From 19d8ef405cd373a7e6f65077b752bc8bf2d7ea10 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 20 Nov 2019 10:33:17 -0800
Subject: [PATCH] Maintenance: DTLS When encrypting with AES-GCM, AES-CCM, or
 PolyChacha, do not increment the DTLS sequence number. The sequence number
 should only be incremented in BuildMessage. This was done because the
 sequence number used to be incremented after calculating the HMAC or after
 the encrypt for AEAD ciphers. The HMAC has been separated from the sequence
 increment.

---
 src/internal.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index ef64900dd..e71abdba4 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -12529,7 +12529,6 @@ static int  ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
     #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
             additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-            DtlsSEQIncrement(ssl, CUR_ORDER);
         }
     #endif
 
@@ -13069,11 +13068,6 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16
 #endif
                 if (ssl->encrypt.nonce)
                     ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
-
-            #ifdef WOLFSSL_DTLS
-                if (ssl->options.dtls)
-                    DtlsSEQIncrement(ssl, CUR_ORDER);
-            #endif
             }
         #endif /* BUILD_AESGCM || HAVE_AESCCM */
             break;