From b2964cbe14c23d5d22d7bee024523a888955c2fe Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 30 Jan 2019 14:46:35 +0000
Subject: [PATCH] SSL/TLS client: Remove old session ticket on renegotiation

Context: During a handshake, the SSL/TLS handshake logic constructs
an instance of ::mbedtls_ssl_session representing the SSL session
being established. This structure contains information such as the
session's master secret, the peer certificate, or the session ticket
issues by the server (if applicable).

During a renegotiation, the new session is constructed aside the existing
one and destroys and replaces the latter only when the renegotiation is
complete. While conceptually clear, this means that during the renegotiation,
large pieces of information such as the peer's CRT or the session ticket
exist twice in memory, even though the original versions are removed
eventually.

This commit starts removing this memory inefficiency by freeing the old
session's SessionTicket before the one for the new session is allocated.
---
 library/ssl_cli.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index afced7a99c..5655d3aabb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3463,6 +3463,15 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
     if( ticket_len == 0 )
         return( 0 );
 
+    if( ssl->session != NULL && ssl->session->ticket != NULL )
+    {
+        mbedtls_platform_zeroize( ssl->session->ticket,
+                                  ssl->session->ticket_len );
+        mbedtls_free( ssl->session->ticket );
+        ssl->session->ticket = NULL;
+        ssl->session->ticket_len = 0;
+    }
+
     mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
                               ssl->session_negotiate->ticket_len );
     mbedtls_free( ssl->session_negotiate->ticket );