From 5abeaf3596210d8cc0be1edf7a0a772b7e2c7e6f Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 15 Nov 2016 10:30:34 +0000
Subject: [PATCH] Ensure unexpected messages are handled consistently

In one case we weren't always sending an unexpected message alert if we
don't get what we expect.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/statem/statem_clnt.c | 10 +++++-----
 ssl/statem/statem_srvr.c |  8 ++++++--
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 9745850387..73a8cbf8aa 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -179,9 +179,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
     }
 
     /* No valid transition found */
-    ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
-    SSLerr(SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION,
-           SSL_R_UNEXPECTED_MESSAGE);
     return 0;
 }
 
@@ -203,8 +200,11 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
      * Note that after a ClientHello we don't know what version we are going
      * to negotiate yet, so we don't take this branch until later
      */
-    if (s->method->version == TLS1_3_VERSION)
-        return ossl_statem_client13_read_transition(s, mt);
+    if (s->method->version == TLS1_3_VERSION) {
+        if (!ossl_statem_client13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
 
     switch (st->hand_state) {
     default:
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 108e638db4..8f1ddc990d 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -150,8 +150,11 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
 {
     OSSL_STATEM *st = &s->statem;
 
-    if (s->method->version == TLS1_3_VERSION)
-        return ossl_statem_server13_read_transition(s, mt);
+    if (s->method->version == TLS1_3_VERSION) {
+        if (!ossl_statem_server13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
 
     switch (st->hand_state) {
     default:
@@ -284,6 +287,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
         break;
     }
 
+ err:
     /* No valid transition found */
     ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
     SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);
-- 
2.25.1