Use invalid state

If mismatch in the state has been noticed, use the invalid state.
2025-01-22 16:51:08 +00:00 · 2019-11-12 15:46:46 +02:00 · 2019-11-12 15:46:46 +02:00 · b01800974f
parent 70abd7aadc
commit b01800974f
1 changed files with 40 additions and 0 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -6748,6 +6748,10 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
        {
            ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
        }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
        return( 0 );
    }

@ -6773,6 +6777,10 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
        {
            ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
        }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
        return( 0 );
    }

@ -6804,6 +6812,10 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
        {
            ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
        }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
        return( 0 );
    }

@ -6822,6 +6834,10 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
            {
                ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
            }
+            else
+            {
+                ssl->state = MBEDTLS_SSL_INVALID;
+            }
            return( 0 );
        }

@ -6903,6 +6919,10 @@ write_msg:
    {
        ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
    }
+    else
+    {
+        ssl->state = MBEDTLS_SSL_INVALID;
+    }

    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
    {
@ -7567,6 +7587,10 @@ exit:
        {
            ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
        }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
    }

 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
@ -7605,6 +7629,10 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
    {
        ssl->state = MBEDTLS_SSL_SERVER_FINISHED;
    }
+    else
+    {
+        ssl->state = MBEDTLS_SSL_INVALID;
+    }

    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
    {
@ -7695,6 +7723,10 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
    {
        ssl->state = MBEDTLS_SSL_SERVER_FINISHED;
    }
+    else
+    {
+        ssl->state = MBEDTLS_SSL_INVALID;
+    }

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );

@ -7871,6 +7903,10 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
        {
            ssl->state = MBEDTLS_SSL_FLUSH_BUFFERS;
        }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
    }

    /*
@ -8040,6 +8076,10 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
        {
            ssl->state = MBEDTLS_SSL_FLUSH_BUFFERS;
        }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
    }

 #if defined(MBEDTLS_SSL_PROTO_DTLS)