mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 02:15:35 +00:00
SSL/TLS client: Remove old session ticket on renegotiation
Context: During a handshake, the SSL/TLS handshake logic constructs an instance of ::mbedtls_ssl_session representing the SSL session being established. This structure contains information such as the session's master secret, the peer certificate, or the session ticket issues by the server (if applicable). During a renegotiation, the new session is constructed aside the existing one and destroys and replaces the latter only when the renegotiation is complete. While conceptually clear, this means that during the renegotiation, large pieces of information such as the peer's CRT or the session ticket exist twice in memory, even though the original versions are removed eventually. This commit starts removing this memory inefficiency by freeing the old session's SessionTicket before the one for the new session is allocated.
This commit is contained in:
parent
80e92ad43a
commit
3d699e43ea
|
@ -3583,6 +3583,15 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||||
if( ticket_len == 0 )
|
if( ticket_len == 0 )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
|
if( ssl->session != NULL && ssl->session->ticket != NULL )
|
||||||
|
{
|
||||||
|
mbedtls_platform_zeroize( ssl->session->ticket,
|
||||||
|
ssl->session->ticket_len );
|
||||||
|
mbedtls_free( ssl->session->ticket );
|
||||||
|
ssl->session->ticket = NULL;
|
||||||
|
ssl->session->ticket_len = 0;
|
||||||
|
}
|
||||||
|
|
||||||
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
|
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
|
||||||
ssl->session_negotiate->ticket_len );
|
ssl->session_negotiate->ticket_len );
|
||||||
mbedtls_free( ssl->session_negotiate->ticket );
|
mbedtls_free( ssl->session_negotiate->ticket );
|
||||||
|
|
Loading…
Reference in a new issue