X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_pkt.c;h=b0ab1e850cafe00b717690767b25c57863d5b8c7;hb=4e319926d7cb80313d37105b5545fcce28fdddc1;hp=e206b34e74242ede489f24c09599f17fe7331e8d;hpb=3413424f0157de3a19ad0b2c21e3585ff1b07c6a;p=oweals%2Fopenssl.git

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index e206b34e74..b0ab1e850c 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -597,6 +597,7 @@ again:
 	/* check whether this is a repeat, or aged record */
 	if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
 		{
+		rr->length = 0;
 		s->packet_length=0; /* dump this record */
 		goto again;     /* get another record */
 		}
@@ -941,7 +942,9 @@ start:
 				n2s(p, seq);
 				n2l3(p, frag_off);
 
-				dtls1_retransmit_message(s, seq, frag_off, &found);
+				dtls1_retransmit_message(s,
+										 dtls1_get_queue_priority(frag->msg_header.seq, 0),
+										 frag_off, &found);
 				if ( ! found  && SSL_in_init(s))
 					{
 					/* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
@@ -1034,6 +1037,16 @@ start:
 			goto start;
 			}
 
+		/* If we are server, we may have a repeated FINISHED of the
+		 * client here, then retransmit our CCS and FINISHED.
+		 */
+		if (msg_hdr.type == SSL3_MT_FINISHED)
+			{
+			dtls1_retransmit_buffered_messages(s);
+			rr->length = 0;
+			goto start;
+			}
+
 		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
 			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
 			{
@@ -1259,7 +1272,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
 	else 
 		s->s3->wnum += i;
 
-	return tot + i;
+	return i;
 	}
 
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
@@ -1757,6 +1770,7 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
 	else
 		{
 		seq = s->s3->write_sequence;
+		memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
 		s->d1->w_epoch++;
 		}