From 5687562e7b213e20aadd0fbe7154c5432b916666 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 1 Dec 2015 13:32:00 -0800
Subject: [PATCH] back out change to decryptedCur flag

---
 src/internal.c     | 6 +++++-
 wolfssl/internal.h | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 1d076cd49..c6d13d8b8 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3425,6 +3425,9 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             return UNKNOWN_RECORD_TYPE;
     }
 
+    /* haven't decrypted this record yet */
+    ssl->keys.decryptedCur = 0;
+
     return 0;
 }
 
@@ -7172,7 +7175,7 @@ int ProcessReply(WOLFSSL* ssl)
         /* the record layer is here */
         case runProcessingOneMessage:
 
-            if (IsEncryptionOn(ssl, 0))
+            if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0)
             {
                 ret = SanityCheckCipherText(ssl, ssl->curSize);
                 if (ret < 0)
@@ -7224,6 +7227,7 @@ int ProcessReply(WOLFSSL* ssl)
                     return DECRYPT_ERROR;
                 }
                 ssl->keys.encryptSz    = ssl->curSize;
+                ssl->keys.decryptedCur = 1;
             }
 
             if (ssl->options.dtls) {
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index de8ef669f..7acd2a064 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1453,6 +1453,7 @@ typedef struct Keys {
     word32 encryptSz;             /* last size of encrypted data   */
     word32 padSz;                 /* how much to advance after decrypt part */
     byte   encryptionOn;          /* true after change cipher spec */
+    byte   decryptedCur;          /* only decrypt current record once */
 } Keys;