f4a68faf
SSL: explicit clearing of expired sessions.
This reduces lifetime of session keying material in server's memory, and
therefore can be beneficial from forward secrecy point of view.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:43 +0300 |
parents | 5244d3b165ff |
children | 4eeb53743d25 |
comparison
equal
deleted
inserted
replaced
8938:5244d3b165ff | 8939:f106f4a68faf |
---|---|
4029 | 4029 |
4030 ngx_queue_remove(&sess_id->queue); | 4030 ngx_queue_remove(&sess_id->queue); |
4031 | 4031 |
4032 ngx_rbtree_delete(&cache->session_rbtree, node); | 4032 ngx_rbtree_delete(&cache->session_rbtree, node); |
4033 | 4033 |
4034 ngx_explicit_memzero(sess_id->session, sess_id->len); | |
4035 | |
4034 #if (NGX_PTR_SIZE == 8) | 4036 #if (NGX_PTR_SIZE == 8) |
4035 ngx_slab_free_locked(shpool, sess_id->session); | 4037 ngx_slab_free_locked(shpool, sess_id->session); |
4036 #endif | 4038 #endif |
4037 ngx_slab_free_locked(shpool, sess_id); | 4039 ngx_slab_free_locked(shpool, sess_id); |
4038 | 4040 |
4118 | 4120 |
4119 ngx_queue_remove(&sess_id->queue); | 4121 ngx_queue_remove(&sess_id->queue); |
4120 | 4122 |
4121 ngx_rbtree_delete(&cache->session_rbtree, node); | 4123 ngx_rbtree_delete(&cache->session_rbtree, node); |
4122 | 4124 |
4125 ngx_explicit_memzero(sess_id->session, sess_id->len); | |
4126 | |
4123 #if (NGX_PTR_SIZE == 8) | 4127 #if (NGX_PTR_SIZE == 8) |
4124 ngx_slab_free_locked(shpool, sess_id->session); | 4128 ngx_slab_free_locked(shpool, sess_id->session); |
4125 #endif | 4129 #endif |
4126 ngx_slab_free_locked(shpool, sess_id); | 4130 ngx_slab_free_locked(shpool, sess_id); |
4127 | 4131 |
4165 | 4169 |
4166 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 4170 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
4167 "expire session: %08Xi", sess_id->node.key); | 4171 "expire session: %08Xi", sess_id->node.key); |
4168 | 4172 |
4169 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node); | 4173 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node); |
4174 | |
4175 ngx_explicit_memzero(sess_id->session, sess_id->len); | |
4170 | 4176 |
4171 #if (NGX_PTR_SIZE == 8) | 4177 #if (NGX_PTR_SIZE == 8) |
4172 ngx_slab_free_locked(shpool, sess_id->session); | 4178 ngx_slab_free_locked(shpool, sess_id->session); |
4173 #endif | 4179 #endif |
4174 ngx_slab_free_locked(shpool, sess_id); | 4180 ngx_slab_free_locked(shpool, sess_id); |