commit 8d09e5744c9641e53f2e0bfec12e3b204676bbf5
author Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 15:20:19 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 17:07:35 2019 +0200
tree d59279d2b0c5b30e1bb8089b2362a1b144d4622f
parent 489dccd15863b5bccdc5c8517fa1a91e737c80f4

Increase hamming distance for session resume flag

This is to prevent glitching a single bit for the resume flag.

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e70dd12..cd3aaf7 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -627,7 +627,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
 
-    ssl->handshake->resume = 1;
+    ssl->handshake->resume = MBEDTLS_SSL_FI_FLAG_SET;
 
     /* Don't send a new ticket after all, this one is OK */
     ssl->handshake->new_session_ticket = 0;
@@ -2839,19 +2839,19 @@
      * It may be already set to 1 by ssl_parse_session_ticket_ext().
      * If not, try looking up session ID in our cache.
      */
-    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 &&
+    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_UNSET &&
         mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
         ssl->session_negotiate->id_len != 0 &&
         ssl->conf->f_get_cache != NULL &&
         ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
-        ssl->handshake->resume = 1;
+        ssl->handshake->resume = MBEDTLS_SSL_FI_FLAG_SET;
     }
 #endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
 
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
-    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 1 )
+    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_SET )
     {
         /*
          * Resuming a session