I'm including a patch that fixes the problem.
/Mikael
diff -ur openssl-SNAP-20051028.orig/ssl/d1_both.c openssl-SNAP-20051028/ssl/d1_both.c --- openssl-SNAP-20051028.orig/ssl/d1_both.c 2005-07-26 07:00:26.000000000 +0200 +++ openssl-SNAP-20051028/ssl/d1_both.c 2005-10-29 10:28:49.000000000 +0200 @@ -724,11 +724,13 @@ /* case (3): received a immediately useful fragment. Determine the * possible overlap and copy the fragment. */ - overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off; /* retain the header for the first fragment */ if ( s->init_num > DTLS1_HM_HEADER_LENGTH) { + s->init_num -= DTLS1_HM_HEADER_LENGTH; + overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off; + memmove(&(s->init_buf->data[s->init_num]), &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH + overlap]), frag_len - overlap); @@ -736,7 +738,10 @@ s->init_num += frag_len - overlap; } else + { + overlap = 0; s->init_num += frag_len; + } dtls1_process_handshake_fragment(s, frag_len - overlap);