Adds DTLS 1.3 ACK message functionality

apps/lib/s_cb.c

@@ -670,6 +670,10 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
             /* type 23 */
             str_content_type = ", ApplicationData";
             break;
+        case SSL3_RT_ACK:
+            /* type 26 */
+            str_content_type = ", ACK";
+            break;
         case SSL3_RT_HEADER:
             /* type 256 */
             str_content_type = ", RecordHeader";

include/internal/statem.h

@@ -104,6 +104,8 @@ struct ossl_statem_st {
     OSSL_HANDSHAKE_STATE hand_state;
     /* The handshake state requested by an API call (e.g. HelloRequest) */
     OSSL_HANDSHAKE_STATE request_state;
+    /* The handshake state waiting for acknowledge */
+    OSSL_HANDSHAKE_STATE defered_ack_state;
     int in_init;
     int read_state_first_init;
     /* true when we are actually in SSL_accept() or SSL_connect() */

include/openssl/ssl.h.in

@@ -1066,7 +1066,11 @@ typedef enum {
     TLS_ST_EARLY_DATA,
     TLS_ST_PENDING_EARLY_DATA_END,
     TLS_ST_CW_END_OF_EARLY_DATA,
-    TLS_ST_SR_END_OF_EARLY_DATA
+    TLS_ST_SR_END_OF_EARLY_DATA,
+    TLS_ST_CR_ACK,
+    TLS_ST_CW_ACK,
+    TLS_ST_SR_ACK,
+    TLS_ST_SW_ACK
 } OSSL_HANDSHAKE_STATE;
 
 /*

include/openssl/ssl3.h

@@ -220,6 +220,7 @@ extern "C" {
 # define SSL3_RT_ALERT                   21
 # define SSL3_RT_HANDSHAKE               22
 # define SSL3_RT_APPLICATION_DATA        23
+# define SSL3_RT_ACK                     26 /*RFC 9147*/
 
 /* Pseudo content types to indicate additional parameters */
 # define TLS1_RT_CRYPTO                  0x1000
@@ -333,6 +334,9 @@ extern "C" {
 # define SSL3_MT_MESSAGE_HASH                    254
 # define DTLS1_MT_HELLO_VERIFY_REQUEST           3
 
+/* Dummy message type for handling ACK like a normal handshake message */
+# define DTLS13_MT_ACK                           0x0126
+
 /* Dummy message type for handling CCS like a normal handshake message */
 # define SSL3_MT_CHANGE_CIPHER_SPEC              0x0101
 

include/openssl/x509_acert.h

@@ -0,0 +1,179 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/x509_acert.h.in
+ *
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+
+#ifndef OPENSSL_X509_ACERT_H
+# define OPENSSL_X509_ACERT_H
+# pragma once
+
+# include <openssl/x509v3.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+typedef struct X509_acert_st X509_ACERT;
+typedef struct X509_acert_info_st X509_ACERT_INFO;
+typedef struct ossl_object_digest_info_st OSSL_OBJECT_DIGEST_INFO;
+typedef struct ossl_issuer_serial_st OSSL_ISSUER_SERIAL;
+typedef struct X509_acert_issuer_v2form_st X509_ACERT_ISSUER_V2FORM;
+
+DECLARE_ASN1_FUNCTIONS(X509_ACERT)
+DECLARE_ASN1_DUP_FUNCTION(X509_ACERT)
+DECLARE_ASN1_ITEM(X509_ACERT_INFO)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO)
+DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO)
+DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM)
+
+# ifndef OPENSSL_NO_STDIO
+X509_ACERT *d2i_X509_ACERT_fp(FILE *fp, X509_ACERT **acert);
+int i2d_X509_ACERT_fp(FILE *fp, const X509_ACERT *acert);
+# endif
+
+DECLARE_PEM_rw(X509_ACERT, X509_ACERT)
+
+X509_ACERT *d2i_X509_ACERT_bio(BIO *bp, X509_ACERT **acert);
+int i2d_X509_ACERT_bio(BIO *bp, const X509_ACERT *acert);
+
+int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx);
+int X509_ACERT_verify(X509_ACERT *a, EVP_PKEY *r);
+
+# define X509_ACERT_VERSION_2 1
+
+const GENERAL_NAMES *X509_ACERT_get0_holder_entityName(const X509_ACERT *x);
+const OSSL_ISSUER_SERIAL *X509_ACERT_get0_holder_baseCertId(const X509_ACERT *x);
+const OSSL_OBJECT_DIGEST_INFO * X509_ACERT_get0_holder_digest(const X509_ACERT *x);
+const X509_NAME *X509_ACERT_get0_issuerName(const X509_ACERT *x);
+long X509_ACERT_get_version(const X509_ACERT *x);
+void X509_ACERT_get0_signature(const X509_ACERT *x,
+                               const ASN1_BIT_STRING **psig,
+                               const X509_ALGOR **palg);
+int X509_ACERT_get_signature_nid(const X509_ACERT *x);
+const X509_ALGOR *X509_ACERT_get0_info_sigalg(const X509_ACERT *x);
+const ASN1_INTEGER *X509_ACERT_get0_serialNumber(const X509_ACERT *x);
+const ASN1_TIME *X509_ACERT_get0_notBefore(const X509_ACERT *x);
+const ASN1_TIME *X509_ACERT_get0_notAfter(const X509_ACERT *x);
+const ASN1_BIT_STRING *X509_ACERT_get0_issuerUID(const X509_ACERT *x);
+
+int X509_ACERT_print(BIO *bp, X509_ACERT *x);
+int X509_ACERT_print_ex(BIO *bp, X509_ACERT *x, unsigned long nmflags,
+                        unsigned long cflag);
+
+int X509_ACERT_get_attr_count(const X509_ACERT *x);
+int X509_ACERT_get_attr_by_NID(const X509_ACERT *x, int nid, int lastpos);
+int X509_ACERT_get_attr_by_OBJ(const X509_ACERT *x, const ASN1_OBJECT *obj,
+                               int lastpos);
+X509_ATTRIBUTE *X509_ACERT_get_attr(const X509_ACERT *x, int loc);
+X509_ATTRIBUTE *X509_ACERT_delete_attr(X509_ACERT *x, int loc);
+
+void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx);
+int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit,
+                            unsigned long flags);
+const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509_ACERT *x);
+
+# define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY        0
+# define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY_CERT   1
+# define OSSL_OBJECT_DIGEST_INFO_OTHER             2  /* must not be used in RFC 5755 profile */
+int X509_ACERT_set_version(X509_ACERT *x, long version);
+void X509_ACERT_set0_holder_entityName(X509_ACERT *x, GENERAL_NAMES *name);
+void X509_ACERT_set0_holder_baseCertId(X509_ACERT *x, OSSL_ISSUER_SERIAL *isss);
+void X509_ACERT_set0_holder_digest(X509_ACERT *x,
+                                   OSSL_OBJECT_DIGEST_INFO *dinfo);
+
+int X509_ACERT_add1_attr(X509_ACERT *x, X509_ATTRIBUTE *attr);
+int X509_ACERT_add1_attr_by_OBJ(X509_ACERT *x, const ASN1_OBJECT *obj,
+                                int type, const void *bytes, int len);
+int X509_ACERT_add1_attr_by_NID(X509_ACERT *x, int nid, int type,
+                                const void *bytes, int len);
+int X509_ACERT_add1_attr_by_txt(X509_ACERT *x, const char *attrname, int type,
+                                const unsigned char *bytes, int len);
+int X509_ACERT_add_attr_nconf(CONF *conf, const char *section,
+                              X509_ACERT *acert);
+
+int X509_ACERT_set1_issuerName(X509_ACERT *x, const X509_NAME *name);
+int X509_ACERT_set1_serialNumber(X509_ACERT *x, const ASN1_INTEGER *serial);
+int X509_ACERT_set1_notBefore(X509_ACERT *x, const ASN1_GENERALIZEDTIME *time);
+int X509_ACERT_set1_notAfter(X509_ACERT *x, const ASN1_GENERALIZEDTIME *time);
+
+void OSSL_OBJECT_DIGEST_INFO_get0_digest(const OSSL_OBJECT_DIGEST_INFO *o,
+                                         int *digestedObjectType,
+                                         const X509_ALGOR **digestAlgorithm,
+                                         const ASN1_BIT_STRING **digest);
+
+int OSSL_OBJECT_DIGEST_INFO_set1_digest(OSSL_OBJECT_DIGEST_INFO *o,
+                                        int digestedObjectType,
+                                        X509_ALGOR *digestAlgorithm,
+                                        ASN1_BIT_STRING *digest);
+
+const X509_NAME *OSSL_ISSUER_SERIAL_get0_issuer(const OSSL_ISSUER_SERIAL *isss);
+const ASN1_INTEGER *OSSL_ISSUER_SERIAL_get0_serial(const OSSL_ISSUER_SERIAL *isss);
+const ASN1_BIT_STRING *OSSL_ISSUER_SERIAL_get0_issuerUID(const OSSL_ISSUER_SERIAL *isss);
+
+int OSSL_ISSUER_SERIAL_set1_issuer(OSSL_ISSUER_SERIAL *isss,
+                                   const X509_NAME *issuer);
+int OSSL_ISSUER_SERIAL_set1_serial(OSSL_ISSUER_SERIAL *isss,
+                                   const ASN1_INTEGER *serial);
+int OSSL_ISSUER_SERIAL_set1_issuerUID(OSSL_ISSUER_SERIAL *isss,
+                                   const ASN1_BIT_STRING *uid);
+
+# define OSSL_IETFAS_OCTETS     0
+# define OSSL_IETFAS_OID        1
+# define OSSL_IETFAS_STRING     2
+
+typedef struct OSSL_IETF_ATTR_SYNTAX_VALUE_st OSSL_IETF_ATTR_SYNTAX_VALUE;
+typedef struct OSSL_IETF_ATTR_SYNTAX_st OSSL_IETF_ATTR_SYNTAX;
+SKM_DEFINE_STACK_OF_INTERNAL(OSSL_IETF_ATTR_SYNTAX_VALUE, OSSL_IETF_ATTR_SYNTAX_VALUE, OSSL_IETF_ATTR_SYNTAX_VALUE)
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_value(sk, idx) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_value(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (idx)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_new(cmp) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_new(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc_type(cmp)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_new_null() ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_new_null())
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_new_reserve(cmp, n) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_new_reserve(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc_type(cmp), (n)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (n))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_free(sk) OPENSSL_sk_free(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_zero(sk) OPENSSL_sk_zero(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_delete(sk, i) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_delete(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (i)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_delete_ptr(sk, ptr) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_delete_ptr(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_push(sk, ptr) OPENSSL_sk_push(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_pop(sk) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_pop(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_shift(sk) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_shift(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk),ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_freefunc_type(freefunc))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr), (idx))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_set(sk, idx, ptr) ((OSSL_IETF_ATTR_SYNTAX_VALUE *)OPENSSL_sk_set(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), (idx), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_find(sk, ptr) OPENSSL_sk_find(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_type(ptr), pnum)
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_sort(sk) OPENSSL_sk_sort(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_dup(sk) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_dup(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_IETF_ATTR_SYNTAX_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_copyfunc_type(copyfunc), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_freefunc_type(freefunc)))
+#define sk_OSSL_IETF_ATTR_SYNTAX_VALUE_set_cmp_func(sk, cmp) ((sk_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_sk_type(sk), ossl_check_OSSL_IETF_ATTR_SYNTAX_VALUE_compfunc_type(cmp)))
+
+
+DECLARE_ASN1_ITEM(OSSL_IETF_ATTR_SYNTAX_VALUE)
+DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_IETF_ATTR_SYNTAX_VALUE)
+DECLARE_ASN1_FUNCTIONS(OSSL_IETF_ATTR_SYNTAX)
+
+const GENERAL_NAMES *
+OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority(const OSSL_IETF_ATTR_SYNTAX *a);
+void OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority(OSSL_IETF_ATTR_SYNTAX *a,
+		                                        GENERAL_NAMES *names);
+
+int OSSL_IETF_ATTR_SYNTAX_get_value_num(const OSSL_IETF_ATTR_SYNTAX *a);
+void *OSSL_IETF_ATTR_SYNTAX_get0_value(const OSSL_IETF_ATTR_SYNTAX *a,
+		                               int ind, int *type);
+int OSSL_IETF_ATTR_SYNTAX_add1_value(OSSL_IETF_ATTR_SYNTAX *a, int type,
+		                             void *data);
+int OSSL_IETF_ATTR_SYNTAX_print(BIO *bp, OSSL_IETF_ATTR_SYNTAX *a, int indent);
+
+#endif

ssl/d1_lib.c

@@ -139,6 +139,15 @@ void dtls1_clear_received_buffer(SSL_CONNECTION *s)
     }
 }
 
+void dtls1_remove_sent_buffer_item(struct pqueue_st *pq, unsigned char *prio64be) {
+    pitem *item = NULL;
+
+    while ((item = pqueue_pop_item(pq, prio64be)) != NULL) {
+        dtls1_sent_msg_free((dtls_sent_msg *)item->data);
+        pitem_free(item);
+    }
+}
+
 void dtls1_clear_sent_buffer(SSL_CONNECTION *s)
 {
     pitem *item = NULL;

ssl/pqueue.c

@@ -96,31 +96,46 @@ pitem *pqueue_pop(pqueue *pq)
     return item;
 }
 
-pitem *pqueue_find(pqueue *pq, unsigned char *prio64be)
+static pitem *pqueue_find_and_pop(pqueue *pq, unsigned char *prio64be, int pop)
 {
-    pitem *next;
+    pitem *curr;
+    pitem *prev = NULL;
     pitem *found = NULL;
 
     if (pq->items == NULL)
         return NULL;
 
-    for (next = pq->items; next->next != NULL; next = next->next) {
-        if (memcmp(next->priority, prio64be, 8) == 0) {
-            found = next;
+    for (curr = pq->items; curr->next != NULL; curr = curr->next) {
+        if (memcmp(curr->priority, prio64be, 8) == 0) {
+            found = curr;
             break;
         }
+        prev = curr;
     }
 
     /* check the one last node */
-    if (memcmp(next->priority, prio64be, 8) == 0)
-        found = next;
-
-    if (!found)
-        return NULL;
+    if (found == NULL && memcmp(curr->priority, prio64be, 8) == 0)
+        found = curr;
+
+    if (found != NULL && pop) {
+        if (prev == NULL)
+            pq->items = found->next;
+        else
+            prev->next = found->next;
+    }
 
     return found;
 }
 
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be) {
+    return pqueue_find_and_pop(pq, prio64be, 0);
+}
+
+pitem *pqueue_pop_item(pqueue *pq, unsigned char *prio64be)
+{
+    return pqueue_find_and_pop(pq, prio64be, 1);
+}
+
 pitem *pqueue_iterator(pqueue *pq)
 {
     return pqueue_peek(pq);

ssl/record/methods/tls_common.c

@@ -1078,7 +1078,8 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
 {
     if (rec->type != SSL3_RT_APPLICATION_DATA
             && rec->type != SSL3_RT_ALERT
-            && rec->type != SSL3_RT_HANDSHAKE) {
+            && rec->type != SSL3_RT_HANDSHAKE
+            && rec->type != SSL3_RT_ACK) {
         RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE);
         return 0;
     }

ssl/record/rec_layer_d1.c

@@ -314,13 +314,14 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
     }
 
     if (type == rr->type
-        || (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC
-            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL
-            && !is_dtls13)) {
+            || (type == SSL3_RT_HANDSHAKE
+                && ((!is_dtls13 && recvd_type != NULL && rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+                    || (is_dtls13 && rr->type == SSL3_RT_ACK)))) {
         /*
          * SSL3_RT_APPLICATION_DATA or
          * SSL3_RT_HANDSHAKE or
-         * SSL3_RT_CHANGE_CIPHER_SPEC
+         * SSL3_RT_CHANGE_CIPHER_SPEC or
+         * SSL3_RT_ACK
          */
         /*
          * make sure that we are not getting application data when we are
@@ -489,15 +490,17 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
     /*
      * Unexpected handshake message (Client Hello, or protocol violation)
      */
-    if (rr->type == SSL3_RT_HANDSHAKE && !ossl_statem_get_in_handshake(sc)) {
+    if (!ossl_statem_get_in_handshake(sc)
+            && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ACK)) {
         unsigned char msg_type;
 
         /*
          * This may just be a stale retransmit. Also sanity check that we have
          * at least enough record bytes for a message header
          */
-        if (rr->epoch != sc->rlayer.d->r_epoch
-                || rr->length < DTLS1_HM_HEADER_LENGTH) {
+        if (rr->type == SSL3_RT_HANDSHAKE
+                && (rr->epoch != sc->rlayer.d->r_epoch
+                    || rr->length < DTLS1_HM_HEADER_LENGTH)) {
             if (!ssl_release_record(sc, rr, 0))
                 return -1;
             goto start;
@@ -509,7 +512,7 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
          * If we are server, we may have a repeated FINISHED of the client
          * here, then retransmit our CCS and FINISHED.
          */
-        if (msg_type == SSL3_MT_FINISHED) {
+        if (rr->type == SSL3_RT_HANDSHAKE && msg_type == SSL3_MT_FINISHED) {
             if (dtls1_check_timeout_num(sc) < 0) {
                 /* SSLfatal) already called */
                 return -1;
@@ -585,6 +588,7 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
     case SSL3_RT_CHANGE_CIPHER_SPEC:
     case SSL3_RT_ALERT:
     case SSL3_RT_HANDSHAKE:
+    case SSL3_RT_ACK:
         /*
          * we already handled all of these, with the possible exception of
          * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but