Increase hamming distance for session resume flag

This is to prevent glitching a single bit for the resume flag.
This commit is contained in:
Jarno Lamsa 2019-12-19 15:20:19 +02:00
parent 489dccd158
commit 8d09e5744c
3 changed files with 14 additions and 14 deletions

View file

@ -868,7 +868,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* appropriate length. Otherwise make the length 0 (for now, see next code
* block for behaviour with tickets).
*/
if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 ||
if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_UNSET ||
mbedtls_ssl_get_renego_status( ssl ) != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
ssl->session_negotiate->id_len < 16 ||
ssl->session_negotiate->id_len > 32 )
@ -1832,11 +1832,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
ssl->session_negotiate->id_len != n ||
mbedtls_platform_memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
{
ssl->handshake->resume = 0;
ssl->handshake->resume = MBEDTLS_SSL_FI_FLAG_UNSET;
}
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 1 )
if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == MBEDTLS_SSL_FI_FLAG_SET )
{
/* Resume a session */
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;