} while (num_recs == 0);
rr = &rr[curr_rec];
+ if (s->rlayer.handshake_fragment_len > 0
+ && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
+ && SSL_IS_TLS13(s)) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);
+ return -1;
+ }
+
/*
* Reset the count of consecutive warning alerts if we've got a non-empty
* record that isn't an alert.