25 files changed, 669 insertions, 238 deletions

diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index 7b93e0dbce..dddb07842b 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index 467e149947..d683ee43e1 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -403,6 +403,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
                         {
                         BIO_free_all(ssl->wbio);
                         }
+                if (b->next_bio != NULL)
+                        {
+                        CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
+                        }
                 ssl->wbio=NULL;
                 ssl->rbio=NULL;
                 break;
@@ -509,6 +513,7 @@ static int ssl_puts(BIO *bp, const char *str)
 
 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
         {
+#ifndef OPENSSL_NO_SOCK
         BIO *ret=NULL,*buf=NULL,*ssl=NULL;
 
         if ((buf=BIO_new(BIO_f_buffer())) == NULL)
@@ -521,6 +526,7 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
 err:
         if (buf != NULL) BIO_free(buf);
         if (ssl != NULL) BIO_free(ssl);
+#endif
         return(NULL);
         }
 
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
index 596d9001e6..edbe2f3a57 100644
--- a/src/lib/libssl/doc/standards.txt
+++ b/src/lib/libssl/doc/standards.txt
@@ -42,20 +42,9 @@ whole or at least great parts) in OpenSSL.
 2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
      January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
 
-2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski.
-     March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL)
-
 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
      March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
 
-2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
-     J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
-     RFC2313) (Status: INFORMATIONAL)
-
-2459 Internet X.509 Public Key Infrastructure Certificate and CRL
-     Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
-     (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
-
 PKCS#8: Private-Key Information Syntax Standard
 
 PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
@@ -65,6 +54,40 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
      C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
      STANDARD)
 
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+
+2898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
+     B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
+     INFORMATIONAL)
+
+2986 PKCS #10: Certification Request Syntax Specification Version 1.7.
+     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
+     (Obsoletes RFC2314) (Status: INFORMATIONAL)
+
+3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
+     September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
+
+3268 Advanced Encryption Standard (AES) Ciphersuites for Transport
+     Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
+     (Status: PROPOSED STANDARD)
+
+3279 Algorithms and Identifiers for the Internet X.509 Public Key
+     Infrastructure Certificate and Certificate Revocation List (CRL)
+     Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
+     TXT=53833 bytes) (Status: PROPOSED STANDARD)
+
+3280 Internet X.509 Public Key Infrastructure Certificate and
+     Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
+     Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
+     RFC2459) (Status: PROPOSED STANDARD)
+
+3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
+     Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
+     (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
+     INFORMATIONAL)                                         
+
 
 Related:
 --------
@@ -90,23 +113,60 @@ STARTTLS documents.
      Certification and Related Services. B. Kaliski. February 1993.
      (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
 
-2256 A Summary of the X.500(96) User Schema for use with LDAPv3. M.
-     Wahl. December 1997. (Format: TXT=32377 bytes) (Status: PROPOSED
-     STANDARD)
+2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
+     1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
+
+2510 Internet X.509 Public Key Infrastructure Certificate Management
+     Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
+     bytes) (Status: PROPOSED STANDARD)
+
+2511 Internet X.509 Certificate Request Message Format. M. Myers, C.
+     Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
+     (Status: PROPOSED STANDARD)
+
+2527 Internet X.509 Public Key Infrastructure Certificate Policy and
+     Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
+     (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
 
-2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
-     January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
+2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
+     3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
+     PROPOSED STANDARD)
+
+2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
+     D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
+     PROPOSED STANDARD)
+
+2559 Internet X.509 Public Key Infrastructure Operational Protocols -
+     LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
+     TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
 
 2585 Internet X.509 Public Key Infrastructure Operational Protocols:
      FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
      bytes) (Status: PROPOSED STANDARD)
 
+2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
+     Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
+     (Status: PROPOSED STANDARD)
+
 2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
      (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
 
-2712 Addition of Kerberos Cipher Suites to Transport Layer Security
-     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
-     (Status: PROPOSED STANDARD)
+2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
+     (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
+
+2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
+     1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
+
+2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
+     1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
+
+2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
+     February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
+     EXPERIMENTAL)
+
+2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
+     Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
+     PROPOSED STANDARD)
 
 2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
      2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
@@ -115,6 +175,77 @@ STARTTLS documents.
 2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
      (Status: INFORMATIONAL)
 
+2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
+     2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
+
+2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
+     October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
+
+2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
+     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
+     (Status: INFORMATIONAL)
+
+3029 Internet X.509 Public Key Infrastructure Data Validation and
+     Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
+     R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
+     EXPERIMENTAL)
+
+3039 Internet X.509 Public Key Infrastructure Qualified Certificates
+     Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
+     (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
+
+3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
+     Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
+     (Status: INFORMATIONAL)
+
+3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
+     (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
+     (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
+
+3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
+     October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
+
+3207 SMTP Service Extension for Secure SMTP over Transport Layer
+     Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
+     (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
+
+3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
+     (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
+
+3274 Compressed Data Content Type for Cryptographic Message Syntax
+     (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
+     PROPOSED STANDARD)
+
+3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
+     Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
+     Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
+     INFORMATIONAL)
+
+3281 An Internet Attribute Certificate Profile for Authorization. S.
+     Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
+     PROPOSED STANDARD)
+
+3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
+     (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
+     PROPOSED STANDARD)
+
+3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
+     2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
+     PROPOSED STANDARD)
+
+3377 Lightweight Directory Access Protocol (v3): Technical
+     Specification. J. Hodges, R. Morgan. September 2002. (Format:
+     TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
+     RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
+
+3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
+     R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
+     INFORMATIONAL)
+
+3436 Transport Layer Security over Stream Control Transmission
+     Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
+     (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
+
   "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
  
 
@@ -124,7 +255,3 @@ To be implemented:
 These are documents that describe things that are planed to be
 implemented in the hopefully short future.
 
-2712 Addition of Kerberos Cipher Suites to Transport Layer Security
-     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
-     (Status: PROPOSED STANDARD)
-
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 019e9aecee..64ee4269ec 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -87,18 +87,25 @@ SSL_METHOD *SSLv23_client_method(void)
 
         if (init)
                 {
-                memcpy((char *)&SSLv23_client_data,
-                        (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                SSLv23_client_data.ssl_connect=ssl23_connect;
-                SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
-                init=0;
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv23_client_data,
+                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+                        SSLv23_client_data.ssl_connect=ssl23_connect;
+                        SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                 }
         return(&SSLv23_client_data);
         }
 
 int ssl23_connect(SSL *s)
         {
-        BUF_MEM *buf;
+        BUF_MEM *buf=NULL;
         unsigned long Time=time(NULL);
         void (*cb)(const SSL *ssl,int type,int val)=NULL;
         int ret= -1;
@@ -152,6 +159,7 @@ int ssl23_connect(SSL *s)
                                         goto end;
                                         }
                                 s->init_buf=buf;
+                                buf=NULL;
                                 }
 
                         if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -200,6 +208,8 @@ int ssl23_connect(SSL *s)
                 }
 end:
         s->in_handshake--;
+        if (buf != NULL)
+                BUF_MEM_free(buf);
         if (cb != NULL)
                 cb(s,SSL_CB_CONNECT_EXIT,ret);
         return(ret);
@@ -363,7 +373,7 @@ static int ssl23_get_server_hello(SSL *s)
 
                 if (s->s3 != NULL) ssl3_free(s);
 
-                if (!BUF_MEM_grow(s->init_buf,
+                if (!BUF_MEM_grow_clean(s->init_buf,
                         SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
                         {
                         SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 8743b61cbb..c5404ca0bc 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -139,11 +139,18 @@ SSL_METHOD *SSLv23_server_method(void)
 
         if (init)
                 {
-                memcpy((char *)&SSLv23_server_data,
-                        (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                SSLv23_server_data.ssl_accept=ssl23_accept;
-                SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
-                init=0;
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv23_server_data,
+                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+                        SSLv23_server_data.ssl_accept=ssl23_accept;
+                        SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                 }
         return(&SSLv23_server_data);
         }
@@ -505,7 +512,7 @@ int ssl23_get_client_hello(SSL *s)
 
                 if (s->s3 != NULL) ssl3_free(s);
 
-                if (!BUF_MEM_grow(s->init_buf,
+                if (!BUF_MEM_grow_clean(s->init_buf,
                         SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
                         {
                         goto err;
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 8864366f59..64d317b7ac 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -268,16 +268,23 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
         X509_STORE_CTX xs_ctx;
         X509_OBJECT obj;
 
+        int no_chain;
+
+        if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
+                no_chain = 1;
+        else
+                no_chain = 0;
+
         /* TLSv1 sends a chain with nothing in it, instead of an alert */
         buf=s->init_buf;
-        if (!BUF_MEM_grow(buf,(int)(10)))
+        if (!BUF_MEM_grow_clean(buf,10))
                 {
                 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                 return(0);
                 }
         if (x != NULL)
                 {
-                if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
                         {
                         SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
                         return(0);
@@ -286,7 +293,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                 for (;;)
                         {
                         n=i2d_X509(x,NULL);
-                        if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                                 {
                                 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                                 return(0);
@@ -295,6 +302,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                         l2n3(n,p);
                         i2d_X509(x,&p);
                         l+=n+3;
+
+                        if (no_chain)
+                                break;
+
                         if (X509_NAME_cmp(X509_get_subject_name(x),
                                 X509_get_issuer_name(x)) == 0) break;
 
@@ -306,8 +317,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                          * ref count */
                         X509_free(x);
                         }
-
-                X509_STORE_CTX_cleanup(&xs_ctx);
+                if (!no_chain)
+                        X509_STORE_CTX_cleanup(&xs_ctx);
                 }
 
         /* Thawte special :-) */
@@ -316,7 +327,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                 {
                 x=sk_X509_value(s->ctx->extra_certs,i);
                 n=i2d_X509(x,NULL);
-                if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                         {
                         SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                         return(0);
@@ -439,7 +450,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                         SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
                         goto f_err;
                         }
-                if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
+                if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
                         {
                         SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
                         goto err;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 2b58482484..fae8eadada 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -146,18 +146,25 @@ SSL_METHOD *SSLv3_client_method(void)
 
         if (init)
                 {
-                init=0;
-                memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
-                        sizeof(SSL_METHOD));
-                SSLv3_client_data.ssl_connect=ssl3_connect;
-                SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+                                sizeof(SSL_METHOD));
+                        SSLv3_client_data.ssl_connect=ssl3_connect;
+                        SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                 }
         return(&SSLv3_client_data);
         }
 
 int ssl3_connect(SSL *s)
         {
-        BUF_MEM *buf;
+        BUF_MEM *buf=NULL;
         unsigned long Time=time(NULL),l;
         long num1;
         void (*cb)(const SSL *ssl,int type,int val)=NULL;
@@ -218,6 +225,7 @@ int ssl3_connect(SSL *s)
                                         goto end;
                                         }
                                 s->init_buf=buf;
+                                buf=NULL;
                                 }
 
                         if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -496,6 +504,8 @@ int ssl3_connect(SSL *s)
                 }
 end:
         s->in_handshake--;
+        if (buf != NULL)
+                BUF_MEM_free(buf);
         if (cb != NULL)
                 cb(s,SSL_CB_CONNECT_EXIT,ret);
         return(ret);
@@ -632,30 +642,20 @@ static int ssl3_get_server_hello(SSL *s)
         /* get the session-id */
         j= *(p++);
 
-       if(j > sizeof s->session->session_id)
-               {
-               al=SSL_AD_ILLEGAL_PARAMETER;
-               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
-               goto f_err;
-               }
-
-        if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+        if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
                 {
-                /* SSLref returns 16 :-( */
-                if (j < SSL2_SSL_SESSION_ID_LENGTH)
-                        {
-                        al=SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
-                        goto f_err;
-                        }
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+                goto f_err;
                 }
+
         if (j != 0 && j == s->session->session_id_length
             && memcmp(p,s->session->session_id,j) == 0)
             {
             if(s->sid_ctx_length != s->session->sid_ctx_length
                || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
                 {
+                /* actually a client application bug */
                 al=SSL_AD_ILLEGAL_PARAMETER;
                 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
                 goto f_err;
@@ -699,7 +699,12 @@ static int ssl3_get_server_hello(SSL *s)
                 goto f_err;
                 }
 
-        if (s->hit && (s->session->cipher != c))
+        /* Depending on the session caching (internal/external), the cipher
+           and/or cipher_id values may not be set. Make sure that
+           cipher_id is set and use it for comparison. */
+        if (s->session->cipher)
+                s->session->cipher_id = s->session->cipher->id;
+        if (s->hit && (s->session->cipher_id != c->id))
                 {
                 if (!(s->options &
                         SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
@@ -1457,16 +1462,16 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                 
                         tmp_buf[0]=s->client_version>>8;
                         tmp_buf[1]=s->client_version&0xff;
-                        if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
+                        if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
                                         goto err;
 
-                        s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+                        s->session->master_key_length=sizeof tmp_buf;
 
                         q=p;
                         /* Fix buf for TLS and beyond */
                         if (s->version > SSL3_VERSION)
                                 p+=2;
-                        n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
+                        n=RSA_public_encrypt(sizeof tmp_buf,
                                 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
 #ifdef PKCS1_CHECK
                         if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
@@ -1488,8 +1493,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
                         s->session->master_key_length=
                                 s->method->ssl3_enc->generate_master_secret(s,
                                         s->session->master_key,
-                                        tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
-                        memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+                                        tmp_buf,sizeof tmp_buf);
+                        OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
                         }
 #endif
 #ifndef OPENSSL_NO_KRB5
@@ -1585,7 +1590,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                 n+=2;
                                 }
  
-                        if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0)
+                        if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
                             goto err;
 
                         /*  20010420 VRS.  Tried it this way; failed.
@@ -1595,11 +1600,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
                         **      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
                         */
 
-                        memset(iv, 0, EVP_MAX_IV_LENGTH);  /* per RFC 1510 */
+                        memset(iv, 0, sizeof iv);  /* per RFC 1510 */
                         EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
                                 kssl_ctx->key,iv);
                         EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
-                                SSL_MAX_MASTER_KEY_LENGTH);
+                                sizeof tmp_buf);
                         EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                         outl += padl;
                         if (outl > sizeof epms)
@@ -1618,10 +1623,10 @@ static int ssl3_send_client_key_exchange(SSL *s)
                         s->session->master_key_length=
                                 s->method->ssl3_enc->generate_master_secret(s,
                                         s->session->master_key,
-                                        tmp_buf, SSL_MAX_MASTER_KEY_LENGTH);
+                                        tmp_buf, sizeof tmp_buf);
 
-                        memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH);
-                        memset(epms, 0, outl);
+                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+                        OPENSSL_cleanse(epms, outl);
                         }
 #endif
 #ifndef OPENSSL_NO_DH
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 14b2f13ae2..896b12fc4f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -512,6 +512,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
+#if 0
 /* Cipher 1E */
         {
         0,
@@ -525,55 +526,70 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
+#endif
 
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers
 ** 20000107 VRS: And the first shall be last,
 ** in hopes of avoiding the lynx ssl renegotiation problem.
 */
-/* Cipher 21 VRS */
+/* Cipher 1E VRS */
         {
         1,
-        SSL3_TXT_KRB5_DES_40_CBC_SHA,
-        SSL3_CK_KRB5_DES_40_CBC_SHA,
+        SSL3_TXT_KRB5_DES_64_CBC_SHA,
+        SSL3_CK_KRB5_DES_64_CBC_SHA,
         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
+        SSL_NOT_EXP|SSL_LOW,
         0,
-        40,
+        56,
         56,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 22 VRS */
+/* Cipher 1F VRS */
         {
         1,
-        SSL3_TXT_KRB5_DES_40_CBC_MD5,
-        SSL3_CK_KRB5_DES_40_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
+        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+        SSL3_CK_KRB5_DES_192_CBC3_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
         0,
-        40,
-        56,
+        112,
+        168,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 23 VRS */
+/* Cipher 20 VRS */
         {
         1,
-        SSL3_TXT_KRB5_DES_64_CBC_SHA,
-        SSL3_CK_KRB5_DES_64_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW,
+        SSL3_TXT_KRB5_RC4_128_SHA,
+        SSL3_CK_KRB5_RC4_128_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
         0,
-        56,
-        56,
+        128,
+        128,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 24 VRS */
+/* Cipher 21 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+        SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 22 VRS */
         {
         1,
         SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -587,12 +603,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 25 VRS */
+/* Cipher 23 VRS */
         {
         1,
-        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-        SSL3_CK_KRB5_DES_192_CBC3_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+        SSL3_CK_KRB5_DES_192_CBC3_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH,
         0,
         112,
@@ -601,16 +617,114 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
+/* Cipher 24 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_128_MD5,
+        SSL3_CK_KRB5_RC4_128_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 25 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+        SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
 /* Cipher 26 VRS */
         {
         1,
-        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-        SSL3_CK_KRB5_DES_192_CBC3_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL3_TXT_KRB5_DES_40_CBC_SHA,
+        SSL3_CK_KRB5_DES_40_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
         0,
-        112,
-        168,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 27 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+        SSL3_CK_KRB5_RC2_40_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 28 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_SHA,
+        SSL3_CK_KRB5_RC4_40_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 29 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_40_CBC_MD5,
+        SSL3_CK_KRB5_DES_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 2A VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+        SSL3_CK_KRB5_RC2_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 2B VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_MD5,
+        SSL3_CK_KRB5_RC4_40_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
@@ -986,7 +1100,7 @@ void ssl3_free(SSL *s)
                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
         EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
         EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-        memset(s->s3,0,sizeof *s->s3);
+        OPENSSL_cleanse(s->s3,sizeof *s->s3);
         OPENSSL_free(s->s3);
         s->s3=NULL;
         }
@@ -1341,16 +1455,19 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
                 {
                 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 
-                for (i=0; i<SSL3_NUM_CIPHERS; i++)
-                        sorted[i]= &(ssl3_ciphers[i]);
+                if (init)
+                        {
+                        for (i=0; i<SSL3_NUM_CIPHERS; i++)
+                                sorted[i]= &(ssl3_ciphers[i]);
 
-                qsort(  (char *)sorted,
-                        SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                        FP_ICC ssl_cipher_ptr_id_cmp);
+                        qsort(sorted,
+                                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                                FP_ICC ssl_cipher_ptr_id_cmp);
 
+                        init=0;
+                        }
+                
                 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
-                init=0;
                 }
 
         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 6ccea9aee5..3f88429e79 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -238,6 +238,8 @@ static int ssl3_get_record(SSL *s)
         unsigned int mac_size;
         int clear=0;
         size_t extra;
+        int decryption_failed_or_bad_record_mac = 0;
+        unsigned char *mac = NULL;
 
         rr= &(s->s3->rrec);
         sess=s->session;
@@ -353,8 +355,11 @@ again:
                         /* SSLerr() and ssl3_send_alert() have been called */
                         goto err;
 
-                /* otherwise enc_err == -1 */
-                goto decryption_failed_or_bad_record_mac;
+                /* Otherwise enc_err == -1, which indicates bad padding
+                 * (rec->length has not been changed in this case).
+                 * To minimize information leaked via timing, we will perform
+                 * the MAC computation anyway. */
+                decryption_failed_or_bad_record_mac = 1;
                 }
 
 #ifdef TLS_DEBUG
@@ -380,28 +385,46 @@ printf("\n");
                         SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
                         goto f_err;
 #else
-                        goto decryption_failed_or_bad_record_mac;
+                        decryption_failed_or_bad_record_mac = 1;
 #endif                  
                         }
                 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-                if (rr->length < mac_size)
+                if (rr->length >= mac_size)
                         {
+                        rr->length -= mac_size;
+                        mac = &rr->data[rr->length];
+                        }
+                else
+                        {
+                        /* record (minus padding) is too short to contain a MAC */
 #if 0 /* OK only for stream ciphers */
                         al=SSL_AD_DECODE_ERROR;
                         SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
                         goto f_err;
 #else
-                        goto decryption_failed_or_bad_record_mac;
+                        decryption_failed_or_bad_record_mac = 1;
+                        rr->length = 0;
 #endif
                         }
-                rr->length-=mac_size;
                 i=s->method->ssl3_enc->mac(s,md,0);
-                if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+                if (mac == NULL || memcmp(md, mac, mac_size) != 0)
                         {
-                        goto decryption_failed_or_bad_record_mac;
+                        decryption_failed_or_bad_record_mac = 1;
                         }
                 }
 
+        if (decryption_failed_or_bad_record_mac)
+                {
+                /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+                 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+                 * failure is directly visible from the ciphertext anyway,
+                 * we should not reveal which kind of error occured -- this
+                 * might become visible to an attacker (e.g. via a logfile) */
+                al=SSL_AD_BAD_RECORD_MAC;
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                goto f_err;
+                }
+
         /* r->length is now just compressed */
         if (s->expand != NULL)
                 {
@@ -443,14 +466,6 @@ printf("\n");
 
         return(1);
 
-decryption_failed_or_bad_record_mac:
-        /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
-         * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
-         * failure is directly visible from the ciphertext anyway,
-         * we should not reveal which kind of error occured -- this
-         * might become visible to an attacker (e.g. via logfile) */
-        al=SSL_AD_BAD_RECORD_MAC;
-        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
 f_err:
         ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 20d716fb1b..58cf774967 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -152,11 +152,18 @@ SSL_METHOD *SSLv3_server_method(void)
 
         if (init)
                 {
-                memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
-                        sizeof(SSL_METHOD));
-                SSLv3_server_data.ssl_accept=ssl3_accept;
-                SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-                init=0;
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+                                sizeof(SSL_METHOD));
+                        SSLv3_server_data.ssl_accept=ssl3_accept;
+                        SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+                        init=0;
+                        }
+                        
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                 }
         return(&SSLv3_server_data);
         }
@@ -1171,7 +1178,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                         kn=0;
                         }
 
-                if (!BUF_MEM_grow(buf,n+4+kn))
+                if (!BUF_MEM_grow_clean(buf,n+4+kn))
                         {
                         SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
                         goto err;
@@ -1298,7 +1305,7 @@ static int ssl3_send_certificate_request(SSL *s)
                                 {
                                 name=sk_X509_NAME_value(sk,i);
                                 j=i2d_X509_NAME(name,NULL);
-                                if (!BUF_MEM_grow(buf,4+n+j+2))
+                                if (!BUF_MEM_grow_clean(buf,4+n+j+2))
                                         {
                                         SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
                                         goto err;
@@ -1440,7 +1447,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 if (i != SSL_MAX_MASTER_KEY_LENGTH)
                         {
                         al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+                        /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
                         }
 
                 if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
@@ -1456,37 +1463,35 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                 (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
                                 {
                                 al=SSL_AD_DECODE_ERROR;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
-                                goto f_err;
+                                /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
+
+                                /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+                                 * (http://eprint.iacr.org/2003/052/) exploits the version
+                                 * number check as a "bad version oracle" -- an alert would
+                                 * reveal that the plaintext corresponding to some ciphertext
+                                 * made up by the adversary is properly formatted except
+                                 * that the version number is wrong.  To avoid such attacks,
+                                 * we should treat this just like any other decryption error. */
                                 }
                         }
 
                 if (al != -1)
                         {
-#if 0
-                        goto f_err;
-#else
                         /* Some decryption failure -- use random value instead as countermeasure
                          * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
-                         * (see RFC 2246, section 7.4.7.1).
-                         * But note that due to length and protocol version checking, the
-                         * attack is impractical anyway (see section 5 in D. Bleichenbacher:
-                         * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
-                         * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
-                         */
+                         * (see RFC 2246, section 7.4.7.1). */
                         ERR_clear_error();
                         i = SSL_MAX_MASTER_KEY_LENGTH;
                         p[0] = s->client_version >> 8;
                         p[1] = s->client_version & 0xff;
                         RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
-#endif
                         }
         
                 s->session->master_key_length=
                         s->method->ssl3_enc->generate_master_secret(s,
                                 s->session->master_key,
                                 p,i);
-                memset(p,0,i);
+                OPENSSL_cleanse(p,i);
                 }
         else
 #endif
@@ -1549,7 +1554,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 s->session->master_key_length=
                         s->method->ssl3_enc->generate_master_secret(s,
                                 s->session->master_key,p,i);
-                memset(p,0,i);
+                OPENSSL_cleanse(p,i);
                 }
         else
 #endif
@@ -1652,7 +1657,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 if (enc == NULL)
                     goto err;
 
-                memset(iv, 0, EVP_MAX_IV_LENGTH);       /* per RFC 1510 */
+                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
 
                 if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
                         {
@@ -1740,7 +1745,7 @@ static int ssl3_get_cert_verify(SSL *s)
                 SSL3_ST_SR_CERT_VRFY_A,
                 SSL3_ST_SR_CERT_VRFY_B,
                 -1,
-                512, /* 512? */
+                514, /* 514? */
                 &ok);
 
         if (!ok) return((int)n);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index e9d1e896d7..4ae8458259 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -204,6 +204,22 @@ extern "C" {
 
 /*    VRS Additional Kerberos5 entries
  */
+#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
+#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
+#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
+#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
+
+#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
+
 #define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
 #define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
 #define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
@@ -299,9 +315,7 @@ extern "C" {
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
 #include <openssl/buffer.h>
-#include <openssl/bio.h>
 #include <openssl/pem.h>
-#include <openssl/x509.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -507,6 +521,8 @@ typedef struct ssl_session_st
 /* Never bother the application with retries if the transport
  * is blocking: */
 #define SSL_MODE_AUTO_RETRY 0x00000004L
+/* Don't attempt to automatically build certificate chain */
+#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
 
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
@@ -704,10 +720,11 @@ struct ssl_ctx_st
 #define SSL_SESS_CACHE_SERVER                   0x0002
 #define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
 #define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
-/* This one, when set, makes the server session-id lookup not look
- * in the cache.  If there is an application get_session callback
- * defined, this will still get called. */
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
 #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+#define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
+#define SSL_SESS_CACHE_NO_INTERNAL \
+        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
 
   struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_number(ctx) \
@@ -1212,14 +1229,12 @@ int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
                                             const char *file);
-#ifndef OPENSSL_SYS_WIN32
 #ifndef OPENSSL_SYS_VMS
 #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
 int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
                                            const char *dir);
 #endif
 #endif
-#endif
 
 #endif
 
@@ -1688,6 +1703,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_LENGTH_TOO_SHORT                           160
 #define SSL_R_LIBRARY_BUG                                274
 #define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+#define SSL_R_MASTER_KEY_TOO_LONG                        1112
 #define SSL_R_MESSAGE_TOO_LONG                           1111
 #define SSL_R_MISSING_DH_DSA_CERT                        162
 #define SSL_R_MISSING_DH_KEY                             163
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 8fd6951d77..1153aeda74 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -156,23 +156,29 @@ extern "C" {
 
 #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
 #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+         of the ietf-tls list */
 #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#endif
 
 /*    VRS Additional Kerberos5 entries
  */
-#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000021
-#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000022
-#define SSL3_CK_KRB5_DES_64_CBC_SHA             0x03000023
-#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000024
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x03000025
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000026
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
+#define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
+#define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
+#define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
+#define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
+#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
+#define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
+#define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
+
+#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
+#define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
+#define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
+#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
+#define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
+#define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
 
 #define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
 #define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
@@ -209,6 +215,22 @@ extern "C" {
 #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
 #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
 
+#define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
+#define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
+
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
+#define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
+#define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
+
 #define SSL3_SSL_SESSION_ID_LENGTH              32
 #define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
 
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 3723fc2e37..16bc11b559 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -299,6 +299,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
                 os.length = sizeof ret->session_id;
 
         ret->session_id_length=os.length;
+        OPENSSL_assert(os.length <= sizeof ret->session_id);
         memcpy(ret->session_id,os.data,os.length);
 
         M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -370,9 +371,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         if(os.data != NULL)
             {
             if (os.length > SSL_MAX_SID_CTX_LENGTH)
+                {
+                ret->sid_ctx_length=os.length;
                 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
-            ret->sid_ctx_length=os.length;
-            memcpy(ret->sid_ctx,os.data,os.length);
+                }
+            else
+                {
+                ret->sid_ctx_length=os.length;
+                memcpy(ret->sid_ctx,os.data,os.length);
+                }
             OPENSSL_free(os.data); os.data=NULL; os.length=0;
             }
         else
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 3d31bbf05f..da90078a37 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -781,7 +781,7 @@ err:
 #endif
 #endif
 
-#else
+#else /* OPENSSL_SYS_WIN32 */
 
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir)
@@ -789,10 +789,30 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
         WIN32_FIND_DATA FindFileData;
         HANDLE hFind;
         int ret = 0;
+#ifdef OPENSSL_SYS_WINCE
+        WCHAR* wdir = NULL;
+#endif
 
         CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
         
+#ifdef OPENSSL_SYS_WINCE
+        /* convert strings to UNICODE */
+        {
+                BOOL result = FALSE;
+                int i;
+                wdir = malloc((strlen(dir)+1)*2);
+                if (wdir == NULL)
+                        goto err_noclose;
+                for (i=0; i<(int)strlen(dir)+1; i++)
+                        wdir[i] = (short)dir[i];
+        }
+#endif
+
+#ifdef OPENSSL_SYS_WINCE
+        hFind = FindFirstFile(wdir, &FindFileData);
+#else
         hFind = FindFirstFile(dir, &FindFileData);
+#endif
         /* Note that a side effect is that the CAs will be sorted by name */
         if(hFind == INVALID_HANDLE_VALUE)
                 {
@@ -807,7 +827,11 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                 char buf[1024];
                 int r;
                 
+#ifdef OPENSSL_SYS_WINCE
+                if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)
+#else
                 if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)
+#endif
                         {
                         SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
                         goto err;
@@ -825,6 +849,10 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 err:    
         FindClose(hFind);
 err_noclose:
+#ifdef OPENSSL_SYS_WINCE
+        if (wdir != NULL)
+                free(wdir);
+#endif
         CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
         return ret;
         }
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 37f58886a6..888b667fa1 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -668,13 +668,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                          * So additionally check whether the cipher name found
                          * has the correct length. We can save a strlen() call:
                          * just checking for the '\0' at the right place is
-                         * sufficient, we have to strncmp() anyway.
+                         * sufficient, we have to strncmp() anyway. (We cannot
+                         * use strcmp(), because buf is not '\0' terminated.)
                          */
                          j = found = 0;
                          while (ca_list[j])
                                 {
-                                if ((ca_list[j]->name[buflen] == '\0') &&
-                                    !strncmp(buf, ca_list[j]->name, buflen))
+                                if (!strncmp(buf, ca_list[j]->name, buflen) &&
+                                    (ca_list[j]->name[buflen] == '\0'))
                                         {
                                         found = 1;
                                         break;
@@ -751,7 +752,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
          */
         if (rule_str == NULL) return(NULL);
 
-        if (init_ciphers) load_ciphers();
+        if (init_ciphers)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+                if (init_ciphers) load_ciphers();
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+                }
 
         /*
          * To reduce the work to do we only want to process the compiled
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 7067a745f3..d2cb181503 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -296,6 +296,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
 {SSL_R_LIBRARY_BUG                       ,"library bug"},
 {SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
+{SSL_R_MASTER_KEY_TOO_LONG               ,"master key too long"},
 {SSL_R_MESSAGE_TOO_LONG                  ,"message too long"},
 {SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
 {SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4bc4ce5b3a..ddd8114587 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -121,6 +121,7 @@
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
+#include "cryptlib.h"
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
@@ -273,6 +274,7 @@ SSL *SSL_new(SSL_CTX *ctx)
         s->verify_mode=ctx->verify_mode;
         s->verify_depth=ctx->verify_depth;
         s->sid_ctx_length=ctx->sid_ctx_length;
+        OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
         memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
         s->verify_callback=ctx->default_verify_callback;
         s->generate_session_id=ctx->generate_session_id;
@@ -314,7 +316,7 @@ err:
 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
                                    unsigned int sid_ctx_len)
     {
-    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+    if(sid_ctx_len > sizeof ctx->sid_ctx)
         {
         SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
         return 0;
@@ -364,6 +366,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
          * any new session built out of this id/id_len and the ssl_version in
          * use by this SSL. */
         SSL_SESSION r, *p;
+
+        if(id_len > sizeof r.session_id)
+                return 0;
+
         r.ssl_version = ssl->version;
         r.session_id_length = id_len;
         memcpy(r.session_id, id, id_len);
@@ -1063,14 +1069,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
  * preference */
 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
         {
-        if ((s != NULL) && (s->cipher_list != NULL))
-                {
-                return(s->cipher_list);
-                }
-        else if ((s->ctx != NULL) &&
-                (s->ctx->cipher_list != NULL))
+        if (s != NULL)
                 {
-                return(s->ctx->cipher_list);
+                if (s->cipher_list != NULL)
+                        {
+                        return(s->cipher_list);
+                        }
+                else if ((s->ctx != NULL) &&
+                        (s->ctx->cipher_list != NULL))
+                        {
+                        return(s->ctx->cipher_list);
+                        }
                 }
         return(NULL);
         }
@@ -1079,14 +1088,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
  * algorithm id */
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
         {
-        if ((s != NULL) && (s->cipher_list_by_id != NULL))
-                {
-                return(s->cipher_list_by_id);
-                }
-        else if ((s != NULL) && (s->ctx != NULL) &&
-                (s->ctx->cipher_list_by_id != NULL))
+        if (s != NULL)
                 {
-                return(s->ctx->cipher_list_by_id);
+                if (s->cipher_list_by_id != NULL)
+                        {
+                        return(s->cipher_list_by_id);
+                        }
+                else if ((s->ctx != NULL) &&
+                        (s->ctx->cipher_list_by_id != NULL))
+                        {
+                        return(s->ctx->cipher_list_by_id);
+                        }
                 }
         return(NULL);
         }
@@ -1652,7 +1664,7 @@ void ssl_update_cache(SSL *s,int mode)
 
         i=s->ctx->session_cache_mode;
         if ((i & mode) && (!s->hit)
-                && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+                && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
                     || SSL_CTX_add_session(s->ctx,s->session))
                 && (s->ctx->new_session_cb != NULL))
                 {
@@ -1884,6 +1896,7 @@ SSL *SSL_dup(SSL *s)
                  * they should not both point to the same object,
                  * and thus we can't use SSL_copy_session_id. */
 
+                ret->method->ssl_free(ret);
                 ret->method = s->method;
                 ret->method->ssl_new(ret);
 
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index ca1a7427be..fbc30b94e6 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -309,9 +309,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
                         if (copy)
                                 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 
-                        /* The following should not return 1, otherwise,
-                         * things are very strange */
-                        SSL_CTX_add_session(s->ctx,ret);
+                        /* Add the externally cached session to the internal
+                         * cache as well if and only if we are supposed to. */
+                        if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+                                /* The following should not return 1, otherwise,
+                                 * things are very strange */
+                                SSL_CTX_add_session(s->ctx,ret);
                         }
                 if (ret == NULL)
                         goto err;
@@ -525,13 +528,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 
         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
-        memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
-        memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
-        memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+        OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+        OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+        OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
         if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
         if (ss->peer != NULL) X509_free(ss->peer);
         if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-        memset(ss,0,sizeof(*ss));
+        OPENSSL_cleanse(ss,sizeof(*ss));
         OPENSSL_free(ss);
         }
 
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
index 9ad518f9f4..57205fb429 100644
--- a/src/lib/libssl/t1_clnt.c
+++ b/src/lib/libssl/t1_clnt.c
@@ -79,11 +79,18 @@ SSL_METHOD *TLSv1_client_method(void)
 
         if (init)
                 {
-                memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
-                        sizeof(SSL_METHOD));
-                TLSv1_client_data.ssl_connect=ssl3_connect;
-                TLSv1_client_data.get_ssl_method=tls1_get_client_method;
-                init=0;
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+                                sizeof(SSL_METHOD));
+                        TLSv1_client_data.ssl_connect=ssl3_connect;
+                        TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+                        init=0;
+                        }
+                
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                 }
         return(&TLSv1_client_data);
         }
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 5290bf6665..271e247eea 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -124,7 +124,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
         unsigned int j;
         HMAC_CTX ctx;
         HMAC_CTX ctx_tmp;
-        unsigned char A1[HMAC_MAX_MD_CBLOCK];
+        unsigned char A1[EVP_MAX_MD_SIZE];
         unsigned int A1_len;
         
         chunk=EVP_MD_size(md);
@@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
                 }
         HMAC_CTX_cleanup(&ctx);
         HMAC_CTX_cleanup(&ctx_tmp);
-        memset(A1,0,sizeof(A1));
+        OPENSSL_cleanse(A1,sizeof(A1));
         }
 
 static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
@@ -418,10 +418,10 @@ printf("\niv=");
 printf("\n");
 #endif
 
-        memset(tmp1,0,sizeof(tmp1));
-        memset(tmp2,0,sizeof(tmp1));
-        memset(iv1,0,sizeof(iv1));
-        memset(iv2,0,sizeof(iv2));
+        OPENSSL_cleanse(tmp1,sizeof(tmp1));
+        OPENSSL_cleanse(tmp2,sizeof(tmp1));
+        OPENSSL_cleanse(iv1,sizeof(iv1));
+        OPENSSL_cleanse(iv2,sizeof(iv2));
         return(1);
 err:
         SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -476,7 +476,7 @@ printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
         tls1_generate_key_block(s,p1,p2,num);
-        memset(p2,0,num);
+        OPENSSL_cleanse(p2,num);
         OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
@@ -683,10 +683,10 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 
         tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
                 s->session->master_key,s->session->master_key_length,
-                out,buf2,12);
+                out,buf2,sizeof buf2);
         EVP_MD_CTX_cleanup(&ctx);
 
-        return((int)12);
+        return sizeof buf2;
         }
 
 int tls1_mac(SSL *ssl, unsigned char *md, int send)
@@ -773,7 +773,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                 s->s3->server_random,SSL3_RANDOM_SIZE);
         tls1_PRF(s->ctx->md5,s->ctx->sha1,
                 buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
-                s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+                s->session->master_key,buff,sizeof buff);
 #ifdef KSSL_DEBUG
         printf ("tls1_generate_master_secret() complete\n");
 #endif  /* KSSL_DEBUG */
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
index 9bb36a7d1c..fcc243f782 100644
--- a/src/lib/libssl/t1_meth.c
+++ b/src/lib/libssl/t1_meth.c
@@ -76,13 +76,21 @@ SSL_METHOD *TLSv1_method(void)
 
         if (init)
                 {
-                memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
-                        sizeof(SSL_METHOD));
-                TLSv1_data.ssl_connect=ssl3_connect;
-                TLSv1_data.ssl_accept=ssl3_accept;
-                TLSv1_data.get_ssl_method=tls1_get_method;
-                init=0;
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+                
+                if (init)
+                        {
+                        memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+                                sizeof(SSL_METHOD));
+                        TLSv1_data.ssl_connect=ssl3_connect;
+                        TLSv1_data.ssl_accept=ssl3_accept;
+                        TLSv1_data.get_ssl_method=tls1_get_method;
+                        init=0;
+                        }
+
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                 }
+        
         return(&TLSv1_data);
         }
 
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
index 6e765e587f..1c1149e49f 100644
--- a/src/lib/libssl/t1_srvr.c
+++ b/src/lib/libssl/t1_srvr.c
@@ -80,11 +80,18 @@ SSL_METHOD *TLSv1_server_method(void)
 
         if (init)
                 {
-                memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
-                        sizeof(SSL_METHOD));
-                TLSv1_server_data.ssl_accept=ssl3_accept;
-                TLSv1_server_data.get_ssl_method=tls1_get_server_method;
-                init=0;
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+                if (init)
+                        {
+                        memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+                                sizeof(SSL_METHOD));
+                        TLSv1_server_data.ssl_accept=ssl3_accept;
+                        TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+                        init=0;
+                        }
+                        
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                 }
         return(&TLSv1_server_data);
         }
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
index 06ccb3b310..005c2f4822 100644
--- a/src/lib/libssl/test/methtest.c
+++ b/src/lib/libssl/test/methtest.c
@@ -96,10 +96,10 @@ char *argv[];
         METH_init(top);
         METH_control(tmp1,METH_CONTROL_DUMP,stdout);
         METH_control(tmp2,METH_CONTROL_DUMP,stdout);
-        exit(0);
+        EXIT(0);
 err:
         ERR_load_crypto_strings();
         ERR_print_errors_fp(stderr);
-        exit(1);
+        EXIT(1);
         return(0);
         }
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
index 55c496f4bc..3798543e04 100644
--- a/src/lib/libssl/test/testgen
+++ b/src/lib/libssl/test/testgen
@@ -27,6 +27,8 @@ fi
 
 echo "This could take some time."
 
+rm -f testkey.pem testreq.pem
+
 ../apps/openssl req -config test.cnf $req_new -out testreq.pem
 if [ $? != 0 ]; then
 echo problems creating request
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
index ba5e41c861..ca8e718022 100644
--- a/src/lib/libssl/test/testssl
+++ b/src/lib/libssl/test/testssl
@@ -121,8 +121,12 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
 #############################################################################
 
-echo test tls1 with 1024bit anonymous DH, multiple handshakes
-$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+if ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
 
 if ../apps/openssl no-rsa; then
   echo skipping RSA tests
@@ -130,8 +134,12 @@ else
   echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
   ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
 
-  echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  if ../apps/openssl no-dh; then
+    echo skipping RSA+DHE tests
+  else
+    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  fi
 fi
 
 exit 0