1 files changed, 12 insertions, 10 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 39aac73e10..a5439d544f 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -296,6 +296,9 @@ dtls1_process_buffered_records(SSL *s)
    item = pqueue_peek(s->d1->unprocessed_rcds.q);
    if (item)
        {
+        DTLS1_RECORD_DATA *rdata;
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        
        /* Check if epoch is current. */
        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
            return(1);  /* Nothing to do. */
@@ -409,12 +412,11 @@ dtls1_process_record(SSL *s)
        enc_err = s->method->ssl3_enc->enc(s,0);
        if (enc_err <= 0)
                {
-                /* decryption failed, silently discard message */
+                if (enc_err == 0)
-                if (enc_err < 0)
+                        /* SSLerr() and ssl3_send_alert() have been called */
-                        {
+                        goto err;
-                        rr->length = 0;
-                        s->packet_length = 0;
+                /* otherwise enc_err == -1 */
-                        }
                goto err;
                }
@@ -526,12 +528,14 @@ int dtls1_get_record(SSL *s)
        int ssl_major,ssl_minor;
        int i,n;
        SSL3_RECORD *rr;
+        SSL_SESSION *sess;
        unsigned char *p = NULL;
        unsigned short version;
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
        rr= &(s->s3->rrec);
+        sess=s->session;
        /* The epoch may have changed.  If so, process all the
         * pending records.  This is a non-blocking operation. */
@@ -658,12 +662,10 @@ again:
        /* If this record is from the next epoch (either HM or ALERT),
         * and a handshake is currently in progress, buffer it since it
-         * cannot be processed at this time. However, do not buffer
+         * cannot be processed at this time. */
-         * anything while listening.
-         */
        if (is_next_epoch)
                {
-                if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
+                if (SSL_in_init(s) || s->in_handshake)
                        {
                        dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
                        }

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 39aac73e10..a5439d544f 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -296,6 +296,9 @@ dtls1_process_buffered_records(SSL *s)
296	item = pqueue_peek(s->d1->unprocessed_rcds.q);	296	item = pqueue_peek(s->d1->unprocessed_rcds.q);
297	if (item)	297	if (item)
298	{	298	{
		299	DTLS1_RECORD_DATA *rdata;
		300	rdata = (DTLS1_RECORD_DATA *)item->data;
		301
299	/* Check if epoch is current. */	302	/* Check if epoch is current. */
300	if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)	303	if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
301	return(1); /* Nothing to do. */	304	return(1); /* Nothing to do. */
@@ -409,12 +412,11 @@ dtls1_process_record(SSL *s)
409	enc_err = s->method->ssl3_enc->enc(s,0);	412	enc_err = s->method->ssl3_enc->enc(s,0);
410	if (enc_err <= 0)	413	if (enc_err <= 0)
411	{	414	{
412	/* decryption failed, silently discard message */	415	if (enc_err == 0)
413	if (enc_err < 0)	416	/* SSLerr() and ssl3_send_alert() have been called */
414	{	417	goto err;
415	rr->length = 0;	418
416	s->packet_length = 0;	419	/* otherwise enc_err == -1 */
417	}
418	goto err;	420	goto err;
419	}	421	}
420		422
@@ -526,12 +528,14 @@ int dtls1_get_record(SSL *s)
526	int ssl_major,ssl_minor;	528	int ssl_major,ssl_minor;
527	int i,n;	529	int i,n;
528	SSL3_RECORD *rr;	530	SSL3_RECORD *rr;
		531	SSL_SESSION *sess;
529	unsigned char *p = NULL;	532	unsigned char *p = NULL;
530	unsigned short version;	533	unsigned short version;
531	DTLS1_BITMAP *bitmap;	534	DTLS1_BITMAP *bitmap;
532	unsigned int is_next_epoch;	535	unsigned int is_next_epoch;
533		536
534	rr= &(s->s3->rrec);	537	rr= &(s->s3->rrec);
		538	sess=s->session;
535		539
536	/* The epoch may have changed. If so, process all the	540	/* The epoch may have changed. If so, process all the
537	* pending records. This is a non-blocking operation. */	541	* pending records. This is a non-blocking operation. */
@@ -658,12 +662,10 @@ again:
658		662
659	/* If this record is from the next epoch (either HM or ALERT),	663	/* If this record is from the next epoch (either HM or ALERT),
660	* and a handshake is currently in progress, buffer it since it	664	* and a handshake is currently in progress, buffer it since it
661	* cannot be processed at this time. However, do not buffer	665	* cannot be processed at this time. */
662	* anything while listening.
663	*/
664	if (is_next_epoch)	666	if (is_next_epoch)
665	{	667	{
666	if ((SSL_in_init(s) \|\| s->in_handshake) && !s->d1->listen)	668	if (SSL_in_init(s) \|\| s->in_handshake)
667	{	669	{
668	dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);	670	dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
669	}	671	}