From 8b50733a735c8a547e2fd314c24b205ff0b07881 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 12 Mar 2026 10:08:46 +0000
Subject: [PATCH] ccm: Re-ordered len checks in mbedtls_ccm_finish.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 library/ccm.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 9f97ca9fc2..11d1051e98 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -484,6 +484,10 @@ int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
+    if (!(ctx->state & CCM_STATE__LENGTHS_SET)) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
+
     if (ctx->add_len > 0 && !(ctx->state & CCM_STATE__AUTH_DATA_FINISHED)) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
@@ -492,10 +496,6 @@ int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if (!(ctx->state & CCM_STATE__LENGTHS_SET)) {
-        return MBEDTLS_ERR_CCM_BAD_INPUT;
-    }
-
     if (tag_len != ctx->tag_len) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }