PR: 2535

[openssl.git] / ssl / d1_both.c

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 68172a9dda0b2e7d114422f836f7e12b428e3ea4..89338e9430f2865f21a70da0e2c3fd4ec1a9dc35 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -793,7 +793,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
                *ok = 0;
                return i;
                }
-       OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
+       /* Handshake fails if message header is incomplete */
+       if (i != DTLS1_HM_HEADER_LENGTH)
+               {
+               al=SSL_AD_UNEXPECTED_MESSAGE;
+               SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
+               goto f_err;
+               }
 
        /* parse the message fragment header */
        dtls1_get_message_header(wire, &msg_hdr);
@@ -865,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
        /* XDTLS:  an incorrectly formatted fragment should cause the 
         * handshake to fail */
-       OPENSSL_assert(i == (int)frag_len);
+       if (i != (int)frag_len)
+               {
+               al=SSL3_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
+               goto f_err;
+               }
 
        *ok = 1;
 
@@ -1406,3 +1417,24 @@ dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
 
        ccs_hdr->type = *(data++);
        }
+
+int dtls1_shutdown(SSL *s)
+       {
+       int ret;
+#ifndef OPENSSL_NO_SCTP
+       if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+           !(s->shutdown & SSL_SENT_SHUTDOWN))
+               {
+               ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+               if (ret < 0) return -1;
+
+               if (ret == 0)
+                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
+               }
+#endif
+       ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+       return ret;
+       }