Add enumeration for invalid state

The invalid state can be used when state-mismatch is noticed. The invalid state should report a FI-alert upwards.
2025-01-22 16:51:08 +00:00 · 2019-11-12 15:39:38 +02:00 · 2019-11-12 15:39:38 +02:00 · 70abd7aadc
parent 2b20516b60
commit 70abd7aadc
3 changed files with 3 additions and 0 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -583,6 +583,7 @@ typedef enum
    MBEDTLS_SSL_HANDSHAKE_OVER,
    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
+    MBEDTLS_SSL_INVALID
 }
 mbedtls_ssl_states;

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -4254,6 +4254,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
           mbedtls_ssl_handshake_wrapup( ssl );
           break;

+       case MBEDTLS_SSL_INVALID:
       default:
           MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
           return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -4818,6 +4818,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
            mbedtls_ssl_handshake_wrapup( ssl );
            break;

+        case MBEDTLS_SSL_INVALID:
        default:
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );