From b01800974f6fcbd8a4929bed6cb6116babb2a9b8 Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Tue, 12 Nov 2019 15:46:46 +0200
Subject: [PATCH] Use invalid state

If mismatch in the state has been noticed, use
the invalid state.
---
 library/ssl_tls.c | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fa132ea2d..ca5ca6d18 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6748,6 +6748,10 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
         {
             ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
         }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
         return( 0 );
     }
 
@@ -6773,6 +6777,10 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
         {
             ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
         }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
         return( 0 );
     }
 
@@ -6804,6 +6812,10 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
         {
             ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
         }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
         return( 0 );
     }
 
@@ -6822,6 +6834,10 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
             {
                 ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
             }
+            else
+            {
+                ssl->state = MBEDTLS_SSL_INVALID;
+            }
             return( 0 );
         }
 
@@ -6903,6 +6919,10 @@ write_msg:
     {
         ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
     }
+    else
+    {
+        ssl->state = MBEDTLS_SSL_INVALID;
+    }
 
     if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
@@ -7567,6 +7587,10 @@ exit:
         {
             ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
         }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
     }
 
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
@@ -7605,6 +7629,10 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
     {
         ssl->state = MBEDTLS_SSL_SERVER_FINISHED;
     }
+    else
+    {
+        ssl->state = MBEDTLS_SSL_INVALID;
+    }
 
     if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
@@ -7695,6 +7723,10 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
     {
         ssl->state = MBEDTLS_SSL_SERVER_FINISHED;
     }
+    else
+    {
+        ssl->state = MBEDTLS_SSL_INVALID;
+    }
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
 
@@ -7871,6 +7903,10 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
         {
             ssl->state = MBEDTLS_SSL_FLUSH_BUFFERS;
         }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
     }
 
     /*
@@ -8040,6 +8076,10 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
         {
             ssl->state = MBEDTLS_SSL_FLUSH_BUFFERS;
         }
+        else
+        {
+            ssl->state = MBEDTLS_SSL_INVALID;
+        }
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)