Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.

 Changes between 1.0.0f and 1.0.0g [xx XXX xxxx]

  *)

  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.

     Thanks to Antonio Martin, Enterprise Secure Access Research and

     Development, Cisco Systems, Inc. for discovering this bug and

     preparing a fix. (CVE-2012-0050)

     [Antonio Martin]

 Changes between 1.0.0e and 1.0.0f [4 Jan 2012]

  *) Change 'Configure' script to enable Camellia by default.

     [NTT]

 Changes between 0.9.8s and 0.9.8t [18 Jan 2012]

  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.

     Thanks to Antonio Martin, Enterprise Secure Access Research and

     Development, Cisco Systems, Inc. for discovering this bug and

     preparing a fix. (CVE-2012-0050)

     [Antonio Martin]

 Changes between 0.9.8r and 0.9.8s [4 Jan 2012]

  *) Nadhem Alfardan and Kenny Paterson have discovered an extension

	unsigned int mac_size;

	unsigned char md[EVP_MAX_MD_SIZE];

	int decryption_failed_or_bad_record_mac = 0;

	unsigned char *mac = NULL;

	rr= &(s->s3->rrec);

#endif			

			}

		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */

		if (rr->length < mac_size)

		if (rr->length >= mac_size)

			{

#if 0 /* OK only for stream ciphers */

			al=SSL_AD_DECODE_ERROR;

			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);

			goto f_err;

#else

			decryption_failed_or_bad_record_mac = 1;

#endif

			}

			rr->length -= mac_size;

			mac = &rr->data[rr->length];

			}

		else

			rr->length = 0;

		i=s->method->ssl3_enc->mac(s,md,0);

		if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)

		if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)

			{

			decryption_failed_or_bad_record_mac = 1;

			}