PR: 2229

			goto err;

		/* otherwise enc_err == -1 */

		goto decryption_failed_or_bad_record_mac;

		goto err;

		}

#ifdef TLS_DEBUG

			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);

			goto f_err;

#else

			goto decryption_failed_or_bad_record_mac;

			goto err;

#endif			

			}

		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */

			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);

			goto f_err;

#else

			goto decryption_failed_or_bad_record_mac;

			goto err;

#endif

			}

		rr->length-=mac_size;

		i=s->method->ssl3_enc->mac(s,md,0);

		if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)

			{

			goto decryption_failed_or_bad_record_mac;

			goto err;

			}

		}

	dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */

	return(1);

decryption_failed_or_bad_record_mac:

	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,

	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption

	 * failure is directly visible from the ciphertext anyway,

	 * we should not reveal which kind of error occured -- this

	 * might become visible to an attacker (e.g. via logfile) */

	al=SSL_AD_BAD_RECORD_MAC;

	SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);

f_err:

	ssl3_send_alert(s,SSL3_AL_FATAL,al);

err:

	/* The epoch may have changed.  If so, process all the

	 * pending records.  This is a non-blocking operation. */

	if ( ! dtls1_process_buffered_records(s))

            return 0;

	dtls1_process_buffered_records(s);

	/* if we're renegotiating, then there may be buffered records */

	if (dtls1_get_processed_record(s))

		}

	if (!dtls1_process_record(s))

		return(0);

		{

		rr->length = 0;

		s->packet_length = 0;  /* dump this record */

		goto again;   /* get another record */

		}

	dtls1_clear_timeouts(s);  /* done waiting */

	return(1);