Fixes for CVE-2015-1791.
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
This change cherry-picks the following BoringSSL changes:
b31040d0 – Get rid of CERT_PKEY slots in SESS_CERT.
fd67aa8c – Add SSL_SESSION_from_bytes.
95d31825 – Duplicate SSL_SESSIONs when renewing them.
d65bb78c – Add SSL_initial_handshake_complete.
680ca961 – Preserve session->sess_cert on ticket renewal.
Change-Id: I474065330842e4ab0066b2485c1489a50e4dfd5b
11 files changed
