Minor review fixes

2026-04-04 22:19:05 +00:00 · 2019-12-20 12:42:49 +02:00 · 2019-12-20 12:42:49 +02:00 · 5aa4c07b85
commit 5aa4c07b85
parent 015aa44b93
5 changed files with 21 additions and 12 deletions
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -83,8 +83,8 @@
 #define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
 #define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES

-#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+#define MBEDTLS_ENTROPY_SOURCE_STRONG   0x7F    /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0x0     /**< Entropy source is weak     */

 #ifdef __cplusplus
 extern "C" {
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -125,6 +125,11 @@
 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80  /**< DTLS client must retry for hello verification */
 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00  /**< A buffer is too small to receive or write a message */
 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980  /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
+/*
+ * MBEDTLS_ERR_SSL_WANT_READ and MBEDTLS_ERR_SSL_WANT_WRITE are dismissable errors,
+ * therefore the hamming distance to other non-dismissable errors should be
+ * large to prevent bit-flipping a non-dismissable error to dismissable.
+ */
 #define MBEDTLS_ERR_SSL_WANT_READ                         -0xFF6900  /**< No data of requested type currently available on underlying transport. */
 #define MBEDTLS_ERR_SSL_WANT_WRITE                        -0xFF6880  /**< Connection requires a write call. */
 #define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  /**< The operation timed out. */