From 3d699e43eae24a156271391a5a3c376e418b95d1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 30 Jan 2019 14:46:35 +0000 Subject: [PATCH] SSL/TLS client: Remove old session ticket on renegotiation Context: During a handshake, the SSL/TLS handshake logic constructs an instance of ::mbedtls_ssl_session representing the SSL session being established. This structure contains information such as the session's master secret, the peer certificate, or the session ticket issues by the server (if applicable). During a renegotiation, the new session is constructed aside the existing one and destroys and replaces the latter only when the renegotiation is complete. While conceptually clear, this means that during the renegotiation, large pieces of information such as the peer's CRT or the session ticket exist twice in memory, even though the original versions are removed eventually. This commit starts removing this memory inefficiency by freeing the old session's SessionTicket before the one for the new session is allocated. --- library/ssl_cli.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index be80de71d..c6e64a4b6 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3583,6 +3583,15 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) if( ticket_len == 0 ) return( 0 ); + if( ssl->session != NULL && ssl->session->ticket != NULL ) + { + mbedtls_platform_zeroize( ssl->session->ticket, + ssl->session->ticket_len ); + mbedtls_free( ssl->session->ticket ); + ssl->session->ticket = NULL; + ssl->session->ticket_len = 0; + } + mbedtls_platform_zeroize( ssl->session_negotiate->ticket, ssl->session_negotiate->ticket_len ); mbedtls_free( ssl->session_negotiate->ticket );