From ddcf47eadda21d97537ef1fc3d8f2d30711fbfad Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 2 May 2016 15:18:08 -0700
Subject: [PATCH 1/3] when dropping a DTLS message, drop the whole datagram

---
 src/internal.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 8694c2329..649ae522f 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -8039,7 +8039,8 @@ int ProcessReply(WOLFSSL* ssl)
             if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
                 WOLFSSL_MSG("Silently dropping out of order DTLS message");
                 ssl->options.processReply = doProcessInit;
-                ssl->buffers.inputBuffer.idx += ssl->curSize;
+                ssl->buffers.inputBuffer.length = 0;
+                ssl->buffers.inputBuffer.idx = 0;
 
                 ret = DtlsPoolSend(ssl);
                 if (ret != 0)

From 7c93912f1d49d24cd7b6fb91d1284a209ac3a576 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Sun, 22 May 2016 16:10:47 -0700
Subject: [PATCH 2/3] reject messages that are too far from the future

---
 src/internal.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 649ae522f..5d7e61359 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -6542,6 +6542,9 @@ static INLINE int DtlsCheckWindow(DtlsState* state)
     else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) {
         return 0;
     }
+    else if (cur > next + DTLS_SEQ_BITS) {
+        return 0;
+    }
 
     return 1;
 }

From 1b9b7f52c94c2c232e3e7d520e6623d3b3b6fcc7 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 25 May 2016 15:44:06 -0700
Subject: [PATCH 3/3] 1. Reformat a couple of #ifdefs around if(dtls) checks.
 2. Move fuzz update for DTLS GetRecordHeader to be like the TLS case. 3.
 DtlsCheckWindow only allows current epoch and last epoch. 4. ProcessReply
 only retransmits flight on a CCS out of sequence when    still retaining the
 handshake data.

---
 src/internal.c | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 5d7e61359..f87163bad 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -3699,12 +3699,18 @@ retry:
                 return -1;
 
             case WOLFSSL_CBIO_ERR_TIMEOUT:
+                if (ssl->options.dtls) {
 #ifdef WOLFSSL_DTLS
-                if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0)
-                    goto retry;
-                else
+                    if ((!ssl->options.handShakeDone ||
+                               ssl->options.dtlsHsRetain) &&
+                        DtlsPoolTimeout(ssl) == 0 &&
+                        DtlsPoolSend(ssl) == 0) {
+
+                        goto retry;
+                    }
 #endif
-                    return -1;
+                }
+                return -1;
 
             default:
                 return recvd;
@@ -3946,6 +3952,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
     else {
 #ifdef WOLFSSL_DTLS
+#ifdef HAVE_FUZZER
+        if (ssl->fuzzerCb)
+            ssl->fuzzerCb(ssl, input + *inOutIdx, DTLS_RECORD_HEADER_SZ,
+                           FUZZ_HEAD, ssl->fuzzerCtx);
+#endif
         /* type and version in same sport */
         XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
         *inOutIdx += ENUM_LEN + VERSION_SZ;
@@ -3955,12 +3966,6 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         *inOutIdx += 4;  /* advance past rest of seq */
         ato16(input + *inOutIdx, size);
         *inOutIdx += LENGTH_SZ;
-#ifdef HAVE_FUZZER
-        if (ssl->fuzzerCb)
-            ssl->fuzzerCb(ssl, input + *inOutIdx - LENGTH_SZ - 8 - ENUM_LEN -
-                           VERSION_SZ, ENUM_LEN + VERSION_SZ + 8 + LENGTH_SZ,
-                           FUZZ_HEAD, ssl->fuzzerCtx);
-#endif
 #endif
     }
 
@@ -6526,7 +6531,7 @@ static INLINE int DtlsCheckWindow(DtlsState* state)
         next = state->nextSeq;
         window = state->window;
     }
-    else if (state->curEpoch < state->nextEpoch) {
+    else if (state->curEpoch == state->nextEpoch - 1) {
         next = state->prevSeq;
         window = state->prevWindow;
     }
@@ -8045,9 +8050,11 @@ int ProcessReply(WOLFSSL* ssl)
                 ssl->buffers.inputBuffer.length = 0;
                 ssl->buffers.inputBuffer.idx = 0;
 
-                ret = DtlsPoolSend(ssl);
-                if (ret != 0)
-                    return ret;
+                if (ssl->options.dtlsHsRetain) {
+                    ret = DtlsPoolSend(ssl);
+                    if (ret != 0)
+                        return ret;
+                }
 
                 continue;
             }
@@ -8185,8 +8192,8 @@ int ProcessReply(WOLFSSL* ssl)
                         if (!ssl->options.dtls) {
                             return ret;
                         }
-#ifdef WOLFSSL_DTLS
                         else {
+#ifdef WOLFSSL_DTLS
                         /* Check for duplicate CCS message in DTLS mode.
                          * DTLS allows for duplicate messages, and it should be
                          * skipped. Also skip if out of order. */
@@ -8204,8 +8211,8 @@ int ProcessReply(WOLFSSL* ssl)
                             }
                             ssl->buffers.inputBuffer.idx++;
                             break;
-                        }
 #endif /* WOLFSSL_DTLS */
+                        }
                     }
 
 #ifdef HAVE_SESSION_TICKET