yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 09:15:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

SSL/TLS client: Remove old session ticket on renegotiation

Browse Source 
Context: During a handshake, the SSL/TLS handshake logic constructs
an instance of ::mbedtls_ssl_session representing the SSL session
being established. This structure contains information such as the
session's master secret, the peer certificate, or the session ticket
issues by the server (if applicable).

During a renegotiation, the new session is constructed aside the existing
one and destroys and replaces the latter only when the renegotiation is
complete. While conceptually clear, this means that during the renegotiation,
large pieces of information such as the peer's CRT or the session ticket
exist twice in memory, even though the original versions are removed
eventually.

This commit starts removing this memory inefficiency by freeing the old
session's SessionTicket before the one for the new session is allocated.
This commit is contained in:
Hanno Becker 2019-01-30 14:46:35 +00:00
parent ac4172c5bb
commit b2964cbe14
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/ssl_cli.c
View File

@ -3463,6 +3463,15 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
if( ticket_len == 0 )
return( 0 );
if( ssl->session != NULL && ssl->session->ticket != NULL )
{
mbedtls_platform_zeroize( ssl->session->ticket,
ssl->session->ticket_len );
mbedtls_free( ssl->session->ticket );
ssl->session->ticket = NULL;
ssl->session->ticket_len = 0;
}
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket );