IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

SSL: explicit clearing of expired sessions.

Browse Source 
This reduces lifetime of session keying material in server's memory, and
therefore can be beneficial from forward secrecy point of view.
This commit is contained in:
Maxim Dounin 2022-10-12 20:14:43 +03:00
parent 76876c160f
commit 3057e6e9ad
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/event/ngx_event_openssl.c
View File

@ -4031,6 +4031,8 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
ngx_rbtree_delete(&cache->session_rbtree, node);
ngx_explicit_memzero(sess_id->session, sess_id->len);
#if (NGX_PTR_SIZE == 8)
ngx_slab_free_locked(shpool, sess_id->session);
#endif
@ -4120,6 +4122,8 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
ngx_rbtree_delete(&cache->session_rbtree, node);
ngx_explicit_memzero(sess_id->session, sess_id->len);
#if (NGX_PTR_SIZE == 8)
ngx_slab_free_locked(shpool, sess_id->session);
#endif
@ -4168,6 +4172,8 @@ ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node);
ngx_explicit_memzero(sess_id->session, sess_id->len);
#if (NGX_PTR_SIZE == 8)
ngx_slab_free_locked(shpool, sess_id->session);
#endif