1 files changed, 111 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index fb4d9da174..dce5a7d008 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.18 2017/10/08 16:42:21 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.19 2017/10/10 15:13:26 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -210,10 +210,18 @@ ssl3_connect(SSL *s)
                        if (cb != NULL)
                                cb(s, SSL_CB_HANDSHAKE_START, 1);
-                        if ((s->version & 0xff00) != 0x0300) {
+                        if (SSL_IS_DTLS(s)) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
+                                if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
-                                ret = -1;
+                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                goto end;
+                                        ret = -1;
+                                        goto end;
+                                }
+                        } else {
+                                if ((s->version & 0xff00) != 0x0300) {
+                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
+                                        ret = -1;
+                                        goto end;
+                                }
                        }
                        /* s->version=SSL3_VERSION; */
@@ -234,24 +242,50 @@ ssl3_connect(SSL *s)
                        /* don't push the buffering BIO quite yet */
-                        if (!tls1_init_finished_mac(s)) {
+                        if (!SSL_IS_DTLS(s)) {
-                                ret = -1;
+                                if (!tls1_init_finished_mac(s)) {
-                                goto end;
+                                        ret = -1;
+                                        goto end;
+                                }
                        }
                        S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->internal->stats.sess_connect++;
                        s->internal->init_num = 0;
+                        if (SSL_IS_DTLS(s)) {
+                                /* mark client_random uninitialized */
+                                memset(s->s3->client_random, 0,
+                                    sizeof(s->s3->client_random));
+                                D1I(s)->send_cookie = 0;
+                                s->internal->hit = 0;
+                        }
                        break;
                case SSL3_ST_CW_CLNT_HELLO_A:
                case SSL3_ST_CW_CLNT_HELLO_B:
                        s->internal->shutdown = 0;
+                        if (SSL_IS_DTLS(s)) {
+                                /* every DTLS ClientHello resets Finished MAC */
+                                if (!tls1_init_finished_mac(s)) {
+                                        ret = -1;
+                                        goto end;
+                                }
+                                dtls1_start_timer(s);
+                        }
                        ret = ssl3_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                        S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
+                        if (SSL_IS_DTLS(s) && D1I(s)->send_cookie) {
+                                S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
+                                S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+                        } else
+                                S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
                        s->internal->init_num = 0;
                        /* turn on buffering for the next lot of output */
@@ -268,11 +302,29 @@ ssl3_connect(SSL *s)
                        if (s->internal->hit) {
                                S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
-                                if (s->internal->tlsext_ticket_expected) {
+                                if (!SSL_IS_DTLS(s)) {
-                                        /* receive renewed session ticket */
+                                        if (s->internal->tlsext_ticket_expected) {
-                                        S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
+                                                /* receive renewed session ticket */
+                                                S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
+                                        }
                                }
-                        } else
+                        } else if (SSL_IS_DTLS(s)) {
+                                S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+                        } else {
+                                S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
+                        }
+                        s->internal->init_num = 0;
+                        break;
+                case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
+                case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
+                        ret = dtls1_get_hello_verify(s);
+                        if (ret <= 0)
+                                goto end;
+                        dtls1_stop_timer(s);
+                        if (D1I(s)->send_cookie) /* start again, with a cookie */
+                                S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
+                        else
                                S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
                        s->internal->init_num = 0;
                        break;
@@ -340,6 +392,8 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_server_done(s);
                        if (ret <= 0)
                                goto end;
+                        if (SSL_IS_DTLS(s))
+                                dtls1_stop_timer(s);
                        if (S3I(s)->tmp.cert_req)
                                S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
                        else
@@ -352,6 +406,8 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_CERT_B:
                case SSL3_ST_CW_CERT_C:
                case SSL3_ST_CW_CERT_D:
+                        if (SSL_IS_DTLS(s))
+                                dtls1_start_timer(s);
                        ret = ssl3_send_client_certificate(s);
                        if (ret <= 0)
                                goto end;
@@ -361,6 +417,8 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_KEY_EXCH_A:
                case SSL3_ST_CW_KEY_EXCH_B:
+                        if (SSL_IS_DTLS(s))
+                                dtls1_start_timer(s);
                        ret = ssl3_send_client_key_exchange(s);
                        if (ret <= 0)
                                goto end;
@@ -386,9 +444,11 @@ ssl3_connect(SSL *s)
                                S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
                                S3I(s)->change_cipher_spec = 0;
                        }
-                        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
+                        if (!SSL_IS_DTLS(s)) {
-                                S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
+                                if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                                S3I(s)->change_cipher_spec = 0;
+                                        S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
+                                        S3I(s)->change_cipher_spec = 0;
+                                }
                        }
                        s->internal->init_num = 0;
@@ -396,6 +456,8 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_CERT_VRFY_A:
                case SSL3_ST_CW_CERT_VRFY_B:
+                        if (SSL_IS_DTLS(s))
+                                dtls1_start_timer(s);
                        ret = ssl3_send_client_verify(s);
                        if (ret <= 0)
                                goto end;
@@ -406,6 +468,8 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
+                        if (SSL_IS_DTLS(s) && !s->internal->hit)
+                                dtls1_start_timer(s);
                        ret = ssl3_send_change_cipher_spec(s,
                            SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0)
@@ -426,16 +490,22 @@ ssl3_connect(SSL *s)
                                goto end;
                        }
+                        if (SSL_IS_DTLS(s))
+                                dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
                        break;
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
+                        if (SSL_IS_DTLS(s) && !s->internal->hit)
+                                dtls1_start_timer(s);
                        ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
                            SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST,
                            TLS_MD_CLIENT_FINISH_CONST_SIZE);
                        if (ret <= 0)
                                goto end;
-                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
+                        if (!SSL_IS_DTLS(s))
+                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
                        S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
                        /* clear flags */
@@ -480,11 +550,16 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CR_FINISHED_A:
                case SSL3_ST_CR_FINISHED_B:
-                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
+                        if (SSL_IS_DTLS(s))
+                                D1I(s)->change_cipher_spec_ok = 1;
+                        else
+                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
                        ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
                            SSL3_ST_CR_FINISHED_B);
                        if (ret <= 0)
                                goto end;
+                        if (SSL_IS_DTLS(s))
+                                dtls1_stop_timer(s);
                        if (s->internal->hit)
                                S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
@@ -496,6 +571,13 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_FLUSH:
                        s->internal->rwstate = SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0) {
+                                if (SSL_IS_DTLS(s)) {
+                                        /* If the write error was fatal, stop trying */
+                                        if (!BIO_should_retry(s->wbio)) {
+                                                s->internal->rwstate = SSL_NOTHING;
+                                                S3I(s)->hs.state = S3I(s)->hs.next_state;
+                                        }
+                                }
                                ret = -1;
                                goto end;
                        }
@@ -507,8 +589,10 @@ ssl3_connect(SSL *s)
                        /* clean a few things up */
                        tls1_cleanup_key_block(s);
-                        BUF_MEM_free(s->internal->init_buf);
+                        if (!SSL_IS_DTLS(s)) {
-                        s->internal->init_buf = NULL;
+                                BUF_MEM_free(s->internal->init_buf);
+                                s->internal->init_buf = NULL;
+                        }
                        /*
                         * If we are not 'joining' the last two packets,
@@ -534,6 +618,12 @@ ssl3_connect(SSL *s)
                        if (cb != NULL)
                                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+                        if (SSL_IS_DTLS(s)) {
+                                /* done with handshaking */
+                                D1I(s)->handshake_read_seq = 0;
+                                D1I(s)->next_handshake_write_seq = 0;
+                        }
                        goto end;
                        /* break; */

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index fb4d9da174..dce5a7d008 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.18 2017/10/08 16:42:21 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.19 2017/10/10 15:13:26 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -210,10 +210,18 @@ ssl3_connect(SSL *s)
210	if (cb != NULL)	210	if (cb != NULL)
211	cb(s, SSL_CB_HANDSHAKE_START, 1);	211	cb(s, SSL_CB_HANDSHAKE_START, 1);
212		212
213	if ((s->version & 0xff00) != 0x0300) {	213	if (SSL_IS_DTLS(s)) {
214	SSLerror(s, ERR_R_INTERNAL_ERROR);	214	if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
215	ret = -1;	215	SSLerror(s, ERR_R_INTERNAL_ERROR);
216	goto end;	216	ret = -1;
		217	goto end;
		218	}
		219	} else {
		220	if ((s->version & 0xff00) != 0x0300) {
		221	SSLerror(s, ERR_R_INTERNAL_ERROR);
		222	ret = -1;
		223	goto end;
		224	}
217	}	225	}
218		226
219	/* s->version=SSL3_VERSION; */	227	/* s->version=SSL3_VERSION; */
@@ -234,24 +242,50 @@ ssl3_connect(SSL *s)
234		242
235	/* don't push the buffering BIO quite yet */	243	/* don't push the buffering BIO quite yet */
236		244
237	if (!tls1_init_finished_mac(s)) {	245	if (!SSL_IS_DTLS(s)) {
238	ret = -1;	246	if (!tls1_init_finished_mac(s)) {
239	goto end;	247	ret = -1;
		248	goto end;
		249	}
240	}	250	}
241		251
242	S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;	252	S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
243	s->ctx->internal->stats.sess_connect++;	253	s->ctx->internal->stats.sess_connect++;
244	s->internal->init_num = 0;	254	s->internal->init_num = 0;
		255
		256	if (SSL_IS_DTLS(s)) {
		257	/* mark client_random uninitialized */
		258	memset(s->s3->client_random, 0,
		259	sizeof(s->s3->client_random));
		260	D1I(s)->send_cookie = 0;
		261	s->internal->hit = 0;
		262	}
245	break;	263	break;
246		264
247	case SSL3_ST_CW_CLNT_HELLO_A:	265	case SSL3_ST_CW_CLNT_HELLO_A:
248	case SSL3_ST_CW_CLNT_HELLO_B:	266	case SSL3_ST_CW_CLNT_HELLO_B:
249
250	s->internal->shutdown = 0;	267	s->internal->shutdown = 0;
		268
		269	if (SSL_IS_DTLS(s)) {
		270	/* every DTLS ClientHello resets Finished MAC */
		271	if (!tls1_init_finished_mac(s)) {
		272	ret = -1;
		273	goto end;
		274	}
		275
		276	dtls1_start_timer(s);
		277	}
		278
251	ret = ssl3_client_hello(s);	279	ret = ssl3_client_hello(s);
252	if (ret <= 0)	280	if (ret <= 0)
253	goto end;	281	goto end;
254	S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;	282
		283	if (SSL_IS_DTLS(s) && D1I(s)->send_cookie) {
		284	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
		285	S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A;
		286	} else
		287	S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
		288
255	s->internal->init_num = 0;	289	s->internal->init_num = 0;
256		290
257	/* turn on buffering for the next lot of output */	291	/* turn on buffering for the next lot of output */
@@ -268,11 +302,29 @@ ssl3_connect(SSL *s)
268		302
269	if (s->internal->hit) {	303	if (s->internal->hit) {
270	S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;	304	S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
271	if (s->internal->tlsext_ticket_expected) {	305	if (!SSL_IS_DTLS(s)) {
272	/* receive renewed session ticket */	306	if (s->internal->tlsext_ticket_expected) {
273	S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;	307	/* receive renewed session ticket */
		308	S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
		309	}
274	}	310	}
275	} else	311	} else if (SSL_IS_DTLS(s)) {
		312	S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
		313	} else {
		314	S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
		315	}
		316	s->internal->init_num = 0;
		317	break;
		318
		319	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
		320	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
		321	ret = dtls1_get_hello_verify(s);
		322	if (ret <= 0)
		323	goto end;
		324	dtls1_stop_timer(s);
		325	if (D1I(s)->send_cookie) /* start again, with a cookie */
		326	S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
		327	else
276	S3I(s)->hs.state = SSL3_ST_CR_CERT_A;	328	S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
277	s->internal->init_num = 0;	329	s->internal->init_num = 0;
278	break;	330	break;
@@ -340,6 +392,8 @@ ssl3_connect(SSL *s)
340	ret = ssl3_get_server_done(s);	392	ret = ssl3_get_server_done(s);
341	if (ret <= 0)	393	if (ret <= 0)
342	goto end;	394	goto end;
		395	if (SSL_IS_DTLS(s))
		396	dtls1_stop_timer(s);
343	if (S3I(s)->tmp.cert_req)	397	if (S3I(s)->tmp.cert_req)
344	S3I(s)->hs.state = SSL3_ST_CW_CERT_A;	398	S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
345	else	399	else
@@ -352,6 +406,8 @@ ssl3_connect(SSL *s)
352	case SSL3_ST_CW_CERT_B:	406	case SSL3_ST_CW_CERT_B:
353	case SSL3_ST_CW_CERT_C:	407	case SSL3_ST_CW_CERT_C:
354	case SSL3_ST_CW_CERT_D:	408	case SSL3_ST_CW_CERT_D:
		409	if (SSL_IS_DTLS(s))
		410	dtls1_start_timer(s);
355	ret = ssl3_send_client_certificate(s);	411	ret = ssl3_send_client_certificate(s);
356	if (ret <= 0)	412	if (ret <= 0)
357	goto end;	413	goto end;
@@ -361,6 +417,8 @@ ssl3_connect(SSL *s)
361		417
362	case SSL3_ST_CW_KEY_EXCH_A:	418	case SSL3_ST_CW_KEY_EXCH_A:
363	case SSL3_ST_CW_KEY_EXCH_B:	419	case SSL3_ST_CW_KEY_EXCH_B:
		420	if (SSL_IS_DTLS(s))
		421	dtls1_start_timer(s);
364	ret = ssl3_send_client_key_exchange(s);	422	ret = ssl3_send_client_key_exchange(s);
365	if (ret <= 0)	423	if (ret <= 0)
366	goto end;	424	goto end;
@@ -386,9 +444,11 @@ ssl3_connect(SSL *s)
386	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;	444	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
387	S3I(s)->change_cipher_spec = 0;	445	S3I(s)->change_cipher_spec = 0;
388	}	446	}
389	if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {	447	if (!SSL_IS_DTLS(s)) {
390	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;	448	if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
391	S3I(s)->change_cipher_spec = 0;	449	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
		450	S3I(s)->change_cipher_spec = 0;
		451	}
392	}	452	}
393		453
394	s->internal->init_num = 0;	454	s->internal->init_num = 0;
@@ -396,6 +456,8 @@ ssl3_connect(SSL *s)
396		456
397	case SSL3_ST_CW_CERT_VRFY_A:	457	case SSL3_ST_CW_CERT_VRFY_A:
398	case SSL3_ST_CW_CERT_VRFY_B:	458	case SSL3_ST_CW_CERT_VRFY_B:
		459	if (SSL_IS_DTLS(s))
		460	dtls1_start_timer(s);
399	ret = ssl3_send_client_verify(s);	461	ret = ssl3_send_client_verify(s);
400	if (ret <= 0)	462	if (ret <= 0)
401	goto end;	463	goto end;
@@ -406,6 +468,8 @@ ssl3_connect(SSL *s)
406		468
407	case SSL3_ST_CW_CHANGE_A:	469	case SSL3_ST_CW_CHANGE_A:
408	case SSL3_ST_CW_CHANGE_B:	470	case SSL3_ST_CW_CHANGE_B:
		471	if (SSL_IS_DTLS(s) && !s->internal->hit)
		472	dtls1_start_timer(s);
409	ret = ssl3_send_change_cipher_spec(s,	473	ret = ssl3_send_change_cipher_spec(s,
410	SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);	474	SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
411	if (ret <= 0)	475	if (ret <= 0)
@@ -426,16 +490,22 @@ ssl3_connect(SSL *s)
426	goto end;	490	goto end;
427	}	491	}
428		492
		493	if (SSL_IS_DTLS(s))
		494	dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
		495
429	break;	496	break;
430		497
431	case SSL3_ST_CW_FINISHED_A:	498	case SSL3_ST_CW_FINISHED_A:
432	case SSL3_ST_CW_FINISHED_B:	499	case SSL3_ST_CW_FINISHED_B:
		500	if (SSL_IS_DTLS(s) && !s->internal->hit)
		501	dtls1_start_timer(s);
433	ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,	502	ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
434	SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST,	503	SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST,
435	TLS_MD_CLIENT_FINISH_CONST_SIZE);	504	TLS_MD_CLIENT_FINISH_CONST_SIZE);
436	if (ret <= 0)	505	if (ret <= 0)
437	goto end;	506	goto end;
438	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	507	if (!SSL_IS_DTLS(s))
		508	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
439	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;	509	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
440		510
441	/* clear flags */	511	/* clear flags */
@@ -480,11 +550,16 @@ ssl3_connect(SSL *s)
480		550
481	case SSL3_ST_CR_FINISHED_A:	551	case SSL3_ST_CR_FINISHED_A:
482	case SSL3_ST_CR_FINISHED_B:	552	case SSL3_ST_CR_FINISHED_B:
483	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	553	if (SSL_IS_DTLS(s))
		554	D1I(s)->change_cipher_spec_ok = 1;
		555	else
		556	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
484	ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,	557	ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
485	SSL3_ST_CR_FINISHED_B);	558	SSL3_ST_CR_FINISHED_B);
486	if (ret <= 0)	559	if (ret <= 0)
487	goto end;	560	goto end;
		561	if (SSL_IS_DTLS(s))
		562	dtls1_stop_timer(s);
488		563
489	if (s->internal->hit)	564	if (s->internal->hit)
490	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;	565	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
@@ -496,6 +571,13 @@ ssl3_connect(SSL *s)
496	case SSL3_ST_CW_FLUSH:	571	case SSL3_ST_CW_FLUSH:
497	s->internal->rwstate = SSL_WRITING;	572	s->internal->rwstate = SSL_WRITING;
498	if (BIO_flush(s->wbio) <= 0) {	573	if (BIO_flush(s->wbio) <= 0) {
		574	if (SSL_IS_DTLS(s)) {
		575	/* If the write error was fatal, stop trying */
		576	if (!BIO_should_retry(s->wbio)) {
		577	s->internal->rwstate = SSL_NOTHING;
		578	S3I(s)->hs.state = S3I(s)->hs.next_state;
		579	}
		580	}
499	ret = -1;	581	ret = -1;
500	goto end;	582	goto end;
501	}	583	}
@@ -507,8 +589,10 @@ ssl3_connect(SSL *s)
507	/* clean a few things up */	589	/* clean a few things up */
508	tls1_cleanup_key_block(s);	590	tls1_cleanup_key_block(s);
509		591
510	BUF_MEM_free(s->internal->init_buf);	592	if (!SSL_IS_DTLS(s)) {
511	s->internal->init_buf = NULL;	593	BUF_MEM_free(s->internal->init_buf);
		594	s->internal->init_buf = NULL;
		595	}
512		596
513	/*	597	/*
514	* If we are not 'joining' the last two packets,	598	* If we are not 'joining' the last two packets,
@@ -534,6 +618,12 @@ ssl3_connect(SSL *s)
534	if (cb != NULL)	618	if (cb != NULL)
535	cb(s, SSL_CB_HANDSHAKE_DONE, 1);	619	cb(s, SSL_CB_HANDSHAKE_DONE, 1);
536		620
		621	if (SSL_IS_DTLS(s)) {
		622	/* done with handshaking */
		623	D1I(s)->handshake_read_seq = 0;
		624	D1I(s)->next_handshake_write_seq = 0;
		625	}
		626
537	goto end;	627	goto end;
538	/* break; */	628	/* break; */
539		629