Use invalid state
If mismatch in the state has been noticed, use
the invalid state.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fa132ea..ca5ca6d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6748,6 +6748,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
return( 0 );
}
@@ -6773,6 +6777,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
return( 0 );
}
@@ -6804,6 +6812,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
return( 0 );
}
@@ -6822,6 +6834,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
return( 0 );
}
@@ -6903,6 +6919,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
@@ -7567,6 +7587,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_KEY_EXCHANGE;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
}
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
@@ -7605,6 +7629,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_FINISHED;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
@@ -7695,6 +7723,10 @@
{
ssl->state = MBEDTLS_SSL_SERVER_FINISHED;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
@@ -7871,6 +7903,10 @@
{
ssl->state = MBEDTLS_SSL_FLUSH_BUFFERS;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
}
/*
@@ -8040,6 +8076,10 @@
{
ssl->state = MBEDTLS_SSL_FLUSH_BUFFERS;
}
+ else
+ {
+ ssl->state = MBEDTLS_SSL_INVALID;
+ }
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)