From b57d7fd568da2bd241ce0d08b8a88e82e4d81d94 Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Tue, 17 Dec 2019 15:46:48 +0200
Subject: [PATCH] Add flags for protecting TLS state machine

Flags are there to prevent skipping vital parts of the TLS
handshake.
---
 include/mbedtls/ssl_internal.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 4872f6fb5..5f0bbdc2d 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -226,6 +226,9 @@
         : ( MBEDTLS_SSL_IN_CONTENT_LEN )                             \
         )
 
+#define MBEDTLS_SSL_FI_FLAG_UNSET       0x0
+#define MBEDTLS_SSL_FI_FLAG_SET         0x7F
+
 /*
  * Check that we obey the standard's message size bounds
  */
@@ -385,6 +388,11 @@ struct mbedtls_ssl_handshake_params
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     uint8_t got_peer_pubkey;            /*!< Did we store the peer's public key from its certificate? */
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    volatile uint8_t peer_authenticated;         /*!< Is the peer authenticated? */
+    volatile uint8_t hello_random_set;           /*!< Has the hello random been set? */
+    volatile uint8_t key_derivation_done;        /*!< Has the key derivation been done? */
+    volatile uint8_t premaster_generated;        /*!< Has the PMS been generated? */
+    volatile uint8_t got_proper_keys;            /*!< Has the proper keys been set? */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     unsigned char verify_cookie_len;    /*!<  Cli: cookie length
                                               Srv: flag for sending a cookie */