diff -up openssl-1.0.1e/crypto/bio/bio.h.sctp openssl-1.0.1e/crypto/bio/bio.h
--- openssl-1.0.1e/crypto/bio/bio.h.sctp	2016-04-07 13:54:03.296270801 +0200
+++ openssl-1.0.1e/crypto/bio/bio.h	2016-04-07 14:02:53.436214294 +0200
@@ -175,6 +175,8 @@ extern "C" {
 #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
                                               * adjust socket timeouts */
 
+#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
+
 #ifndef OPENSSL_NO_SCTP
 /* SCTP stuff */
 #define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE	50
@@ -607,6 +609,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
 #define BIO_dgram_set_peer(b,peer) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+#define BIO_dgram_get_mtu_overhead(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
 
 /* These two aren't currently implemented */
 /* int BIO_get_ex_num(BIO *bio); */
diff -up openssl-1.0.1e/crypto/bio/bss_dgram.c.sctp openssl-1.0.1e/crypto/bio/bss_dgram.c
--- openssl-1.0.1e/crypto/bio/bss_dgram.c.sctp	2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/bio/bss_dgram.c	2016-04-07 14:02:53.437214317 +0200
@@ -454,6 +454,36 @@ static int dgram_write(BIO *b, const cha
 	return(ret);
 	}
 
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+	{
+	long ret;
+
+	switch (data->peer.sa.sa_family)
+		{
+		case AF_INET:
+			/* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+			ret = 28;
+			break;
+#if OPENSSL_USE_IPV6
+		case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+			if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+				/* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+				ret = 28;
+			else
+#endif
+				/* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */
+				ret = 48;
+			break;
+#endif
+		default:
+			/* We don't know. Go with the historical default */
+			ret = 28;
+			break;
+		}
+	return ret;
+	}
+
 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret=1;
@@ -630,23 +660,24 @@ static long dgram_ctrl(BIO *b, int cmd,
 #endif
 		break;
 	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+		ret = -dgram_get_mtu_overhead(data);
 		switch (data->peer.sa.sa_family)
 			{
 			case AF_INET:
-				ret = 576 - 20 - 8;
+				ret += 576;
 				break;
 #if OPENSSL_USE_IPV6
 			case AF_INET6:
 #ifdef IN6_IS_ADDR_V4MAPPED
 				if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-					ret = 576 - 20 - 8;
+					ret += 576;
 				else
 #endif
-					ret = 1280 - 40 - 8;
+					ret += 1280;
 				break;
 #endif
 			default:
-				ret = 576 - 20 - 8;
+				ret += 576;
 				break;
 			}
 		break;
@@ -847,6 +878,9 @@ static long dgram_ctrl(BIO *b, int cmd,
 			ret = 0;
 		break;
 #endif
+	case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+		ret = dgram_get_mtu_overhead(data);
+		break;
 	default:
 		ret=0;
 		break;
@@ -906,8 +940,8 @@ BIO *BIO_new_dgram_sctp(int fd, int clos
 	memset(authchunks, 0, sizeof(sockopt_len));
 	ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
 	OPENSSL_assert(ret >= 0);
-	
-	for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+
+	for (p = (unsigned char*) authchunks->gauth_chunks;
 	     p < (unsigned char*) authchunks + sockopt_len;
 	     p += sizeof(uint8_t))
 		{
@@ -1197,7 +1231,7 @@ static int dgram_sctp_read(BIO *b, char
 			ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
 			OPENSSL_assert(ii >= 0);
 
-			for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+			for (p = (unsigned char*) authchunks->gauth_chunks;
 				 p < (unsigned char*) authchunks + optlen;
 				 p += sizeof(uint8_t))
 				{
@@ -1367,6 +1401,10 @@ static long dgram_sctp_ctrl(BIO *b, int
 		 * Returns always 1.
 		 */
 		break;
+	case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+		/* We allow transport protocol fragmentation so this is irrelevant */
+		ret = 0;
+		break;
 	case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
 		if (num > 0)
 			data->in_handshake = 1;
@@ -1399,6 +1437,7 @@ static long dgram_sctp_ctrl(BIO *b, int
 		memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
 
 		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len);
+		OPENSSL_free(authkey);
 		if (ret < 0) break;
 
 		/* Reset active key */
diff -up openssl-1.0.1e/ssl/d1_both.c.sctp openssl-1.0.1e/ssl/d1_both.c
--- openssl-1.0.1e/ssl/d1_both.c.sctp	2016-04-07 14:09:35.193261496 +0200
+++ openssl-1.0.1e/ssl/d1_both.c	2016-04-07 14:11:18.838592357 +0200
@@ -1458,14 +1458,17 @@ int dtls1_shutdown(SSL *s)
 	{
 	int ret;
 #ifndef OPENSSL_NO_SCTP
-	if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+	BIO *wbio;
+
+	wbio = SSL_get_wbio(s);
+	if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
 	    !(s->shutdown & SSL_SENT_SHUTDOWN))
 		{
-		ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+		ret = BIO_dgram_sctp_wait_for_dry(wbio);
 		if (ret < 0) return -1;
 
 		if (ret == 0)
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
+			BIO_ctrl(wbio, BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
 		}
 #endif
 	ret = ssl3_shutdown(s);
diff -up openssl-1.0.1e/ssl/d1_clnt.c.sctp openssl-1.0.1e/ssl/d1_clnt.c
--- openssl-1.0.1e/ssl/d1_clnt.c.sctp	2016-04-07 13:54:03.505275509 +0200
+++ openssl-1.0.1e/ssl/d1_clnt.c	2016-04-07 14:06:48.581511870 +0200
@@ -338,9 +338,13 @@ int dtls1_connect(SSL *s)
 					snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
 					         DTLS1_SCTP_AUTH_LABEL);
 
-					SSL_export_keying_material(s, sctpauthkey,
+					if (SSL_export_keying_material(s, sctpauthkey,
 					                           sizeof(sctpauthkey), labelbuffer,
-					                           sizeof(labelbuffer), NULL, 0, 0);
+					                           sizeof(labelbuffer), NULL, 0, 0) <= 0)
+						{
+						ret = -1;
+						goto end;
+						}
 
 					BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
 							 sizeof(sctpauthkey), sctpauthkey);
@@ -479,9 +483,13 @@ int dtls1_connect(SSL *s)
 			snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
 			         DTLS1_SCTP_AUTH_LABEL);
 
-			SSL_export_keying_material(s, sctpauthkey,
+			if (SSL_export_keying_material(s, sctpauthkey,
 			                           sizeof(sctpauthkey), labelbuffer,
-			                           sizeof(labelbuffer), NULL, 0, 0);
+			                           sizeof(labelbuffer), NULL, 0, 0) <= 0)
+				{
+				ret = -1;
+				goto end;
+				}
 
 			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
 					 sizeof(sctpauthkey), sctpauthkey);
@@ -538,13 +546,6 @@ int dtls1_connect(SSL *s)
 				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
 			if (ret <= 0) goto end;
 
-#ifndef OPENSSL_NO_SCTP
-			/* Change to new shared key of SCTP-Auth,
-			 * will be ignored if no SCTP used.
-			 */
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-
 			s->state=SSL3_ST_CW_FINISHED_A;
 			s->init_num=0;
 
@@ -571,6 +572,16 @@ int dtls1_connect(SSL *s)
 				goto end;
 				}
 			
+#ifndef OPENSSL_NO_SCTP
+				if (s->hit)
+					{
+					/* Change to new shared key of SCTP-Auth,
+					 * will be ignored if no SCTP used.
+					 */
+					BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+					}
+#endif
+
 			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
 			break;
 
@@ -613,6 +624,13 @@ int dtls1_connect(SSL *s)
 				}
 			else
 				{
+#ifndef OPENSSL_NO_SCTP
+				/* Change to new shared key of SCTP-Auth,
+				 * will be ignored if no SCTP used.
+				 */
+				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
 				/* Allow NewSessionTicket if ticket expected */
 				if (s->tlsext_ticket_expected)
diff -up openssl-1.0.1e/ssl/d1_srvr.c.sctp openssl-1.0.1e/ssl/d1_srvr.c
--- openssl-1.0.1e/ssl/d1_srvr.c.sctp	2016-04-07 13:54:03.529276050 +0200
+++ openssl-1.0.1e/ssl/d1_srvr.c	2016-04-07 14:08:56.110382568 +0200
@@ -395,9 +395,13 @@ int dtls1_accept(SSL *s)
 				snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
 				         DTLS1_SCTP_AUTH_LABEL);
 
-				SSL_export_keying_material(s, sctpauthkey,
+				if (SSL_export_keying_material(s, sctpauthkey,
 				                           sizeof(sctpauthkey), labelbuffer,
-				                           sizeof(labelbuffer), NULL, 0, 0);
+				                           sizeof(labelbuffer), NULL, 0, 0) <= 0)
+					{
+					ret = -1;
+					goto end;
+					}
 				
 				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
                          sizeof(sctpauthkey), sctpauthkey);
@@ -609,9 +613,13 @@ int dtls1_accept(SSL *s)
 			snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
 			         DTLS1_SCTP_AUTH_LABEL);
 
-			SSL_export_keying_material(s, sctpauthkey,
+			if (SSL_export_keying_material(s, sctpauthkey,
 			                           sizeof(sctpauthkey), labelbuffer,
-			                           sizeof(labelbuffer), NULL, 0, 0);
+			                           sizeof(labelbuffer), NULL, 0, 0) <= 0)
+				{
+				ret = -1;
+				goto end;
+				}
 
 			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
 			         sizeof(sctpauthkey), sctpauthkey);
@@ -713,10 +721,13 @@ int dtls1_accept(SSL *s)
 			if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-			/* Change to new shared key of SCTP-Auth,
-			 * will be ignored if no SCTP used.
-			 */
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+			if (!s->hit)
+				{
+				/* Change to new shared key of SCTP-Auth,
+				 * will be ignored if no SCTP used.
+				 */
+				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+				}
 #endif
 
 			s->state=SSL3_ST_SW_FINISHED_A;
@@ -741,7 +752,16 @@ int dtls1_accept(SSL *s)
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
 			if (s->hit)
+				{
 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+				/* Change to new shared key of SCTP-Auth,
+				 * will be ignored if no SCTP used.
+				 */
+				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+				}
 			else
 				{
 				s->s3->tmp.next_state=SSL_ST_OK;