Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8079:f106f4a68faf
SSL: explicit clearing of expired sessions.
This reduces lifetime of session keying material in server's memory, and
therefore can be beneficial from forward secrecy point of view.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 12 Oct 2022 20:14:43 +0300 |
| parents | 5244d3b165ff |
| children | 4eeb53743d25 |
comparison
equal
deleted
inserted
replaced
| 8078:5244d3b165ff | 8079:f106f4a68faf |
|---|---|
| 4029 | 4029 |
| 4030 ngx_queue_remove(&sess_id->queue); | 4030 ngx_queue_remove(&sess_id->queue); |
| 4031 | 4031 |
| 4032 ngx_rbtree_delete(&cache->session_rbtree, node); | 4032 ngx_rbtree_delete(&cache->session_rbtree, node); |
| 4033 | 4033 |
| 4034 ngx_explicit_memzero(sess_id->session, sess_id->len); | |
| 4035 | |
| 4034 #if (NGX_PTR_SIZE == 8) | 4036 #if (NGX_PTR_SIZE == 8) |
| 4035 ngx_slab_free_locked(shpool, sess_id->session); | 4037 ngx_slab_free_locked(shpool, sess_id->session); |
| 4036 #endif | 4038 #endif |
| 4037 ngx_slab_free_locked(shpool, sess_id); | 4039 ngx_slab_free_locked(shpool, sess_id); |
| 4038 | 4040 |
| 4118 | 4120 |
| 4119 ngx_queue_remove(&sess_id->queue); | 4121 ngx_queue_remove(&sess_id->queue); |
| 4120 | 4122 |
| 4121 ngx_rbtree_delete(&cache->session_rbtree, node); | 4123 ngx_rbtree_delete(&cache->session_rbtree, node); |
| 4122 | 4124 |
| 4125 ngx_explicit_memzero(sess_id->session, sess_id->len); | |
| 4126 | |
| 4123 #if (NGX_PTR_SIZE == 8) | 4127 #if (NGX_PTR_SIZE == 8) |
| 4124 ngx_slab_free_locked(shpool, sess_id->session); | 4128 ngx_slab_free_locked(shpool, sess_id->session); |
| 4125 #endif | 4129 #endif |
| 4126 ngx_slab_free_locked(shpool, sess_id); | 4130 ngx_slab_free_locked(shpool, sess_id); |
| 4127 | 4131 |
| 4165 | 4169 |
| 4166 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 4170 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
| 4167 "expire session: %08Xi", sess_id->node.key); | 4171 "expire session: %08Xi", sess_id->node.key); |
| 4168 | 4172 |
| 4169 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node); | 4173 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node); |
| 4174 | |
| 4175 ngx_explicit_memzero(sess_id->session, sess_id->len); | |
| 4170 | 4176 |
| 4171 #if (NGX_PTR_SIZE == 8) | 4177 #if (NGX_PTR_SIZE == 8) |
| 4172 ngx_slab_free_locked(shpool, sess_id->session); | 4178 ngx_slab_free_locked(shpool, sess_id->session); |
| 4173 #endif | 4179 #endif |
| 4174 ngx_slab_free_locked(shpool, sess_id); | 4180 ngx_slab_free_locked(shpool, sess_id); |