From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 3 Apr 2011 17:14:35 +0000 (+0000)
Subject: PR: 2462
X-Git-Tag: OpenSSL-fips-2_0-rc1~605
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=4058861f691a1d5dcefbdc124f549a830b7c63a8

PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
---

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index c195159967..2180c6d4da 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -468,20 +468,6 @@ again:
 	if (!s->d1->listen)
 		s->d1->handshake_read_seq++;
 
-	/* we just read a handshake message from the other side:
-	 * this means that we don't need to retransmit of the
-	 * buffered messages.  
-	 * XDTLS: may be able clear out this
-	 * buffer a little sooner (i.e if an out-of-order
-	 * handshake message/record is received at the record
-	 * layer.  
-	 * XDTLS: exception is that the server needs to
-	 * know that change cipher spec and finished messages
-	 * have been received by the client before clearing this
-	 * buffer.  this can simply be done by waiting for the
-	 * first data  segment, but is there a better way?  */
-	dtls1_clear_record_buffer(s);
-
 	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
 	return s->init_num;
 
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 96b220e87c..0e7f5331db 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -330,6 +330,8 @@ void dtls1_stop_timer(SSL *s)
 	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
 	s->d1->timeout_duration = 1;
 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+	/* Clear retransmission buffer */
+	dtls1_clear_record_buffer(s);
 	}
 
 int dtls1_handle_timeout(SSL *s)