From 32caf3bad07ac9fd222625a2e78a2114caa7ec58 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Tue, 10 Mar 2026 15:46:04 +0000
Subject: [PATCH] ccm: Fail when calling finish without ccm_starts

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 library/ccm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/ccm.c b/library/ccm.c
index a6eed4a56c..9f97ca9fc2 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -480,6 +480,10 @@ int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
+    if (!(ctx->state & CCM_STATE__STARTED)) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
+
     if (ctx->add_len > 0 && !(ctx->state & CCM_STATE__AUTH_DATA_FINISHED)) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }