From 283f5efe7dac73a6ed0e12f495dfb10b3bdef846 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 09:34:47 +0100
Subject: [PATCH] Buffering: Free future record epoch after each flight

The function ssl_free_buffered_record() frees a future epoch record, if
such is present. Previously, it was called in mbedtls_handshake_free(),
i.e. an unused buffered record would be cleared at the end of the handshake.
This commit moves the call to the function ssl_buffering_free() responsible
for freeing all buffering-related data, and which is called not only at
the end of the handshake, but at the end of every flight. In particular,
future record epochs won't be buffered across flight boundaries anymore,
and they shouldn't.
---
 library/ssl_tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 41803b6094..d8d2563780 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8672,6 +8672,8 @@ static void ssl_buffering_free( mbedtls_ssl_context *ssl )
     if( hs == NULL )
         return;
 
+    ssl_free_buffered_record( ssl );
+
     for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
         ssl_buffering_free_slot( ssl, offset );
 }
@@ -8776,7 +8778,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
     mbedtls_free( handshake->verify_cookie );
     ssl_flight_free( handshake->flight );
     ssl_buffering_free( ssl );
-    ssl_free_buffered_record( ssl );
 #endif
 
     mbedtls_platform_zeroize( handshake,