Change the mbedtls_ssl_states values

The changed values have now the minimum hamming distance of 16 from each other. This is to prevent changing the state by just flipping one bit.
2025-03-28 09:56:56 +00:00 · 2019-11-13 13:12:50 +02:00 · 2019-11-13 13:12:50 +02:00 · 4708d66af5
parent b01800974f
commit 4708d66af5
1 changed files with 20 additions and 20 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -564,26 +564,26 @@ extern "C" {
 */
 typedef enum
 {
-    MBEDTLS_SSL_HELLO_REQUEST,
-    MBEDTLS_SSL_CLIENT_HELLO,
-    MBEDTLS_SSL_SERVER_HELLO,
-    MBEDTLS_SSL_SERVER_CERTIFICATE,
-    MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
-    MBEDTLS_SSL_CERTIFICATE_REQUEST,
-    MBEDTLS_SSL_SERVER_HELLO_DONE,
-    MBEDTLS_SSL_CLIENT_CERTIFICATE,
-    MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
-    MBEDTLS_SSL_CERTIFICATE_VERIFY,
-    MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
-    MBEDTLS_SSL_CLIENT_FINISHED,
-    MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
-    MBEDTLS_SSL_SERVER_FINISHED,
-    MBEDTLS_SSL_FLUSH_BUFFERS,
-    MBEDTLS_SSL_HANDSHAKE_WRAPUP,
-    MBEDTLS_SSL_HANDSHAKE_OVER,
-    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
-    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
-    MBEDTLS_SSL_INVALID
+    MBEDTLS_SSL_HELLO_REQUEST                       = 0x0,
+    MBEDTLS_SSL_CLIENT_HELLO                        = 0x0000FFFF,
+    MBEDTLS_SSL_SERVER_HELLO                        = 0x00FF00FF,
+    MBEDTLS_SSL_SERVER_CERTIFICATE                  = 0x00FFFF00,
+    MBEDTLS_SSL_SERVER_KEY_EXCHANGE                 = 0x0F0F0F0F,
+    MBEDTLS_SSL_CERTIFICATE_REQUEST                 = 0x0F0FF0F0,
+    MBEDTLS_SSL_SERVER_HELLO_DONE                   = 0x0FF00FF0,
+    MBEDTLS_SSL_CLIENT_CERTIFICATE                  = 0x0FF0F00F,
+    MBEDTLS_SSL_CLIENT_KEY_EXCHANGE                 = 0x33333333,
+    MBEDTLS_SSL_CERTIFICATE_VERIFY                  = 0x3333CCCC,
+    MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC           = 0x33CC33CC,
+    MBEDTLS_SSL_CLIENT_FINISHED                     = 0x33CCCC33,
+    MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC           = 0x3C3C3C3C,
+    MBEDTLS_SSL_SERVER_FINISHED                     = 0x3C3CC3C3,
+    MBEDTLS_SSL_FLUSH_BUFFERS                       = 0x3CC33CC3,
+    MBEDTLS_SSL_HANDSHAKE_WRAPUP                    = 0x3CC3C33C,
+    MBEDTLS_SSL_HANDSHAKE_OVER                      = 0x55555555,
+    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET           = 0x5555AAAA,
+    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT    = 0x55AA55AA,
+    MBEDTLS_SSL_INVALID                             = 0x55AAAA55
 }
 mbedtls_ssl_states;