diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2afcaf97f8..6ce8668fa8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1333,12 +1333,18 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); + static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { ssl->state = (int) state; } +static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) +{ + mbedtls_ssl_handshake_set_state(ssl, ssl->state + 1); +} + MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4adaf7dc6f..2bea15412d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5318,7 +5318,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) ssl->out_msglen = 1; ssl->out_msg[0] = 1; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -5380,7 +5380,7 @@ int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_update_in_pointers(ssl); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3633cd40f9..8d451778d9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1554,7 +1554,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); ssl->tls_version = ssl->conf->max_tls_version; mbedtls_ssl_session_reset_msg_layer(ssl, partial); @@ -4587,7 +4587,7 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); ret = 0; break; @@ -4738,7 +4738,7 @@ int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl) } #endif - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { @@ -5521,7 +5521,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, * Most of them already set to the correct value by mbedtls_ssl_init() and * mbedtls_ssl_reset(), so we only need to set the remaining ones. */ - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; /* Adjust pointers for header fields of outgoing records to @@ -7576,7 +7576,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -7593,7 +7593,7 @@ int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -7616,7 +7616,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -7624,7 +7624,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { if (ssl->handshake->client_auth == 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } } @@ -7678,7 +7678,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -8136,7 +8136,7 @@ crt_verify: exit: if (ret == 0) { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -8352,7 +8352,7 @@ void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) #endif mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); } @@ -8396,16 +8396,16 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); } #endif #if defined(MBEDTLS_SSL_SRV_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); } #endif } else { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } /* @@ -8531,16 +8531,16 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); } #endif #if defined(MBEDTLS_SSL_SRV_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); } #endif } else { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 75783d08f1..791b84ee39 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1163,7 +1163,7 @@ static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) ssl->handshake->cookie_len = cookie_len; /* Start over at ClientHello */ - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); ret = mbedtls_ssl_reset_checksum(ssl); if (0 != ret) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret); @@ -1372,7 +1372,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->ciphersuite != i || ssl->session_negotiate->id_len != n || memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); ssl->handshake->resume = 0; #if defined(MBEDTLS_HAVE_TIME) ssl->session_negotiate->start = mbedtls_time(NULL); @@ -1381,7 +1381,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->id_len = n; memcpy(ssl->session_negotiate->id, buf + 35, n); } else { - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); } MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", @@ -2091,7 +2091,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } ((void) p); @@ -2112,7 +2112,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } ((void) p); @@ -2454,7 +2454,7 @@ start_processing: #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ exit: - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); @@ -2472,7 +2472,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2499,7 +2499,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2517,7 +2517,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); ssl->handshake->client_auth = (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); @@ -2688,7 +2688,7 @@ static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_DECODE_ERROR; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -3199,7 +3199,7 @@ ecdh_calc_secret: ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -3228,7 +3228,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -3270,14 +3270,14 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } if (ssl->handshake->client_auth == 0 || mbedtls_ssl_own_cert(ssl) == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -3359,7 +3359,7 @@ sign: ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -3433,7 +3433,7 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); /* * Zero-length ticket means the server changed his mind and doesn't want @@ -3494,13 +3494,13 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && ssl->handshake->new_session_ticket != 0) { - ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_NEW_SESSION_TICKET); } #endif switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; /* @@ -3585,7 +3585,7 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_FLUSH_BUFFERS: MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 67df4284a4..2d73855ee1 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1636,7 +1636,7 @@ have_ciphersuite: ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->handshake->ciphersuite_info = ciphersuite_info; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -2064,7 +2064,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; - ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -2232,7 +2232,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) * New session, create a new session id, * unless we're about to issue a session ticket */ - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_HAVE_TIME) ssl->session_negotiate->start = mbedtls_time(NULL); @@ -2256,7 +2256,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) * Resuming a session */ n = ssl->session_negotiate->id_len; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); @@ -2382,7 +2382,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2405,7 +2405,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { @@ -3252,7 +3252,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ @@ -3306,7 +3306,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -3328,7 +3328,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -4052,7 +4052,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) return ret; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); @@ -4070,7 +4070,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -4096,20 +4096,20 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if (ssl->session_negotiate->peer_cert == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ if (ssl->session_negotiate->peer_cert_digest == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -4121,7 +4121,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) return ret; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); /* Process the message contents */ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || @@ -4305,7 +4305,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; /* @@ -4394,7 +4394,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_FLUSH_BUFFERS: MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: