From 4f2dd8aada0f75717db1ff9c0139de71f93a0321 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 15:37:47 +0200
Subject: [PATCH] Fix errors returned by CCM functions.

Add new error code for calling functions in wrong order.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  2 ++
 library/ccm.c         | 10 +++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index c903e68fd3..d478414395 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -61,6 +61,8 @@
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
 /** Authenticated decryption failed. */
 #define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
+/** CCM functions called in the wrong sequence. */
+#define MBEDTLS_ERR_CCM_BAD_SEQUENCE    -0x0011
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/ccm.c b/library/ccm.c
index 13582d2a0e..33c631a87a 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -269,7 +269,7 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
     {
         if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
         {
-            return ret;
+            return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
         }
 
         if( ctx->processed == 0 )
@@ -430,22 +430,22 @@ exit:
 int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
                         unsigned char *tag, size_t tag_len )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    int ret;
     unsigned char i;
 
     if( ctx->state & CCM_STATE__ERROR )
     {
-        return ret;
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
     if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
     {
-        return ret;
+        return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
     }
 
     if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
     {
-        return ret;
+        return MBEDTLS_ERR_CCM_BAD_SEQUENCE;
     }
 
     /*