From 70abd7aadcb8221164c05d91d2c14c67dd542bad Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 12 Nov 2019 15:39:38 +0200 Subject: [PATCH] Add enumeration for invalid state The invalid state can be used when state-mismatch is noticed. The invalid state should report a FI-alert upwards. --- include/mbedtls/ssl.h | 1 + library/ssl_cli.c | 1 + library/ssl_srv.c | 1 + 3 files changed, 3 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8008b516b..f147069d3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -583,6 +583,7 @@ typedef enum MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, + MBEDTLS_SSL_INVALID } mbedtls_ssl_states; diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 2c209d3e9..d8b1ce0af 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4254,6 +4254,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) mbedtls_ssl_handshake_wrapup( ssl ); break; + case MBEDTLS_SSL_INVALID: default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fb64a2be4..1a341c48c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4818,6 +4818,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) mbedtls_ssl_handshake_wrapup( ssl ); break; + case MBEDTLS_SSL_INVALID: default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );