From 05a19c852b7731b79efa2fd14abb2a8797614d45 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 27 Dec 2021 16:52:09 -0700
Subject: [PATCH] account for DTLS extra header size when reading msg from pool

---
 ChangeLog.md   | 1 +
 README         | 1 +
 README.md      | 1 +
 src/internal.c | 4 ++++
 4 files changed, 7 insertions(+)

diff --git a/ChangeLog.md b/ChangeLog.md
index c5a861b17..9819d05fb 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -68,6 +68,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined
 * Use page aligned memory with ECDSA signing and KCAPI
 * Skip expired sessions for TLS 1.3 rather than turning off the resume behavior
+* Fix for DTLS handling dropped or retransmitted messages
 
 ### Improvements/Optimizations
 ###### Build Options and Warnings
diff --git a/README b/README
index 35595726b..af844349c 100644
--- a/README
+++ b/README
@@ -147,6 +147,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined
 * Use page aligned memory with ECDSA signing and KCAPI
 * Skip expired sessions for TLS 1.3 rather than turning off the resume behavior
+* Fix for DTLS handling dropped or retransmitted messages
 
 ### Improvements/Optimizations
 ###### Build Options and Warnings
diff --git a/README.md b/README.md
index c7b6814dd..f5d14b556 100644
--- a/README.md
+++ b/README.md
@@ -148,6 +148,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined
 * Use page aligned memory with ECDSA signing and KCAPI
 * Skip expired sessions for TLS 1.3 rather than turning off the resume behavior
+* Fix for DTLS handling dropped or retransmitted messages
 
 ### Improvements/Optimizations
 ###### Build Options and Warnings
diff --git a/src/internal.c b/src/internal.c
index 8c599022a..16b37dc9d 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -8224,6 +8224,10 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
 #endif
 
 
+                /* add back in header space from saved pool size */
+                sendSz += DTLS_HANDSHAKE_EXTRA;
+                sendSz += DTLS_RECORD_EXTRA;
+
                 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
                     WOLFSSL_ERROR(ret);
                     return ret;