From 8d09e5744c9641e53f2e0bfec12e3b204676bbf5 Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Thu, 19 Dec 2019 15:20:19 +0200
Subject: [PATCH] Increase hamming distance for session resume flag

This is to prevent glitching a single bit for the resume flag.
---
 library/ssl_cli.c |  6 +++---
 library/ssl_srv.c |  8 ++++----
 library/ssl_tls.c | 14 +++++++-------
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 08d4fd357..11c6f467c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -868,7 +868,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
      * appropriate length. Otherwise make the length 0 (for now, see next code
      * block for behaviour with tickets).
      */
-    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 ||
+    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_UNSET ||
         mbedtls_ssl_get_renego_status( ssl ) != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
         ssl->session_negotiate->id_len < 16 ||
         ssl->session_negotiate->id_len > 32 )
@@ -1832,11 +1832,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
         ssl->session_negotiate->id_len != n ||
         mbedtls_platform_memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
     {
-        ssl->handshake->resume = 0;
+        ssl->handshake->resume = MBEDTLS_SSL_FI_FLAG_UNSET;
     }
 #endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
 
-    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 1 )
+    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_SET )
     {
         /* Resume a session */
         ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e70dd12b9..cd3aaf737 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -627,7 +627,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
 
-    ssl->handshake->resume = 1;
+    ssl->handshake->resume = MBEDTLS_SSL_FI_FLAG_SET;
 
     /* Don't send a new ticket after all, this one is OK */
     ssl->handshake->new_session_ticket = 0;
@@ -2839,19 +2839,19 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
      * It may be already set to 1 by ssl_parse_session_ticket_ext().
      * If not, try looking up session ID in our cache.
      */
-    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 &&
+    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_UNSET &&
         mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
         ssl->session_negotiate->id_len != 0 &&
         ssl->conf->f_get_cache != NULL &&
         ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
-        ssl->handshake->resume = 1;
+        ssl->handshake->resume = MBEDTLS_SSL_FI_FLAG_SET;
     }
 #endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
 
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
-    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 1 )
+    if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_SET )
     {
         /*
          * Resuming a session
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ba6384832..e8a230d3e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1825,7 +1825,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
         mbedtls_ssl_handshake_get_ciphersuite( handshake );
 
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
-    if( handshake->resume != 0 )
+    if( handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
         return( 0 );
@@ -7969,7 +7969,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
      */
     if( ssl->conf->f_set_cache != NULL &&
         ssl->session->id_len != 0 &&
-        ssl->handshake->resume == 0 )
+        ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_UNSET )
     {
         if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
@@ -7990,10 +7990,10 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
     }
 
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
-    if( ssl->handshake->resume )
+    if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
     {
         mbedtls_platform_enforce_volatile_reads();
-        if( ssl->handshake->resume )
+        if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
         {
             /* When doing session resume, no premaster or peer authentication */
             ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
@@ -8111,7 +8111,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
      * In case of session resuming, invert the client and server
      * ChangeCipherSpec messages order.
      */
-    if( ssl->handshake->resume != 0 )
+    if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
     {
 #if defined(MBEDTLS_SSL_CLI_C)
         if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
@@ -8290,7 +8290,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
 #endif
 
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
-    if( ssl->handshake->resume != 0 )
+    if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
     {
 #if defined(MBEDTLS_SSL_CLI_C)
         if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT )
@@ -9019,7 +9019,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
                                           session ) ) != 0 )
         return( ret );
 
-    ssl->handshake->resume = 1;
+    ssl->handshake->resume = MBEDTLS_SSL_FI_FLAG_SET;
 
     return( 0 );
 }