Index: d1_pkt.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.22
diff -u -r1.4.2.22 d1_pkt.c
--- d1_pkt.c	4 Jul 2009 11:56:10 -0000	1.4.2.22
+++ d1_pkt.c	13 Jul 2009 15:40:03 -0000
@@ -517,7 +517,12 @@
 		/* read timeout is handled by dtls1_read_bytes */
 		if (n <= 0) return(n); /* error or non-blocking */
 
-		OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);
+		/* this packet contained a partial record, dump it */
+		if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
+			{
+			s->packet_length = 0;
+			goto again;
+			}
 
 		s->rstate=SSL_ST_READ_BODY;
 
Index: s3_pkt.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.57.2.5
diff -u -r1.57.2.5 s3_pkt.c
--- s3_pkt.c	7 Apr 2009 16:28:30 -0000	1.57.2.5
+++ s3_pkt.c	13 Jul 2009 15:40:04 -0000
@@ -141,9 +141,10 @@
 		/* ... now we can act as if 'extend' was set */
 		}
 
-	/* extend reads should not span multiple packets for DTLS */
-	if ( SSL_version(s) == DTLS1_VERSION &&
-		extend)
+	/* For DTLS/UDP reads should not span multiple packets
+	 * because the read operation returns the whole packet
+	 * at once (as long as it fits into the buffer). */
+	if (SSL_version(s) == DTLS1_VERSION)
 		{
 		if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
 			n = s->s3->rbuf.left;
@@ -209,6 +210,14 @@
 			return(i);
 			}
 		newb+=i;
+		/* reads should *never* span multiple packets for DTLS because
+		 * the underlying transport protocol is message oriented as opposed
+		 * to byte oriented as in the TLS case. */
+		if (SSL_version(s) == DTLS1_VERSION)
+			{
+			if (n > newb)
+				n = newb; /* makes the while condition false */
+			}
 		}
 
 	/* done reading, now the book-keeping */