From 4708d66af5426a03da9e8e998d8ec4d01e63c7d1 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 13 Nov 2019 13:12:50 +0200 Subject: [PATCH] Change the mbedtls_ssl_states values The changed values have now the minimum hamming distance of 16 from each other. This is to prevent changing the state by just flipping one bit. --- include/mbedtls/ssl.h | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f147069d3..4609e73bd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -564,26 +564,26 @@ extern "C" { */ typedef enum { - MBEDTLS_SSL_HELLO_REQUEST, - MBEDTLS_SSL_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_HELLO, - MBEDTLS_SSL_SERVER_CERTIFICATE, - MBEDTLS_SSL_SERVER_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_REQUEST, - MBEDTLS_SSL_SERVER_HELLO_DONE, - MBEDTLS_SSL_CLIENT_CERTIFICATE, - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_VERIFY, - MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_CLIENT_FINISHED, - MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_SERVER_FINISHED, - MBEDTLS_SSL_FLUSH_BUFFERS, - MBEDTLS_SSL_HANDSHAKE_WRAPUP, - MBEDTLS_SSL_HANDSHAKE_OVER, - MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, - MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, - MBEDTLS_SSL_INVALID + MBEDTLS_SSL_HELLO_REQUEST = 0x0, + MBEDTLS_SSL_CLIENT_HELLO = 0x0000FFFF, + MBEDTLS_SSL_SERVER_HELLO = 0x00FF00FF, + MBEDTLS_SSL_SERVER_CERTIFICATE = 0x00FFFF00, + MBEDTLS_SSL_SERVER_KEY_EXCHANGE = 0x0F0F0F0F, + MBEDTLS_SSL_CERTIFICATE_REQUEST = 0x0F0FF0F0, + MBEDTLS_SSL_SERVER_HELLO_DONE = 0x0FF00FF0, + MBEDTLS_SSL_CLIENT_CERTIFICATE = 0x0FF0F00F, + MBEDTLS_SSL_CLIENT_KEY_EXCHANGE = 0x33333333, + MBEDTLS_SSL_CERTIFICATE_VERIFY = 0x3333CCCC, + MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC = 0x33CC33CC, + MBEDTLS_SSL_CLIENT_FINISHED = 0x33CCCC33, + MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC = 0x3C3C3C3C, + MBEDTLS_SSL_SERVER_FINISHED = 0x3C3CC3C3, + MBEDTLS_SSL_FLUSH_BUFFERS = 0x3CC33CC3, + MBEDTLS_SSL_HANDSHAKE_WRAPUP = 0x3CC3C33C, + MBEDTLS_SSL_HANDSHAKE_OVER = 0x55555555, + MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET = 0x5555AAAA, + MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT = 0x55AA55AA, + MBEDTLS_SSL_INVALID = 0x55AAAA55 } mbedtls_ssl_states;