From 49fefe176ef9f00c8e744aa6026cc6cc2dfcf709 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 16 Jul 2018 13:33:03 -0700
Subject: [PATCH] DTLS and Atomic Encrypt Callback When using the encrypt
 callback, the DTLS sequence number isn't incremented. Moved the increment to
 later in the BuildMessage() function.

---
 src/internal.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 67edb86d4..cc75c8d1e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13720,10 +13720,6 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         #endif
                 ret = ssl->hmac(ssl, output + args->idx, output +
                                 args->headerSz + args->ivSz, inSz, -1, type, 0);
-            #ifdef WOLFSSL_DTLS
-                if (ssl->options.dtls)
-                    DtlsSEQIncrement(ssl, CUR_ORDER);
-            #endif
             }
             if (ret != 0)
                 goto exit_buildmsg;
@@ -13752,6 +13748,11 @@ exit_buildmsg:
     /* make sure build message state is reset */
     ssl->options.buildMsgState = BUILD_MSG_BEGIN;
 
+    #ifdef WOLFSSL_DTLS
+        if (ret == 0 && ssl->options.dtls)
+            DtlsSEQIncrement(ssl, CUR_ORDER);
+    #endif
+
     /* return sz on success */
     if (ret == 0)
         ret = args->sz;