# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
+# define SSL_F_DTLS_WAIT_FOR_DRY 592
# define SSL_F_OPENSSL_INIT_SSL 342
# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417
# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418
{ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE),
"dtls_get_reassembled_message"},
{ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
+ {ERR_FUNC(SSL_F_DTLS_WAIT_FOR_DRY), "dtls_wait_for_dry"},
{ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
{ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION),
"ossl_statem_client_read_transition"},
}
#ifndef OPENSSL_NO_SCTP
+/*
+ * Wait for a dry event. Should only be called at a point in the handshake
+ * where we are not expecting any data from the peer (except possibly an alert).
+ */
WORK_STATE dtls_wait_for_dry(SSL *s)
{
int ret;
+ long len;
/* read app data until dry event */
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
return WORK_ERROR;
if (ret == 0) {
+ /*
+ * We're not expecting any more messages from the peer at this point -
+ * but we could get an alert. If an alert is waiting then we will never
+ * return successfully. Therefore we attempt to read a message. This
+ * should never succeed but will process any waiting alerts.
+ */
+ if (dtls_get_reassembled_message(s, &len)) {
+ /* The call succeeded! This should never happen */
+ SSLerr(SSL_F_DTLS_WAIT_FOR_DRY, SSL_R_UNEXPECTED_MESSAGE);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ossl_statem_set_error(s);
+ return WORK_ERROR;
+ }
+
s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
projects / oweals / openssl.git / commitdiff