commit 8fc2dc07d868efafe0f4db5a5df238e2576deb13
author David Benjamin <davidben@google.com> Tue Aug 22 15:07:51 2017 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Aug 23 15:58:52 2017 +0000
tree 3a412d0b87b78349d79deec6bec9c482c3bcc88d
parent e7848220a241e5bbb6b98a6f1f65e4d4f1cef308

Put SCTs and OCSP responses in CRYPTO_BUFFERs.

They both can be moderately large. This should hopefully relieve a little
memory pressure from both connections to hosts which serve SCTs and
TLS 1.3's single-use tickets.

Change-Id: I034bbf057fe5a064015a0f554b3ae9ea7797cd4e
Reviewed-on: https://boringssl-review.googlesource.com/19584
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_session.cc

diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index dad0656..6bacc80 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -227,24 +227,15 @@
 
   new_session->verify_result = session->verify_result;
 
-  new_session->ocsp_response_length = session->ocsp_response_length;
   if (session->ocsp_response != NULL) {
-    new_session->ocsp_response = (uint8_t *)BUF_memdup(
-        session->ocsp_response, session->ocsp_response_length);
-    if (new_session->ocsp_response == NULL) {
-      return nullptr;
-    }
+    new_session->ocsp_response = session->ocsp_response;
+    CRYPTO_BUFFER_up_ref(new_session->ocsp_response);
   }
 
-  new_session->tlsext_signed_cert_timestamp_list_length =
-      session->tlsext_signed_cert_timestamp_list_length;
-  if (session->tlsext_signed_cert_timestamp_list != NULL) {
-    new_session->tlsext_signed_cert_timestamp_list = (uint8_t *)BUF_memdup(
-        session->tlsext_signed_cert_timestamp_list,
-        session->tlsext_signed_cert_timestamp_list_length);
-    if (new_session->tlsext_signed_cert_timestamp_list == NULL) {
-      return nullptr;
-    }
+  if (session->signed_cert_timestamp_list != NULL) {
+    new_session->signed_cert_timestamp_list =
+        session->signed_cert_timestamp_list;
+    CRYPTO_BUFFER_up_ref(new_session->signed_cert_timestamp_list);
   }
 
   OPENSSL_memcpy(new_session->peer_sha256, session->peer_sha256,
@@ -898,8 +889,8 @@
   session->x509_method->session_clear(session);
   OPENSSL_free(session->tlsext_hostname);
   OPENSSL_free(session->tlsext_tick);
-  OPENSSL_free(session->tlsext_signed_cert_timestamp_list);
-  OPENSSL_free(session->ocsp_response);
+  CRYPTO_BUFFER_free(session->signed_cert_timestamp_list);
+  CRYPTO_BUFFER_free(session->ocsp_response);
   OPENSSL_free(session->psk_identity);
   OPENSSL_free(session->early_alpn);
   OPENSSL_cleanse(session, sizeof(*session));