62 files changed, 13147 insertions, 1452 deletions

diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index e6afecc724..a2c4adcbe6 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index d683ee43e1..420deb7fc9 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -456,7 +456,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         case BIO_CTRL_SET_CALLBACK:
                 {
 #if 0 /* FIXME: Should this be used?  -- Richard Levitte */
-                BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                 ret = -1;
 #else
                 ret=0;
@@ -465,9 +465,9 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
         case BIO_CTRL_GET_CALLBACK:
                 {
-                void (**fptr)();
+                void (**fptr)(const SSL *xssl,int type,int val);
 
-                fptr=(void (**)())ptr;
+                fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
                 *fptr=SSL_get_info_callback(ssl);
                 }
                 break;
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
new file mode 100644
index 0000000000..15a201a25c
--- /dev/null
+++ b/src/lib/libssl/d1_both.c
@@ -0,0 +1,1193 @@
+/* ssl/d1_both.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+
+/* XDTLS:  figure out the right values */
+static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
+
+static unsigned int dtls1_min_mtu(void);
+static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
+static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 
+        unsigned long frag_len);
+static unsigned char *dtls1_write_message_header(SSL *s,
+        unsigned char *p);
+static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
+        unsigned long len, unsigned short seq_num, unsigned long frag_off, 
+        unsigned long frag_len);
+static int dtls1_retransmit_buffered_messages(SSL *s);
+static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 
+        long max, int *ok);
+
+static hm_fragment *
+dtls1_hm_fragment_new(unsigned long frag_len)
+        {
+        hm_fragment *frag = NULL;
+        unsigned char *buf = NULL;
+
+        frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
+        if ( frag == NULL)
+                return NULL;
+
+        if (frag_len)
+                {
+                buf = (unsigned char *)OPENSSL_malloc(frag_len);
+                if ( buf == NULL)
+                        {
+                        OPENSSL_free(frag);
+                        return NULL;
+                        }
+                }
+
+        /* zero length fragment gets zero frag->fragment */
+        frag->fragment = buf;
+
+        return frag;
+        }
+
+static void
+dtls1_hm_fragment_free(hm_fragment *frag)
+        {
+        if (frag->fragment) OPENSSL_free(frag->fragment);
+        OPENSSL_free(frag);
+        }
+
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+int dtls1_do_write(SSL *s, int type)
+        {
+        int ret;
+        int curr_mtu;
+        unsigned int len, frag_off;
+
+        /* AHA!  Figure out the MTU, and stick to the right size */
+        if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+                {
+                s->d1->mtu = 
+                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+                /* I've seen the kernel return bogus numbers when it doesn't know
+                 * (initial write), so just make sure we have a reasonable number */
+                if ( s->d1->mtu < dtls1_min_mtu())
+                        {
+                        s->d1->mtu = 0;
+                        s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
+                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 
+                                s->d1->mtu, NULL);
+                        }
+                }
+#if 0 
+        mtu = s->d1->mtu;
+
+        fprintf(stderr, "using MTU = %d\n", mtu);
+
+        mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+
+        curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
+
+        if ( curr_mtu > 0)
+                mtu = curr_mtu;
+        else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
+                return ret;
+
+        if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
+                {
+                ret = BIO_flush(SSL_get_wbio(s));
+                if ( ret <= 0)
+                        return ret;
+                mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+                }
+
+        OPENSSL_assert(mtu > 0);  /* should have something reasonable now */
+
+#endif
+
+        if ( s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
+                OPENSSL_assert(s->init_num == 
+                        (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+
+        frag_off = 0;
+        while( s->init_num)
+                {
+                curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 
+                        DTLS1_RT_HEADER_LENGTH;
+
+                if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
+                        {
+                        /* grr.. we could get an error if MTU picked was wrong */
+                        ret = BIO_flush(SSL_get_wbio(s));
+                        if ( ret <= 0)
+                                return ret;
+                        curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
+                        }
+
+                if ( s->init_num > curr_mtu)
+                        len = curr_mtu;
+                else
+                        len = s->init_num;
+
+
+                /* XDTLS: this function is too long.  split out the CCS part */
+                if ( type == SSL3_RT_HANDSHAKE)
+                        {
+                        if ( s->init_off != 0)
+                                {
+                                OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
+                                s->init_off -= DTLS1_HM_HEADER_LENGTH;
+                                s->init_num += DTLS1_HM_HEADER_LENGTH;
+
+                                /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
+                                if ( len <= DTLS1_HM_HEADER_LENGTH)  
+                                        len += DTLS1_HM_HEADER_LENGTH;
+                                }
+
+                        dtls1_fix_message_header(s, frag_off, 
+                                len - DTLS1_HM_HEADER_LENGTH);
+
+                        dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
+
+                        OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
+                        }
+
+                ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
+                        len);
+                if (ret < 0)
+                        {
+                        /* might need to update MTU here, but we don't know
+                         * which previous packet caused the failure -- so can't
+                         * really retransmit anything.  continue as if everything
+                         * is fine and wait for an alert to handle the
+                         * retransmit 
+                         */
+                        if ( BIO_ctrl(SSL_get_wbio(s),
+                                BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))
+                                s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
+                                        BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+                        else
+                                return(-1);
+                        }
+                else
+                        {
+
+                        /* bad if this assert fails, only part of the handshake
+                         * message got sent.  but why would this happen? */
+                        OPENSSL_assert(len == (unsigned int)ret);
+
+                        if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
+                                {
+                                /* should not be done for 'Hello Request's, but in that case
+                                 * we'll ignore the result anyway */
+                                unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
+                                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+                                int xlen;
+
+                                if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
+                                        {
+                                        /* reconstruct message header is if it
+                                         * is being sent in single fragment */
+                                        *p++ = msg_hdr->type;
+                                        l2n3(msg_hdr->msg_len,p);
+                                        s2n (msg_hdr->seq,p);
+                                        l2n3(0,p);
+                                        l2n3(msg_hdr->msg_len,p);
+                                        p  -= DTLS1_HM_HEADER_LENGTH;
+                                        xlen = ret;
+                                        }
+                                else
+                                        {
+                                        p  += DTLS1_HM_HEADER_LENGTH;
+                                        xlen = ret - DTLS1_HM_HEADER_LENGTH;
+                                        }
+
+                                ssl3_finish_mac(s, p, xlen);
+                                }
+
+                        if (ret == s->init_num)
+                                {
+                                if (s->msg_callback)
+                                        s->msg_callback(1, s->version, type, s->init_buf->data, 
+                                                (size_t)(s->init_off + s->init_num), s, 
+                                                s->msg_callback_arg);
+
+                                s->init_off = 0;  /* done writing this message */
+                                s->init_num = 0;
+
+                                return(1);
+                                }
+                        s->init_off+=ret;
+                        s->init_num-=ret;
+                        frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
+                        }
+                }
+        return(0);
+        }
+
+
+/* Obtain handshake message of message type 'mt' (any if mt == -1),
+ * maximum acceptable body length 'max'.
+ * Read an entire handshake message.  Handshake messages arrive in
+ * fragments.
+ */
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+        {
+        int i, al;
+        struct hm_header_st *msg_hdr;
+
+        /* s3->tmp is used to store messages that are unexpected, caused
+         * by the absence of an optional handshake message */
+        if (s->s3->tmp.reuse_message)
+                {
+                s->s3->tmp.reuse_message=0;
+                if ((mt >= 0) && (s->s3->tmp.message_type != mt))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+                        goto f_err;
+                        }
+                *ok=1;
+                s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+                s->init_num = (int)s->s3->tmp.message_size;
+                return s->init_num;
+                }
+
+        msg_hdr = &s->d1->r_msg_hdr;
+        do
+                {
+                if ( msg_hdr->frag_off == 0)
+                        {
+                        /* s->d1->r_message_header.msg_len = 0; */
+                        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+                        }
+
+                i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+                if ( i == DTLS1_HM_BAD_FRAGMENT ||
+                        i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
+                        continue;
+                else if ( i <= 0 && !*ok)
+                        return i;
+
+                /* Note that s->init_sum is used as a counter summing
+                 * up fragments' lengths: as soon as they sum up to
+                 * handshake packet length, we assume we have got all
+                 * the fragments. Overlapping fragments would cause
+                 * premature termination, so we don't expect overlaps.
+                 * Well, handling overlaps would require something more
+                 * drastic. Indeed, as it is now there is no way to
+                 * tell if out-of-order fragment from the middle was
+                 * the last. '>=' is the best/least we can do to control
+                 * the potential damage caused by malformed overlaps. */
+                if ((unsigned int)s->init_num >= msg_hdr->msg_len)
+                        {
+                        unsigned char *p = (unsigned char *)s->init_buf->data;
+                        unsigned long msg_len = msg_hdr->msg_len;
+
+                        /* reconstruct message header as if it was
+                         * sent in single fragment */
+                        *(p++) = msg_hdr->type;
+                        l2n3(msg_len,p);
+                        s2n (msg_hdr->seq,p);
+                        l2n3(0,p);
+                        l2n3(msg_len,p);
+                        if (s->client_version != DTLS1_BAD_VER)
+                                p       -= DTLS1_HM_HEADER_LENGTH,
+                                msg_len += DTLS1_HM_HEADER_LENGTH;
+
+                        ssl3_finish_mac(s, p, msg_len);
+                        if (s->msg_callback)
+                                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                        p, msg_len,
+                                        s, s->msg_callback_arg);
+
+                        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+                        s->d1->handshake_read_seq++;
+                        /* we just read a handshake message from the other side:
+                         * this means that we don't need to retransmit of the
+                         * buffered messages.  
+                         * XDTLS: may be able clear out this
+                         * buffer a little sooner (i.e if an out-of-order
+                         * handshake message/record is received at the record
+                         * layer.  
+                         * XDTLS: exception is that the server needs to
+                         * know that change cipher spec and finished messages
+                         * have been received by the client before clearing this
+                         * buffer.  this can simply be done by waiting for the
+                         * first data  segment, but is there a better way?  */
+                        dtls1_clear_record_buffer(s);
+
+                        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+                        return s->init_num;
+                        }
+                else
+                        msg_hdr->frag_off = i;
+                } while(1) ;
+
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+        *ok = 0;
+        return -1;
+        }
+
+
+static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
+        {
+        size_t frag_off,frag_len,msg_len;
+
+        msg_len  = msg_hdr->msg_len;
+        frag_off = msg_hdr->frag_off;
+        frag_len = msg_hdr->frag_len;
+
+        /* sanity checking */
+        if ( (frag_off+frag_len) > msg_len)
+                {
+                SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                return SSL_AD_ILLEGAL_PARAMETER;
+                }
+
+        if ( (frag_off+frag_len) > (unsigned long)max)
+                {
+                SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                return SSL_AD_ILLEGAL_PARAMETER;
+                }
+
+        if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
+                {
+                /* msg_len is limited to 2^24, but is effectively checked
+                 * against max above */
+                if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH))
+                        {
+                        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
+                        return SSL_AD_INTERNAL_ERROR;
+                        }
+
+                s->s3->tmp.message_size  = msg_len;
+                s->d1->r_msg_hdr.msg_len = msg_len;
+                s->s3->tmp.message_type  = msg_hdr->type;
+                s->d1->r_msg_hdr.type    = msg_hdr->type;
+                s->d1->r_msg_hdr.seq     = msg_hdr->seq;
+                }
+        else if (msg_len != s->d1->r_msg_hdr.msg_len)
+                {
+                /* They must be playing with us! BTW, failure to enforce
+                 * upper limit would open possibility for buffer overrun. */
+                SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                return SSL_AD_ILLEGAL_PARAMETER;
+                }
+
+        return 0; /* no error */
+        }
+
+
+static int
+dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
+        {
+        /* (0) check whether the desired fragment is available
+         * if so:
+         * (1) copy over the fragment to s->init_buf->data[]
+         * (2) update s->init_num
+         */
+        pitem *item;
+        hm_fragment *frag;
+        int al;
+
+        *ok = 0;
+        item = pqueue_peek(s->d1->buffered_messages);
+        if ( item == NULL)
+                return 0;
+
+        frag = (hm_fragment *)item->data;
+
+        if ( s->d1->handshake_read_seq == frag->msg_header.seq)
+                {
+                pqueue_pop(s->d1->buffered_messages);
+
+                al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
+
+                if (al==0) /* no alert */
+                        {
+                        unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
+                        memcpy(&p[frag->msg_header.frag_off],
+                                frag->fragment,frag->msg_header.frag_len);
+                        }
+
+                dtls1_hm_fragment_free(frag);
+                pitem_free(item);
+
+                if (al==0)
+                        {
+                        *ok = 1;
+                        return frag->msg_header.frag_len;
+                        }
+
+                ssl3_send_alert(s,SSL3_AL_FATAL,al);
+                s->init_num = 0;
+                *ok = 0;
+                return -1;
+                }
+        else
+                return 0;
+        }
+
+
+static int
+dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+{
+        int i=-1;
+        hm_fragment *frag = NULL;
+        pitem *item = NULL;
+        PQ_64BIT seq64;
+        unsigned long frag_len = msg_hdr->frag_len;
+
+        if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
+                goto err;
+
+        if (msg_hdr->seq <= s->d1->handshake_read_seq)
+                {
+                unsigned char devnull [256];
+
+                while (frag_len)
+                        {
+                        i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                                devnull,
+                                frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
+                        if (i<=0) goto err;
+                        frag_len -= i;
+                        }
+                }
+
+        frag = dtls1_hm_fragment_new(frag_len);
+        if ( frag == NULL)
+                goto err;
+
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+
+        if (frag_len)
+                {
+                /* read the body of the fragment (header has already been read */
+                i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                        frag->fragment,frag_len,0);
+                if (i<=0 || (unsigned long)i!=frag_len)
+                        goto err;
+                }
+
+        pq_64bit_init(&seq64);
+        pq_64bit_assign_word(&seq64, msg_hdr->seq);
+
+        item = pitem_new(seq64, frag);
+        pq_64bit_free(&seq64);
+        if ( item == NULL)
+                goto err;
+
+        pqueue_insert(s->d1->buffered_messages, item);
+        return DTLS1_HM_FRAGMENT_RETRY;
+
+err:
+        if ( frag != NULL) dtls1_hm_fragment_free(frag);
+        if ( item != NULL) OPENSSL_free(item);
+        *ok = 0;
+        return i;
+        }
+
+
+static long
+dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+        {
+        unsigned char wire[DTLS1_HM_HEADER_LENGTH];
+        unsigned long l, frag_off, frag_len;
+        int i,al;
+        struct hm_header_st msg_hdr;
+
+        /* see if we have the required fragment already */
+        if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+                {
+                if (*ok)        s->init_num += frag_len;
+                return frag_len;
+                }
+
+        /* read handshake message header */
+        i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
+                DTLS1_HM_HEADER_LENGTH, 0);
+        if (i <= 0)     /* nbio, or an error */
+                {
+                s->rwstate=SSL_READING;
+                *ok = 0;
+                return i;
+                }
+        OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
+
+        /* parse the message fragment header */
+        dtls1_get_message_header(wire, &msg_hdr);
+
+        /* 
+         * if this is a future (or stale) message it gets buffered
+         * (or dropped)--no further processing at this time 
+         */
+        if ( msg_hdr.seq != s->d1->handshake_read_seq)
+                return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
+
+        l = msg_hdr.msg_len;
+        frag_off = msg_hdr.frag_off;
+        frag_len = msg_hdr.frag_len;
+
+        if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
+                wire[0] == SSL3_MT_HELLO_REQUEST)
+                {
+                /* The server may always send 'Hello Request' messages --
+                 * we are doing a handshake anyway now, so ignore them
+                 * if their format is correct. Does not count for
+                 * 'Finished' MAC. */
+                if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
+                        {
+                        if (s->msg_callback)
+                                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 
+                                        wire, DTLS1_HM_HEADER_LENGTH, s, 
+                                        s->msg_callback_arg);
+                        
+                        s->init_num = 0;
+                        return dtls1_get_message_fragment(s, st1, stn,
+                                max, ok);
+                        }
+                else /* Incorrectly formated Hello request */
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
+                        goto f_err;
+                        }
+                }
+
+        if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
+                goto f_err;
+
+        /* XDTLS:  ressurect this when restart is in place */
+        s->state=stn;
+
+        if ( frag_len > 0)
+                {
+                unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
+
+                i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                        &p[frag_off],frag_len,0);
+                /* XDTLS:  fix this--message fragments cannot span multiple packets */
+                if (i <= 0)
+                        {
+                        s->rwstate=SSL_READING;
+                        *ok = 0;
+                        return i;
+                        }
+                }
+        else
+                i = 0;
+
+        /* XDTLS:  an incorrectly formatted fragment should cause the 
+         * handshake to fail */
+        OPENSSL_assert(i == (int)frag_len);
+
+        *ok = 1;
+
+        /* Note that s->init_num is *not* used as current offset in
+         * s->init_buf->data, but as a counter summing up fragments'
+         * lengths: as soon as they sum up to handshake packet
+         * length, we assume we have got all the fragments. */
+        s->init_num += frag_len;
+        return frag_len;
+
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+        s->init_num = 0;
+
+        *ok=0;
+        return(-1);
+        }
+
+int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+        {
+        unsigned char *p,*d;
+        int i;
+        unsigned long l;
+
+        if (s->state == a)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[DTLS1_HM_HEADER_LENGTH]);
+
+                i=s->method->ssl3_enc->final_finish_mac(s,
+                        &(s->s3->finish_dgst1),
+                        &(s->s3->finish_dgst2),
+                        sender,slen,s->s3->tmp.finish_md);
+                s->s3->tmp.finish_md_len = i;
+                memcpy(p, s->s3->tmp.finish_md, i);
+                p+=i;
+                l=i;
+
+#ifdef OPENSSL_SYS_WIN16
+                /* MSVC 1.5 does not clear the top bytes of the word unless
+                 * I do this.
+                 */
+                l&=0xffff;
+#endif
+
+                d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
+                s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+
+                s->state=b;
+                }
+
+        /* SSL3_ST_SEND_xxxxxx_HELLO_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+/* for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->s3->read_sequence               zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
+        { 
+        unsigned char *p;
+
+        if (s->state == a)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                *p++=SSL3_MT_CCS;
+                s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+                s->init_num=DTLS1_CCS_HEADER_LENGTH;
+
+                if (s->client_version == DTLS1_BAD_VER)
+                        {
+                        s->d1->next_handshake_write_seq++;
+                        s2n(s->d1->handshake_write_seq,p);
+                        s->init_num+=2;
+                        }
+
+                s->init_off=0;
+
+                dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 
+                        s->d1->handshake_write_seq, 0, 0);
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 1);
+
+                s->state=b;
+                }
+
+        /* SSL3_ST_CW_CHANGE_B */
+        return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
+        }
+
+unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
+        {
+        unsigned char *p;
+        int n,i;
+        unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
+        BUF_MEM *buf;
+        X509_STORE_CTX xs_ctx;
+        X509_OBJECT obj;
+
+        /* TLSv1 sends a chain with nothing in it, instead of an alert */
+        buf=s->init_buf;
+        if (!BUF_MEM_grow_clean(buf,10))
+                {
+                SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                return(0);
+                }
+        if (x != NULL)
+                {
+                if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                        {
+                        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                        return(0);
+                        }
+
+                for (;;)
+                        {
+                        n=i2d_X509(x,NULL);
+                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
+                                {
+                                SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                                return(0);
+                                }
+                        p=(unsigned char *)&(buf->data[l]);
+                        l2n3(n,p);
+                        i2d_X509(x,&p);
+                        l+=n+3;
+                        if (X509_NAME_cmp(X509_get_subject_name(x),
+                                X509_get_issuer_name(x)) == 0) break;
+
+                        i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
+                                X509_get_issuer_name(x),&obj);
+                        if (i <= 0) break;
+                        x=obj.data.x509;
+                        /* Count is one too high since the X509_STORE_get uped the
+                         * ref count */
+                        X509_free(x);
+                        }
+
+                X509_STORE_CTX_cleanup(&xs_ctx);
+                }
+
+        /* Thawte special :-) */
+        if (s->ctx->extra_certs != NULL)
+        for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
+                {
+                x=sk_X509_value(s->ctx->extra_certs,i);
+                n=i2d_X509(x,NULL);
+                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
+                        {
+                        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                        return(0);
+                        }
+                p=(unsigned char *)&(buf->data[l]);
+                l2n3(n,p);
+                i2d_X509(x,&p);
+                l+=n+3;
+                }
+
+        l-= (3 + DTLS1_HM_HEADER_LENGTH);
+
+        p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
+        l2n3(l,p);
+        l+=3;
+        p=(unsigned char *)&(buf->data[0]);
+        p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
+
+        l+=DTLS1_HM_HEADER_LENGTH;
+        return(l);
+        }
+
+int dtls1_read_failed(SSL *s, int code)
+        {
+        DTLS1_STATE *state;
+        BIO *bio;
+        int send_alert = 0;
+
+        if ( code > 0)
+                {
+                fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+                return 1;
+                }
+
+        bio = SSL_get_rbio(s);
+        if ( ! BIO_dgram_recv_timedout(bio))
+                {
+                /* not a timeout, none of our business, 
+                   let higher layers handle this.  in fact it's probably an error */
+                return code;
+                }
+
+        if ( ! SSL_in_init(s))  /* done, no need to send a retransmit */
+                {
+                BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
+                return code;
+                }
+
+        state = s->d1;
+        state->timeout.num_alerts++;
+        if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+                {
+                /* fail the connection, enough alerts have been sent */
+                SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED);
+                return 0;
+                }
+
+        state->timeout.read_timeouts++;
+        if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+                {
+                send_alert = 1;
+                state->timeout.read_timeouts = 1;
+                }
+
+
+#if 0 /* for now, each alert contains only one record number */
+        item = pqueue_peek(state->rcvd_records);
+        if ( item )
+                {
+                /* send an alert immediately for all the missing records */
+                }
+        else
+#endif
+
+#if 0  /* no more alert sending, just retransmit the last set of messages */
+                if ( send_alert)
+                        ssl3_send_alert(s,SSL3_AL_WARNING,
+                                DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+#endif
+
+        return dtls1_retransmit_buffered_messages(s) ;
+        }
+
+
+static int
+dtls1_retransmit_buffered_messages(SSL *s)
+        {
+        pqueue sent = s->d1->sent_messages;
+        piterator iter;
+        pitem *item;
+        hm_fragment *frag;
+        int found = 0;
+
+        iter = pqueue_iterator(sent);
+
+        for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
+                {
+                frag = (hm_fragment *)item->data;
+                if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 &&
+                        found)
+                        {
+                        fprintf(stderr, "dtls1_retransmit_message() failed\n");
+                        return -1;
+                        }
+                }
+
+        return 1;
+        }
+
+int
+dtls1_buffer_message(SSL *s, int is_ccs)
+        {
+        pitem *item;
+        hm_fragment *frag;
+        PQ_64BIT seq64;
+        unsigned int epoch = s->d1->w_epoch;
+
+        /* this function is called immediately after a message has 
+         * been serialized */
+        OPENSSL_assert(s->init_off == 0);
+
+        frag = dtls1_hm_fragment_new(s->init_num);
+
+        memcpy(frag->fragment, s->init_buf->data, s->init_num);
+
+        if ( is_ccs)
+                {
+                OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
+                        DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
+                epoch++;
+                }
+        else
+                {
+                OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
+                        DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
+                }
+
+        frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
+        frag->msg_header.seq = s->d1->w_msg_hdr.seq;
+        frag->msg_header.type = s->d1->w_msg_hdr.type;
+        frag->msg_header.frag_off = 0;
+        frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
+        frag->msg_header.is_ccs = is_ccs;
+
+        pq_64bit_init(&seq64);
+        pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq);
+
+        item = pitem_new(seq64, frag);
+        pq_64bit_free(&seq64);
+        if ( item == NULL)
+                {
+                dtls1_hm_fragment_free(frag);
+                return 0;
+                }
+
+#if 0
+        fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
+        fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
+        fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
+#endif
+
+        pqueue_insert(s->d1->sent_messages, item);
+        return 1;
+        }
+
+int
+dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
+        int *found)
+        {
+        int ret;
+        /* XDTLS: for now assuming that read/writes are blocking */
+        pitem *item;
+        hm_fragment *frag ;
+        unsigned long header_length;
+        PQ_64BIT seq64;
+
+        /*
+          OPENSSL_assert(s->init_num == 0);
+          OPENSSL_assert(s->init_off == 0);
+         */
+
+        /* XDTLS:  the requested message ought to be found, otherwise error */
+        pq_64bit_init(&seq64);
+        pq_64bit_assign_word(&seq64, seq);
+
+        item = pqueue_find(s->d1->sent_messages, seq64);
+        pq_64bit_free(&seq64);
+        if ( item == NULL)
+                {
+                fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
+                *found = 0;
+                return 0;
+                }
+
+        *found = 1;
+        frag = (hm_fragment *)item->data;
+
+        if ( frag->msg_header.is_ccs)
+                header_length = DTLS1_CCS_HEADER_LENGTH;
+        else
+                header_length = DTLS1_HM_HEADER_LENGTH;
+
+        memcpy(s->init_buf->data, frag->fragment, 
+                frag->msg_header.msg_len + header_length);
+                s->init_num = frag->msg_header.msg_len + header_length;
+
+        dtls1_set_message_header_int(s, frag->msg_header.type, 
+                frag->msg_header.msg_len, frag->msg_header.seq, 0, 
+                frag->msg_header.frag_len);
+
+        s->d1->retransmitting = 1;
+        ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 
+                SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+        s->d1->retransmitting = 0;
+
+        (void)BIO_flush(SSL_get_wbio(s));
+        return ret;
+        }
+
+/* call this function when the buffered messages are no longer needed */
+void
+dtls1_clear_record_buffer(SSL *s)
+        {
+        pitem *item;
+
+        for(item = pqueue_pop(s->d1->sent_messages);
+                item != NULL; item = pqueue_pop(s->d1->sent_messages))
+                {
+                dtls1_hm_fragment_free((hm_fragment *)item->data);
+                pitem_free(item);
+                }
+        }
+
+
+unsigned char *
+dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
+                        unsigned long len, unsigned long frag_off, unsigned long frag_len)
+        {
+        if ( frag_off == 0)
+                {
+                s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+                s->d1->next_handshake_write_seq++;
+                }
+
+        dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
+                frag_off, frag_len);
+
+        return p += DTLS1_HM_HEADER_LENGTH;
+        }
+
+
+/* don't actually do the writing, wait till the MTU has been retrieved */
+static void
+dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                            unsigned long len, unsigned short seq_num, unsigned long frag_off,
+                            unsigned long frag_len)
+        {
+        struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+        msg_hdr->type = mt;
+        msg_hdr->msg_len = len;
+        msg_hdr->seq = seq_num;
+        msg_hdr->frag_off = frag_off;
+        msg_hdr->frag_len = frag_len;
+        }
+
+static void
+dtls1_fix_message_header(SSL *s, unsigned long frag_off,
+                        unsigned long frag_len)
+        {
+        struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+        msg_hdr->frag_off = frag_off;
+        msg_hdr->frag_len = frag_len;
+        }
+
+static unsigned char *
+dtls1_write_message_header(SSL *s, unsigned char *p)
+        {
+        struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+        *p++ = msg_hdr->type;
+        l2n3(msg_hdr->msg_len, p);
+
+        s2n(msg_hdr->seq, p);
+        l2n3(msg_hdr->frag_off, p);
+        l2n3(msg_hdr->frag_len, p);
+
+        return p;
+        }
+
+static unsigned int 
+dtls1_min_mtu(void)
+        {
+        return (g_probable_mtu[(sizeof(g_probable_mtu) / 
+                sizeof(g_probable_mtu[0])) - 1]);
+        }
+
+static unsigned int 
+dtls1_guess_mtu(unsigned int curr_mtu)
+        {
+        size_t i;
+
+        if ( curr_mtu == 0 )
+                return g_probable_mtu[0] ;
+
+        for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
+                if ( curr_mtu > g_probable_mtu[i])
+                        return g_probable_mtu[i];
+
+        return curr_mtu;
+        }
+
+void
+dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+        {
+        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+        msg_hdr->type = *(data++);
+        n2l3(data, msg_hdr->msg_len);
+
+        n2s(data, msg_hdr->seq);
+        n2l3(data, msg_hdr->frag_off);
+        n2l3(data, msg_hdr->frag_len);
+        }
+
+void
+dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
+        {
+        memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
+
+        ccs_hdr->type = *(data++);
+        }
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
new file mode 100644
index 0000000000..5e59dc845a
--- /dev/null
+++ b/src/lib/libssl/d1_clnt.c
@@ -0,0 +1,1156 @@
+/* ssl/d1_clnt.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+
+static SSL_METHOD *dtls1_get_client_method(int ver);
+static int dtls1_get_hello_verify(SSL *s);
+
+static SSL_METHOD *dtls1_get_client_method(int ver)
+        {
+        if (ver == DTLS1_VERSION)
+                return(DTLSv1_client_method());
+        else
+                return(NULL);
+        }
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
+                        ssl_undefined_function,
+                        dtls1_connect,
+                        dtls1_get_client_method)
+
+int dtls1_connect(SSL *s)
+        {
+        BUF_MEM *buf=NULL;
+        unsigned long Time=(unsigned long)time(NULL),l;
+        long num1;
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+        int ret= -1;
+        int new_state,state,skip=0;;
+
+        RAND_add(&Time,sizeof(Time),0);
+        ERR_clear_error();
+        clear_sys_error();
+
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+        
+        s->in_handshake++;
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+
+        for (;;)
+                {
+                state=s->state;
+
+                switch(s->state)
+                        {
+                case SSL_ST_RENEGOTIATE:
+                        s->new_session=1;
+                        s->state=SSL_ST_CONNECT;
+                        s->ctx->stats.sess_connect_renegotiate++;
+                        /* break */
+                case SSL_ST_BEFORE:
+                case SSL_ST_CONNECT:
+                case SSL_ST_BEFORE|SSL_ST_CONNECT:
+                case SSL_ST_OK|SSL_ST_CONNECT:
+
+                        s->server=0;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+                        if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+                                {
+                                SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
+                                ret = -1;
+                                goto end;
+                                }
+                                
+                        /* s->version=SSL3_VERSION; */
+                        s->type=SSL_ST_CONNECT;
+
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                buf=NULL;
+                                }
+
+                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+
+                        /* setup buffing BIO */
+                        if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
+
+                        /* don't push the buffering BIO quite yet */
+
+                        s->state=SSL3_ST_CW_CLNT_HELLO_A;
+                        s->ctx->stats.sess_connect++;
+                        s->init_num=0;
+                        /* mark client_random uninitialized */
+                        memset(s->s3->client_random,0,sizeof(s->s3->client_random));
+                        break;
+
+                case SSL3_ST_CW_CLNT_HELLO_A:
+                case SSL3_ST_CW_CLNT_HELLO_B:
+
+                        s->shutdown=0;
+
+                        /* every DTLS ClientHello resets Finished MAC */
+                        ssl3_init_finished_mac(s);
+
+                        ret=dtls1_client_hello(s);
+                        if (ret <= 0) goto end;
+
+                        if ( s->d1->send_cookie)
+                                {
+                                s->state=SSL3_ST_CW_FLUSH;
+                                s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
+                                }
+                        else
+                                s->state=SSL3_ST_CR_SRVR_HELLO_A;
+
+                        s->init_num=0;
+
+                        /* turn on buffering for the next lot of output */
+                        if (s->bbio != s->wbio)
+                                s->wbio=BIO_push(s->bbio,s->wbio);
+
+                        break;
+
+                case SSL3_ST_CR_SRVR_HELLO_A:
+                case SSL3_ST_CR_SRVR_HELLO_B:
+                        ret=ssl3_get_server_hello(s);
+                        if (ret <= 0) goto end;
+                        else
+                                {
+                                if (s->hit)
+                                        s->state=SSL3_ST_CR_FINISHED_A;
+                                else
+                                        s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+                                }
+                        s->init_num=0;
+                        break;
+
+                case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
+                case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
+
+                        ret = dtls1_get_hello_verify(s);
+                        if ( ret <= 0)
+                                goto end;
+                        if ( s->d1->send_cookie) /* start again, with a cookie */
+                                s->state=SSL3_ST_CW_CLNT_HELLO_A;
+                        else
+                                s->state = SSL3_ST_CR_CERT_A;
+                        s->init_num = 0;
+                        break;
+
+                case SSL3_ST_CR_CERT_A:
+                case SSL3_ST_CR_CERT_B:
+                        /* Check if it is anon DH */
+                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                                {
+                                ret=ssl3_get_server_certificate(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+                        s->state=SSL3_ST_CR_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CR_KEY_EXCH_A:
+                case SSL3_ST_CR_KEY_EXCH_B:
+                        ret=ssl3_get_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_CERT_REQ_A;
+                        s->init_num=0;
+
+                        /* at this point we check that we have the
+                         * required stuff from the server */
+                        if (!ssl3_check_cert_and_algorithm(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        break;
+
+                case SSL3_ST_CR_CERT_REQ_A:
+                case SSL3_ST_CR_CERT_REQ_B:
+                        ret=ssl3_get_certificate_request(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_SRVR_DONE_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CR_SRVR_DONE_A:
+                case SSL3_ST_CR_SRVR_DONE_B:
+                        ret=ssl3_get_server_done(s);
+                        if (ret <= 0) goto end;
+                        if (s->s3->tmp.cert_req)
+                                s->state=SSL3_ST_CW_CERT_A;
+                        else
+                                s->state=SSL3_ST_CW_KEY_EXCH_A;
+                        s->init_num=0;
+
+                        break;
+
+                case SSL3_ST_CW_CERT_A:
+                case SSL3_ST_CW_CERT_B:
+                case SSL3_ST_CW_CERT_C:
+                case SSL3_ST_CW_CERT_D:
+                        ret=dtls1_send_client_certificate(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CW_KEY_EXCH_A:
+                case SSL3_ST_CW_KEY_EXCH_B:
+                        ret=dtls1_send_client_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        l=s->s3->tmp.new_cipher->algorithms;
+                        /* EAY EAY EAY need to check for DH fix cert
+                         * sent back */
+                        /* For TLS, cert_req is set to 2, so a cert chain
+                         * of nothing is sent, but no verify packet is sent */
+                        if (s->s3->tmp.cert_req == 1)
+                                {
+                                s->state=SSL3_ST_CW_CERT_VRFY_A;
+                                }
+                        else
+                                {
+                                s->state=SSL3_ST_CW_CHANGE_A;
+                                s->s3->change_cipher_spec=0;
+                                }
+
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CW_CERT_VRFY_A:
+                case SSL3_ST_CW_CERT_VRFY_B:
+                        ret=dtls1_send_client_verify(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_CHANGE_A;
+                        s->init_num=0;
+                        s->s3->change_cipher_spec=0;
+                        break;
+
+                case SSL3_ST_CW_CHANGE_A:
+                case SSL3_ST_CW_CHANGE_B:
+                        ret=dtls1_send_change_cipher_spec(s,
+                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_FINISHED_A;
+                        s->init_num=0;
+
+                        s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+                        s->session->compress_meth=0;
+#else
+                        if (s->s3->tmp.new_compression == NULL)
+                                s->session->compress_meth=0;
+                        else
+                                s->session->compress_meth=
+                                        s->s3->tmp.new_compression->id;
+#endif
+                        if (!s->method->ssl3_enc->setup_key_block(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+
+                        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+                        
+                        dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+                        break;
+
+                case SSL3_ST_CW_FINISHED_A:
+                case SSL3_ST_CW_FINISHED_B:
+                        ret=dtls1_send_finished(s,
+                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
+                                s->method->ssl3_enc->client_finished_label,
+                                s->method->ssl3_enc->client_finished_label_len);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CW_FLUSH;
+
+                        /* clear flags */
+                        s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+                        if (s->hit)
+                                {
+                                s->s3->tmp.next_state=SSL_ST_OK;
+                                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
+                                        {
+                                        s->state=SSL_ST_OK;
+                                        s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
+                                        s->s3->delay_buf_pop_ret=0;
+                                        }
+                                }
+                        else
+                                {
+                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
+                                }
+                        s->init_num=0;
+                        /* mark client_random uninitialized */
+                        memset (s->s3->client_random,0,sizeof(s->s3->client_random));
+
+                        break;
+
+                case SSL3_ST_CR_FINISHED_A:
+                case SSL3_ST_CR_FINISHED_B:
+
+                        ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+                                SSL3_ST_CR_FINISHED_B);
+                        if (ret <= 0) goto end;
+
+                        if (s->hit)
+                                s->state=SSL3_ST_CW_CHANGE_A;
+                        else
+                                s->state=SSL_ST_OK;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_CW_FLUSH:
+                        /* number of bytes to be flushed */
+                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (num1 > 0)
+                                {
+                                s->rwstate=SSL_WRITING;
+                                num1=BIO_flush(s->wbio);
+                                if (num1 <= 0) { ret= -1; goto end; }
+                                s->rwstate=SSL_NOTHING;
+                                }
+
+                        s->state=s->s3->tmp.next_state;
+                        break;
+
+                case SSL_ST_OK:
+                        /* clean a few things up */
+                        ssl3_cleanup_key_block(s);
+
+#if 0
+                        if (s->init_buf != NULL)
+                                {
+                                BUF_MEM_free(s->init_buf);
+                                s->init_buf=NULL;
+                                }
+#endif
+
+                        /* If we are not 'joining' the last two packets,
+                         * remove the buffering now */
+                        if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+                                ssl_free_wbio_buffer(s);
+                        /* else do it later in ssl3_write */
+
+                        s->init_num=0;
+                        s->new_session=0;
+
+                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+                        if (s->hit) s->ctx->stats.sess_hit++;
+
+                        ret=1;
+                        /* s->server=0; */
+                        s->handshake_func=dtls1_connect;
+                        s->ctx->stats.sess_connect_good++;
+
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+
+                        /* done with handshaking */
+                        s->d1->handshake_read_seq  = 0;
+                        goto end;
+                        /* break; */
+                        
+                default:
+                        SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+
+                /* did we do anything */
+                if (!s->s3->tmp.reuse_message && !skip)
+                        {
+                        if (s->debug)
+                                {
+                                if ((ret=BIO_flush(s->wbio)) <= 0)
+                                        goto end;
+                                }
+
+                        if ((cb != NULL) && (s->state != state))
+                                {
+                                new_state=s->state;
+                                s->state=state;
+                                cb(s,SSL_CB_CONNECT_LOOP,1);
+                                s->state=new_state;
+                                }
+                        }
+                skip=0;
+                }
+end:
+        s->in_handshake--;
+        if (buf != NULL)
+                BUF_MEM_free(buf);
+        if (cb != NULL)
+                cb(s,SSL_CB_CONNECT_EXIT,ret);
+        return(ret);
+        }
+
+int dtls1_client_hello(SSL *s)
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        unsigned int i,j;
+        unsigned long Time,l;
+        SSL_COMP *comp;
+
+        buf=(unsigned char *)s->init_buf->data;
+        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
+                {
+                if ((s->session == NULL) ||
+                        (s->session->ssl_version != s->version) ||
+                        (s->session->not_resumable))
+                        {
+                        if (!ssl_get_new_session(s,0))
+                                goto err;
+                        }
+                /* else use the pre-loaded session */
+
+                p=s->s3->client_random;
+                /* if client_random is initialized, reuse it, we are
+                 * required to use same upon reply to HelloVerify */
+                for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+                if (i==sizeof(s->s3->client_random))
+                        {
+                        Time=(unsigned long)time(NULL); /* Time */
+                        l2n(Time,p);
+                        RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+                        }
+
+                /* Do the message type and length last */
+                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
+
+                *(p++)=s->version>>8;
+                *(p++)=s->version&0xff;
+                s->client_version=s->version;
+
+                /* Random stuff */
+                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+
+                /* Session ID */
+                if (s->new_session)
+                        i=0;
+                else
+                        i=s->session->session_id_length;
+                *(p++)=i;
+                if (i != 0)
+                        {
+                        if (i > sizeof s->session->session_id)
+                                {
+                                SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        memcpy(p,s->session->session_id,i);
+                        p+=i;
+                        }
+                
+                /* cookie stuff */
+                if ( s->d1->cookie_len > sizeof(s->d1->cookie))
+                        {
+                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                *(p++) = s->d1->cookie_len;
+                memcpy(p, s->d1->cookie, s->d1->cookie_len);
+                p += s->d1->cookie_len;
+
+                /* Ciphers supported */
+                i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                        goto err;
+                        }
+                s2n(i,p);
+                p+=i;
+
+                /* COMPRESSION */
+                if (s->ctx->comp_methods == NULL)
+                        j=0;
+                else
+                        j=sk_SSL_COMP_num(s->ctx->comp_methods);
+                *(p++)=1+j;
+                for (i=0; i<j; i++)
+                        {
+                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
+                        *(p++)=comp->id;
+                        }
+                *(p++)=0; /* Add the NULL method */
+                
+                l=(p-d);
+                d=buf;
+
+                d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
+
+                s->state=SSL3_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=p-buf;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+static int dtls1_get_hello_verify(SSL *s)
+        {
+        int n, al, ok = 0;
+        unsigned char *data;
+        unsigned int cookie_len;
+
+        n=s->method->ssl_get_message(s,
+                DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
+                DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
+                -1,
+                s->max_cert_list,
+                &ok);
+
+        if (!ok) return((int)n);
+
+        if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
+                {
+                s->d1->send_cookie = 0;
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+
+        data = (unsigned char *)s->init_msg;
+
+        if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
+                {
+                SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
+                s->version=(s->version&0xff00)|data[1];
+                al = SSL_AD_PROTOCOL_VERSION;
+                goto f_err;
+                }
+        data+=2;
+
+        cookie_len = *(data++);
+        if ( cookie_len > sizeof(s->d1->cookie))
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                goto f_err;
+                }
+
+        memcpy(s->d1->cookie, data, cookie_len);
+        s->d1->cookie_len = cookie_len;
+
+        s->d1->send_cookie = 1;
+        return 1;
+
+f_err:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return -1;
+        }
+
+int dtls1_send_client_key_exchange(SSL *s)
+        {
+        unsigned char *p,*d;
+        int n;
+        unsigned long l;
+#ifndef OPENSSL_NO_RSA
+        unsigned char *q;
+        EVP_PKEY *pkey=NULL;
+#endif
+#ifndef OPENSSL_NO_KRB5
+        KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+
+        if (s->state == SSL3_ST_CW_KEY_EXCH_A)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[DTLS1_HM_HEADER_LENGTH]);
+
+                l=s->s3->tmp.new_cipher->algorithms;
+
+                /* Fool emacs indentation */
+                if (0) {}
+#ifndef OPENSSL_NO_RSA
+                else if (l & SSL_kRSA)
+                        {
+                        RSA *rsa;
+                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+
+                        if (s->session->sess_cert->peer_rsa_tmp != NULL)
+                                rsa=s->session->sess_cert->peer_rsa_tmp;
+                        else
+                                {
+                                pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+                                if ((pkey == NULL) ||
+                                        (pkey->type != EVP_PKEY_RSA) ||
+                                        (pkey->pkey.rsa == NULL))
+                                        {
+                                        SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                                        goto err;
+                                        }
+                                rsa=pkey->pkey.rsa;
+                                EVP_PKEY_free(pkey);
+                                }
+                                
+                        tmp_buf[0]=s->client_version>>8;
+                        tmp_buf[1]=s->client_version&0xff;
+                        if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
+                                        goto err;
+
+                        s->session->master_key_length=sizeof tmp_buf;
+
+                        q=p;
+                        /* Fix buf for TLS and [incidentally] DTLS */
+                        if (s->version > SSL3_VERSION)
+                                p+=2;
+                        n=RSA_public_encrypt(sizeof tmp_buf,
+                                tmp_buf,p,rsa,RSA_PKCS1_PADDING);
+#ifdef PKCS1_CHECK
+                        if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
+                        if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
+#endif
+                        if (n <= 0)
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
+                                goto err;
+                                }
+
+                        /* Fix buf for TLS and [incidentally] DTLS */
+                        if (s->version > SSL3_VERSION)
+                                {
+                                s2n(n,q);
+                                n+=2;
+                                }
+
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,
+                                        tmp_buf,sizeof tmp_buf);
+                        OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
+                        }
+#endif
+#ifndef OPENSSL_NO_KRB5
+                else if (l & SSL_kKRB5)
+                        {
+                        krb5_error_code krb5rc;
+                        KSSL_CTX        *kssl_ctx = s->kssl_ctx;
+                        /*  krb5_data   krb5_ap_req;  */
+                        krb5_data       *enc_ticket;
+                        krb5_data       authenticator, *authp = NULL;
+                        EVP_CIPHER_CTX  ciph_ctx;
+                        EVP_CIPHER      *enc = NULL;
+                        unsigned char   iv[EVP_MAX_IV_LENGTH];
+                        unsigned char   tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+                        unsigned char   epms[SSL_MAX_MASTER_KEY_LENGTH 
+                                                + EVP_MAX_IV_LENGTH];
+                        int             padl, outl = sizeof(epms);
+
+                        EVP_CIPHER_CTX_init(&ciph_ctx);
+
+#ifdef KSSL_DEBUG
+                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+                                l, SSL_kKRB5);
+#endif  /* KSSL_DEBUG */
+
+                        authp = NULL;
+#ifdef KRB5SENDAUTH
+                        if (KRB5SENDAUTH)  authp = &authenticator;
+#endif  /* KRB5SENDAUTH */
+
+                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
+                                &kssl_err);
+                        enc = kssl_map_enc(kssl_ctx->enctype);
+                        if (enc == NULL)
+                            goto err;
+#ifdef KSSL_DEBUG
+                        {
+                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
+                        if (krb5rc && kssl_err.text)
+                          printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+                        }
+#endif  /* KSSL_DEBUG */
+
+                        if (krb5rc)
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,
+                                                SSL_AD_HANDSHAKE_FAILURE);
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                                                kssl_err.reason);
+                                goto err;
+                                }
+
+                        /*  20010406 VRS - Earlier versions used KRB5 AP_REQ
+                        **  in place of RFC 2712 KerberosWrapper, as in:
+                        **
+                        **  Send ticket (copy to *p, set n = length)
+                        **  n = krb5_ap_req.length;
+                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+                        **  if (krb5_ap_req.data)  
+                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+                        **
+                        **  Now using real RFC 2712 KerberosWrapper
+                        **  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
+                        **  Note: 2712 "opaque" types are here replaced
+                        **  with a 2-byte length followed by the value.
+                        **  Example:
+                        **  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+                        **  Where "xx xx" = length bytes.  Shown here with
+                        **  optional authenticator omitted.
+                        */
+
+                        /*  KerberosWrapper.Ticket              */
+                        s2n(enc_ticket->length,p);
+                        memcpy(p, enc_ticket->data, enc_ticket->length);
+                        p+= enc_ticket->length;
+                        n = enc_ticket->length + 2;
+
+                        /*  KerberosWrapper.Authenticator       */
+                        if (authp  &&  authp->length)  
+                                {
+                                s2n(authp->length,p);
+                                memcpy(p, authp->data, authp->length);
+                                p+= authp->length;
+                                n+= authp->length + 2;
+                                
+                                free(authp->data);
+                                authp->data = NULL;
+                                authp->length = 0;
+                                }
+                        else
+                                {
+                                s2n(0,p);/*  null authenticator length  */
+                                n+=2;
+                                }
+ 
+                        if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
+                            goto err;
+
+                        /*  20010420 VRS.  Tried it this way; failed.
+                        **      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+                        **      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+                        **                              kssl_ctx->length);
+                        **      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+                        */
+
+                        memset(iv, 0, sizeof iv);  /* per RFC 1510 */
+                        EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
+                                kssl_ctx->key,iv);
+                        EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
+                                sizeof tmp_buf);
+                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
+                        outl += padl;
+                        if (outl > sizeof epms)
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+                        /*  KerberosWrapper.EncryptedPreMasterSecret    */
+                        s2n(outl,p);
+                        memcpy(p, epms, outl);
+                        p+=outl;
+                        n+=outl + 2;
+
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,
+                                        tmp_buf, sizeof tmp_buf);
+
+                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+                        OPENSSL_cleanse(epms, outl);
+                        }
+#endif
+#ifndef OPENSSL_NO_DH
+                else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                        {
+                        DH *dh_srvr,*dh_clnt;
+
+                        if (s->session->sess_cert->peer_dh_tmp != NULL)
+                                dh_srvr=s->session->sess_cert->peer_dh_tmp;
+                        else
+                                {
+                                /* we get them from the cert */
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+                                goto err;
+                                }
+                        
+                        /* generate a new random key */
+                        if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+                        if (!DH_generate_key(dh_clnt))
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+
+                        /* use the 'p' output buffer for the DH key, but
+                         * make sure to clear it out afterwards */
+
+                        n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
+
+                        if (n <= 0)
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+
+                        /* generate master key from the result */
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,p,n);
+                        /* clean up */
+                        memset(p,0,n);
+
+                        /* send off the data */
+                        n=BN_num_bytes(dh_clnt->pub_key);
+                        s2n(n,p);
+                        BN_bn2bin(dh_clnt->pub_key,p);
+                        n+=2;
+
+                        DH_free(dh_clnt);
+
+                        /* perhaps clean things up a bit EAY EAY EAY EAY*/
+                        }
+#endif
+                else
+                        {
+                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                        SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                
+                d = dtls1_set_message_header(s, d,
+                SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
+                /*
+                 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
+                 l2n3(n,d);
+                 l2n(s->d1->handshake_write_seq,d);
+                 s->d1->handshake_write_seq++;
+                */
+                
+                s->state=SSL3_ST_CW_KEY_EXCH_B;
+                /* number of bytes to write */
+                s->init_num=n+DTLS1_HM_HEADER_LENGTH;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+        
+        /* SSL3_ST_CW_KEY_EXCH_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+int dtls1_send_client_verify(SSL *s)
+        {
+        unsigned char *p,*d;
+        unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        EVP_PKEY *pkey;
+#ifndef OPENSSL_NO_RSA
+        unsigned u=0;
+#endif
+        unsigned long n;
+#ifndef OPENSSL_NO_DSA
+        int j;
+#endif
+
+        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
+                {
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[DTLS1_HM_HEADER_LENGTH]);
+                pkey=s->cert->key->privatekey;
+
+                s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+                        &(data[MD5_DIGEST_LENGTH]));
+
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst1),&(data[0]));
+                        if (RSA_sign(NID_md5_sha1, data,
+                                         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+                                        &(p[2]), &u, pkey->pkey.rsa) <= 0 )
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
+                                goto err;
+                                }
+                        s2n(u,p);
+                        n=u+2;
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                        if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        if (!DSA_sign(pkey->save_type,
+                                &(data[MD5_DIGEST_LENGTH]),
+                                SHA_DIGEST_LENGTH,&(p[2]),
+                                (unsigned int *)&j,pkey->pkey.dsa))
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
+                                goto err;
+                                }
+                        s2n(j,p);
+                        n=j+2;
+                        }
+                else
+#endif
+                        {
+                        SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+
+                d = dtls1_set_message_header(s, d,
+                        SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
+
+                s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+
+                s->state = SSL3_ST_CW_CERT_VRFY_B;
+                }
+
+        /* s->state = SSL3_ST_CW_CERT_VRFY_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+int dtls1_send_client_certificate(SSL *s)
+        {
+        X509 *x509=NULL;
+        EVP_PKEY *pkey=NULL;
+        int i;
+        unsigned long l;
+
+        if (s->state == SSL3_ST_CW_CERT_A)
+                {
+                if ((s->cert == NULL) ||
+                        (s->cert->key->x509 == NULL) ||
+                        (s->cert->key->privatekey == NULL))
+                        s->state=SSL3_ST_CW_CERT_B;
+                else
+                        s->state=SSL3_ST_CW_CERT_C;
+                }
+
+        /* We need to get a client cert */
+        if (s->state == SSL3_ST_CW_CERT_B)
+                {
+                /* If we get an error, we need to
+                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
+                 * We then get retied later */
+                i=0;
+                if (s->ctx->client_cert_cb != NULL)
+                        i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+                if (i < 0)
+                        {
+                        s->rwstate=SSL_X509_LOOKUP;
+                        return(-1);
+                        }
+                s->rwstate=SSL_NOTHING;
+                if ((i == 1) && (pkey != NULL) && (x509 != NULL))
+                        {
+                        s->state=SSL3_ST_CW_CERT_B;
+                        if (    !SSL_use_certificate(s,x509) ||
+                                !SSL_use_PrivateKey(s,pkey))
+                                i=0;
+                        }
+                else if (i == 1)
+                        {
+                        i=0;
+                        SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+                        }
+
+                if (x509 != NULL) X509_free(x509);
+                if (pkey != NULL) EVP_PKEY_free(pkey);
+                if (i == 0)
+                        {
+                        if (s->version == SSL3_VERSION)
+                                {
+                                s->s3->tmp.cert_req=0;
+                                ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
+                                return(1);
+                                }
+                        else
+                                {
+                                s->s3->tmp.cert_req=2;
+                                }
+                        }
+
+                /* Ok, we have a cert */
+                s->state=SSL3_ST_CW_CERT_C;
+                }
+
+        if (s->state == SSL3_ST_CW_CERT_C)
+                {
+                s->state=SSL3_ST_CW_CERT_D;
+                l=dtls1_output_cert_chain(s,
+                        (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+                s->init_num=(int)l;
+                s->init_off=0;
+
+                /* set header called by dtls1_output_cert_chain() */
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+        /* SSL3_ST_CW_CERT_D */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
new file mode 100644
index 0000000000..cbff7495c5
--- /dev/null
+++ b/src/lib/libssl/d1_enc.c
@@ -0,0 +1,281 @@
+/* ssl/d1_enc.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/comp.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
+#include <openssl/rand.h>
+
+
+int dtls1_enc(SSL *s, int send)
+        {
+        SSL3_RECORD *rec;
+        EVP_CIPHER_CTX *ds;
+        unsigned long l;
+        int bs,i,ii,j,k,n=0;
+        const EVP_CIPHER *enc;
+
+        if (send)
+                {
+                if (s->write_hash != NULL)
+                        n=EVP_MD_size(s->write_hash);
+                ds=s->enc_write_ctx;
+                rec= &(s->s3->wrec);
+                if (s->enc_write_ctx == NULL)
+                        enc=NULL;
+                else
+                        {
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                        if ( rec->data != rec->input)
+                                /* we can't write into the input stream */
+                                fprintf(stderr, "%s:%d: rec->data != rec->input\n",
+                                        __FILE__, __LINE__);
+                        else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
+                                {
+                                if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+                                        return -1;
+                                }
+                        }
+                }
+        else
+                {
+                if (s->read_hash != NULL)
+                        n=EVP_MD_size(s->read_hash);
+                ds=s->enc_read_ctx;
+                rec= &(s->s3->rrec);
+                if (s->enc_read_ctx == NULL)
+                        enc=NULL;
+                else
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+                }
+
+#ifdef KSSL_DEBUG
+        printf("dtls1_enc(%d)\n", send);
+#endif    /* KSSL_DEBUG */
+
+        if ((s->session == NULL) || (ds == NULL) ||
+                (enc == NULL))
+                {
+                memmove(rec->data,rec->input,rec->length);
+                rec->input=rec->data;
+                }
+        else
+                {
+                l=rec->length;
+                bs=EVP_CIPHER_block_size(ds->cipher);
+
+                if ((bs != 1) && send)
+                        {
+                        i=bs-((int)l%bs);
+
+                        /* Add weird padding of upto 256 bytes */
+
+                        /* we need to add 'i' padding bytes of value j */
+                        j=i-1;
+                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        j++;
+                                }
+                        for (k=(int)l; k<(int)(l+i); k++)
+                                rec->input[k]=j;
+                        l+=i;
+                        rec->length+=i;
+                        }
+
+#ifdef KSSL_DEBUG
+                {
+                unsigned long ui;
+                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+                        ds,rec->data,rec->input,l);
+                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        ds->buf_len, ds->cipher->key_len,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        ds->cipher->iv_len);
+                printf("\t\tIV: ");
+                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+                printf("\n");
+                printf("\trec->input=");
+                for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
+                printf("\n");
+                }
+#endif  /* KSSL_DEBUG */
+
+                if (!send)
+                        {
+                        if (l == 0 || l%bs != 0)
+                                {
+                                SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+                                return 0;
+                                }
+                        }
+                
+                EVP_Cipher(ds,rec->data,rec->input,l);
+
+#ifdef KSSL_DEBUG
+                {
+                unsigned long i;
+                printf("\trec->data=");
+                for (i=0; i<l; i++)
+                        printf(" %02x", rec->data[i]);  printf("\n");
+                }
+#endif  /* KSSL_DEBUG */
+
+                if ((bs != 1) && !send)
+                        {
+                        ii=i=rec->data[l-1]; /* padding_length */
+                        i++;
+                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                /* First packet is even in size, so check */
+                                if ((memcmp(s->s3->read_sequence,
+                                        "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+                                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        i--;
+                                }
+                        /* TLS 1.0 does not bound the number of padding bytes by the block size.
+                         * All of them must have value 'padding_length'. */
+                        if (i > (int)rec->length)
+                                {
+                                /* Incorrect padding. SSLerr() and ssl3_alert are done
+                                 * by caller: we don't want to reveal whether this is
+                                 * a decryption error or a MAC verification failure
+                                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
+                                 */
+                                return -1;
+                                }
+                        for (j=(int)(l-i); j<(int)l; j++)
+                                {
+                                if (rec->data[j] != ii)
+                                        {
+                                        /* Incorrect padding */
+                                        return -1;
+                                        }
+                                }
+                        rec->length-=i;
+
+                        rec->data += bs;    /* skip the implicit IV */
+                        rec->input += bs;
+                        rec->length -= bs;
+                        }
+                }
+        return(1);
+        }
+
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
new file mode 100644
index 0000000000..fc088b4148
--- /dev/null
+++ b/src/lib/libssl/d1_lib.c
@@ -0,0 +1,210 @@
+/* ssl/d1_lib.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
+
+SSL3_ENC_METHOD DTLSv1_enc_data={
+    dtls1_enc,
+        tls1_mac,
+        tls1_setup_key_block,
+        tls1_generate_master_secret,
+        tls1_change_cipher_state,
+        tls1_final_finish_mac,
+        TLS1_FINISH_MAC_LENGTH,
+        tls1_cert_verify_mac,
+        TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
+        TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
+        tls1_alert_code,
+        };
+
+long dtls1_default_timeout(void)
+        {
+        /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
+         * is way too long for http, the cache would over fill */
+        return(60*60*2);
+        }
+
+IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
+                        ssl_undefined_function,
+                        ssl_undefined_function,
+                        ssl_bad_method)
+
+int dtls1_new(SSL *s)
+        {
+        DTLS1_STATE *d1;
+
+        if (!ssl3_new(s)) return(0);
+        if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
+        memset(d1,0, sizeof *d1);
+
+        /* d1->handshake_epoch=0; */
+#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
+        d1->bitmap.length=64;
+#else
+        d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
+#endif
+        pq_64bit_init(&(d1->bitmap.map));
+        pq_64bit_init(&(d1->bitmap.max_seq_num));
+        
+        pq_64bit_init(&(d1->next_bitmap.map));
+        pq_64bit_init(&(d1->next_bitmap.max_seq_num));
+
+        d1->unprocessed_rcds.q=pqueue_new();
+        d1->processed_rcds.q=pqueue_new();
+        d1->buffered_messages = pqueue_new();
+        d1->sent_messages=pqueue_new();
+
+        if ( s->server)
+                {
+                d1->cookie_len = sizeof(s->d1->cookie);
+                }
+
+        if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 
+        || ! d1->buffered_messages || ! d1->sent_messages)
+                {
+        if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
+        if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
+        if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
+                if ( d1->sent_messages) pqueue_free(d1->sent_messages);
+                OPENSSL_free(d1);
+                return (0);
+                }
+
+        s->d1=d1;
+        s->method->ssl_clear(s);
+        return(1);
+        }
+
+void dtls1_free(SSL *s)
+        {
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+        ssl3_free(s);
+
+    while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
+        {
+        OPENSSL_free(item->data);
+        pitem_free(item);
+        }
+    pqueue_free(s->d1->unprocessed_rcds.q);
+
+    while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
+        {
+        OPENSSL_free(item->data);
+        pitem_free(item);
+        }
+    pqueue_free(s->d1->processed_rcds.q);
+
+    while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
+        {
+        frag = (hm_fragment *)item->data;
+        OPENSSL_free(frag->fragment);
+        OPENSSL_free(frag);
+        pitem_free(item);
+        }
+    pqueue_free(s->d1->buffered_messages);
+
+    while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
+        {
+        frag = (hm_fragment *)item->data;
+        OPENSSL_free(frag->fragment);
+        OPENSSL_free(frag);
+        pitem_free(item);
+        }
+        pqueue_free(s->d1->sent_messages);
+
+        pq_64bit_free(&(s->d1->bitmap.map));
+        pq_64bit_free(&(s->d1->bitmap.max_seq_num));
+
+        pq_64bit_free(&(s->d1->next_bitmap.map));
+        pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
+
+        OPENSSL_free(s->d1);
+        }
+
+void dtls1_clear(SSL *s)
+        {
+        ssl3_clear(s);
+        s->version=DTLS1_VERSION;
+        }
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+        {
+        SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+        if (ciph != NULL)
+                {
+                if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)
+                        return NULL;
+                }
+
+        return ciph;
+        }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
new file mode 100644
index 0000000000..8a6cf31947
--- /dev/null
+++ b/src/lib/libssl/d1_meth.c
@@ -0,0 +1,77 @@
+/* ssl/d1_meth.h */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+static SSL_METHOD *dtls1_get_method(int ver);
+static SSL_METHOD *dtls1_get_method(int ver)
+        {
+        if (ver == DTLS1_VERSION)
+                return(DTLSv1_method());
+        else
+                return(NULL);
+        }
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_method,
+                        dtls1_accept,
+                        dtls1_connect,
+                        dtls1_get_method)
+
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
new file mode 100644
index 0000000000..377696deac
--- /dev/null
+++ b/src/lib/libssl/d1_pkt.c
@@ -0,0 +1,1778 @@
+/* ssl/d1_pkt.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/pqueue.h>
+#include <openssl/rand.h>
+
+static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
+        int len, int peek);
+static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
+        PQ_64BIT *seq_num);
+static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 
+    unsigned int *is_next_epoch);
+#if 0
+static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
+        unsigned short *priority, unsigned long *offset);
+#endif
+static int dtls1_buffer_record(SSL *s, record_pqueue *q,
+        PQ_64BIT priority);
+static int dtls1_process_record(SSL *s);
+#if PQ_64BIT_IS_INTEGER
+static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
+#endif
+static void dtls1_clear_timeouts(SSL *s);
+
+/* copy buffered record into SSL structure */
+static int
+dtls1_copy_record(SSL *s, pitem *item)
+    {
+    DTLS1_RECORD_DATA *rdata;
+
+    rdata = (DTLS1_RECORD_DATA *)item->data;
+    
+    if (s->s3->rbuf.buf != NULL)
+        OPENSSL_free(s->s3->rbuf.buf);
+    
+    s->packet = rdata->packet;
+    s->packet_length = rdata->packet_length;
+    memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+    
+    return(1);
+    }
+
+
+static int
+dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
+{
+    DTLS1_RECORD_DATA *rdata;
+        pitem *item;
+
+        rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+        item = pitem_new(priority, rdata);
+        if (rdata == NULL || item == NULL)
+                {
+                if (rdata != NULL) OPENSSL_free(rdata);
+                if (item != NULL) pitem_free(item);
+                
+                SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+                return(0);
+                }
+        
+        rdata->packet = s->packet;
+        rdata->packet_length = s->packet_length;
+        memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
+        memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
+
+        item->data = rdata;
+
+        /* insert should not fail, since duplicates are dropped */
+        if (pqueue_insert(queue->q, item) == NULL)
+                {
+                OPENSSL_free(rdata);
+                pitem_free(item);
+                return(0);
+                }
+
+        s->packet = NULL;
+        s->packet_length = 0;
+        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
+        memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
+        
+        if (!ssl3_setup_buffers(s))
+                {
+                SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+                OPENSSL_free(rdata);
+                pitem_free(item);
+                return(0);
+                }
+        
+        return(1);
+    }
+
+
+static int
+dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
+    {
+    pitem *item;
+
+    item = pqueue_pop(queue->q);
+    if (item)
+        {
+        dtls1_copy_record(s, item);
+
+        OPENSSL_free(item->data);
+                pitem_free(item);
+
+        return(1);
+        }
+
+    return(0);
+    }
+
+
+/* retrieve a buffered record that belongs to the new epoch, i.e., not processed 
+ * yet */
+#define dtls1_get_unprocessed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->d1->unprocessed_rcds))
+
+/* retrieve a buffered record that belongs to the current epoch, ie, processed */
+#define dtls1_get_processed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->d1->processed_rcds))
+
+static int
+dtls1_process_buffered_records(SSL *s)
+    {
+    pitem *item;
+    
+    item = pqueue_peek(s->d1->unprocessed_rcds.q);
+    if (item)
+        {
+        DTLS1_RECORD_DATA *rdata;
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        
+        /* Check if epoch is current. */
+        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
+            return(1);  /* Nothing to do. */
+        
+        /* Process all the records. */
+        while (pqueue_peek(s->d1->unprocessed_rcds.q))
+            {
+            dtls1_get_unprocessed_record(s);
+            if ( ! dtls1_process_record(s))
+                return(0);
+            dtls1_buffer_record(s, &(s->d1->processed_rcds), 
+                s->s3->rrec.seq_num);
+            }
+        }
+
+    /* sync epoch numbers once all the unprocessed records 
+     * have been processed */
+    s->d1->processed_rcds.epoch = s->d1->r_epoch;
+    s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
+
+    return(1);
+    }
+
+
+#if 0
+
+static int
+dtls1_get_buffered_record(SSL *s)
+        {
+        pitem *item;
+        PQ_64BIT priority = 
+                (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 
+                ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
+        
+        if ( ! SSL_in_init(s))  /* if we're not (re)negotiating, 
+                                                           nothing buffered */
+                return 0;
+
+
+        item = pqueue_peek(s->d1->rcvd_records);
+        if (item && item->priority == priority)
+                {
+                /* Check if we've received the record of interest.  It must be
+                 * a handshake record, since data records as passed up without
+                 * buffering */
+                DTLS1_RECORD_DATA *rdata;
+                item = pqueue_pop(s->d1->rcvd_records);
+                rdata = (DTLS1_RECORD_DATA *)item->data;
+                
+                if (s->s3->rbuf.buf != NULL)
+                        OPENSSL_free(s->s3->rbuf.buf);
+                
+                s->packet = rdata->packet;
+                s->packet_length = rdata->packet_length;
+                memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+                memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+                
+                OPENSSL_free(item->data);
+                pitem_free(item);
+                
+                /* s->d1->next_expected_seq_num++; */
+                return(1);
+                }
+        
+        return 0;
+        }
+
+#endif
+
+static int
+dtls1_process_record(SSL *s)
+{
+    int i,al;
+        int clear=0;
+    int enc_err;
+        SSL_SESSION *sess;
+    SSL3_RECORD *rr;
+        unsigned int mac_size;
+        unsigned char md[EVP_MAX_MD_SIZE];
+
+
+        rr= &(s->s3->rrec);
+    sess = s->session;
+
+        /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+         * and we have that many bytes in s->packet
+         */
+        rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
+
+        /* ok, we can now read from 's->packet' data into 'rr'
+         * rr->input points at rr->length bytes, which
+         * need to be copied into rr->data by either
+         * the decryption or by the decompression
+         * When the data is 'copied' into the rr->data buffer,
+         * rr->input will be pointed at the new buffer */ 
+
+        /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
+         * rr->length bytes of encrypted compressed stuff. */
+
+        /* check is not needed I believe */
+        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
+                {
+                al=SSL_AD_RECORD_OVERFLOW;
+                SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                goto f_err;
+                }
+
+        /* decrypt in place in 'rr->input' */
+        rr->data=rr->input;
+
+        enc_err = s->method->ssl3_enc->enc(s,0);
+        if (enc_err <= 0)
+                {
+                if (enc_err == 0)
+                        /* SSLerr() and ssl3_send_alert() have been called */
+                        goto err;
+
+                /* otherwise enc_err == -1 */
+                goto decryption_failed_or_bad_record_mac;
+                }
+
+#ifdef TLS_DEBUG
+printf("dec %d\n",rr->length);
+{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
+
+        /* r->length is now the compressed data plus mac */
+if (    (sess == NULL) ||
+                (s->enc_read_ctx == NULL) ||
+                (s->read_hash == NULL))
+    clear=1;
+
+        if (!clear)
+                {
+                mac_size=EVP_MD_size(s->read_hash);
+
+                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
+                        {
+#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+                        goto f_err;
+#else
+                        goto decryption_failed_or_bad_record_mac;
+#endif                  
+                        }
+                /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+                if (rr->length < mac_size)
+                        {
+#if 0 /* OK only for stream ciphers */
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+                        goto f_err;
+#else
+                        goto decryption_failed_or_bad_record_mac;
+#endif
+                        }
+                rr->length-=mac_size;
+                i=s->method->ssl3_enc->mac(s,md,0);
+                if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+                        {
+                        goto decryption_failed_or_bad_record_mac;
+                        }
+                }
+
+        /* r->length is now just compressed */
+        if (s->expand != NULL)
+                {
+                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
+                        {
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+                if (!ssl3_do_uncompress(s))
+                        {
+                        al=SSL_AD_DECOMPRESSION_FAILURE;
+                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
+                        goto f_err;
+                        }
+                }
+
+        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
+                {
+                al=SSL_AD_RECORD_OVERFLOW;
+                SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+                goto f_err;
+                }
+
+        rr->off=0;
+        /* So at this point the following is true
+         * ssl->s3->rrec.type   is the type of record
+         * ssl->s3->rrec.length == number of bytes in record
+         * ssl->s3->rrec.off    == offset to first valid byte
+         * ssl->s3->rrec.data   == where to take bytes from, increment
+         *                         after use :-).
+         */
+
+        /* we have pulled in a full packet so zero things */
+        s->packet_length=0;
+    dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
+    return(1);
+
+decryption_failed_or_bad_record_mac:
+        /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+         * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+         * failure is directly visible from the ciphertext anyway,
+         * we should not reveal which kind of error occured -- this
+         * might become visible to an attacker (e.g. via logfile) */
+        al=SSL_AD_BAD_RECORD_MAC;
+        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(0);
+}
+
+
+/* Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data,   - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by dtls1_read_bytes */
+int dtls1_get_record(SSL *s)
+        {
+        int ssl_major,ssl_minor,al;
+        int i,n;
+        SSL3_RECORD *rr;
+        SSL_SESSION *sess;
+        unsigned char *p;
+        unsigned short version;
+        DTLS1_BITMAP *bitmap;
+        unsigned int is_next_epoch;
+
+        rr= &(s->s3->rrec);
+        sess=s->session;
+
+    /* The epoch may have changed.  If so, process all the
+     * pending records.  This is a non-blocking operation. */
+    if ( ! dtls1_process_buffered_records(s))
+        return 0;
+
+        /* if we're renegotiating, then there may be buffered records */
+        if (dtls1_get_processed_record(s))
+                return 1;
+
+        /* get something from the wire */
+again:
+        /* check if we have the header */
+        if (    (s->rstate != SSL_ST_READ_BODY) ||
+                (s->packet_length < DTLS1_RT_HEADER_LENGTH)) 
+                {
+                n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+                /* read timeout is handled by dtls1_read_bytes */
+                if (n <= 0) return(n); /* error or non-blocking */
+
+                OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);
+
+                s->rstate=SSL_ST_READ_BODY;
+
+                p=s->packet;
+
+                /* Pull apart the header into the DTLS1_RECORD */
+                rr->type= *(p++);
+                ssl_major= *(p++);
+                ssl_minor= *(p++);
+                version=(ssl_major<<8)|ssl_minor;
+
+                /* sequence number is 64 bits, with top 2 bytes = epoch */ 
+                n2s(p,rr->epoch);
+
+                memcpy(&(s->s3->read_sequence[2]), p, 6);
+                p+=6;
+
+                n2s(p,rr->length);
+
+                /* Lets check version */
+                if (!s->first_packet)
+                        {
+                        if (version != s->version && version != DTLS1_BAD_VER)
+                                {
+                                SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                                /* Send back error using their
+                                 * version number :-) */
+                                s->version=version;
+                                al=SSL_AD_PROTOCOL_VERSION;
+                                goto f_err;
+                                }
+                        }
+
+                if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+                    (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
+                        {
+                        SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                        goto err;
+                        }
+
+                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
+                        {
+                        al=SSL_AD_RECORD_OVERFLOW;
+                        SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+
+                s->client_version = version;
+                /* now s->rstate == SSL_ST_READ_BODY */
+                }
+
+        /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+
+        if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
+                {
+                /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
+                i=rr->length;
+                n=ssl3_read_n(s,i,i,1);
+                if (n <= 0) return(n); /* error or non-blocking io */
+
+                /* this packet contained a partial record, dump it */
+                if ( n != i)
+                        {
+                        s->packet_length = 0;
+                        goto again;
+                        }
+
+                /* now n == rr->length,
+                 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
+                }
+        s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
+
+        /* match epochs.  NULL means the packet is dropped on the floor */
+        bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+        if ( bitmap == NULL)
+        {
+        s->packet_length = 0;  /* dump this record */
+        goto again;   /* get another record */
+                }
+
+        /* check whether this is a repeat, or aged record */
+        if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
+                {
+                s->packet_length=0; /* dump this record */
+                goto again;     /* get another record */
+                }
+
+        /* just read a 0 length packet */
+        if (rr->length == 0) goto again;
+
+    /* If this record is from the next epoch (either HM or ALERT), buffer it
+     * since it cannot be processed at this time.
+     * Records from the next epoch are marked as received even though they are 
+     * not processed, so as to prevent any potential resource DoS attack */
+    if (is_next_epoch)
+        {
+        dtls1_record_bitmap_update(s, bitmap);
+        dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+        s->packet_length = 0;
+        goto again;
+        }
+
+    if ( ! dtls1_process_record(s))
+        return(0);
+
+        dtls1_clear_timeouts(s);  /* done waiting */
+        return(1);
+
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(0);
+        }
+
+/* Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
+ * a surprise, but handled as if it were), or renegotiation requests.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+        {
+        int al,i,j,ret;
+        unsigned int n;
+        SSL3_RECORD *rr;
+        void (*cb)(const SSL *ssl,int type2,int val)=NULL;
+
+        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+                if (!ssl3_setup_buffers(s))
+                        return(-1);
+
+    /* XXX: check what the second '&& type' is about */
+        if ((type && (type != SSL3_RT_APPLICATION_DATA) && 
+                (type != SSL3_RT_HANDSHAKE) && type) ||
+            (peek && (type != SSL3_RT_APPLICATION_DATA)))
+                {
+                SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
+
+        /* check whether there's a handshake message (client hello?) waiting */
+        if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
+                return ret;
+
+        /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
+
+        if (!s->in_handshake && SSL_in_init(s))
+                {
+                /* type == SSL3_RT_APPLICATION_DATA */
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+                }
+
+start:
+        s->rwstate=SSL_NOTHING;
+
+        /* s->s3->rrec.type         - is the type of record
+         * s->s3->rrec.data,    - data
+         * s->s3->rrec.off,     - offset into 'data' for next read
+         * s->s3->rrec.length,  - number of bytes. */
+        rr = &(s->s3->rrec);
+
+        /* get new packet if necessary */
+        if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
+                {
+                ret=dtls1_get_record(s);
+                if (ret <= 0) 
+                        {
+                        ret = dtls1_read_failed(s, ret);
+                        /* anything other than a timeout is an error */
+                        if (ret <= 0)  
+                                return(ret);
+                        else
+                                goto start;
+                        }
+                }
+
+        /* we now have a packet which can be read and processed */
+
+        if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                       * reset by ssl3_get_finished */
+                && (rr->type != SSL3_RT_HANDSHAKE))
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+                goto err;
+                }
+
+        /* If the other end has shut down, throw anything we read away
+         * (even in 'peek' mode) */
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+                {
+                rr->length=0;
+                s->rwstate=SSL_NOTHING;
+                return(0);
+                }
+
+
+        if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
+                {
+                /* make sure that we are not getting application data when we
+                 * are doing a handshake for the first time */
+                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+                        (s->enc_read_ctx == NULL))
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+                        goto f_err;
+                        }
+
+                if (len <= 0) return(len);
+
+                if ((unsigned int)len > rr->length)
+                        n = rr->length;
+                else
+                        n = (unsigned int)len;
+
+                memcpy(buf,&(rr->data[rr->off]),n);
+                if (!peek)
+                        {
+                        rr->length-=n;
+                        rr->off+=n;
+                        if (rr->length == 0)
+                                {
+                                s->rstate=SSL_ST_READ_HEADER;
+                                rr->off=0;
+                                }
+                        }
+                return(n);
+                }
+
+
+        /* If we get here, then type != rr->type; if we have a handshake
+         * message, then it was unexpected (Hello Request or Client Hello). */
+
+        /* In case of record types for which we have 'fragment' storage,
+         * fill that so that we can process the data at a fixed place.
+         */
+                {
+                unsigned int k, dest_maxlen = 0;
+                unsigned char *dest = NULL;
+                unsigned int *dest_len = NULL;
+
+                if (rr->type == SSL3_RT_HANDSHAKE)
+                        {
+                        dest_maxlen = sizeof s->d1->handshake_fragment;
+                        dest = s->d1->handshake_fragment;
+                        dest_len = &s->d1->handshake_fragment_len;
+                        }
+                else if (rr->type == SSL3_RT_ALERT)
+                        {
+                        dest_maxlen = sizeof(s->d1->alert_fragment);
+                        dest = s->d1->alert_fragment;
+                        dest_len = &s->d1->alert_fragment_len;
+                        }
+                /* else it's a CCS message, or it's wrong */
+                else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
+                        {
+                          /* Not certain if this is the right error handling */
+                          al=SSL_AD_UNEXPECTED_MESSAGE;
+                          SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                          goto f_err;
+                        }
+
+
+                if (dest_maxlen > 0)
+                        {
+            /* XDTLS:  In a pathalogical case, the Client Hello
+             *  may be fragmented--don't always expect dest_maxlen bytes */
+                        if ( rr->length < dest_maxlen)
+                                {
+                                s->rstate=SSL_ST_READ_HEADER;
+                                rr->length = 0;
+                                goto start;
+                                }
+
+                        /* now move 'n' bytes: */
+                        for ( k = 0; k < dest_maxlen; k++)
+                                {
+                                dest[k] = rr->data[rr->off++];
+                                rr->length--;
+                                }
+                        *dest_len = dest_maxlen;
+                        }
+                }
+
+        /* s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
+         * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
+         * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+
+        /* If we are a client, check for an incoming 'Hello Request': */
+        if ((!s->server) &&
+                (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
+                (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+                (s->session != NULL) && (s->session->cipher != NULL))
+                {
+                s->d1->handshake_fragment_len = 0;
+
+                if ((s->d1->handshake_fragment[1] != 0) ||
+                        (s->d1->handshake_fragment[2] != 0) ||
+                        (s->d1->handshake_fragment[3] != 0))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
+                        goto err;
+                        }
+
+                /* no need to check sequence number on HELLO REQUEST messages */
+
+                if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 
+                                s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
+
+                if (SSL_is_init_finished(s) &&
+                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+                        !s->s3->renegotiate)
+                        {
+                        ssl3_renegotiate(s);
+                        if (ssl3_renegotiate_check(s))
+                                {
+                                i=s->handshake_func(s);
+                                if (i < 0) return(i);
+                                if (i == 0)
+                                        {
+                                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                                        return(-1);
+                                        }
+
+                                if (!(s->mode & SSL_MODE_AUTO_RETRY))
+                                        {
+                                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                                {
+                                                BIO *bio;
+                                                /* In the case where we try to read application data,
+                                                 * but we trigger an SSL handshake, we return -1 with
+                                                 * the retry option set.  Otherwise renegotiation may
+                                                 * cause nasty problems in the blocking world */
+                                                s->rwstate=SSL_READING;
+                                                bio=SSL_get_rbio(s);
+                                                BIO_clear_retry_flags(bio);
+                                                BIO_set_retry_read(bio);
+                                                return(-1);
+                                                }
+                                        }
+                                }
+                        }
+                /* we either finished a handshake or ignored the request,
+                 * now try again to obtain the (application) data we were asked for */
+                goto start;
+                }
+
+        if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
+                {
+                int alert_level = s->d1->alert_fragment[0];
+                int alert_descr = s->d1->alert_fragment[1];
+
+                s->d1->alert_fragment_len = 0;
+
+                if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_ALERT, 
+                                s->d1->alert_fragment, 2, s, s->msg_callback_arg);
+
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+
+                if (cb != NULL)
+                        {
+                        j = (alert_level << 8) | alert_descr;
+                        cb(s, SSL_CB_READ_ALERT, j);
+                        }
+
+                if (alert_level == 1) /* warning */
+                        {
+                        s->s3->warn_alert = alert_descr;
+                        if (alert_descr == SSL_AD_CLOSE_NOTIFY)
+                                {
+                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                                return(0);
+                                }
+#if 0
+            /* XXX: this is a possible improvement in the future */
+                        /* now check if it's a missing record */
+                        if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
+                                {
+                                unsigned short seq;
+                                unsigned int frag_off;
+                                unsigned char *p = &(s->d1->alert_fragment[2]);
+
+                                n2s(p, seq);
+                                n2l3(p, frag_off);
+
+                                dtls1_retransmit_message(s, seq, frag_off, &found);
+                                if ( ! found  && SSL_in_init(s))
+                                        {
+                                        /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
+                                        /* requested a message not yet sent, 
+                                           send an alert ourselves */
+                                        ssl3_send_alert(s,SSL3_AL_WARNING,
+                                                DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+                                        }
+                                }
+#endif
+                        }
+                else if (alert_level == 2) /* fatal */
+                        {
+                        char tmp[16];
+
+                        s->rwstate=SSL_NOTHING;
+                        s->s3->fatal_alert = alert_descr;
+                        SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+                        BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
+                        ERR_add_error_data(2,"SSL alert number ",tmp);
+                        s->shutdown|=SSL_RECEIVED_SHUTDOWN;
+                        SSL_CTX_remove_session(s->ctx,s->session);
+                        return(0);
+                        }
+                else
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+                        goto f_err;
+                        }
+
+                goto start;
+                }
+
+        if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
+                {
+                s->rwstate=SSL_NOTHING;
+                rr->length=0;
+                return(0);
+                }
+
+        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+                {
+                struct ccs_header_st ccs_hdr;
+
+                dtls1_get_ccs_header(rr->data, &ccs_hdr);
+
+                /* 'Change Cipher Spec' is just a single byte, so we know
+                 * exactly what the record payload has to look like */
+                /* XDTLS: check that epoch is consistent */
+                if (    (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
+                        (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || 
+                        (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+                        {
+                        i=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                        goto err;
+                        }
+
+                rr->length=0;
+
+                if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 
+                                rr->data, 1, s, s->msg_callback_arg);
+
+                s->s3->change_cipher_spec=1;
+                if (!ssl3_do_change_cipher_spec(s))
+                        goto err;
+
+                /* do this whenever CCS is processed */
+                dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+                if (s->client_version == DTLS1_BAD_VER)
+                        s->d1->handshake_read_seq++;
+
+                goto start;
+                }
+
+        /* Unexpected handshake message (Client Hello, or protocol violation) */
+        if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 
+                !s->in_handshake)
+                {
+                struct hm_header_st msg_hdr;
+                
+                /* this may just be a stale retransmit */
+                dtls1_get_message_header(rr->data, &msg_hdr);
+                if( rr->epoch != s->d1->r_epoch)
+                        {
+                        rr->length = 0;
+                        goto start;
+                        }
+
+                if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
+                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+                        {
+#if 0 /* worked only because C operator preferences are not as expected (and
+       * because this is not really needed for clients except for detecting
+       * protocol violations): */
+                        s->state=SSL_ST_BEFORE|(s->server)
+                                ?SSL_ST_ACCEPT
+                                :SSL_ST_CONNECT;
+#else
+                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
+                        s->new_session=1;
+                        }
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return(-1);
+                        }
+
+                if (!(s->mode & SSL_MODE_AUTO_RETRY))
+                        {
+                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                {
+                                BIO *bio;
+                                /* In the case where we try to read application data,
+                                 * but we trigger an SSL handshake, we return -1 with
+                                 * the retry option set.  Otherwise renegotiation may
+                                 * cause nasty problems in the blocking world */
+                                s->rwstate=SSL_READING;
+                                bio=SSL_get_rbio(s);
+                                BIO_clear_retry_flags(bio);
+                                BIO_set_retry_read(bio);
+                                return(-1);
+                                }
+                        }
+                goto start;
+                }
+
+        switch (rr->type)
+                {
+        default:
+#ifndef OPENSSL_NO_TLS
+                /* TLS just ignores unknown message types */
+                if (s->version == TLS1_VERSION)
+                        {
+                        rr->length = 0;
+                        goto start;
+                        }
+#endif
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                goto f_err;
+        case SSL3_RT_CHANGE_CIPHER_SPEC:
+        case SSL3_RT_ALERT:
+        case SSL3_RT_HANDSHAKE:
+                /* we already handled all of these, with the possible exception
+                 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
+                 * should not happen when type != rr->type */
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
+                goto f_err;
+        case SSL3_RT_APPLICATION_DATA:
+                /* At this point, we were expecting handshake data,
+                 * but have application data.  If the library was
+                 * running inside ssl3_read() (i.e. in_read_app_data
+                 * is set) and it makes sense to read application data
+                 * at this point (session renegotiation not yet started),
+                 * we will indulge it.
+                 */
+                if (s->s3->in_read_app_data &&
+                        (s->s3->total_renegotiations != 0) &&
+                        ((
+                                (s->state & SSL_ST_CONNECT) &&
+                                (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+                                (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+                                ) || (
+                                        (s->state & SSL_ST_ACCEPT) &&
+                                        (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+                                        (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+                                        )
+                                ))
+                        {
+                        s->s3->in_read_app_data=2;
+                        return(-1);
+                        }
+                else
+                        {
+                        al=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                        goto f_err;
+                        }
+                }
+        /* not reached */
+
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+
+int
+dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
+        {
+        unsigned int n,tot;
+        int i;
+
+        if (SSL_in_init(s) && !s->in_handshake)
+                {
+                i=s->handshake_func(s);
+                if (i < 0) return(i);
+                if (i == 0)
+                        {
+                        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                        return -1;
+                        }
+                }
+
+        tot = s->s3->wnum;
+        n = len - tot;
+
+        while( n)
+                {
+                /* dtls1_write_bytes sends one record at a time, sized according to 
+                 * the currently known MTU */
+                i = dtls1_write_bytes(s, type, buf_, len);
+                if (i <= 0) return i;
+                
+                if ((i == (int)n) ||
+                        (type == SSL3_RT_APPLICATION_DATA &&
+                                (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+                        {
+                        /* next chunk of data should get another prepended empty fragment
+                         * in ciphersuites with known-IV weakness: */
+                        s->s3->empty_fragment_done = 0;
+                        return tot+i;
+                        }
+
+                tot += i;
+                n-=i;
+                }
+
+        return tot;
+        }
+
+
+        /* this only happens when a client hello is received and a handshake 
+         * is started. */
+static int
+have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
+        int len, int peek)
+        {
+        
+        if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
+                /* (partially) satisfy request from storage */
+                {
+                unsigned char *src = s->d1->handshake_fragment;
+                unsigned char *dst = buf;
+                unsigned int k,n;
+                
+                /* peek == 0 */
+                n = 0;
+                while ((len > 0) && (s->d1->handshake_fragment_len > 0))
+                        {
+                        *dst++ = *src++;
+                        len--; s->d1->handshake_fragment_len--;
+                        n++;
+                        }
+                /* move any remaining fragment bytes: */
+                for (k = 0; k < s->d1->handshake_fragment_len; k++)
+                        s->d1->handshake_fragment[k] = *src++;
+                return n;
+                }
+        
+        return 0;
+        }
+
+
+
+
+/* Call this to write data in records of type 'type'
+ * It will return <= 0 if not all data has been sent or non-blocking IO.
+ */
+int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
+        {
+        const unsigned char *buf=buf_;
+        unsigned int tot,n,nw;
+        int i;
+        unsigned int mtu;
+
+        s->rwstate=SSL_NOTHING;
+        tot=s->s3->wnum;
+
+        n=(len-tot);
+
+        /* handshake layer figures out MTU for itself, but data records
+         * are also sent through this interface, so need to figure out MTU */
+#if 0
+        mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_MTU, 0, NULL);
+        mtu += DTLS1_HM_HEADER_LENGTH;  /* HM already inserted */
+#endif
+        mtu = s->d1->mtu;
+
+        if (mtu > SSL3_RT_MAX_PLAIN_LENGTH)
+                mtu = SSL3_RT_MAX_PLAIN_LENGTH;
+
+        if (n > mtu)
+                nw=mtu;
+        else
+                nw=n;
+        
+        i=do_dtls1_write(s, type, &(buf[tot]), nw, 0);
+        if (i <= 0)
+                {
+                s->s3->wnum=tot;
+                return i;
+                }
+
+        if ( (int)s->s3->wnum + i == len)
+                s->s3->wnum = 0;
+        else 
+                s->s3->wnum += i;
+
+        return tot + i;
+        }
+
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
+        {
+        unsigned char *p,*pseq;
+        int i,mac_size,clear=0;
+        int prefix_len = 0;
+        SSL3_RECORD *wr;
+        SSL3_BUFFER *wb;
+        SSL_SESSION *sess;
+        int bs;
+
+        /* first check if there is a SSL3_BUFFER still being written
+         * out.  This will happen with non blocking IO */
+        if (s->s3->wbuf.left != 0)
+                {
+                OPENSSL_assert(0); /* XDTLS:  want to see if we ever get here */
+                return(ssl3_write_pending(s,type,buf,len));
+                }
+
+        /* If we have an alert to send, lets send it */
+        if (s->s3->alert_dispatch)
+                {
+                i=s->method->ssl_dispatch_alert(s);
+                if (i <= 0)
+                        return(i);
+                /* if it went, fall through and send more stuff */
+                }
+
+        if (len == 0 && !create_empty_fragment)
+                return 0;
+
+        wr= &(s->s3->wrec);
+        wb= &(s->s3->wbuf);
+        sess=s->session;
+
+        if (    (sess == NULL) ||
+                (s->enc_write_ctx == NULL) ||
+                (s->write_hash == NULL))
+                clear=1;
+
+        if (clear)
+                mac_size=0;
+        else
+                mac_size=EVP_MD_size(s->write_hash);
+
+        /* DTLS implements explicit IV, so no need for empty fragments */
+#if 0
+        /* 'create_empty_fragment' is true only when this function calls itself */
+        if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
+                && SSL_version(s) != DTLS1_VERSION)
+                {
+                /* countermeasure against known-IV weakness in CBC ciphersuites
+                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
+                 */
+
+                if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
+                        {
+                        /* recursive function call with 'create_empty_fragment' set;
+                         * this prepares and buffers the data for an empty fragment
+                         * (these 'prefix_len' bytes are sent out later
+                         * together with the actual payload) */
+                        prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
+                        if (prefix_len <= 0)
+                                goto err;
+
+                        if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+                                {
+                                /* insufficient space */
+                                SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        }
+                
+                s->s3->empty_fragment_done = 1;
+                }
+#endif
+
+        p = wb->buf + prefix_len;
+
+        /* write the header */
+
+        *(p++)=type&0xff;
+        wr->type=type;
+
+        if (s->client_version == DTLS1_BAD_VER)
+                *(p++) = DTLS1_BAD_VER>>8,
+                *(p++) = DTLS1_BAD_VER&0xff;
+        else
+                *(p++)=(s->version>>8),
+                *(p++)=s->version&0xff;
+
+        /* field where we are to write out packet epoch, seq num and len */
+        pseq=p; 
+        p+=10;
+
+        /* lets setup the record stuff. */
+
+        /* Make space for the explicit IV in case of CBC.
+         * (this is a bit of a boundary violation, but what the heck).
+         */
+        if ( s->enc_write_ctx && 
+                (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
+                bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+        else
+                bs = 0;
+
+        wr->data=p + bs;  /* make room for IV in case of CBC */
+        wr->length=(int)len;
+        wr->input=(unsigned char *)buf;
+
+        /* we now 'read' from wr->input, wr->length bytes into
+         * wr->data */
+
+        /* first we compress */
+        if (s->compress != NULL)
+                {
+                if (!ssl3_do_compress(s))
+                        {
+                        SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                {
+                memcpy(wr->data,wr->input,wr->length);
+                wr->input=wr->data;
+                }
+
+        /* we should still have the output to wr->data and the input
+         * from wr->input.  Length should be wr->length.
+         * wr->data still points in the wb->buf */
+
+        if (mac_size != 0)
+                {
+                s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1);
+                wr->length+=mac_size;
+                }
+
+        /* this is true regardless of mac size */
+        wr->input=p;
+        wr->data=p;
+
+
+        /* ssl3_enc can only have an error on read */
+        if (bs) /* bs != 0 in case of CBC */
+                {
+                RAND_pseudo_bytes(p,bs);
+                /* master IV and last CBC residue stand for
+                 * the rest of randomness */
+                wr->length += bs;
+                }
+
+        s->method->ssl3_enc->enc(s,1);
+
+        /* record length after mac and block padding */
+/*      if (type == SSL3_RT_APPLICATION_DATA ||
+        (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
+        
+        /* there's only one epoch between handshake and app data */
+        
+        s2n(s->d1->w_epoch, pseq);
+
+        /* XDTLS: ?? */
+/*      else
+        s2n(s->d1->handshake_epoch, pseq); */
+
+        memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+        pseq+=6;
+        s2n(wr->length,pseq);
+
+        /* we should now have
+         * wr->data pointing to the encrypted data, which is
+         * wr->length long */
+        wr->type=type; /* not needed but helps for debugging */
+        wr->length+=DTLS1_RT_HEADER_LENGTH;
+
+#if 0  /* this is now done at the message layer */
+        /* buffer the record, making it easy to handle retransmits */
+        if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
+                dtls1_buffer_record(s, wr->data, wr->length, 
+                        *((PQ_64BIT *)&(s->s3->write_sequence[0])));
+#endif
+
+        ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
+
+        if (create_empty_fragment)
+                {
+                /* we are in a recursive call;
+                 * just return the length, don't write out anything here
+                 */
+                return wr->length;
+                }
+
+        /* now let's set up wb */
+        wb->left = prefix_len + wr->length;
+        wb->offset = 0;
+
+        /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
+        s->s3->wpend_tot=len;
+        s->s3->wpend_buf=buf;
+        s->s3->wpend_type=type;
+        s->s3->wpend_ret=len;
+
+        /* we now just need to write the buffer */
+        return ssl3_write_pending(s,type,buf,len);
+err:
+        return -1;
+        }
+
+
+
+static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
+        PQ_64BIT *seq_num)
+        {
+#if PQ_64BIT_IS_INTEGER
+        PQ_64BIT mask = 0x0000000000000001L;
+#endif
+        PQ_64BIT rcd_num, tmp;
+
+        pq_64bit_init(&rcd_num);
+        pq_64bit_init(&tmp);
+
+        /* this is the sequence number for the record just read */
+        pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
+
+        
+        if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
+                pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
+                {
+                pq_64bit_assign(seq_num, &rcd_num);
+                pq_64bit_free(&rcd_num);
+                pq_64bit_free(&tmp);
+                return 1;  /* this record is new */
+                }
+
+        pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+
+        if ( pq_64bit_get_word(&tmp) > bitmap->length)
+                {
+                pq_64bit_free(&rcd_num);
+                pq_64bit_free(&tmp);
+                return 0;  /* stale, outside the window */
+                }
+
+#if PQ_64BIT_IS_BIGNUM
+        {
+        int offset;
+        pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+        pq_64bit_sub_word(&tmp, 1);
+        offset = pq_64bit_get_word(&tmp);
+        if ( pq_64bit_is_bit_set(&(bitmap->map), offset))
+                {
+                pq_64bit_free(&rcd_num);
+                pq_64bit_free(&tmp);
+                return 0;
+                }
+        }
+#else
+        mask <<= (bitmap->max_seq_num - rcd_num - 1);
+        if (bitmap->map & mask)
+                return 0; /* record previously received */
+#endif
+        
+        pq_64bit_assign(seq_num, &rcd_num);
+        pq_64bit_free(&rcd_num);
+        pq_64bit_free(&tmp);
+        return 1;
+        }
+
+
+static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+        {
+        unsigned int shift;
+        PQ_64BIT rcd_num;
+        PQ_64BIT tmp;
+        PQ_64BIT_CTX *ctx;
+
+        pq_64bit_init(&rcd_num);
+        pq_64bit_init(&tmp);
+
+        pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
+
+        /* unfortunate code complexity due to 64-bit manipulation support
+         * on 32-bit machines */
+        if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
+                pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
+                {
+                pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num));
+                pq_64bit_add_word(&tmp, 1);
+
+                shift = (unsigned int)pq_64bit_get_word(&tmp);
+
+                pq_64bit_lshift(&(tmp), &(bitmap->map), shift);
+                pq_64bit_assign(&(bitmap->map), &tmp);
+
+                pq_64bit_set_bit(&(bitmap->map), 0);
+                pq_64bit_add_word(&rcd_num, 1);
+                pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
+
+                pq_64bit_assign_word(&tmp, 1);
+                pq_64bit_lshift(&tmp, &tmp, bitmap->length);
+                ctx = pq_64bit_ctx_new(&ctx);
+                pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
+                pq_64bit_ctx_free(ctx);
+                }
+        else
+                {
+                pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+                pq_64bit_sub_word(&tmp, 1);
+                shift = (unsigned int)pq_64bit_get_word(&tmp);
+
+                pq_64bit_set_bit(&(bitmap->map), shift);
+                }
+
+        pq_64bit_free(&rcd_num);
+        pq_64bit_free(&tmp);
+        }
+
+
+int dtls1_dispatch_alert(SSL *s)
+        {
+        int i,j;
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+        unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
+        unsigned char *ptr = &buf[0];
+
+        s->s3->alert_dispatch=0;
+
+        memset(buf, 0x00, sizeof(buf));
+        *ptr++ = s->s3->send_alert[0];
+        *ptr++ = s->s3->send_alert[1];
+
+        if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
+                {       
+                s2n(s->d1->handshake_read_seq, ptr);
+#if 0
+                if ( s->d1->r_msg_hdr.frag_off == 0)  /* waiting for a new msg */
+
+                else
+                        s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
+#endif
+
+#if 0
+                fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
+#endif
+                l2n3(s->d1->r_msg_hdr.frag_off, ptr);
+                }
+
+        i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
+        if (i <= 0)
+                {
+                s->s3->alert_dispatch=1;
+                /* fprintf( stderr, "not done with alert\n" ); */
+                }
+        else
+                {
+                if ( s->s3->send_alert[0] == SSL3_AL_FATAL ||
+                        s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
+                        (void)BIO_flush(s->wbio);
+
+                if (s->msg_callback)
+                        s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 
+                                2, s, s->msg_callback_arg);
+
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+
+                if (cb != NULL)
+                        {
+                        j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
+                        cb(s,SSL_CB_WRITE_ALERT,j);
+                        }
+                }
+        return(i);
+        }
+
+
+static DTLS1_BITMAP *
+dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
+    {
+    
+    *is_next_epoch = 0;
+
+    /* In current epoch, accept HM, CCS, DATA, & ALERT */
+    if (rr->epoch == s->d1->r_epoch)
+        return &s->d1->bitmap;
+
+    /* Only HM and ALERT messages can be from the next epoch */
+    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
+        (rr->type == SSL3_RT_HANDSHAKE ||
+            rr->type == SSL3_RT_ALERT))
+        {
+        *is_next_epoch = 1;
+        return &s->d1->next_bitmap;
+        }
+
+    return NULL;
+    }
+
+#if 0
+static int
+dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
+        unsigned long *offset)
+        {
+
+        /* alerts are passed up immediately */
+        if ( rr->type == SSL3_RT_APPLICATION_DATA ||
+                rr->type == SSL3_RT_ALERT)
+                return 0;
+
+        /* Only need to buffer if a handshake is underway.
+         * (this implies that Hello Request and Client Hello are passed up
+         * immediately) */
+        if ( SSL_in_init(s))
+                {
+                unsigned char *data = rr->data;
+                /* need to extract the HM/CCS sequence number here */
+                if ( rr->type == SSL3_RT_HANDSHAKE ||
+                        rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+                        {
+                        unsigned short seq_num;
+                        struct hm_header_st msg_hdr;
+                        struct ccs_header_st ccs_hdr;
+
+                        if ( rr->type == SSL3_RT_HANDSHAKE)
+                                {
+                                dtls1_get_message_header(data, &msg_hdr);
+                                seq_num = msg_hdr.seq;
+                                *offset = msg_hdr.frag_off;
+                                }
+                        else
+                                {
+                                dtls1_get_ccs_header(data, &ccs_hdr);
+                                seq_num = ccs_hdr.seq;
+                                *offset = 0;
+                                }
+                                
+                        /* this is either a record we're waiting for, or a
+                         * retransmit of something we happened to previously 
+                         * receive (higher layers will drop the repeat silently */
+                        if ( seq_num < s->d1->handshake_read_seq)
+                                return 0;
+                        if (rr->type == SSL3_RT_HANDSHAKE && 
+                                seq_num == s->d1->handshake_read_seq &&
+                                msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
+                                return 0;
+                        else if ( seq_num == s->d1->handshake_read_seq &&
+                                (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
+                                        msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
+                                return 0;
+                        else
+                                {
+                                *priority = seq_num;
+                                return 1;
+                                }
+                        }
+                else /* unknown record type */
+                        return 0;
+                }
+
+        return 0;
+        }
+#endif
+
+void
+dtls1_reset_seq_numbers(SSL *s, int rw)
+        {
+        unsigned char *seq;
+        unsigned int seq_bytes = sizeof(s->s3->read_sequence);
+
+        if ( rw & SSL3_CC_READ)
+                {
+                seq = s->s3->read_sequence;
+                s->d1->r_epoch++;
+
+                pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));
+                s->d1->bitmap.length = s->d1->next_bitmap.length;
+                pq_64bit_assign(&(s->d1->bitmap.max_seq_num), 
+                        &(s->d1->next_bitmap.max_seq_num));
+
+                pq_64bit_free(&(s->d1->next_bitmap.map));
+                pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
+                memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
+                pq_64bit_init(&(s->d1->next_bitmap.map));
+                pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
+                }
+        else
+                {
+                seq = s->s3->write_sequence;
+                s->d1->w_epoch++;
+                }
+
+        memset(seq, 0x00, seq_bytes);
+        }
+
+#if PQ_64BIT_IS_INTEGER
+static PQ_64BIT
+bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
+       {
+       PQ_64BIT _num;
+
+       _num = (((PQ_64BIT)bytes[0]) << 56) |
+               (((PQ_64BIT)bytes[1]) << 48) |
+               (((PQ_64BIT)bytes[2]) << 40) |
+               (((PQ_64BIT)bytes[3]) << 32) |
+               (((PQ_64BIT)bytes[4]) << 24) |
+               (((PQ_64BIT)bytes[5]) << 16) |
+               (((PQ_64BIT)bytes[6]) <<  8) |
+               (((PQ_64BIT)bytes[7])      );
+
+           *num = _num ;
+       return _num;
+       }
+#endif
+
+
+static void
+dtls1_clear_timeouts(SSL *s)
+        {
+        memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
+        }
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
new file mode 100644
index 0000000000..927b01f3c4
--- /dev/null
+++ b/src/lib/libssl/d1_srvr.c
@@ -0,0 +1,1147 @@
+/* ssl/d1_srvr.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+
+static SSL_METHOD *dtls1_get_server_method(int ver);
+static int dtls1_send_hello_verify_request(SSL *s);
+
+static SSL_METHOD *dtls1_get_server_method(int ver)
+        {
+        if (ver == DTLS1_VERSION)
+                return(DTLSv1_server_method());
+        else
+                return(NULL);
+        }
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
+                        dtls1_accept,
+                        ssl_undefined_function,
+                        dtls1_get_server_method)
+
+int dtls1_accept(SSL *s)
+        {
+        BUF_MEM *buf;
+        unsigned long l,Time=(unsigned long)time(NULL);
+        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+        long num1;
+        int ret= -1;
+        int new_state,state,skip=0;
+
+        RAND_add(&Time,sizeof(Time),0);
+        ERR_clear_error();
+        clear_sys_error();
+
+        if (s->info_callback != NULL)
+                cb=s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb=s->ctx->info_callback;
+
+        /* init things to blank */
+        s->in_handshake++;
+        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+
+        if (s->cert == NULL)
+                {
+                SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+                return(-1);
+                }
+
+        for (;;)
+                {
+                state=s->state;
+
+                switch (s->state)
+                        {
+                case SSL_ST_RENEGOTIATE:
+                        s->new_session=1;
+                        /* s->state=SSL_ST_ACCEPT; */
+
+                case SSL_ST_BEFORE:
+                case SSL_ST_ACCEPT:
+                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+                case SSL_ST_OK|SSL_ST_ACCEPT:
+
+                        s->server=1;
+                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+                        if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
+                                {
+                                SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
+                                return -1;
+                                }
+                        s->type=SSL_ST_ACCEPT;
+
+                        if (s->init_buf == NULL)
+                                {
+                                if ((buf=BUF_MEM_new()) == NULL)
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+                                        {
+                                        ret= -1;
+                                        goto end;
+                                        }
+                                s->init_buf=buf;
+                                }
+
+                        if (!ssl3_setup_buffers(s))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+
+                        s->init_num=0;
+
+                        if (s->state != SSL_ST_RENEGOTIATE)
+                                {
+                                /* Ok, we now need to push on a buffering BIO so that
+                                 * the output is sent in a way that TCP likes :-)
+                                 */
+                                if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+
+                                ssl3_init_finished_mac(s);
+                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
+                                s->ctx->stats.sess_accept++;
+                                }
+                        else
+                                {
+                                /* s->state == SSL_ST_RENEGOTIATE,
+                                 * we will just send a HelloRequest */
+                                s->ctx->stats.sess_accept_renegotiate++;
+                                s->state=SSL3_ST_SW_HELLO_REQ_A;
+                                }
+
+            if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
+                s->d1->send_cookie = 1;
+            else
+                s->d1->send_cookie = 0;
+
+                        break;
+
+                case SSL3_ST_SW_HELLO_REQ_A:
+                case SSL3_ST_SW_HELLO_REQ_B:
+
+                        s->shutdown=0;
+                        ret=dtls1_send_hello_request(s);
+                        if (ret <= 0) goto end;
+                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        s->init_num=0;
+
+                        ssl3_init_finished_mac(s);
+                        break;
+
+                case SSL3_ST_SW_HELLO_REQ_C:
+                        s->state=SSL_ST_OK;
+                        break;
+
+                case SSL3_ST_SR_CLNT_HELLO_A:
+                case SSL3_ST_SR_CLNT_HELLO_B:
+                case SSL3_ST_SR_CLNT_HELLO_C:
+
+                        s->shutdown=0;
+                        ret=ssl3_get_client_hello(s);
+                        if (ret <= 0) goto end;
+                        s->new_session = 2;
+
+                        if ( s->d1->send_cookie)
+                                s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
+                        else
+                                s->state = SSL3_ST_SW_SRVR_HELLO_A;
+
+                        s->init_num=0;
+                        break;
+                        
+                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
+                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+
+                        ret = dtls1_send_hello_verify_request(s);
+                        if ( ret <= 0) goto end;
+                        s->d1->send_cookie = 0;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                        /* HelloVerifyRequests resets Finished MAC */
+                        if (s->client_version != DTLS1_BAD_VER)
+                                ssl3_init_finished_mac(s);
+                        break;
+                        
+                case SSL3_ST_SW_SRVR_HELLO_A:
+                case SSL3_ST_SW_SRVR_HELLO_B:
+                        ret=dtls1_send_server_hello(s);
+                        if (ret <= 0) goto end;
+
+                        if (s->hit)
+                                s->state=SSL3_ST_SW_CHANGE_A;
+                        else
+                                s->state=SSL3_ST_SW_CERT_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_CERT_A:
+                case SSL3_ST_SW_CERT_B:
+                        /* Check if it is anon DH */
+                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                                {
+                                ret=dtls1_send_server_certificate(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+                        s->state=SSL3_ST_SW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_KEY_EXCH_A:
+                case SSL3_ST_SW_KEY_EXCH_B:
+                        l=s->s3->tmp.new_cipher->algorithms;
+
+                        /* clear this, it may get reset by
+                         * send_server_key_exchange */
+                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
+#ifndef OPENSSL_NO_KRB5
+                                && !(l & SSL_KRB5)
+#endif /* OPENSSL_NO_KRB5 */
+                                )
+                                /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
+                                 * even when forbidden by protocol specs
+                                 * (handshake may fail as clients are not required to
+                                 * be able to handle this) */
+                                s->s3->tmp.use_rsa_tmp=1;
+                        else
+                                s->s3->tmp.use_rsa_tmp=0;
+
+                        /* only send if a DH key exchange, fortezza or
+                         * RSA but we have a sign only certificate */
+                        if (s->s3->tmp.use_rsa_tmp
+                            || (l & (SSL_DH|SSL_kFZA))
+                            || ((l & SSL_kRSA)
+                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+                                        && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+                                        )
+                                    )
+                                )
+                            )
+                                {
+                                ret=dtls1_send_server_key_exchange(s);
+                                if (ret <= 0) goto end;
+                                }
+                        else
+                                skip=1;
+
+                        s->state=SSL3_ST_SW_CERT_REQ_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_CERT_REQ_A:
+                case SSL3_ST_SW_CERT_REQ_B:
+                        if (/* don't request cert unless asked for it: */
+                                !(s->verify_mode & SSL_VERIFY_PEER) ||
+                                /* if SSL_VERIFY_CLIENT_ONCE is set,
+                                 * don't request cert during re-negotiation: */
+                                ((s->session->peer != NULL) &&
+                                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+                                /* never request cert in anonymous ciphersuites
+                                 * (see section "Certificate request" in SSL 3 drafts
+                                 * and in RFC 2246): */
+                                ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+                                 /* ... except when the application insists on verification
+                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
+                                 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                                 /* never request cert in Kerberos ciphersuites */
+                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
+                                {
+                                /* no cert request */
+                                skip=1;
+                                s->s3->tmp.cert_request=0;
+                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+                                }
+                        else
+                                {
+                                s->s3->tmp.cert_request=1;
+                                ret=dtls1_send_certificate_request(s);
+                                if (ret <= 0) goto end;
+#ifndef NETSCAPE_HANG_BUG
+                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+#else
+                                s->state=SSL3_ST_SW_FLUSH;
+                                s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+#endif
+                                s->init_num=0;
+                                }
+                        break;
+
+                case SSL3_ST_SW_SRVR_DONE_A:
+                case SSL3_ST_SW_SRVR_DONE_B:
+                        ret=dtls1_send_server_done(s);
+                        if (ret <= 0) goto end;
+                        s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        s->init_num=0;
+                        break;
+                
+                case SSL3_ST_SW_FLUSH:
+                        /* number of bytes to be flushed */
+                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (num1 > 0)
+                                {
+                                s->rwstate=SSL_WRITING;
+                                num1=BIO_flush(s->wbio);
+                                if (num1 <= 0) { ret= -1; goto end; }
+                                s->rwstate=SSL_NOTHING;
+                                }
+
+                        s->state=s->s3->tmp.next_state;
+                        break;
+
+                case SSL3_ST_SR_CERT_A:
+                case SSL3_ST_SR_CERT_B:
+                        /* Check for second client hello (MS SGC) */
+                        ret = ssl3_check_client_hello(s);
+                        if (ret <= 0)
+                                goto end;
+                        if (ret == 2)
+                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+                        else {
+                                /* could be sent for a DH cert, even if we
+                                 * have not asked for it :-) */
+                                ret=ssl3_get_client_certificate(s);
+                                if (ret <= 0) goto end;
+                                s->init_num=0;
+                                s->state=SSL3_ST_SR_KEY_EXCH_A;
+                        }
+                        break;
+
+                case SSL3_ST_SR_KEY_EXCH_A:
+                case SSL3_ST_SR_KEY_EXCH_B:
+                        ret=ssl3_get_client_key_exchange(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SR_CERT_VRFY_A;
+                        s->init_num=0;
+
+                        /* We need to get hashes here so if there is
+                         * a client cert, it can be verified */ 
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst1),
+                                &(s->s3->tmp.cert_verify_md[0]));
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                &(s->s3->finish_dgst2),
+                                &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+
+                        break;
+
+                case SSL3_ST_SR_CERT_VRFY_A:
+                case SSL3_ST_SR_CERT_VRFY_B:
+
+                        /* we should decide if we expected this one */
+                        ret=ssl3_get_cert_verify(s);
+                        if (ret <= 0) goto end;
+
+                        s->state=SSL3_ST_SR_FINISHED_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SR_FINISHED_A:
+                case SSL3_ST_SR_FINISHED_B:
+                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+                                SSL3_ST_SR_FINISHED_B);
+                        if (ret <= 0) goto end;
+                        if (s->hit)
+                                s->state=SSL_ST_OK;
+                        else
+                                s->state=SSL3_ST_SW_CHANGE_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_CHANGE_A:
+                case SSL3_ST_SW_CHANGE_B:
+
+                        s->session->cipher=s->s3->tmp.new_cipher;
+                        if (!s->method->ssl3_enc->setup_key_block(s))
+                                { ret= -1; goto end; }
+
+                        ret=dtls1_send_change_cipher_spec(s,
+                                SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
+
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_FINISHED_A;
+                        s->init_num=0;
+
+                        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                SSL3_CHANGE_CIPHER_SERVER_WRITE))
+                                {
+                                ret= -1;
+                                goto end;
+                                }
+
+                        dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+                        break;
+
+                case SSL3_ST_SW_FINISHED_A:
+                case SSL3_ST_SW_FINISHED_B:
+                        ret=dtls1_send_finished(s,
+                                SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
+                                s->method->ssl3_enc->server_finished_label,
+                                s->method->ssl3_enc->server_finished_label_len);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_FLUSH;
+                        if (s->hit)
+                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+                        else
+                                s->s3->tmp.next_state=SSL_ST_OK;
+                        s->init_num=0;
+                        break;
+
+                case SSL_ST_OK:
+                        /* clean a few things up */
+                        ssl3_cleanup_key_block(s);
+
+#if 0
+                        BUF_MEM_free(s->init_buf);
+                        s->init_buf=NULL;
+#endif
+
+                        /* remove buffering on output */
+                        ssl_free_wbio_buffer(s);
+
+                        s->init_num=0;
+
+                        if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
+                                {
+                                /* actually not necessarily a 'new' session unless
+                                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+                                
+                                s->new_session=0;
+                                
+                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+                                
+                                s->ctx->stats.sess_accept_good++;
+                                /* s->server=1; */
+                                s->handshake_func=dtls1_accept;
+
+                                if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                                }
+                        
+                        ret = 1;
+
+                        /* done handshaking, next message is client hello */
+                        s->d1->handshake_read_seq = 0;
+                        /* next message is server hello */
+                        s->d1->handshake_write_seq = 0;
+                        goto end;
+                        /* break; */
+
+                default:
+                        SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
+                        ret= -1;
+                        goto end;
+                        /* break; */
+                        }
+                
+                if (!s->s3->tmp.reuse_message && !skip)
+                        {
+                        if (s->debug)
+                                {
+                                if ((ret=BIO_flush(s->wbio)) <= 0)
+                                        goto end;
+                                }
+
+
+                        if ((cb != NULL) && (s->state != state))
+                                {
+                                new_state=s->state;
+                                s->state=state;
+                                cb(s,SSL_CB_ACCEPT_LOOP,1);
+                                s->state=new_state;
+                                }
+                        }
+                skip=0;
+                }
+end:
+        /* BIO_flush(s->wbio); */
+
+        s->in_handshake--;
+        if (cb != NULL)
+                cb(s,SSL_CB_ACCEPT_EXIT,ret);
+        return(ret);
+        }
+
+int dtls1_send_hello_request(SSL *s)
+        {
+        unsigned char *p;
+
+        if (s->state == SSL3_ST_SW_HELLO_REQ_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+                p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
+
+                s->state=SSL3_ST_SW_HELLO_REQ_B;
+                /* number of bytes to write */
+                s->init_num=DTLS1_HM_HEADER_LENGTH;
+                s->init_off=0;
+
+                /* no need to buffer this message, since there are no retransmit 
+                 * requests for it */
+                }
+
+        /* SSL3_ST_SW_HELLO_REQ_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+int dtls1_send_hello_verify_request(SSL *s)
+        {
+        unsigned int msg_len;
+        unsigned char *msg, *buf, *p;
+
+        if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
+                {
+                buf = (unsigned char *)s->init_buf->data;
+
+                msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+                if (s->client_version == DTLS1_BAD_VER)
+                        *(p++) = DTLS1_BAD_VER>>8,
+                        *(p++) = DTLS1_BAD_VER&0xff;
+                else
+                        *(p++) = s->version >> 8,
+                        *(p++) = s->version & 0xFF;
+
+                if (s->ctx->app_gen_cookie_cb != NULL &&
+                    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+                    &(s->d1->cookie_len)) == 0)
+                        {
+                        SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+                        return 0;
+                        }
+                /* else the cookie is assumed to have 
+                 * been initialized by the application */
+
+                *(p++) = (unsigned char) s->d1->cookie_len;
+                memcpy(p, s->d1->cookie, s->d1->cookie_len);
+                p += s->d1->cookie_len;
+                msg_len = p - msg;
+
+                dtls1_set_message_header(s, buf,
+                        DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
+
+                s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+                /* number of bytes to write */
+                s->init_num=p-buf;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+
+        /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+int dtls1_send_server_hello(SSL *s)
+        {
+        unsigned char *buf;
+        unsigned char *p,*d;
+        int i;
+        unsigned int sl;
+        unsigned long l,Time;
+
+        if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
+                {
+                buf=(unsigned char *)s->init_buf->data;
+                p=s->s3->server_random;
+                Time=(unsigned long)time(NULL);                 /* Time */
+                l2n(Time,p);
+                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+                /* Do the message type and length last */
+                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
+
+                if (s->client_version == DTLS1_BAD_VER)
+                        *(p++)=DTLS1_BAD_VER>>8,
+                        *(p++)=DTLS1_BAD_VER&0xff;
+                else
+                        *(p++)=s->version>>8,
+                        *(p++)=s->version&0xff;
+
+                /* Random stuff */
+                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+
+                /* now in theory we have 3 options to sending back the
+                 * session id.  If it is a re-use, we send back the
+                 * old session-id, if it is a new session, we send
+                 * back the new session-id or we send back a 0 length
+                 * session-id if we want it to be single use.
+                 * Currently I will not implement the '0' length session-id
+                 * 12-Jan-98 - I'll now support the '0' length stuff.
+                 */
+                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+                        s->session->session_id_length=0;
+
+                sl=s->session->session_id_length;
+                if (sl > sizeof s->session->session_id)
+                        {
+                        SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
+                *(p++)=sl;
+                memcpy(p,s->session->session_id,sl);
+                p+=sl;
+
+                /* put the cipher */
+                i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
+                p+=i;
+
+                /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+                *(p++)=0;
+#else
+                if (s->s3->tmp.new_compression == NULL)
+                        *(p++)=0;
+                else
+                        *(p++)=s->s3->tmp.new_compression->id;
+#endif
+
+                /* do the header */
+                l=(p-d);
+                d=buf;
+
+                d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
+
+                s->state=SSL3_ST_CW_CLNT_HELLO_B;
+                /* number of bytes to write */
+                s->init_num=p-buf;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+int dtls1_send_server_done(SSL *s)
+        {
+        unsigned char *p;
+
+        if (s->state == SSL3_ST_SW_SRVR_DONE_A)
+                {
+                p=(unsigned char *)s->init_buf->data;
+
+                /* do the header */
+                p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
+
+                s->state=SSL3_ST_SW_SRVR_DONE_B;
+                /* number of bytes to write */
+                s->init_num=DTLS1_HM_HEADER_LENGTH;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+
+        /* SSL3_ST_CW_CLNT_HELLO_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+int dtls1_send_server_key_exchange(SSL *s)
+        {
+#ifndef OPENSSL_NO_RSA
+        unsigned char *q;
+        int j,num;
+        RSA *rsa;
+        unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        unsigned int u;
+#endif
+#ifndef OPENSSL_NO_DH
+        DH *dh=NULL,*dhp;
+#endif
+        EVP_PKEY *pkey;
+        unsigned char *p,*d;
+        int al,i;
+        unsigned long type;
+        int n;
+        CERT *cert;
+        BIGNUM *r[4];
+        int nr[4],kn;
+        BUF_MEM *buf;
+        EVP_MD_CTX md_ctx;
+
+        EVP_MD_CTX_init(&md_ctx);
+        if (s->state == SSL3_ST_SW_KEY_EXCH_A)
+                {
+                type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
+                cert=s->cert;
+
+                buf=s->init_buf;
+
+                r[0]=r[1]=r[2]=r[3]=NULL;
+                n=0;
+#ifndef OPENSSL_NO_RSA
+                if (type & SSL_kRSA)
+                        {
+                        rsa=cert->rsa_tmp;
+                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
+                                {
+                                rsa=s->cert->rsa_tmp_cb(s,
+                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                                if(rsa == NULL)
+                                {
+                                        al=SSL_AD_HANDSHAKE_FAILURE;
+                                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                                        goto f_err;
+                                }
+                                RSA_up_ref(rsa);
+                                cert->rsa_tmp=rsa;
+                                }
+                        if (rsa == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
+                                goto f_err;
+                                }
+                        r[0]=rsa->n;
+                        r[1]=rsa->e;
+                        s->s3->tmp.use_rsa_tmp=1;
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DH
+                        if (type & SSL_kEDH)
+                        {
+                        dhp=cert->dh_tmp;
+                        if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+                                dhp=s->cert->dh_tmp_cb(s,
+                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                        if (dhp == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+                                goto f_err;
+                                }
+
+                        if (s->s3->tmp.dh != NULL)
+                                {
+                                DH_free(dh);
+                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+
+                        if ((dh=DHparams_dup(dhp)) == NULL)
+                                {
+                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                goto err;
+                                }
+
+                        s->s3->tmp.dh=dh;
+                        if ((dhp->pub_key == NULL ||
+                             dhp->priv_key == NULL ||
+                             (s->options & SSL_OP_SINGLE_DH_USE)))
+                                {
+                                if(!DH_generate_key(dh))
+                                    {
+                                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                                           ERR_R_DH_LIB);
+                                    goto err;
+                                    }
+                                }
+                        else
+                                {
+                                dh->pub_key=BN_dup(dhp->pub_key);
+                                dh->priv_key=BN_dup(dhp->priv_key);
+                                if ((dh->pub_key == NULL) ||
+                                        (dh->priv_key == NULL))
+                                        {
+                                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                        goto err;
+                                        }
+                                }
+                        r[0]=dh->p;
+                        r[1]=dh->g;
+                        r[2]=dh->pub_key;
+                        }
+                else 
+#endif
+                        {
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+                        goto f_err;
+                        }
+                for (i=0; r[i] != NULL; i++)
+                        {
+                        nr[i]=BN_num_bytes(r[i]);
+                        n+=2+nr[i];
+                        }
+
+                if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                        {
+                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+                                == NULL)
+                                {
+                                al=SSL_AD_DECODE_ERROR;
+                                goto f_err;
+                                }
+                        kn=EVP_PKEY_size(pkey);
+                        }
+                else
+                        {
+                        pkey=NULL;
+                        kn=0;
+                        }
+
+                if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
+                        {
+                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
+                        goto err;
+                        }
+                d=(unsigned char *)s->init_buf->data;
+                p= &(d[DTLS1_HM_HEADER_LENGTH]);
+
+                for (i=0; r[i] != NULL; i++)
+                        {
+                        s2n(nr[i],p);
+                        BN_bn2bin(r[i],p);
+                        p+=nr[i];
+                        }
+
+                /* not anonymous */
+                if (pkey != NULL)
+                        {
+                        /* n is the length of the params, they start at
+                         * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
+                         * at the end. */
+#ifndef OPENSSL_NO_RSA
+                        if (pkey->type == EVP_PKEY_RSA)
+                                {
+                                q=md_buf;
+                                j=0;
+                                for (num=2; num > 0; num--)
+                                        {
+                                        EVP_DigestInit_ex(&md_ctx,(num == 2)
+                                                ?s->ctx->md5:s->ctx->sha1, NULL);
+                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                        EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                        EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
+                                        EVP_DigestFinal_ex(&md_ctx,q,
+                                                (unsigned int *)&i);
+                                        q+=i;
+                                        j+=i;
+                                        }
+                                if (RSA_sign(NID_md5_sha1, md_buf, j,
+                                        &(p[2]), &u, pkey->pkey.rsa) <= 0)
+                                        {
+                                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
+                                        goto err;
+                                        }
+                                s2n(u,p);
+                                n+=u+2;
+                                }
+                        else
+#endif
+#if !defined(OPENSSL_NO_DSA)
+                                if (pkey->type == EVP_PKEY_DSA)
+                                {
+                                /* lets do DSS */
+                                EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
+                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
+                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
+                                        (unsigned int *)&i,pkey))
+                                        {
+                                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+                                        goto err;
+                                        }
+                                s2n(i,p);
+                                n+=i+2;
+                                }
+                        else
+#endif
+                                {
+                                /* Is this error check actually needed? */
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
+                                goto f_err;
+                                }
+                        }
+
+                d = dtls1_set_message_header(s, d,
+                        SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
+
+                /* we should now have things packed up, so lets send
+                 * it off */
+                s->init_num=n+DTLS1_HM_HEADER_LENGTH;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+
+        s->state = SSL3_ST_SW_KEY_EXCH_B;
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return(-1);
+        }
+
+int dtls1_send_certificate_request(SSL *s)
+        {
+        unsigned char *p,*d;
+        int i,j,nl,off,n;
+        STACK_OF(X509_NAME) *sk=NULL;
+        X509_NAME *name;
+        BUF_MEM *buf;
+        unsigned int msg_len;
+
+        if (s->state == SSL3_ST_SW_CERT_REQ_A)
+                {
+                buf=s->init_buf;
+
+                d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
+
+                /* get the list of acceptable cert types */
+                p++;
+                n=ssl3_get_req_cert_type(s,p);
+                d[0]=n;
+                p+=n;
+                n++;
+
+                off=n;
+                p+=2;
+                n+=2;
+
+                sk=SSL_get_client_CA_list(s);
+                nl=0;
+                if (sk != NULL)
+                        {
+                        for (i=0; i<sk_X509_NAME_num(sk); i++)
+                                {
+                                name=sk_X509_NAME_value(sk,i);
+                                j=i2d_X509_NAME(name,NULL);
+                                if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
+                                        {
+                                        SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+                                        goto err;
+                                        }
+                                p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
+                                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+                                        {
+                                        s2n(j,p);
+                                        i2d_X509_NAME(name,&p);
+                                        n+=2+j;
+                                        nl+=2+j;
+                                        }
+                                else
+                                        {
+                                        d=p;
+                                        i2d_X509_NAME(name,&p);
+                                        j-=2; s2n(j,d); j+=2;
+                                        n+=j;
+                                        nl+=j;
+                                        }
+                                }
+                        }
+                /* else no CA names */
+                p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
+                s2n(nl,p);
+
+                d=(unsigned char *)buf->data;
+                *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
+                l2n3(n,d);
+                s2n(s->d1->handshake_write_seq,d);
+                s->d1->handshake_write_seq++;
+
+                /* we should now have things packed up, so lets send
+                 * it off */
+
+                s->init_num=n+DTLS1_HM_HEADER_LENGTH;
+                s->init_off=0;
+#ifdef NETSCAPE_HANG_BUG
+/* XXX: what to do about this? */
+                p=(unsigned char *)s->init_buf->data + s->init_num;
+
+                /* do the header */
+                *(p++)=SSL3_MT_SERVER_DONE;
+                *(p++)=0;
+                *(p++)=0;
+                *(p++)=0;
+                s->init_num += 4;
+#endif
+
+                /* XDTLS:  set message header ? */
+                msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+                dtls1_set_message_header(s, (void *)s->init_buf->data,
+                        SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+
+                s->state = SSL3_ST_SW_CERT_REQ_B;
+                }
+
+        /* SSL3_ST_SW_CERT_REQ_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+        return(-1);
+        }
+
+int dtls1_send_server_certificate(SSL *s)
+        {
+        unsigned long l;
+        X509 *x;
+
+        if (s->state == SSL3_ST_SW_CERT_A)
+                {
+                x=ssl_get_server_send_cert(s);
+                if (x == NULL &&
+                        /* VRS: allow null cert if auth == KRB5 */
+                        (s->s3->tmp.new_cipher->algorithms
+                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                        != (SSL_aKRB5|SSL_kKRB5))
+                        {
+                        SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                        return(0);
+                        }
+
+                l=dtls1_output_cert_chain(s,x);
+                s->state=SSL3_ST_SW_CERT_B;
+                s->init_num=(int)l;
+                s->init_off=0;
+
+                /* buffer the message to handle re-xmits */
+                dtls1_buffer_message(s, 0);
+                }
+
+        /* SSL3_ST_SW_CERT_B */
+        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+        }
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
index 4c1d595b0a..9e59020c17 100644
--- a/src/lib/libssl/doc/openssl.cnf
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -44,8 +44,8 @@ new_certs_dir	= $dir/newcerts		# default place for new certs.
 
 certificate     = $dir/cacert.pem       # The CA certificate
 serial          = $dir/serial           # The current serial number
-#crlnumber      = $dir/crlnumber        # the current crl number must be
-                                        # commented out to leave a V1 CRL
+crlnumber       = $dir/crlnumber        # the current crl number
+                                        # must be commented out to leave a V1 CRL
 crl             = $dir/crl.pem          # The current CRL
 private_key     = $dir/private/cakey.pem# The private key
 RANDFILE        = $dir/private/.rand    # private random number file
@@ -67,7 +67,7 @@ cert_opt 	= ca_default		# Certificate field options
 
 default_days    = 365                   # how long to certify for
 default_crl_days= 30                    # how long before next CRL
-default_md      = md5                   # which md to use.
+default_md      = sha1                  # which md to use.
 preserve        = no                    # keep passed DN ordering
 
 # A few difference way of specifying how similar the request should look
@@ -188,7 +188,7 @@ nsComment			= "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 432a17b66c..f8817b0a71 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to
 use is defined by the extension code itself: check out the certificate
 policies extension for an example.
 
-In addition it is also possible to use the word DER to include arbitrary
-data in any extension.
+There are two ways to encode arbitrary extensions.
+
+The first way is to use the word ASN1 followed by the extension content
+using the same syntax as ASN1_generate_nconf(). For example:
+
+1.2.3.4=critical,ASN1:UTF8String:Some random data
+
+1.2.3.4=ASN1:SEQUENCE:seq_sect
+
+[seq_sect]
+
+field1 = UTF8:field1
+field2 = UTF8:field2
+
+It is also possible to use the word DER to include arbitrary data in any
+extension.
 
 1.2.3.4=critical,DER:01:02:03:04
 1.2.3.4=DER:01020304
@@ -336,16 +350,21 @@ Subject Alternative Name.
 The subject alternative name extension allows various literal values to be
 included in the configuration file. These include "email" (an email address)
 "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
-registered ID: OBJECT IDENTIFIER) and IP (and IP address).
+registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
 
 Also the email option include a special 'copy' value. This will automatically
 include and email addresses contained in the certificate subject name in
 the extension.
 
+otherName can include arbitrary data associated with an OID: the value
+should be the OID followed by a semicolon and the content in standard
+ASN1_generate_nconf() format.
+
 Examples:
 
 subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
 
 Issuer Alternative Name.
 
@@ -759,7 +778,7 @@ called.
 
 The X509V3_EXT_METHOD structure is described below.
 
-strut {
+struct {
 int ext_nid;
 int ext_flags;
 X509V3_EXT_NEW ext_new;
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
index f6675b574b..a5ce778f8e 100644
--- a/src/lib/libssl/doc/standards.txt
+++ b/src/lib/libssl/doc/standards.txt
@@ -88,10 +88,26 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
      (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
      INFORMATIONAL)                                         
 
+3713 A Description of the Camellia Encryption Algorithm. M. Matsui,
+     J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
+     (Status: INFORMATIONAL)
+
 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
      Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
      June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
 
+4132 Addition of Camellia Cipher Suites to Transport Layer Security
+     (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
+     bytes) (Status: PROPOSED STANDARD)
+
+4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
+     H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
+     (Status: PROPOSED STANDARD)
+
+4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
+     D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
+     (Obsoletes RFC4009) (Status: INFORMATIONAL)
+
 
 Related:
 --------
@@ -250,7 +266,11 @@ STARTTLS documents.
      Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
      (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
 
-  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
+3657 Use of the Camellia Encryption Algorithm in Cryptographic 
+     Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
+     (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
+
+"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
  
 
 To be implemented:
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
new file mode 100644
index 0000000000..a663cf85f2
--- /dev/null
+++ b/src/lib/libssl/dtls1.h
@@ -0,0 +1,211 @@
+/* ssl/dtls1.h */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DTLS1_H 
+#define HEADER_DTLS1_H 
+
+#include <openssl/buffer.h>
+#include <openssl/pqueue.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define DTLS1_VERSION                   0xFEFF
+#define DTLS1_BAD_VER                   0x0100
+
+#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
+
+/* lengths of messages */
+#define DTLS1_COOKIE_LENGTH                     32
+
+#define DTLS1_RT_HEADER_LENGTH                  13
+
+#define DTLS1_HM_HEADER_LENGTH                  12
+
+#define DTLS1_HM_BAD_FRAGMENT                   -2
+#define DTLS1_HM_FRAGMENT_RETRY                 -3
+
+#define DTLS1_CCS_HEADER_LENGTH                  1
+
+#define DTLS1_AL_HEADER_LENGTH                   7
+
+
+typedef struct dtls1_bitmap_st
+        {
+        PQ_64BIT map;
+        unsigned long length;     /* sizeof the bitmap in bits */
+        PQ_64BIT max_seq_num;  /* max record number seen so far */
+        } DTLS1_BITMAP;
+
+struct hm_header_st
+        {
+        unsigned char type;
+        unsigned long msg_len;
+        unsigned short seq;
+        unsigned long frag_off;
+        unsigned long frag_len;
+        unsigned int is_ccs;
+        };
+
+struct ccs_header_st
+        {
+        unsigned char type;
+        unsigned short seq;
+        };
+
+struct dtls1_timeout_st
+        {
+        /* Number of read timeouts so far */
+        unsigned int read_timeouts;
+        
+        /* Number of write timeouts so far */
+        unsigned int write_timeouts;
+        
+        /* Number of alerts received so far */
+        unsigned int num_alerts;
+        };
+
+typedef struct record_pqueue_st
+        {
+        unsigned short epoch;
+        pqueue q;
+        } record_pqueue;
+
+typedef struct hm_fragment_st
+        {
+        struct hm_header_st msg_header;
+        unsigned char *fragment;
+        } hm_fragment;
+
+typedef struct dtls1_state_st
+        {
+        unsigned int send_cookie;
+        unsigned char cookie[DTLS1_COOKIE_LENGTH];
+        unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
+        unsigned int cookie_len;
+
+        /* 
+         * The current data and handshake epoch.  This is initially
+         * undefined, and starts at zero once the initial handshake is
+         * completed 
+         */
+        unsigned short r_epoch;
+        unsigned short w_epoch;
+
+        /* records being received in the current epoch */
+        DTLS1_BITMAP bitmap;
+
+        /* renegotiation starts a new set of sequence numbers */
+        DTLS1_BITMAP next_bitmap;
+
+        /* handshake message numbers */
+        unsigned short handshake_write_seq;
+        unsigned short next_handshake_write_seq;
+
+        unsigned short handshake_read_seq;
+
+        /* Received handshake records (processed and unprocessed) */
+        record_pqueue unprocessed_rcds;
+        record_pqueue processed_rcds;
+
+        /* Buffered handshake messages */
+        pqueue buffered_messages;
+
+        /* Buffered (sent) handshake records */
+        pqueue sent_messages;
+
+        unsigned int mtu; /* max wire packet size */
+
+        struct hm_header_st w_msg_hdr;
+        struct hm_header_st r_msg_hdr;
+
+        struct dtls1_timeout_st timeout;
+        
+        /* storage for Alert/Handshake protocol data received but not
+         * yet processed by ssl3_read_bytes: */
+        unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
+        unsigned int alert_fragment_len;
+        unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
+        unsigned int handshake_fragment_len;
+
+        unsigned int retransmitting;
+
+        } DTLS1_STATE;
+
+typedef struct dtls1_record_data_st
+        {
+        unsigned char *packet;
+        unsigned int   packet_length;
+        SSL3_BUFFER    rbuf;
+        SSL3_RECORD    rrec;
+        } DTLS1_RECORD_DATA;
+
+
+/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
+#define DTLS1_TMO_READ_COUNT                      2
+#define DTLS1_TMO_WRITE_COUNT                     2
+
+#define DTLS1_TMO_ALERT_COUNT                     12
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 86356731ea..c45a8e0a04 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver)
                 return(NULL);
         }
 
-SSL_METHOD *SSLv23_client_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv23_client_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv23_client_data,
-                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                        SSLv23_client_data.ssl_connect=ssl23_connect;
-                        SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv23_client_data);
-        }
+IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
+                        ssl_undefined_function,
+                        ssl23_connect,
+                        ssl23_get_client_method)
 
 int ssl23_connect(SSL *s)
         {
@@ -241,6 +223,17 @@ static int ssl23_client_hello(SSL *s)
                 {
                 version = SSL2_VERSION;
                 }
+#ifndef OPENSSL_NO_TLSEXT 
+        if (version != SSL2_VERSION)
+                {
+                /* have to disable SSL 2.0 compatibility if we need TLS extensions */
+
+                if (s->tlsext_hostname != NULL)
+                        ssl2_compat = 0;
+                if (s->tlsext_status_type != -1)
+                        ssl2_compat = 0;
+                }
+#endif
 
         buf=(unsigned char *)s->init_buf->data;
         if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@@ -254,7 +247,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
                 p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
+                Time=(unsigned long)time(NULL);         /* Time */
                 l2n(Time,p);
                 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
                         return -1;
@@ -264,14 +257,6 @@ static int ssl23_client_hello(SSL *s)
                         version_major = TLS1_VERSION_MAJOR;
                         version_minor = TLS1_VERSION_MINOR;
                         }
-#ifdef OPENSSL_FIPS
-                else if(FIPS_mode())
-                        {
-                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                        return -1;
-                        }
-#endif
                 else if (version == SSL3_VERSION)
                         {
                         version_major = SSL3_VERSION_MAJOR;
@@ -386,6 +371,13 @@ static int ssl23_client_hello(SSL *s)
                                 *(p++)=comp->id;
                                 }
                         *(p++)=0; /* Add the NULL method */
+#ifndef OPENSSL_NO_TLSEXT
+                        if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+                                return -1;
+                                }
+#endif
                         
                         l = p-d;
                         *p = 42;
@@ -544,14 +536,6 @@ static int ssl23_get_server_hello(SSL *s)
                 if ((p[2] == SSL3_VERSION_MINOR) &&
                         !(s->options & SSL_OP_NO_SSLv3))
                         {
-#ifdef OPENSSL_FIPS
-                        if(FIPS_mode())
-                                {
-                                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                                goto err;
-                                }
-#endif
                         s->version=SSL3_VERSION;
                         s->method=SSLv3_client_method();
                         }
@@ -608,7 +592,6 @@ static int ssl23_get_server_hello(SSL *s)
         if (!ssl_get_new_session(s,0))
                 goto err;
 
-        s->first_packet=1;
         return(SSL_connect(s));
 err:
         return(-1);
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
index 8d7dbcf569..fc2981308d 100644
--- a/src/lib/libssl/s23_lib.c
+++ b/src/lib/libssl/s23_lib.c
@@ -60,55 +60,17 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static int ssl23_num_ciphers(void );
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-static int ssl23_read(SSL *s, void *buf, int len);
-static int ssl23_peek(SSL *s, void *buf, int len);
-static int ssl23_write(SSL *s, const void *buf, int len);
-static long ssl23_default_timeout(void );
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
-
-static SSL_METHOD SSLv23_data= {
-        TLS1_VERSION,
-        tls1_new,
-        tls1_clear,
-        tls1_free,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl23_read,
-        ssl23_peek,
-        ssl23_write,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl_ok,
-        ssl3_ctrl,
-        ssl3_ctx_ctrl,
-        ssl23_get_cipher_by_char,
-        ssl23_put_cipher_by_char,
-        ssl_undefined_const_function,
-        ssl23_num_ciphers,
-        ssl23_get_cipher,
-        ssl_bad_method,
-        ssl23_default_timeout,
-        &ssl3_undef_enc_method,
-        ssl_undefined_function,
-        ssl3_callback_ctrl,
-        ssl3_ctx_callback_ctrl,
-        };
-
-static long ssl23_default_timeout(void)
+long ssl23_default_timeout(void)
         {
         return(300);
         }
 
-SSL_METHOD *sslv23_base_method(void)
-        {
-        return(&SSLv23_data);
-        }
+IMPLEMENT_ssl23_meth_func(sslv23_base_method,
+                        ssl_undefined_function,
+                        ssl_undefined_function,
+                        ssl_bad_method)
 
-static int ssl23_num_ciphers(void)
+int ssl23_num_ciphers(void)
         {
         return(ssl3_num_ciphers()
 #ifndef OPENSSL_NO_SSL2
@@ -117,7 +79,7 @@ static int ssl23_num_ciphers(void)
             );
         }
 
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+SSL_CIPHER *ssl23_get_cipher(unsigned int u)
         {
         unsigned int uu=ssl3_num_ciphers();
 
@@ -133,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 
 /* This function needs to check if the ciphers required are actually
  * available */
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
         {
         SSL_CIPHER c,*cp;
         unsigned long id;
@@ -151,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
         return(cp);
         }
 
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
         {
         long l;
 
@@ -166,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
         return(3);
         }
 
-static int ssl23_read(SSL *s, void *buf, int len)
+int ssl23_read(SSL *s, void *buf, int len)
         {
         int n;
 
@@ -189,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len)
                 }
         }
 
-static int ssl23_peek(SSL *s, void *buf, int len)
+int ssl23_peek(SSL *s, void *buf, int len)
         {
         int n;
 
@@ -212,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len)
                 }
         }
 
-static int ssl23_write(SSL *s, const void *buf, int len)
+int ssl23_write(SSL *s, const void *buf, int len)
         {
         int n;
 
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index b73abc448f..6637bb9549 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -132,28 +132,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver)
                 return(NULL);
         }
 
-SSL_METHOD *SSLv23_server_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv23_server_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv23_server_data,
-                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                        SSLv23_server_data.ssl_accept=ssl23_accept;
-                        SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv23_server_data);
-        }
+IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
+                        ssl23_accept,
+                        ssl_undefined_function,
+                        ssl23_get_server_method)
 
 int ssl23_accept(SSL *s)
         {
@@ -404,15 +386,6 @@ int ssl23_get_client_hello(SSL *s)
                         }
                 }
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (s->version < TLS1_VERSION))
-                {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                goto err;
-                }
-#endif
-
         if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                 {
                 /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -592,7 +565,6 @@ int ssl23_get_client_hello(SSL *s)
         s->init_num=0;
 
         if (buf != buf_space) OPENSSL_free(buf);
-        s->first_packet=1;
         return(SSL_accept(s));
 err:
         if (buf != buf_space) OPENSSL_free(buf);
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 64d317b7ac..2ecfbb77cb 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -108,6 +108,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <limits.h>
 #include <string.h>
@@ -192,7 +197,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
          * change cipher spec message and is in s->s3->tmp.peer_finish_md
          */ 
 
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 a,
                 b,
                 SSL3_MT_FINISHED,
@@ -386,8 +391,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                         {
                         while (s->init_num < 4)
                                 {
-                                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
-                                        4 - s->init_num, 0);
+                                i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                                        &p[s->init_num],4 - s->init_num, 0);
                                 if (i <= 0)
                                         {
                                         s->rwstate=SSL_READING;
@@ -467,7 +472,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         n = s->s3->tmp.message_size - s->init_num;
         while (n > 0)
                 {
-                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
+                i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
                 if (i <= 0)
                         {
                         s->rwstate=SSL_READING;
@@ -492,7 +497,7 @@ err:
 int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
         {
         EVP_PKEY *pk;
-        int ret= -1,i,j;
+        int ret= -1,i;
 
         if (pkey == NULL)
                 pk=X509_get_pubkey(x);
@@ -504,35 +509,17 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
         if (i == EVP_PKEY_RSA)
                 {
                 ret=SSL_PKEY_RSA_ENC;
-                if (x != NULL)
-                        {
-                        j=X509_get_ext_count(x);
-                        /* check to see if this is a signing only certificate */
-                        /* EAY EAY EAY EAY */
-                        }
                 }
         else if (i == EVP_PKEY_DSA)
                 {
                 ret=SSL_PKEY_DSA_SIGN;
                 }
-        else if (i == EVP_PKEY_DH)
+#ifndef OPENSSL_NO_EC
+        else if (i == EVP_PKEY_EC)
                 {
-                /* if we just have a key, we needs to be guess */
-
-                if (x == NULL)
-                        ret=SSL_PKEY_DH_DSA;
-                else
-                        {
-                        j=X509_get_signature_type(x);
-                        if (j == EVP_PKEY_RSA)
-                                ret=SSL_PKEY_DH_RSA;
-                        else if (j== EVP_PKEY_DSA)
-                                ret=SSL_PKEY_DH_DSA;
-                        else ret= -1;
-                        }
+                ret = SSL_PKEY_ECC;
                 }
-        else
-                ret= -1;
+#endif
 
 err:
         if(!pkey) EVP_PKEY_free(pk);
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 05194fdb31..f6864cdc50 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -108,6 +108,19 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -117,20 +130,22 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include <openssl/fips.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
-static int ssl3_client_hello(SSL *s);
-static int ssl3_get_server_hello(SSL *s);
-static int ssl3_get_certificate_request(SSL *s);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-static int ssl3_get_server_done(SSL *s);
-static int ssl3_send_client_verify(SSL *s);
-static int ssl3_send_client_certificate(SSL *s);
-static int ssl3_send_client_key_exchange(SSL *s);
-static int ssl3_get_key_exchange(SSL *s);
-static int ssl3_get_server_certificate(SSL *s);
-static int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_TLSEXT
+static int ssl3_check_finished(SSL *s);
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+static int curve_id2nid(int curve_id);
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+#endif
+
 static SSL_METHOD *ssl3_get_client_method(int ver)
         {
         if (ver == SSL3_VERSION)
@@ -139,28 +154,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver)
                 return(NULL);
         }
 
-SSL_METHOD *SSLv3_client_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv3_client_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
-                                sizeof(SSL_METHOD));
-                        SSLv3_client_data.ssl_connect=ssl3_connect;
-                        SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv3_client_data);
-        }
+IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
+                        ssl_undefined_function,
+                        ssl3_connect,
+                        ssl3_get_client_method)
 
 int ssl3_connect(SSL *s)
         {
@@ -270,15 +267,43 @@ int ssl3_connect(SSL *s)
 
                 case SSL3_ST_CR_CERT_A:
                 case SSL3_ST_CR_CERT_B:
-                        /* Check if it is anon DH */
+#ifndef OPENSSL_NO_TLSEXT
+                        ret=ssl3_check_finished(s);
+                        if (ret <= 0) goto end;
+                        if (ret == 2)
+                                {
+                                s->hit = 1;
+                                if (s->tlsext_ticket_expected)
+                                        s->state=SSL3_ST_CR_SESSION_TICKET_A;
+                                else
+                                        s->state=SSL3_ST_CR_FINISHED_A;
+                                s->init_num=0;
+                                break;
+                                }
+#endif
+                        /* Check if it is anon DH/ECDH */
                         if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
                                 {
                                 ret=ssl3_get_server_certificate(s);
                                 if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+                                if (s->tlsext_status_expected)
+                                        s->state=SSL3_ST_CR_CERT_STATUS_A;
+                                else
+                                        s->state=SSL3_ST_CR_KEY_EXCH_A;
+                                }
+                        else
+                                {
+                                skip = 1;
+                                s->state=SSL3_ST_CR_KEY_EXCH_A;
+                                }
+#else
                                 }
                         else
                                 skip=1;
+
                         s->state=SSL3_ST_CR_KEY_EXCH_A;
+#endif
                         s->init_num=0;
                         break;
 
@@ -337,6 +362,13 @@ int ssl3_connect(SSL *s)
                          * sent back */
                         /* For TLS, cert_req is set to 2, so a cert chain
                          * of nothing is sent, but no verify packet is sent */
+                        /* XXX: For now, we do not support client 
+                         * authentication in ECDH cipher suites with
+                         * ECDH (rather than ECDSA) certificates.
+                         * We need to skip the certificate verify 
+                         * message when client's ECDH public key is sent 
+                         * inside the client certificate.
+                         */
                         if (s->s3->tmp.cert_req == 1)
                                 {
                                 s->state=SSL3_ST_CW_CERT_VRFY_A;
@@ -368,11 +400,15 @@ int ssl3_connect(SSL *s)
                         s->init_num=0;
 
                         s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+                        s->session->compress_meth=0;
+#else
                         if (s->s3->tmp.new_compression == NULL)
                                 s->session->compress_meth=0;
                         else
                                 s->session->compress_meth=
                                         s->s3->tmp.new_compression->id;
+#endif
                         if (!s->method->ssl3_enc->setup_key_block(s))
                                 {
                                 ret= -1;
@@ -411,11 +447,36 @@ int ssl3_connect(SSL *s)
                                 }
                         else
                                 {
+#ifndef OPENSSL_NO_TLSEXT
+                                /* Allow NewSessionTicket if ticket expected */
+                                if (s->tlsext_ticket_expected)
+                                        s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
+                                else
+#endif
+                                
                                 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
                                 }
                         s->init_num=0;
                         break;
 
+#ifndef OPENSSL_NO_TLSEXT
+                case SSL3_ST_CR_SESSION_TICKET_A:
+                case SSL3_ST_CR_SESSION_TICKET_B:
+                        ret=ssl3_get_new_session_ticket(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_FINISHED_A;
+                        s->init_num=0;
+                break;
+
+                case SSL3_ST_CR_CERT_STATUS_A:
+                case SSL3_ST_CR_CERT_STATUS_B:
+                        ret=ssl3_get_cert_status(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_CR_KEY_EXCH_A;
+                        s->init_num=0;
+                break;
+#endif
+
                 case SSL3_ST_CR_FINISHED_A:
                 case SSL3_ST_CR_FINISHED_B:
 
@@ -512,13 +573,16 @@ end:
         }
 
 
-static int ssl3_client_hello(SSL *s)
+int ssl3_client_hello(SSL *s)
         {
         unsigned char *buf;
         unsigned char *p,*d;
-        int i,j;
+        int i;
         unsigned long Time,l;
+#ifndef OPENSSL_NO_COMP
+        int j;
         SSL_COMP *comp;
+#endif
 
         buf=(unsigned char *)s->init_buf->data;
         if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -535,8 +599,8 @@ static int ssl3_client_hello(SSL *s)
                 p=s->s3->client_random;
                 Time=(unsigned long)time(NULL);                 /* Time */
                 l2n(Time,p);
-                if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
-                    goto err;
+                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                        goto err;
 
                 /* Do the message type and length last */
                 d=p= &(buf[4]);
@@ -557,7 +621,7 @@ static int ssl3_client_hello(SSL *s)
                 *(p++)=i;
                 if (i != 0)
                         {
-                        if (i > sizeof s->session->session_id)
+                        if (i > (int)sizeof(s->session->session_id))
                                 {
                                 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                                 goto err;
@@ -577,6 +641,9 @@ static int ssl3_client_hello(SSL *s)
                 p+=i;
 
                 /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+                *(p++)=1;
+#else
                 if (s->ctx->comp_methods == NULL)
                         j=0;
                 else
@@ -587,8 +654,15 @@ static int ssl3_client_hello(SSL *s)
                         comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
                         *(p++)=comp->id;
                         }
+#endif
                 *(p++)=0; /* Add the NULL method */
-                
+#ifndef OPENSSL_NO_TLSEXT
+                if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+#endif          
                 l=(p-d);
                 d=buf;
                 *(d++)=SSL3_MT_CLIENT_HELLO;
@@ -606,7 +680,7 @@ err:
         return(-1);
         }
 
-static int ssl3_get_server_hello(SSL *s)
+int ssl3_get_server_hello(SSL *s)
         {
         STACK_OF(SSL_CIPHER) *sk;
         SSL_CIPHER *c;
@@ -614,16 +688,44 @@ static int ssl3_get_server_hello(SSL *s)
         int i,al,ok;
         unsigned int j;
         long n;
+#ifndef OPENSSL_NO_COMP
         SSL_COMP *comp;
+#endif
 
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_CR_SRVR_HELLO_A,
                 SSL3_ST_CR_SRVR_HELLO_B,
-                SSL3_MT_SERVER_HELLO,
-                300, /* ?? */
+                -1,
+                20000, /* ?? */
                 &ok);
 
         if (!ok) return((int)n);
+
+        if ( SSL_version(s) == DTLS1_VERSION)
+                {
+                if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
+                        {
+                        if ( s->d1->send_cookie == 0)
+                                {
+                                s->s3->tmp.reuse_message = 1;
+                                return 1;
+                                }
+                        else /* already sent a cookie */
+                                {
+                                al=SSL_AD_UNEXPECTED_MESSAGE;
+                                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
+                                goto f_err;
+                                }
+                        }
+                }
+        
+        if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
+                goto f_err;
+                }
+
         d=p=(unsigned char *)s->init_msg;
 
         if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
@@ -719,6 +821,14 @@ static int ssl3_get_server_hello(SSL *s)
 
         /* lets get the compression algorithm */
         /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+        if (*(p++) != 0)
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+                goto f_err;
+                }
+#else
         j= *(p++);
         if (j == 0)
                 comp=NULL;
@@ -735,6 +845,25 @@ static int ssl3_get_server_hello(SSL *s)
                 {
                 s->s3->tmp.new_compression=comp;
                 }
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+        /* TLS extensions*/
+        if (s->version > SSL3_VERSION)
+                {
+                if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
+                        {
+                        /* 'al' set by ssl_parse_serverhello_tlsext */
+                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
+                        goto f_err; 
+                        }
+                if (ssl_check_serverhello_tlsext(s) <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+                                goto err;
+                        }
+                }
+#endif
+
 
         if (p != (d+n))
                 {
@@ -751,18 +880,19 @@ err:
         return(-1);
         }
 
-static int ssl3_get_server_certificate(SSL *s)
+int ssl3_get_server_certificate(SSL *s)
         {
         int al,i,ok,ret= -1;
         unsigned long n,nc,llen,l;
         X509 *x=NULL;
-        unsigned char *p,*d,*q;
+        const unsigned char *q,*p;
+        unsigned char *d;
         STACK_OF(X509) *sk=NULL;
         SESS_CERT *sc;
         EVP_PKEY *pkey=NULL;
-        int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
+        int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
 
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_CR_CERT_A,
                 SSL3_ST_CR_CERT_B,
                 -1,
@@ -771,7 +901,9 @@ static int ssl3_get_server_certificate(SSL *s)
 
         if (!ok) return((int)n);
 
-        if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+        if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
+                ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && 
+                (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
                 {
                 s->s3->tmp.reuse_message=1;
                 return(1);
@@ -783,7 +915,7 @@ static int ssl3_get_server_certificate(SSL *s)
                 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
                 goto f_err;
                 }
-        d=p=(unsigned char *)s->init_msg;
+        p=d=(unsigned char *)s->init_msg;
 
         if ((sk=sk_X509_new_null()) == NULL)
                 {
@@ -835,10 +967,10 @@ static int ssl3_get_server_certificate(SSL *s)
         i=ssl_verify_cert_chain(s,sk);
         if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
 #ifndef OPENSSL_NO_KRB5
-                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
-                != (SSL_aKRB5|SSL_kKRB5)
+                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                != (SSL_aKRB5|SSL_kKRB5)
 #endif /* OPENSSL_NO_KRB5 */
-                )
+                )
                 {
                 al=ssl_verify_alarm_type(s->verify_result);
                 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -861,16 +993,16 @@ static int ssl3_get_server_certificate(SSL *s)
 
         pkey=X509_get_pubkey(x);
 
-        /* VRS: allow null cert if auth == KRB5 */
-        need_cert =     ((s->s3->tmp.new_cipher->algorithms
-                        & (SSL_MKEY_MASK|SSL_AUTH_MASK))
-                        == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
+        /* VRS: allow null cert if auth == KRB5 */
+        need_cert =     ((s->s3->tmp.new_cipher->algorithms
+                         & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                         == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
 
 #ifdef KSSL_DEBUG
         printf("pkey,x = %p, %p\n", pkey,x);
         printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
         printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
-                s->s3->tmp.new_cipher->algorithms, need_cert);
+                s->s3->tmp.new_cipher->algorithms, need_cert);
 #endif    /* KSSL_DEBUG */
 
         if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -892,31 +1024,31 @@ static int ssl3_get_server_certificate(SSL *s)
                 goto f_err;
                 }
 
-        if (need_cert)
-                {
-                sc->peer_cert_type=i;
-                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-                /* Why would the following ever happen?
-                 * We just created sc a couple of lines ago. */
-                if (sc->peer_pkeys[i].x509 != NULL)
-                        X509_free(sc->peer_pkeys[i].x509);
-                sc->peer_pkeys[i].x509=x;
-                sc->peer_key= &(sc->peer_pkeys[i]);
-
-                if (s->session->peer != NULL)
-                        X509_free(s->session->peer);
-                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-                s->session->peer=x;
-                }
-        else
-                {
-                sc->peer_cert_type=i;
-                sc->peer_key= NULL;
-
-                if (s->session->peer != NULL)
-                        X509_free(s->session->peer);
-                s->session->peer=NULL;
-                }
+        if (need_cert)
+                {
+                sc->peer_cert_type=i;
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                /* Why would the following ever happen?
+                 * We just created sc a couple of lines ago. */
+                if (sc->peer_pkeys[i].x509 != NULL)
+                        X509_free(sc->peer_pkeys[i].x509);
+                sc->peer_pkeys[i].x509=x;
+                sc->peer_key= &(sc->peer_pkeys[i]);
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                s->session->peer=x;
+                }
+        else
+                {
+                sc->peer_cert_type=i;
+                sc->peer_key= NULL;
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                s->session->peer=NULL;
+                }
         s->session->verify_result = s->verify_result;
 
         x=NULL;
@@ -934,7 +1066,7 @@ err:
         return(ret);
         }
 
-static int ssl3_get_key_exchange(SSL *s)
+int ssl3_get_key_exchange(SSL *s)
         {
 #ifndef OPENSSL_NO_RSA
         unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
@@ -950,10 +1082,17 @@ static int ssl3_get_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_DH
         DH *dh=NULL;
 #endif
+#ifndef OPENSSL_NO_ECDH
+        EC_KEY *ecdh = NULL;
+        BN_CTX *bn_ctx = NULL;
+        EC_POINT *srvr_ecpoint = NULL;
+        int curve_nid = 0;
+        int encoded_pt_len = 0;
+#endif
 
         /* use same message size as in ssl3_get_certificate_request()
          * as ServerKeyExchange message may be skipped */
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_CR_KEY_EXCH_A,
                 SSL3_ST_CR_KEY_EXCH_B,
                 -1,
@@ -986,6 +1125,13 @@ static int ssl3_get_key_exchange(SSL *s)
                         s->session->sess_cert->peer_dh_tmp=NULL;
                         }
 #endif
+#ifndef OPENSSL_NO_ECDH
+                if (s->session->sess_cert->peer_ecdh_tmp)
+                        {
+                        EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+                        s->session->sess_cert->peer_ecdh_tmp=NULL;
+                        }
+#endif
                 }
         else
                 {
@@ -1127,6 +1273,114 @@ static int ssl3_get_key_exchange(SSL *s)
                 goto f_err;
                 }
 #endif /* !OPENSSL_NO_DH */
+
+#ifndef OPENSSL_NO_ECDH
+        else if (alg & SSL_kECDHE)
+                {
+                EC_GROUP *ngroup;
+                const EC_GROUP *group;
+
+                if ((ecdh=EC_KEY_new()) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+
+                /* Extract elliptic curve parameters and the
+                 * server's ephemeral ECDH public key.
+                 * Keep accumulating lengths of various components in
+                 * param_len and make sure it never exceeds n.
+                 */
+
+                /* XXX: For now we only support named (not generic) curves
+                 * and the ECParameters in this case is just three bytes.
+                 */
+                param_len=3;
+                if ((param_len > n) ||
+                    (*p != NAMED_CURVE_TYPE) || 
+                    ((curve_nid = curve_id2nid(*(p + 2))) == 0)) 
+                        {
+                        al=SSL_AD_INTERNAL_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+                        goto f_err;
+                        }
+
+                ngroup = EC_GROUP_new_by_curve_name(curve_nid);
+                if (ngroup == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
+                        goto err;
+                        }
+                if (EC_KEY_set_group(ecdh, ngroup) == 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
+                        goto err;
+                        }
+                EC_GROUP_free(ngroup);
+
+                group = EC_KEY_get0_group(ecdh);
+
+                if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+                    (EC_GROUP_get_degree(group) > 163))
+                        {
+                        al=SSL_AD_EXPORT_RESTRICTION;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+                        goto f_err;
+                        }
+
+                p+=3;
+
+                /* Next, get the encoded ECPoint */
+                if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
+                    ((bn_ctx = BN_CTX_new()) == NULL))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+
+                encoded_pt_len = *p;  /* length of encoded point */
+                p+=1;
+                param_len += (1 + encoded_pt_len);
+                if ((param_len > n) ||
+                    (EC_POINT_oct2point(group, srvr_ecpoint, 
+                        p, encoded_pt_len, bn_ctx) == 0))
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
+                        goto f_err;
+                        }
+
+                n-=param_len;
+                p+=encoded_pt_len;
+
+                /* The ECC/TLS specification does not mention
+                 * the use of DSA to sign ECParameters in the server
+                 * key exchange message. We do support RSA and ECDSA.
+                 */
+                if (0) ;
+#ifndef OPENSSL_NO_RSA
+                else if (alg & SSL_aRSA)
+                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+                else if (alg & SSL_aECDSA)
+                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+#endif
+                /* else anonymous ECDH, so no certificate or pkey. */
+                EC_KEY_set_public_key(ecdh, srvr_ecpoint);
+                s->session->sess_cert->peer_ecdh_tmp=ecdh;
+                ecdh=NULL;
+                BN_CTX_free(bn_ctx);
+                EC_POINT_free(srvr_ecpoint);
+                srvr_ecpoint = NULL;
+                }
+        else if (alg & SSL_kECDH)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+                goto f_err;
+                }
+#endif /* !OPENSSL_NO_ECDH */
         if (alg & SSL_aFZA)
                 {
                 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1137,7 +1391,6 @@ static int ssl3_get_key_exchange(SSL *s)
 
         /* p points to the next byte, there are 'n' bytes left */
 
-
         /* if it was signed, check the signature */
         if (pkey != NULL)
                 {
@@ -1162,14 +1415,11 @@ static int ssl3_get_key_exchange(SSL *s)
                         q=md_buf;
                         for (num=2; num > 0; num--)
                                 {
-                                EVP_MD_CTX_set_flags(&md_ctx,
-                                        EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                 EVP_DigestInit_ex(&md_ctx,(num == 2)
                                         ?s->ctx->md5:s->ctx->sha1, NULL);
                                 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                                 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                                 EVP_DigestUpdate(&md_ctx,param,param_len);
-                                
                                 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
                                 q+=i;
                                 j+=i;
@@ -1210,6 +1460,24 @@ static int ssl3_get_key_exchange(SSL *s)
                         }
                 else
 #endif
+#ifndef OPENSSL_NO_ECDSA
+                        if (pkey->type == EVP_PKEY_EC)
+                        {
+                        /* let's do ECDSA */
+                        EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+                        EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                        EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                        EVP_VerifyUpdate(&md_ctx,param,param_len);
+                        if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+                                {
+                                /* bad signature */
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+                                goto f_err;
+                                }
+                        }
+                else
+#endif
                         {
                         SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                         goto err;
@@ -1245,20 +1513,27 @@ err:
         if (dh != NULL)
                 DH_free(dh);
 #endif
+#ifndef OPENSSL_NO_ECDH
+        BN_CTX_free(bn_ctx);
+        EC_POINT_free(srvr_ecpoint);
+        if (ecdh != NULL)
+                EC_KEY_free(ecdh);
+#endif
         EVP_MD_CTX_cleanup(&md_ctx);
         return(-1);
         }
 
-static int ssl3_get_certificate_request(SSL *s)
+int ssl3_get_certificate_request(SSL *s)
         {
         int ok,ret=0;
         unsigned long n,nc,l;
         unsigned int llen,ctype_num,i;
         X509_NAME *xn=NULL;
-        unsigned char *p,*d,*q;
+        const unsigned char *p,*q;
+        unsigned char *d;
         STACK_OF(X509_NAME) *ca_sk=NULL;
 
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_CR_CERT_REQ_A,
                 SSL3_ST_CR_CERT_REQ_B,
                 -1,
@@ -1294,7 +1569,7 @@ static int ssl3_get_certificate_request(SSL *s)
                         }
                 }
 
-        d=p=(unsigned char *)s->init_msg;
+        p=d=(unsigned char *)s->init_msg;
 
         if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
                 {
@@ -1395,13 +1670,150 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
         {
         return(X509_NAME_cmp(*a,*b));
         }
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_get_new_session_ticket(SSL *s)
+        {
+        int ok,al,ret=0, ticklen;
+        long n;
+        const unsigned char *p;
+        unsigned char *d;
 
-static int ssl3_get_server_done(SSL *s)
+        n=s->method->ssl_get_message(s,
+                SSL3_ST_CR_SESSION_TICKET_A,
+                SSL3_ST_CR_SESSION_TICKET_B,
+                -1,
+                16384,
+                &ok);
+
+        if (!ok)
+                return((int)n);
+
+        if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
+                {
+                s->s3->tmp.reuse_message=1;
+                return(1);
+                }
+        if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
+                {
+                al=SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
+                goto f_err;
+                }
+        if (n < 6)
+                {
+                /* need at least ticket_lifetime_hint + ticket length */
+                al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        p=d=(unsigned char *)s->init_msg;
+        n2l(p, s->session->tlsext_tick_lifetime_hint);
+        n2s(p, ticklen);
+        /* ticket_lifetime_hint + ticket_length + ticket */
+        if (ticklen + 6 != n)
+                {
+                al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        if (s->session->tlsext_tick)
+                {
+                OPENSSL_free(s->session->tlsext_tick);
+                s->session->tlsext_ticklen = 0;
+                }
+        s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+        if (!s->session->tlsext_tick)
+                {
+                SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        memcpy(s->session->tlsext_tick, p, ticklen);
+        s->session->tlsext_ticklen = ticklen;
+        
+        ret=1;
+        return(ret);
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+        return(-1);
+        }
+
+int ssl3_get_cert_status(SSL *s)
+        {
+        int ok, al;
+        unsigned long resplen;
+        long n;
+        const unsigned char *p;
+
+        n=s->method->ssl_get_message(s,
+                SSL3_ST_CR_CERT_STATUS_A,
+                SSL3_ST_CR_CERT_STATUS_B,
+                SSL3_MT_CERTIFICATE_STATUS,
+                16384,
+                &ok);
+
+        if (!ok) return((int)n);
+        if (n < 4)
+                {
+                /* need at least status type + length */
+                al = SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        p = (unsigned char *)s->init_msg;
+        if (*p++ != TLSEXT_STATUSTYPE_ocsp)
+                {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
+                goto f_err;
+                }
+        n2l3(p, resplen);
+        if (resplen + 4 != n)
+                {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+                }
+        if (s->tlsext_ocsp_resp)
+                OPENSSL_free(s->tlsext_ocsp_resp);
+        s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
+        if (!s->tlsext_ocsp_resp)
+                {
+                al = SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
+                goto f_err;
+                }
+        s->tlsext_ocsp_resplen = resplen;
+        if (s->ctx->tlsext_status_cb)
+                {
+                int ret;
+                ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+                if (ret == 0)
+                        {
+                        al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+                        SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
+                        goto f_err;
+                        }
+                if (ret < 0)
+                        {
+                        al = SSL_AD_INTERNAL_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
+                        goto f_err;
+                        }
+                }
+        return 1;
+f_err:
+        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+        return(-1);
+        }
+#endif
+
+int ssl3_get_server_done(SSL *s)
         {
         int ok,ret=0;
         long n;
 
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_CR_SRVR_DONE_A,
                 SSL3_ST_CR_SRVR_DONE_B,
                 SSL3_MT_SERVER_DONE,
@@ -1420,7 +1832,8 @@ static int ssl3_get_server_done(SSL *s)
         return(ret);
         }
 
-static int ssl3_send_client_key_exchange(SSL *s)
+
+int ssl3_send_client_key_exchange(SSL *s)
         {
         unsigned char *p,*d;
         int n;
@@ -1430,8 +1843,16 @@ static int ssl3_send_client_key_exchange(SSL *s)
         EVP_PKEY *pkey=NULL;
 #endif
 #ifndef OPENSSL_NO_KRB5
-        KSSL_ERR kssl_err;
+        KSSL_ERR kssl_err;
 #endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_ECDH
+        EC_KEY *clnt_ecdh = NULL;
+        const EC_POINT *srvr_ecpoint = NULL;
+        EVP_PKEY *srvr_pub_pkey = NULL;
+        unsigned char *encodedPoint = NULL;
+        int encoded_pt_len = 0;
+        BN_CTX * bn_ctx = NULL;
+#endif
 
         if (s->state == SSL3_ST_CW_KEY_EXCH_A)
                 {
@@ -1440,8 +1861,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
 
                 l=s->s3->tmp.new_cipher->algorithms;
 
-                /* Fool emacs indentation */
-                if (0) {}
+                /* Fool emacs indentation */
+                if (0) {}
 #ifndef OPENSSL_NO_RSA
                 else if (l & SSL_kRSA)
                         {
@@ -1503,12 +1924,12 @@ static int ssl3_send_client_key_exchange(SSL *s)
 #endif
 #ifndef OPENSSL_NO_KRB5
                 else if (l & SSL_kKRB5)
-                        {
-                        krb5_error_code krb5rc;
-                        KSSL_CTX        *kssl_ctx = s->kssl_ctx;
-                        /*  krb5_data   krb5_ap_req;  */
-                        krb5_data       *enc_ticket;
-                        krb5_data       authenticator, *authp = NULL;
+                        {
+                        krb5_error_code krb5rc;
+                        KSSL_CTX        *kssl_ctx = s->kssl_ctx;
+                        /*  krb5_data   krb5_ap_req;  */
+                        krb5_data       *enc_ticket;
+                        krb5_data       authenticator, *authp = NULL;
                         EVP_CIPHER_CTX  ciph_ctx;
                         EVP_CIPHER      *enc = NULL;
                         unsigned char   iv[EVP_MAX_IV_LENGTH];
@@ -1520,8 +1941,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
                         EVP_CIPHER_CTX_init(&ciph_ctx);
 
 #ifdef KSSL_DEBUG
-                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-                                l, SSL_kKRB5);
+                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+                                l, SSL_kKRB5);
 #endif  /* KSSL_DEBUG */
 
                         authp = NULL;
@@ -1529,37 +1950,37 @@ static int ssl3_send_client_key_exchange(SSL *s)
                         if (KRB5SENDAUTH)  authp = &authenticator;
 #endif  /* KRB5SENDAUTH */
 
-                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
+                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
                                 &kssl_err);
                         enc = kssl_map_enc(kssl_ctx->enctype);
-                        if (enc == NULL)
-                            goto err;
+                        if (enc == NULL)
+                            goto err;
 #ifdef KSSL_DEBUG
-                        {
-                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
-                        if (krb5rc && kssl_err.text)
+                        {
+                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
+                        if (krb5rc && kssl_err.text)
                           printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
-                        }
+                        }
 #endif  /* KSSL_DEBUG */
 
-                        if (krb5rc)
-                                {
-                                ssl3_send_alert(s,SSL3_AL_FATAL,
+                        if (krb5rc)
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,
                                                 SSL_AD_HANDSHAKE_FAILURE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                                 kssl_err.reason);
-                                goto err;
-                                }
+                                goto err;
+                                }
 
                         /*  20010406 VRS - Earlier versions used KRB5 AP_REQ
                         **  in place of RFC 2712 KerberosWrapper, as in:
                         **
-                        **  Send ticket (copy to *p, set n = length)
-                        **  n = krb5_ap_req.length;
-                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-                        **  if (krb5_ap_req.data)  
-                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-                        **
+                        **  Send ticket (copy to *p, set n = length)
+                        **  n = krb5_ap_req.length;
+                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+                        **  if (krb5_ap_req.data)  
+                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+                        **
                         **  Now using real RFC 2712 KerberosWrapper
                         **  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
                         **  Note: 2712 "opaque" types are here replaced
@@ -1594,8 +2015,10 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                 n+=2;
                                 }
  
-                        if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
-                            goto err;
+                            tmp_buf[0]=s->client_version>>8;
+                            tmp_buf[1]=s->client_version&0xff;
+                            if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
+                                goto err;
 
                         /*  20010420 VRS.  Tried it this way; failed.
                         **      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -1624,20 +2047,27 @@ static int ssl3_send_client_key_exchange(SSL *s)
                         p+=outl;
                         n+=outl + 2;
 
-                        s->session->master_key_length=
-                                s->method->ssl3_enc->generate_master_secret(s,
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
                                         s->session->master_key,
                                         tmp_buf, sizeof tmp_buf);
 
                         OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
                         OPENSSL_cleanse(epms, outl);
-                        }
+                        }
 #endif
 #ifndef OPENSSL_NO_DH
                 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                         {
                         DH *dh_srvr,*dh_clnt;
 
+                        if (s->session->sess_cert == NULL) 
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+                                goto err;
+                                }
+
                         if (s->session->sess_cert->peer_dh_tmp != NULL)
                                 dh_srvr=s->session->sess_cert->peer_dh_tmp;
                         else
@@ -1689,10 +2119,198 @@ static int ssl3_send_client_key_exchange(SSL *s)
                         /* perhaps clean things up a bit EAY EAY EAY EAY*/
                         }
 #endif
+
+#ifndef OPENSSL_NO_ECDH 
+                else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+                        {
+                        const EC_GROUP *srvr_group = NULL;
+                        EC_KEY *tkey;
+                        int ecdh_clnt_cert = 0;
+                        int field_size = 0;
+
+                        /* Did we send out the client's
+                         * ECDH share for use in premaster
+                         * computation as part of client certificate?
+                         * If so, set ecdh_clnt_cert to 1.
+                         */
+                        if ((l & SSL_kECDH) && (s->cert != NULL)) 
+                                {
+                                /* XXX: For now, we do not support client
+                                 * authentication using ECDH certificates.
+                                 * To add such support, one needs to add
+                                 * code that checks for appropriate 
+                                 * conditions and sets ecdh_clnt_cert to 1.
+                                 * For example, the cert have an ECC
+                                 * key on the same curve as the server's
+                                 * and the key should be authorized for
+                                 * key agreement.
+                                 *
+                                 * One also needs to add code in ssl3_connect
+                                 * to skip sending the certificate verify
+                                 * message.
+                                 *
+                                 * if ((s->cert->key->privatekey != NULL) &&
+                                 *     (s->cert->key->privatekey->type ==
+                                 *      EVP_PKEY_EC) && ...)
+                                 * ecdh_clnt_cert = 1;
+                                 */
+                                }
+
+                        if (s->session->sess_cert->peer_ecdh_tmp != NULL)
+                                {
+                                tkey = s->session->sess_cert->peer_ecdh_tmp;
+                                }
+                        else
+                                {
+                                /* Get the Server Public Key from Cert */
+                                srvr_pub_pkey = X509_get_pubkey(s->session-> \
+                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+                                if ((srvr_pub_pkey == NULL) ||
+                                    (srvr_pub_pkey->type != EVP_PKEY_EC) ||
+                                    (srvr_pub_pkey->pkey.ec == NULL))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                            ERR_R_INTERNAL_ERROR);
+                                        goto err;
+                                        }
+
+                                tkey = srvr_pub_pkey->pkey.ec;
+                                }
+
+                        srvr_group   = EC_KEY_get0_group(tkey);
+                        srvr_ecpoint = EC_KEY_get0_public_key(tkey);
+
+                        if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                    ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+
+                        if ((clnt_ecdh=EC_KEY_new()) == NULL) 
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+
+                        if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
+                                goto err;
+                                }
+                        if (ecdh_clnt_cert) 
+                                { 
+                                /* Reuse key info from our certificate
+                                 * We only need our private key to perform
+                                 * the ECDH computation.
+                                 */
+                                const BIGNUM *priv_key;
+                                tkey = s->cert->key->privatekey->pkey.ec;
+                                priv_key = EC_KEY_get0_private_key(tkey);
+                                if (priv_key == NULL)
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
+                                        goto err;
+                                        }
+                                }
+                        else 
+                                {
+                                /* Generate a new ECDH key pair */
+                                if (!(EC_KEY_generate_key(clnt_ecdh)))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                                        goto err;
+                                        }
+                                }
+
+                        /* use the 'p' output buffer for the ECDH key, but
+                         * make sure to clear it out afterwards
+                         */
+
+                        field_size = EC_GROUP_get_degree(srvr_group);
+                        if (field_size <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 
+                                       ERR_R_ECDH_LIB);
+                                goto err;
+                                }
+                        n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
+                        if (n <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 
+                                       ERR_R_ECDH_LIB);
+                                goto err;
+                                }
+
+                        /* generate master key from the result */
+                        s->session->master_key_length = s->method->ssl3_enc \
+                            -> generate_master_secret(s, 
+                                s->session->master_key,
+                                p, n);
+
+                        memset(p, 0, n); /* clean up */
+
+                        if (ecdh_clnt_cert) 
+                                {
+                                /* Send empty client key exch message */
+                                n = 0;
+                                }
+                        else 
+                                {
+                                /* First check the size of encoding and
+                                 * allocate memory accordingly.
+                                 */
+                                encoded_pt_len = 
+                                    EC_POINT_point2oct(srvr_group, 
+                                        EC_KEY_get0_public_key(clnt_ecdh), 
+                                        POINT_CONVERSION_UNCOMPRESSED, 
+                                        NULL, 0, NULL);
+
+                                encodedPoint = (unsigned char *) 
+                                    OPENSSL_malloc(encoded_pt_len * 
+                                        sizeof(unsigned char)); 
+                                bn_ctx = BN_CTX_new();
+                                if ((encodedPoint == NULL) || 
+                                    (bn_ctx == NULL)) 
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+
+                                /* Encode the public key */
+                                n = EC_POINT_point2oct(srvr_group, 
+                                    EC_KEY_get0_public_key(clnt_ecdh), 
+                                    POINT_CONVERSION_UNCOMPRESSED, 
+                                    encodedPoint, encoded_pt_len, bn_ctx);
+
+                                *p = n; /* length of encoded point */
+                                /* Encoded point will be copied here */
+                                p += 1; 
+                                /* copy the point */
+                                memcpy((unsigned char *)p, encodedPoint, n);
+                                /* increment n to account for length field */
+                                n += 1; 
+                                }
+
+                        /* Free allocated memory */
+                        BN_CTX_free(bn_ctx);
+                        if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+                        if (clnt_ecdh != NULL) 
+                                 EC_KEY_free(clnt_ecdh);
+                        EVP_PKEY_free(srvr_pub_pkey);
+                        }
+#endif /* !OPENSSL_NO_ECDH */
                 else
                         {
-                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                        ssl3_send_alert(s, SSL3_AL_FATAL,
+                            SSL_AD_HANDSHAKE_FAILURE);
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                            ERR_R_INTERNAL_ERROR);
                         goto err;
                         }
                 
@@ -1708,10 +2326,17 @@ static int ssl3_send_client_key_exchange(SSL *s)
         /* SSL3_ST_CW_KEY_EXCH_B */
         return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 err:
+#ifndef OPENSSL_NO_ECDH
+        BN_CTX_free(bn_ctx);
+        if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+        if (clnt_ecdh != NULL) 
+                EC_KEY_free(clnt_ecdh);
+        EVP_PKEY_free(srvr_pub_pkey);
+#endif
         return(-1);
         }
 
-static int ssl3_send_client_verify(SSL *s)
+int ssl3_send_client_verify(SSL *s)
         {
         unsigned char *p,*d;
         unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
@@ -1720,7 +2345,7 @@ static int ssl3_send_client_verify(SSL *s)
         unsigned u=0;
 #endif
         unsigned long n;
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
         int j;
 #endif
 
@@ -1766,6 +2391,23 @@ static int ssl3_send_client_verify(SSL *s)
                         }
                 else
 #endif
+#ifndef OPENSSL_NO_ECDSA
+                        if (pkey->type == EVP_PKEY_EC)
+                        {
+                        if (!ECDSA_sign(pkey->save_type,
+                                &(data[MD5_DIGEST_LENGTH]),
+                                SHA_DIGEST_LENGTH,&(p[2]),
+                                (unsigned int *)&j,pkey->pkey.ec))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+                                    ERR_R_ECDSA_LIB);
+                                goto err;
+                                }
+                        s2n(j,p);
+                        n=j+2;
+                        }
+                else
+#endif
                         {
                         SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
                         goto err;
@@ -1782,7 +2424,7 @@ err:
         return(-1);
         }
 
-static int ssl3_send_client_certificate(SSL *s)
+int ssl3_send_client_certificate(SSL *s)
         {
         X509 *x509=NULL;
         EVP_PKEY *pkey=NULL;
@@ -1861,7 +2503,7 @@ static int ssl3_send_client_certificate(SSL *s)
 
 #define has_bits(i,m)   (((i)&(m)) == (m))
 
-static int ssl3_check_cert_and_algorithm(SSL *s)
+int ssl3_check_cert_and_algorithm(SSL *s)
         {
         int i,idx;
         long algs;
@@ -1876,18 +2518,18 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 
         sc=s->session->sess_cert;
 
-        if (sc == NULL)
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-
         algs=s->s3->tmp.new_cipher->algorithms;
 
         /* we don't have a certificate */
         if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
                 return(1);
 
+        if (sc == NULL)
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+
 #ifndef OPENSSL_NO_RSA
         rsa=s->session->sess_cert->peer_rsa_tmp;
 #endif
@@ -1898,6 +2540,21 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
         /* This is the passed certificate */
 
         idx=sc->peer_cert_type;
+#ifndef OPENSSL_NO_ECDH
+        if (idx == SSL_PKEY_ECC)
+                {
+                if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
+                    s->s3->tmp.new_cipher) == 0) 
+                        { /* check failed */
+                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
+                        goto f_err;                     
+                        }
+                else 
+                        {
+                        return 1;
+                        }
+                }
+#endif
         pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
         i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
         EVP_PKEY_free(pkey);
@@ -1983,3 +2640,79 @@ err:
         return(0);
         }
 
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of nid2curve_id in s3_srvr.c. */
+static int curve_id2nid(int curve_id)
+{
+        /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
+         * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
+        static int nid_list[26] =
+        {
+                0,
+                NID_sect163k1, /* sect163k1 (1) */
+                NID_sect163r1, /* sect163r1 (2) */
+                NID_sect163r2, /* sect163r2 (3) */
+                NID_sect193r1, /* sect193r1 (4) */ 
+                NID_sect193r2, /* sect193r2 (5) */ 
+                NID_sect233k1, /* sect233k1 (6) */
+                NID_sect233r1, /* sect233r1 (7) */ 
+                NID_sect239k1, /* sect239k1 (8) */ 
+                NID_sect283k1, /* sect283k1 (9) */
+                NID_sect283r1, /* sect283r1 (10) */ 
+                NID_sect409k1, /* sect409k1 (11) */ 
+                NID_sect409r1, /* sect409r1 (12) */
+                NID_sect571k1, /* sect571k1 (13) */ 
+                NID_sect571r1, /* sect571r1 (14) */ 
+                NID_secp160k1, /* secp160k1 (15) */
+                NID_secp160r1, /* secp160r1 (16) */ 
+                NID_secp160r2, /* secp160r2 (17) */ 
+                NID_secp192k1, /* secp192k1 (18) */
+                NID_X9_62_prime192v1, /* secp192r1 (19) */ 
+                NID_secp224k1, /* secp224k1 (20) */ 
+                NID_secp224r1, /* secp224r1 (21) */
+                NID_secp256k1, /* secp256k1 (22) */ 
+                NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+                NID_secp384r1, /* secp384r1 (24) */
+                NID_secp521r1  /* secp521r1 (25) */     
+        };
+        
+        if ((curve_id < 1) || (curve_id > 25)) return 0;
+
+        return nid_list[curve_id];
+}
+#endif
+
+/* Check to see if handshake is full or resumed. Usually this is just a
+ * case of checking to see if a cache hit has occurred. In the case of
+ * session tickets we have to check the next message to be sure.
+ */
+
+#ifndef OPENSSL_NO_TLSEXT
+static int ssl3_check_finished(SSL *s)
+        {
+        int ok;
+        long n;
+        /* If we have no ticket or session ID is non-zero length (a match of
+         * a non-zero session length would never reach here) it cannot be a
+         * resumed session.
+         */
+        if (!s->session->tlsext_tick || s->session->session_id_length)
+                return 1;
+        /* this function is called when we really expect a Certificate
+         * message, so permit appropriate message length */
+        n=s->method->ssl_get_message(s,
+                SSL3_ST_CR_CERT_A,
+                SSL3_ST_CR_CERT_B,
+                -1,
+                s->max_cert_list,
+                &ok);
+        if (!ok) return((int)n);
+        s->s3->tmp.reuse_message = 1;
+        if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
+                || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
+                return 2;
+
+        return 1;
+        }
+#endif
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index a77588e725..bdbcd44f27 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -108,19 +108,35 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
 #include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/pq_compat.h>
 
-const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
+const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
 
 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
-static long ssl3_default_timeout(void );
-
+/* list of available SSLv3 ciphers (sorted by id) */
 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* The RSA ciphers */
 /* Cipher 01 */
@@ -142,82 +158,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_RSA_NULL_SHA,
         SSL3_CK_RSA_NULL_SHA,
         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-        0,
-        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* anon DH */
-/* Cipher 17 */
-        {
-        1,
-        SSL3_TXT_ADH_RC4_40_MD5,
-        SSL3_CK_ADH_RC4_40_MD5,
-        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 18 */
-        {
-        1,
-        SSL3_TXT_ADH_RC4_128_MD5,
-        SSL3_CK_ADH_RC4_128_MD5,
-        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 19 */
-        {
-        1,
-        SSL3_TXT_ADH_DES_40_CBC_SHA,
-        SSL3_CK_ADH_DES_40_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
         0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 1A */
-        {
-        1,
-        SSL3_TXT_ADH_DES_64_CBC_SHA,
-        SSL3_CK_ADH_DES_64_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
         0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 1B */
-        {
-        1,
-        SSL3_TXT_ADH_DES_192_CBC_SHA,
-        SSL3_CK_ADH_DES_192_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         0,
-        168,
-        168,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
-
-/* RSA again */
 /* Cipher 03 */
         {
         1,
@@ -291,7 +238,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_RSA_DES_40_CBC_SHA,
         SSL3_CK_RSA_DES_40_CBC_SHA,
         SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+        SSL_EXPORT|SSL_EXP40,
         0,
         40,
         56,
@@ -304,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_RSA_DES_64_CBC_SHA,
         SSL3_CK_RSA_DES_64_CBC_SHA,
         SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+        SSL_NOT_EXP|SSL_LOW,
         0,
         56,
         56,
@@ -317,22 +264,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_RSA_DES_192_CBC3_SHA,
         SSL3_CK_RSA_DES_192_CBC3_SHA,
         SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+        SSL_NOT_EXP|SSL_HIGH,
         0,
         168,
         168,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
-
-/*  The DH ciphers */
+/* The DH ciphers */
 /* Cipher 0B */
         {
         0,
         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
         SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+        SSL_EXPORT|SSL_EXP40,
         0,
         40,
         56,
@@ -345,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
         SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+        SSL_NOT_EXP|SSL_LOW,
         0,
         56,
         56,
@@ -358,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
         SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+        SSL_NOT_EXP|SSL_HIGH,
         0,
         168,
         168,
@@ -371,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
         SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+        SSL_EXPORT|SSL_EXP40,
         0,
         40,
         56,
@@ -384,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
         SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+        SSL_NOT_EXP|SSL_LOW,
         0,
         56,
         56,
@@ -397,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
         SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+        SSL_NOT_EXP|SSL_HIGH,
         0,
         168,
         168,
@@ -412,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
         SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+        SSL_EXPORT|SSL_EXP40,
         0,
         40,
         56,
@@ -425,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
         SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+        SSL_NOT_EXP|SSL_LOW,
         0,
         56,
         56,
@@ -438,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
         SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+        SSL_NOT_EXP|SSL_HIGH,
         0,
         168,
         168,
@@ -451,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
         SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+        SSL_EXPORT|SSL_EXP40,
         0,
         40,
         56,
@@ -464,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
         SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+        SSL_NOT_EXP|SSL_LOW,
         0,
         56,
         56,
@@ -477,7 +423,72 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
         SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        168,
+        168,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 17 */
+        {
+        1,
+        SSL3_TXT_ADH_RC4_40_MD5,
+        SSL3_CK_ADH_RC4_40_MD5,
+        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 18 */
+        {
+        1,
+        SSL3_TXT_ADH_RC4_128_MD5,
+        SSL3_CK_ADH_RC4_128_MD5,
+        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 19 */
+        {
+        1,
+        SSL3_TXT_ADH_DES_40_CBC_SHA,
+        SSL3_CK_ADH_DES_40_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 1A */
+        {
+        1,
+        SSL3_TXT_ADH_DES_64_CBC_SHA,
+        SSL3_CK_ADH_DES_64_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_LOW,
+        0,
+        56,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 1B */
+        {
+        1,
+        SSL3_TXT_ADH_DES_192_CBC_SHA,
+        SSL3_CK_ADH_DES_192_CBC_SHA,
+        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_NOT_EXP|SSL_HIGH,
         0,
         168,
         168,
@@ -531,17 +542,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 #endif
 
 #ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers
-** 20000107 VRS: And the first shall be last,
-** in hopes of avoiding the lynx ssl renegotiation problem.
-*/
-/* Cipher 1E VRS */
+/* The Kerberos ciphers */
+/* Cipher 1E */
         {
         1,
         SSL3_TXT_KRB5_DES_64_CBC_SHA,
         SSL3_CK_KRB5_DES_64_CBC_SHA,
         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
+        SSL_NOT_EXP|SSL_LOW,
         0,
         56,
         56,
@@ -549,21 +557,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 1F VRS */
+/* Cipher 1F */
         {
         1,
         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
         SSL3_CK_KRB5_DES_192_CBC3_SHA,
         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+        SSL_NOT_EXP|SSL_HIGH,
         0,
-        112,
+        168,
         168,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 20 VRS */
+/* Cipher 20 */
         {
         1,
         SSL3_TXT_KRB5_RC4_128_SHA,
@@ -577,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 21 VRS */
+/* Cipher 21 */
         {
         1,
         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
@@ -591,7 +599,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 22 VRS */
+/* Cipher 22 */
         {
         1,
         SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -605,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 23 VRS */
+/* Cipher 23 */
         {
         1,
         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
@@ -613,13 +621,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH,
         0,
-        112,
+        168,
         168,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 24 VRS */
+/* Cipher 24 */
         {
         1,
         SSL3_TXT_KRB5_RC4_128_MD5,
@@ -633,7 +641,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 25 VRS */
+/* Cipher 25 */
         {
         1,
         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
@@ -647,13 +655,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 26 VRS */
+/* Cipher 26 */
         {
         1,
         SSL3_TXT_KRB5_DES_40_CBC_SHA,
         SSL3_CK_KRB5_DES_40_CBC_SHA,
         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
+        SSL_EXPORT|SSL_EXP40,
         0,
         40,
         56,
@@ -661,7 +669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 27 VRS */
+/* Cipher 27 */
         {
         1,
         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@@ -675,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 28 VRS */
+/* Cipher 28 */
         {
         1,
         SSL3_TXT_KRB5_RC4_40_SHA,
@@ -683,13 +691,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
         SSL_EXPORT|SSL_EXP40,
         0,
-        128,
+        40,
         128,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 29 VRS */
+/* Cipher 29 */
         {
         1,
         SSL3_TXT_KRB5_DES_40_CBC_MD5,
@@ -703,7 +711,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 2A VRS */
+/* Cipher 2A */
         {
         1,
         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@@ -717,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
 
-/* Cipher 2B VRS */
+/* Cipher 2B */
         {
         1,
         SSL3_TXT_KRB5_RC4_40_MD5,
@@ -725,16 +733,258 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
         SSL_EXPORT|SSL_EXP40,
         0,
-        128,
+        40,
         128,
         SSL_ALL_CIPHERS,
         SSL_ALL_STRENGTHS,
         },
 #endif  /* OPENSSL_NO_KRB5 */
 
+/* New AES ciphersuites */
+/* Cipher 2F */
+        {
+        1,
+        TLS1_TXT_RSA_WITH_AES_128_SHA,
+        TLS1_CK_RSA_WITH_AES_128_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 30 */
+        {
+        0,
+        TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+        TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+        SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 31 */
+        {
+        0,
+        TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+        TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+        SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 32 */
+        {
+        1,
+        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+        TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 33 */
+        {
+        1,
+        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+        TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 34 */
+        {
+        1,
+        TLS1_TXT_ADH_WITH_AES_128_SHA,
+        TLS1_CK_ADH_WITH_AES_128_SHA,
+        SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+/* Cipher 35 */
+        {
+        1,
+        TLS1_TXT_RSA_WITH_AES_256_SHA,
+        TLS1_CK_RSA_WITH_AES_256_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 36 */
+        {
+        0,
+        TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+        TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+        SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 37 */
+        {
+        0,
+        TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+        TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+        SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 38 */
+        {
+        1,
+        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+        TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 39 */
+        {
+        1,
+        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+        TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+        /* Cipher 3A */
+        {
+        1,
+        TLS1_TXT_ADH_WITH_AES_256_SHA,
+        TLS1_CK_ADH_WITH_AES_256_SHA,
+        SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+#ifndef OPENSSL_NO_CAMELLIA
+        /* Camellia ciphersuites from RFC4132 (128-bit portion) */
+
+        /* Cipher 41 */
+        {
+        1,
+        TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+        TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 42 */
+        {
+        0, /* not implemented (non-ephemeral DH) */
+        TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+        TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+        SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 43 */
+        {
+        0, /* not implemented (non-ephemeral DH) */
+        TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+        TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+        SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 44 */
+        {
+        1,
+        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+        TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 45 */
+        {
+        1,
+        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+        TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 46 */
+        {
+        1,
+        TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+        TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+        SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+#endif /* OPENSSL_NO_CAMELLIA */
 
 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-        /* New TLS Export CipherSuites */
+        /* New TLS Export CipherSuites from expired ID */
+#if 0
         /* Cipher 60 */
             {
             1,
@@ -761,13 +1011,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             SSL_ALL_CIPHERS,
             SSL_ALL_STRENGTHS,
             },
+#endif
         /* Cipher 62 */
             {
             1,
             TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
             TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
             SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56|SSL_FIPS,
+            SSL_EXPORT|SSL_EXP56,
             0,
             56,
             56,
@@ -780,7 +1031,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
             TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
             SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56|SSL_FIPS,
+            SSL_EXPORT|SSL_EXP56,
             0,
             56,
             56,
@@ -827,170 +1078,536 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             SSL_ALL_STRENGTHS
             },
 #endif
-        /* New AES ciphersuites */
 
-        /* Cipher 2F */
+#ifndef OPENSSL_NO_CAMELLIA
+        /* Camellia ciphersuites from RFC4132 (256-bit portion) */
+
+        /* Cipher 84 */
+        {
+        1,
+        TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+        TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 85 */
+        {
+        0, /* not implemented (non-ephemeral DH) */
+        TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+        TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+        SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 86 */
+        {
+        0, /* not implemented (non-ephemeral DH) */
+        TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+        TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+        SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 87 */
+        {
+        1,
+        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+        TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 88 */
+        {
+        1,
+        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+        TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+        /* Cipher 89 */
+        {
+        1,
+        TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+        TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+        SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        0,
+        256,
+        256,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS
+        },
+#endif /* OPENSSL_NO_CAMELLIA */
+
+#ifndef OPENSSL_NO_SEED
+        /* SEED ciphersuites from RFC4162 */
+
+        /* Cipher 96 */
+        {
+        1,
+        TLS1_TXT_RSA_WITH_SEED_SHA,
+        TLS1_CK_RSA_WITH_SEED_SHA,
+        SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+        /* Cipher 97 */
+        {
+        0, /* not implemented (non-ephemeral DH) */
+        TLS1_TXT_DH_DSS_WITH_SEED_SHA,
+        TLS1_CK_DH_DSS_WITH_SEED_SHA,
+        SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+        /* Cipher 98 */
+        {
+        0, /* not implemented (non-ephemeral DH) */
+        TLS1_TXT_DH_RSA_WITH_SEED_SHA,
+        TLS1_CK_DH_RSA_WITH_SEED_SHA,
+        SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+        /* Cipher 99 */
+        {
+        1,
+        TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+        TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+        SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+        /* Cipher 9A */
+        {
+        1,
+        TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+        TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+        SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+        /* Cipher 9B */
+        {
+        1,
+        TLS1_TXT_ADH_WITH_SEED_SHA,
+        TLS1_CK_ADH_WITH_SEED_SHA,
+        SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+
+#endif /* OPENSSL_NO_SEED */
+
+#ifndef OPENSSL_NO_ECDH
+        /* Cipher C001 */
             {
-            1,
-            TLS1_TXT_RSA_WITH_AES_128_SHA,
-            TLS1_CK_RSA_WITH_AES_128_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 30 */
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C002 */
             {
-            0,
-            TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
-            TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 31 */
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C003 */
             {
-            0,
-            TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
-            TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 32 */
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C004 */
             {
-            1,
-            TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
-            TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 33 */
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C005 */
             {
-            1,
-            TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
-            TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 34 */
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C006 */
             {
-            1,
-            TLS1_TXT_ADH_WITH_AES_128_SHA,
-            TLS1_CK_ADH_WITH_AES_128_SHA,
-            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-
-        /* Cipher 35 */
+            1,
+            TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+            TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+            SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C007 */
             {
-            1,
-            TLS1_TXT_RSA_WITH_AES_256_SHA,
-            TLS1_CK_RSA_WITH_AES_256_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 36 */
+            1,
+            TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+            TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+            SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C008 */
             {
-            0,
-            TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
-            TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 37 */
+            1,
+            TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+            SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C009 */
             {
-            0,
-            TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
-            TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 38 */
+            1,
+            TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C00A */
             {
-            1,
-            TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
-            TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 39 */
+            1,
+            TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+            TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C00B */
             {
-            1,
-            TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
-            TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 3A */
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+            TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C00C */
             {
-            1,
-            TLS1_TXT_ADH_WITH_AES_256_SHA,
-            TLS1_CK_ADH_WITH_AES_256_SHA,
-            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+            TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C00D */
+            {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C00E */
+            {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C00F */
+            {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+            TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C010 */
+            {
+            1,
+            TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+            TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+            SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C011 */
+            {
+            1,
+            TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+            TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+            SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C012 */
+            {
+            1,
+            TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+            SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C013 */
+            {
+            1,
+            TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C014 */
+            {
+            1,
+            TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+            TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C015 */
+            {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+            TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
             },
 
+        /* Cipher C016 */
+            {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+            TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C017 */
+            {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C018 */
+            {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+        /* Cipher C019 */
+            {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+            TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+#endif  /* OPENSSL_NO_ECDH */
+
+
 /* end of list */
         };
 
-static SSL3_ENC_METHOD SSLv3_enc_data={
+SSL3_ENC_METHOD SSLv3_enc_data={
         ssl3_enc,
         ssl3_mac,
         ssl3_setup_key_block,
@@ -1004,45 +1621,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={
         ssl3_alert_code,
         };
 
-static SSL_METHOD SSLv3_data= {
-        SSL3_VERSION,
-        ssl3_new,
-        ssl3_clear,
-        ssl3_free,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl3_read,
-        ssl3_peek,
-        ssl3_write,
-        ssl3_shutdown,
-        ssl3_renegotiate,
-        ssl3_renegotiate_check,
-        ssl3_ctrl,
-        ssl3_ctx_ctrl,
-        ssl3_get_cipher_by_char,
-        ssl3_put_cipher_by_char,
-        ssl3_pending,
-        ssl3_num_ciphers,
-        ssl3_get_cipher,
-        ssl_bad_method,
-        ssl3_default_timeout,
-        &SSLv3_enc_data,
-        ssl_undefined_function,
-        ssl3_callback_ctrl,
-        ssl3_ctx_callback_ctrl,
-        };
-
-static long ssl3_default_timeout(void)
+long ssl3_default_timeout(void)
         {
         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
          * is way too long for http, the cache would over fill */
         return(60*60*2);
         }
 
-SSL_METHOD *sslv3_base_method(void)
-        {
-        return(&SSLv3_data);
-        }
+IMPLEMENT_ssl3_meth_func(sslv3_base_method,
+                        ssl_undefined_function,
+                        ssl_undefined_function,
+                        ssl_bad_method)
 
 int ssl3_num_ciphers(void)
         {
@@ -1073,6 +1662,8 @@ int ssl3_new(SSL *s)
         memset(s3,0,sizeof *s3);
         EVP_MD_CTX_init(&s3->finish_dgst1);
         EVP_MD_CTX_init(&s3->finish_dgst2);
+        pq_64bit_init(&(s3->rrec.seq_num));
+        pq_64bit_init(&(s3->wrec.seq_num));
 
         s->s3=s3;
 
@@ -1098,10 +1689,18 @@ void ssl3_free(SSL *s)
         if (s->s3->tmp.dh != NULL)
                 DH_free(s->s3->tmp.dh);
 #endif
+#ifndef OPENSSL_NO_ECDH
+        if (s->s3->tmp.ecdh != NULL)
+                EC_KEY_free(s->s3->tmp.ecdh);
+#endif
+
         if (s->s3->tmp.ca_names != NULL)
                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
         EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
         EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+        pq_64bit_free(&(s->s3->rrec.seq_num));
+        pq_64bit_free(&(s->s3->wrec.seq_num));
+
         OPENSSL_cleanse(s->s3,sizeof *s->s3);
         OPENSSL_free(s->s3);
         s->s3=NULL;
@@ -1125,6 +1724,10 @@ void ssl3_clear(SSL *s)
         if (s->s3->tmp.dh != NULL)
                 DH_free(s->s3->tmp.dh);
 #endif
+#ifndef OPENSSL_NO_ECDH
+        if (s->s3->tmp.ecdh != NULL)
+                EC_KEY_free(s->s3->tmp.ecdh);
+#endif
 
         rp = s->s3->rbuf.buf;
         wp = s->s3->wbuf.buf;
@@ -1263,13 +1866,122 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 }
                 break;
 #endif
+#ifndef OPENSSL_NO_ECDH
+        case SSL_CTRL_SET_TMP_ECDH:
+                {
+                EC_KEY *ecdh = NULL;
+                        
+                if (parg == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                        return(ret);
+                        }
+                if (!EC_KEY_up_ref((EC_KEY *)parg))
+                        {
+                        SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+                        return(ret);
+                        }
+                ecdh = (EC_KEY *)parg;
+                if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
+                        {
+                        if (!EC_KEY_generate_key(ecdh))
+                                {
+                                EC_KEY_free(ecdh);
+                                SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+                                return(ret);
+                                }
+                        }
+                if (s->cert->ecdh_tmp != NULL)
+                        EC_KEY_free(s->cert->ecdh_tmp);
+                s->cert->ecdh_tmp = ecdh;
+                ret = 1;
+                }
+                break;
+        case SSL_CTRL_SET_TMP_ECDH_CB:
+                {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return(ret);
+                }
+                break;
+#endif /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+                if (larg == TLSEXT_NAMETYPE_host_name)
+                        {
+                        if (s->tlsext_hostname != NULL) 
+                                OPENSSL_free(s->tlsext_hostname);
+                        s->tlsext_hostname = NULL;
+
+                        ret = 1;
+                        if (parg == NULL) 
+                                break;
+                        if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
+                                {
+                                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+                                return 0;
+                                }
+                        if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        {
+                        SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+                        return 0;
+                        }
+                break;
+        case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
+                s->tlsext_debug_arg=parg;
+                ret = 1;
+                break;
+  
+        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+                s->tlsext_status_type=larg;
+                ret = 1;
+                break;
+
+        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
+                *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
+                ret = 1;
+                break;
+
+        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
+                s->tlsext_ocsp_exts = parg;
+                ret = 1;
+                break;
+
+        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
+                *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
+                ret = 1;
+                break;
+
+        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
+                s->tlsext_ocsp_ids = parg;
+                ret = 1;
+                break;
+
+        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
+                *(unsigned char **)parg = s->tlsext_ocsp_resp;
+                return s->tlsext_ocsp_resplen;
+                
+        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
+                if (s->tlsext_ocsp_resp)
+                        OPENSSL_free(s->tlsext_ocsp_resp);
+                s->tlsext_ocsp_resp = parg;
+                s->tlsext_ocsp_resplen = larg;
+                ret = 1;
+                break;
+
+#endif /* !OPENSSL_NO_TLSEXT */
         default:
                 break;
                 }
         return(ret);
         }
 
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
         {
         int ret=0;
 
@@ -1307,6 +2019,19 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
                 }
                 break;
 #endif
+#ifndef OPENSSL_NO_ECDH
+        case SSL_CTRL_SET_TMP_ECDH_CB:
+                {
+                s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+                }
+                break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+                s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
+                                        unsigned char *, int, void *))fp;
+                break;
+#endif
         default:
                 break;
                 }
@@ -1399,6 +2124,83 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                 }
                 break;
 #endif
+#ifndef OPENSSL_NO_ECDH
+        case SSL_CTRL_SET_TMP_ECDH:
+                {
+                EC_KEY *ecdh = NULL;
+                        
+                if (parg == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+                        return 0;
+                        }
+                ecdh = EC_KEY_dup((EC_KEY *)parg);
+                if (ecdh == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
+                        return 0;
+                        }
+                if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
+                        {
+                        if (!EC_KEY_generate_key(ecdh))
+                                {
+                                EC_KEY_free(ecdh);
+                                SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+                                return 0;
+                                }
+                        }
+
+                if (cert->ecdh_tmp != NULL)
+                        {
+                        EC_KEY_free(cert->ecdh_tmp);
+                        }
+                cert->ecdh_tmp = ecdh;
+                return 1;
+                }
+                /* break; */
+        case SSL_CTRL_SET_TMP_ECDH_CB:
+                {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return(0);
+                }
+                break;
+#endif /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
+                ctx->tlsext_servername_arg=parg;
+                break;
+        case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+        case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+                {
+                unsigned char *keys = parg;
+                if (!keys)
+                        return 48;
+                if (larg != 48)
+                        {
+                        SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+                        return 0;
+                        }
+                if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
+                        {
+                        memcpy(ctx->tlsext_tick_key_name, keys, 16);
+                        memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
+                        memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
+                        }
+                else
+                        {
+                        memcpy(keys, ctx->tlsext_tick_key_name, 16);
+                        memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
+                        memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
+                        }
+                return 1;
+                }
+  
+        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
+                ctx->tlsext_status_arg=parg;
+                return 1;
+                break;
+
+#endif /* !OPENSSL_NO_TLSEXT */
         /* A Thawte special :-) */
         case SSL_CTRL_EXTRA_CHAIN_CERT:
                 if (ctx->extra_certs == NULL)
@@ -1415,7 +2217,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         return(1);
         }
 
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
         {
         CERT *cert;
 
@@ -1437,6 +2239,30 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
                 }
                 break;
 #endif
+#ifndef OPENSSL_NO_ECDH
+        case SSL_CTRL_SET_TMP_ECDH_CB:
+                {
+                cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+                }
+                break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
+                ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
+                break;
+  
+        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
+                ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
+                break;
+
+        case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+                ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
+                                                unsigned char *,
+                                                EVP_CIPHER_CTX *,
+                                                HMAC_CTX *, int))fp;
+                break;
+
+#endif
         default:
                 return(0);
                 }
@@ -1447,41 +2273,19 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
  * available */
 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
         {
-        static int init=1;
-        static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
-        SSL_CIPHER c,*cp= &c,**cpp;
+        SSL_CIPHER c,*cp;
         unsigned long id;
-        int i;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
-                if (init)
-                        {
-                        for (i=0; i<SSL3_NUM_CIPHERS; i++)
-                                sorted[i]= &(ssl3_ciphers[i]);
-
-                        qsort(sorted,
-                                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                                FP_ICC ssl_cipher_ptr_id_cmp);
-
-                        init=0;
-                        }
-                
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-                }
 
         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
         c.id=id;
-        cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
-                (char *)sorted,
-                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                FP_ICC ssl_cipher_ptr_id_cmp);
-        if ((cpp == NULL) || !(*cpp)->valid)
-                return(NULL);
+        cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+                (char *)ssl3_ciphers,
+                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
+                FP_ICC ssl_cipher_id_cmp);
+        if (cp == NULL || cp->valid == 0)
+                return NULL;
         else
-                return(*cpp);
+                return cp;
         }
 
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
@@ -1504,6 +2308,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
         SSL_CIPHER *c,*ret=NULL;
         STACK_OF(SSL_CIPHER) *prio, *allow;
         int i,j,ok;
+
         CERT *cert;
         unsigned long alg,mask,emask;
 
@@ -1584,7 +2389,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                         }
 
                 if (!ok) continue;
-        
                 j=sk_SSL_CIPHER_find(allow,c);
                 if (j >= 0)
                         {
@@ -1629,6 +2433,26 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #ifndef OPENSSL_NO_DSA
         p[ret++]=SSL3_CT_DSS_SIGN;
 #endif
+#ifndef OPENSSL_NO_ECDH
+        /* We should ask for fixed ECDH certificates only
+         * for SSL_kECDH (and not SSL_kECDHE)
+         */
+        if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
+                {
+                p[ret++]=TLS_CT_RSA_FIXED_ECDH;
+                p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
+                }
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+        /* ECDSA certs can be used with RSA cipher suites as well 
+         * so we don't need to check for SSL_kECDH or SSL_kECDHE
+         */
+        if (s->version >= TLS1_VERSION)
+                {
+                p[ret++]=TLS_CT_ECDSA_SIGN;
+                }
+#endif  
         return(ret);
         }
 
@@ -1656,13 +2480,13 @@ int ssl3_shutdown(SSL *s)
                 {
                 /* resend it if not sent */
 #if 1
-                ssl3_dispatch_alert(s);
+                s->method->ssl_dispatch_alert(s);
 #endif
                 }
         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
                 {
                 /* If we are waiting for a close from our peer, we are closed */
-                ssl3_read_bytes(s,0,NULL,0,0);
+                s->method->ssl_read_bytes(s,0,NULL,0,0);
                 }
 
         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -1717,8 +2541,8 @@ int ssl3_write(SSL *s, const void *buf, int len)
                 }
         else
                 {
-                ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-                                     buf,len);
+                ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+                        buf,len);
                 if (ret <= 0) return(ret);
                 }
 
@@ -1732,7 +2556,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
         clear_sys_error();
         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
         s->s3->in_read_app_data=1;
-        ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+        ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
         if ((ret == -1) && (s->s3->in_read_app_data == 2))
                 {
                 /* ssl3_read_bytes decided to call s->handshake_func, which
@@ -1741,7 +2565,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
                  * and thinks that application data makes sense here; so disable
                  * handshake processing and try to read application data again. */
                 s->in_handshake++;
-                ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+                ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
                 s->in_handshake--;
                 }
         else
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index cb0b12b400..44c7c143fe 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -118,15 +118,9 @@
 
 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                          unsigned int len, int create_empty_fragment);
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                              unsigned int len);
 static int ssl3_get_record(SSL *s);
-static int do_compress(SSL *ssl);
-static int do_uncompress(SSL *ssl);
-static int do_change_cipher_spec(SSL *ssl);
 
-/* used only by ssl3_get_record */
-static int ssl3_read_n(SSL *s, int n, int max, int extend)
+int ssl3_read_n(SSL *s, int n, int max, int extend)
         {
         /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
          * packet by another n bytes.
@@ -147,6 +141,14 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
                 /* ... now we can act as if 'extend' was set */
                 }
 
+        /* extend reads should not span multiple packets for DTLS */
+        if ( SSL_version(s) == DTLS1_VERSION &&
+                extend)
+                {
+                if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
+                        n = s->s3->rbuf.left;
+                }
+
         /* if there is enough in the buffer from a previous read, take some */
         if (s->s3->rbuf.left >= (int)n)
                 {
@@ -275,11 +277,7 @@ again:
                 n2s(p,rr->length);
 
                 /* Lets check version */
-                if (s->first_packet)
-                        {
-                        s->first_packet=0;
-                        }
-                else
+                if (!s->first_packet)
                         {
                         if (version != s->version)
                                 {
@@ -434,7 +432,7 @@ printf("\n");
                         SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                         goto f_err;
                         }
-                if (!do_uncompress(s))
+                if (!ssl3_do_uncompress(s))
                         {
                         al=SSL_AD_DECOMPRESSION_FAILURE;
                         SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
@@ -472,8 +470,9 @@ err:
         return(ret);
         }
 
-static int do_uncompress(SSL *ssl)
+int ssl3_do_uncompress(SSL *ssl)
         {
+#ifndef OPENSSL_NO_COMP
         int i;
         SSL3_RECORD *rr;
 
@@ -485,12 +484,13 @@ static int do_uncompress(SSL *ssl)
         else
                 rr->length=i;
         rr->data=rr->comp;
-
+#endif
         return(1);
         }
 
-static int do_compress(SSL *ssl)
+int ssl3_do_compress(SSL *ssl)
         {
+#ifndef OPENSSL_NO_COMP
         int i;
         SSL3_RECORD *wr;
 
@@ -504,6 +504,7 @@ static int do_compress(SSL *ssl)
                 wr->length=i;
 
         wr->input=wr->data;
+#endif
         return(1);
         }
 
@@ -580,7 +581,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         /* If we have an alert to send, lets send it */
         if (s->s3->alert_dispatch)
                 {
-                i=ssl3_dispatch_alert(s);
+                i=s->method->ssl_dispatch_alert(s);
                 if (i <= 0)
                         return(i);
                 /* if it went, fall through and send more stuff */
@@ -655,7 +656,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         /* first we compress */
         if (s->compress != NULL)
                 {
-                if (!do_compress(s))
+                if (!ssl3_do_compress(s))
                         {
                         SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
                         goto err;
@@ -716,8 +717,8 @@ err:
         }
 
 /* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                              unsigned int len)
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+        unsigned int len)
         {
         int i;
 
@@ -1089,7 +1090,7 @@ start:
                 if (s->s3->tmp.new_cipher == NULL)
                         {
                         al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
                         goto f_err;
                         }
 
@@ -1099,7 +1100,7 @@ start:
                         s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
 
                 s->s3->change_cipher_spec=1;
-                if (!do_change_cipher_spec(s))
+                if (!ssl3_do_change_cipher_spec(s))
                         goto err;
                 else
                         goto start;
@@ -1211,7 +1212,7 @@ err:
         return(-1);
         }
 
-static int do_change_cipher_spec(SSL *s)
+int ssl3_do_change_cipher_spec(SSL *s)
         {
         int i;
         const char *sender;
@@ -1268,7 +1269,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
         s->s3->send_alert[0]=level;
         s->s3->send_alert[1]=desc;
         if (s->s3->wbuf.left == 0) /* data still being written out? */
-                ssl3_dispatch_alert(s);
+                s->method->ssl_dispatch_alert(s);
         /* else data is still being written out, we will get written
          * some time in the future */
         }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 36fc39d7f8..903522ab59 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -108,11 +108,23 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #define REUSE_CIPHER_BUG
 #define NETSCAPE_HANG_BUG
 
-
 #include <stdio.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
@@ -120,24 +132,21 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_KRB5
 #include <openssl/krb5_asn.h>
 #endif
 #include <openssl/md5.h>
-#include <openssl/fips.h>
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
-static int ssl3_get_client_hello(SSL *s);
-static int ssl3_check_client_hello(SSL *s);
-static int ssl3_send_server_hello(SSL *s);
-static int ssl3_send_server_key_exchange(SSL *s);
-static int ssl3_send_certificate_request(SSL *s);
-static int ssl3_send_server_done(SSL *s);
-static int ssl3_get_client_key_exchange(SSL *s);
-static int ssl3_get_client_certificate(SSL *s);
-static int ssl3_get_cert_verify(SSL *s);
-static int ssl3_send_hello_request(SSL *s);
+#ifndef OPENSSL_NO_ECDH
+static int nid2curve_id(int nid);
+#endif
 
 static SSL_METHOD *ssl3_get_server_method(int ver)
         {
@@ -147,28 +156,10 @@ static SSL_METHOD *ssl3_get_server_method(int ver)
                 return(NULL);
         }
 
-SSL_METHOD *SSLv3_server_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv3_server_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
-                                sizeof(SSL_METHOD));
-                        SSLv3_server_data.ssl_accept=ssl3_accept;
-                        SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-                        init=0;
-                        }
-                        
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv3_server_data);
-        }
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+                        ssl3_accept,
+                        ssl_undefined_function,
+                        ssl3_get_server_method)
 
 int ssl3_accept(SSL *s)
         {
@@ -299,9 +290,18 @@ int ssl3_accept(SSL *s)
                 case SSL3_ST_SW_SRVR_HELLO_B:
                         ret=ssl3_send_server_hello(s);
                         if (ret <= 0) goto end;
-
+#ifndef OPENSSL_NO_TLSEXT
                         if (s->hit)
-                                s->state=SSL3_ST_SW_CHANGE_A;
+                                {
+                                if (s->tlsext_ticket_expected)
+                                        s->state=SSL3_ST_SW_SESSION_TICKET_A;
+                                else
+                                        s->state=SSL3_ST_SW_CHANGE_A;
+                                }
+#else
+                        if (s->hit)
+                                        s->state=SSL3_ST_SW_CHANGE_A;
+#endif
                         else
                                 s->state=SSL3_ST_SW_CERT_A;
                         s->init_num=0;
@@ -309,15 +309,30 @@ int ssl3_accept(SSL *s)
 
                 case SSL3_ST_SW_CERT_A:
                 case SSL3_ST_SW_CERT_B:
-                        /* Check if it is anon DH */
-                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                        /* Check if it is anon DH or anon ECDH or KRB5 */
+                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
+                                && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
                                 {
                                 ret=ssl3_send_server_certificate(s);
                                 if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+                                if (s->tlsext_status_expected)
+                                        s->state=SSL3_ST_SW_CERT_STATUS_A;
+                                else
+                                        s->state=SSL3_ST_SW_KEY_EXCH_A;
+                                }
+                        else
+                                {
+                                skip = 1;
+                                s->state=SSL3_ST_SW_KEY_EXCH_A;
+                                }
+#else
                                 }
                         else
                                 skip=1;
+
                         s->state=SSL3_ST_SW_KEY_EXCH_A;
+#endif
                         s->init_num=0;
                         break;
 
@@ -340,9 +355,18 @@ int ssl3_accept(SSL *s)
                         else
                                 s->s3->tmp.use_rsa_tmp=0;
 
+
                         /* only send if a DH key exchange, fortezza or
-                         * RSA but we have a sign only certificate */
+                         * RSA but we have a sign only certificate
+                         *
+                         * For ECC ciphersuites, we send a serverKeyExchange
+                         * message only if the cipher suite is either
+                         * ECDH-anon or ECDHE. In other cases, the
+                         * server certificate contains the server's 
+                         * public key for key exchange.
+                         */
                         if (s->s3->tmp.use_rsa_tmp
+                            || (l & SSL_kECDHE)
                             || (l & (SSL_DH|SSL_kFZA))
                             || ((l & SSL_kRSA)
                                 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
@@ -446,19 +470,33 @@ int ssl3_accept(SSL *s)
                 case SSL3_ST_SR_KEY_EXCH_A:
                 case SSL3_ST_SR_KEY_EXCH_B:
                         ret=ssl3_get_client_key_exchange(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_SR_CERT_VRFY_A;
-                        s->init_num=0;
-
-                        /* We need to get hashes here so if there is
-                         * a client cert, it can be verified */ 
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                                &(s->s3->finish_dgst1),
-                                &(s->s3->tmp.cert_verify_md[0]));
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                                &(s->s3->finish_dgst2),
-                                &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+                        if (ret <= 0) 
+                                goto end;
+                        if (ret == 2)
+                                {
+                                /* For the ECDH ciphersuites when
+                                 * the client sends its ECDH pub key in
+                                 * a certificate, the CertificateVerify
+                                 * message is not sent.
+                                 */
+                                s->state=SSL3_ST_SR_FINISHED_A;
+                                s->init_num = 0;
+                                }
+                        else   
+                                {
+                                s->state=SSL3_ST_SR_CERT_VRFY_A;
+                                s->init_num=0;
 
+                                /* We need to get hashes here so if there is
+                                 * a client cert, it can be verified
+                                 */ 
+                                s->method->ssl3_enc->cert_verify_mac(s,
+                                    &(s->s3->finish_dgst1),
+                                    &(s->s3->tmp.cert_verify_md[0]));
+                                s->method->ssl3_enc->cert_verify_mac(s,
+                                    &(s->s3->finish_dgst2),
+                                    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+                                }
                         break;
 
                 case SSL3_ST_SR_CERT_VRFY_A:
@@ -479,11 +517,34 @@ int ssl3_accept(SSL *s)
                         if (ret <= 0) goto end;
                         if (s->hit)
                                 s->state=SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+                        else if (s->tlsext_ticket_expected)
+                                s->state=SSL3_ST_SW_SESSION_TICKET_A;
+#endif
                         else
                                 s->state=SSL3_ST_SW_CHANGE_A;
                         s->init_num=0;
                         break;
 
+#ifndef OPENSSL_NO_TLSEXT
+                case SSL3_ST_SW_SESSION_TICKET_A:
+                case SSL3_ST_SW_SESSION_TICKET_B:
+                        ret=ssl3_send_newsession_ticket(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_CHANGE_A;
+                        s->init_num=0;
+                        break;
+
+                case SSL3_ST_SW_CERT_STATUS_A:
+                case SSL3_ST_SW_CERT_STATUS_B:
+                        ret=ssl3_send_cert_status(s);
+                        if (ret <= 0) goto end;
+                        s->state=SSL3_ST_SW_KEY_EXCH_A;
+                        s->init_num=0;
+                        break;
+
+#endif
+
                 case SSL3_ST_SW_CHANGE_A:
                 case SSL3_ST_SW_CHANGE_B:
 
@@ -589,7 +650,7 @@ end:
         return(ret);
         }
 
-static int ssl3_send_hello_request(SSL *s)
+int ssl3_send_hello_request(SSL *s)
         {
         unsigned char *p;
 
@@ -611,14 +672,14 @@ static int ssl3_send_hello_request(SSL *s)
         return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
         }
 
-static int ssl3_check_client_hello(SSL *s)
+int ssl3_check_client_hello(SSL *s)
         {
         int ok;
         long n;
 
         /* this function is called when we really expect a Certificate message,
          * so permit appropriate message length */
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_SR_CERT_A,
                 SSL3_ST_SR_CERT_B,
                 -1,
@@ -644,14 +705,17 @@ static int ssl3_check_client_hello(SSL *s)
         return 1;
 }
 
-static int ssl3_get_client_hello(SSL *s)
+int ssl3_get_client_hello(SSL *s)
         {
         int i,j,ok,al,ret= -1;
+        unsigned int cookie_len;
         long n;
         unsigned long id;
         unsigned char *p,*d,*q;
         SSL_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
         SSL_COMP *comp=NULL;
+#endif
         STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
         /* We do this so that we will respond with our native type.
@@ -662,10 +726,10 @@ static int ssl3_get_client_hello(SSL *s)
          */
         if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
                 {
-                s->first_packet=1;
                 s->state=SSL3_ST_SR_CLNT_HELLO_B;
                 }
-        n=ssl3_get_message(s,
+        s->first_packet=1;
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_SR_CLNT_HELLO_B,
                 SSL3_ST_SR_CLNT_HELLO_C,
                 SSL3_MT_CLIENT_HELLO,
@@ -673,6 +737,7 @@ static int ssl3_get_client_hello(SSL *s)
                 &ok);
 
         if (!ok) return((int)n);
+        s->first_packet=0;
         d=p=(unsigned char *)s->init_msg;
 
         /* use version from inside client hello, not from record header
@@ -680,7 +745,8 @@ static int ssl3_get_client_hello(SSL *s)
         s->client_version=(((int)p[0])<<8)|(int)p[1];
         p+=2;
 
-        if (s->client_version < s->version)
+        if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+            (s->version != DTLS1_VERSION && s->client_version < s->version))
                 {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
                 if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
@@ -708,14 +774,14 @@ static int ssl3_get_client_hello(SSL *s)
          * might be written that become totally unsecure when compiled with
          * an earlier library version)
          */
-        if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
+        if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
                 {
                 if (!ssl_get_new_session(s,1))
                         goto err;
                 }
         else
                 {
-                i=ssl_get_prev_session(s,p,j);
+                i=ssl_get_prev_session(s, p, j, d + n);
                 if (i == 1)
                         { /* previous session */
                         s->hit=1;
@@ -730,6 +796,68 @@ static int ssl3_get_client_hello(SSL *s)
                 }
 
         p+=j;
+
+        if (s->version == DTLS1_VERSION)
+                {
+                /* cookie stuff */
+                cookie_len = *(p++);
+
+                if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+                        s->d1->send_cookie == 0)
+                        {
+                        /* HelloVerifyMessage has already been sent */
+                        if ( cookie_len != s->d1->cookie_len)
+                                {
+                                al = SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+                                goto f_err;
+                                }
+                        }
+
+                /* 
+                 * The ClientHello may contain a cookie even if the
+                 * HelloVerify message has not been sent--make sure that it
+                 * does not cause an overflow.
+                 */
+                if ( cookie_len > sizeof(s->d1->rcvd_cookie))
+                        {
+                        /* too much data */
+                        al = SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+                        goto f_err;
+                        }
+
+                /* verify the cookie if appropriate option is set. */
+                if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+                        cookie_len > 0)
+                        {
+                        memcpy(s->d1->rcvd_cookie, p, cookie_len);
+
+                        if ( s->ctx->app_verify_cookie_cb != NULL)
+                                {
+                                if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
+                                        cookie_len) == 0)
+                                        {
+                                        al=SSL_AD_HANDSHAKE_FAILURE;
+                                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
+                                                SSL_R_COOKIE_MISMATCH);
+                                        goto f_err;
+                                        }
+                                /* else cookie verification succeeded */
+                                }
+                        else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, 
+                                                  s->d1->cookie_len) != 0) /* default verification */
+                                {
+                                        al=SSL_AD_HANDSHAKE_FAILURE;
+                                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
+                                                SSL_R_COOKIE_MISMATCH);
+                                        goto f_err;
+                                }
+                        }
+
+                p += cookie_len;
+                }
+
         n2s(p,i);
         if ((i == 0) && (j != 0))
                 {
@@ -779,8 +907,7 @@ static int ssl3_get_client_hello(SSL *s)
                         if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
                                 {
                                 /* Very bad for multi-threading.... */
-                                s->session->cipher=sk_SSL_CIPHER_value(ciphers,
-                                                                       0);
+                                s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
                                 }
                         else
                                 {
@@ -817,10 +944,27 @@ static int ssl3_get_client_hello(SSL *s)
                 goto f_err;
                 }
 
+#ifndef OPENSSL_NO_TLSEXT
+        /* TLS extensions*/
+        if (s->version > SSL3_VERSION)
+                {
+                if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
+                        {
+                        /* 'al' set by ssl_parse_clienthello_tlsext */
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
+                        goto f_err;
+                        }
+                }
+                if (ssl_check_clienthello_tlsext(s) <= 0) {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+                        goto err;
+                }
+#endif
         /* Worst case, we will use the NULL compression, but if we have other
          * options, we will now look for them.  We have i-1 compression
          * algorithms from the client, starting at q. */
         s->s3->tmp.new_compression=NULL;
+#ifndef OPENSSL_NO_COMP
         if (s->ctx->comp_methods != NULL)
                 { /* See if we have a match */
                 int m,nn,o,v,done=0;
@@ -845,6 +989,7 @@ static int ssl3_get_client_hello(SSL *s)
                 else
                         comp=NULL;
                 }
+#endif
 
         /* TLS does not mind if there is extra stuff */
 #if 0   /* SSL 3.0 does not mind either, so we should disable this test
@@ -868,7 +1013,11 @@ static int ssl3_get_client_hello(SSL *s)
 
         if (!s->hit)
                 {
+#ifdef OPENSSL_NO_COMP
+                s->session->compress_meth=0;
+#else
                 s->session->compress_meth=(comp == NULL)?0:comp->id;
+#endif
                 if (s->session->ciphers != NULL)
                         sk_SSL_CIPHER_free(s->session->ciphers);
                 s->session->ciphers=ciphers;
@@ -943,7 +1092,7 @@ err:
         return(ret);
         }
 
-static int ssl3_send_server_hello(SSL *s)
+int ssl3_send_server_hello(SSL *s)
         {
         unsigned char *buf;
         unsigned char *p,*d;
@@ -956,7 +1105,7 @@ static int ssl3_send_server_hello(SSL *s)
                 p=s->s3->server_random;
                 Time=(unsigned long)time(NULL);                 /* Time */
                 l2n(Time,p);
-                if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
                         return -1;
                 /* Do the message type and length last */
                 d=p= &(buf[4]);
@@ -975,12 +1124,20 @@ static int ssl3_send_server_hello(SSL *s)
                  * session-id if we want it to be single use.
                  * Currently I will not implement the '0' length session-id
                  * 12-Jan-98 - I'll now support the '0' length stuff.
+                 *
+                 * We also have an additional case where stateless session
+                 * resumption is successful: we always send back the old
+                 * session id. In this case s->hit is non zero: this can
+                 * only happen if stateless session resumption is succesful
+                 * if session caching is disabled so existing functionality
+                 * is unaffected.
                  */
-                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+                        && !s->hit)
                         s->session->session_id_length=0;
 
                 sl=s->session->session_id_length;
-                if (sl > sizeof s->session->session_id)
+                if (sl > (int)sizeof(s->session->session_id))
                         {
                         SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
                         return -1;
@@ -994,11 +1151,21 @@ static int ssl3_send_server_hello(SSL *s)
                 p+=i;
 
                 /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+                        *(p++)=0;
+#else
                 if (s->s3->tmp.new_compression == NULL)
                         *(p++)=0;
                 else
                         *(p++)=s->s3->tmp.new_compression->id;
-
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+                if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
+#endif
                 /* do the header */
                 l=(p-d);
                 d=buf;
@@ -1015,7 +1182,7 @@ static int ssl3_send_server_hello(SSL *s)
         return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
         }
 
-static int ssl3_send_server_done(SSL *s)
+int ssl3_send_server_done(SSL *s)
         {
         unsigned char *p;
 
@@ -1039,7 +1206,7 @@ static int ssl3_send_server_done(SSL *s)
         return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
         }
 
-static int ssl3_send_server_key_exchange(SSL *s)
+int ssl3_send_server_key_exchange(SSL *s)
         {
 #ifndef OPENSSL_NO_RSA
         unsigned char *q;
@@ -1051,6 +1218,13 @@ static int ssl3_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_DH
         DH *dh=NULL,*dhp;
 #endif
+#ifndef OPENSSL_NO_ECDH
+        EC_KEY *ecdh=NULL, *ecdhp;
+        unsigned char *encodedPoint = NULL;
+        int encodedlen = 0;
+        int curve_id = 0;
+        BN_CTX *bn_ctx = NULL; 
+#endif
         EVP_PKEY *pkey;
         unsigned char *p,*d;
         int al,i;
@@ -1159,6 +1333,134 @@ static int ssl3_send_server_key_exchange(SSL *s)
                         }
                 else 
 #endif
+#ifndef OPENSSL_NO_ECDH
+                        if (type & SSL_kECDHE)
+                        {
+                        const EC_GROUP *group;
+
+                        ecdhp=cert->ecdh_tmp;
+                        if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
+                                {
+                                ecdhp=s->cert->ecdh_tmp_cb(s,
+                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                                }
+                        if (ecdhp == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+                                goto f_err;
+                                }
+
+                        if (s->s3->tmp.ecdh != NULL)
+                                {
+                                EC_KEY_free(s->s3->tmp.ecdh); 
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+
+                        /* Duplicate the ECDH structure. */
+                        if (ecdhp == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+                                goto err;
+                                }
+                        if (!EC_KEY_up_ref(ecdhp))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+                                goto err;
+                                }
+                        ecdh = ecdhp;
+
+                        s->s3->tmp.ecdh=ecdh;
+                        if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
+                            (EC_KEY_get0_private_key(ecdh) == NULL) ||
+                            (s->options & SSL_OP_SINGLE_ECDH_USE))
+                                {
+                                if(!EC_KEY_generate_key(ecdh))
+                                    {
+                                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+                                    goto err;
+                                    }
+                                }
+
+                        if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
+                            (EC_KEY_get0_public_key(ecdh)  == NULL) ||
+                            (EC_KEY_get0_private_key(ecdh) == NULL))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+                                goto err;
+                                }
+
+                        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+                            (EC_GROUP_get_degree(group) > 163)) 
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+                                goto err;
+                                }
+
+                        /* XXX: For now, we only support ephemeral ECDH
+                         * keys over named (not generic) curves. For 
+                         * supported named curves, curve_id is non-zero.
+                         */
+                        if ((curve_id = 
+                            nid2curve_id(EC_GROUP_get_curve_name(group)))
+                            == 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+                                goto err;
+                                }
+
+                        /* Encode the public key.
+                         * First check the size of encoding and
+                         * allocate memory accordingly.
+                         */
+                        encodedlen = EC_POINT_point2oct(group, 
+                            EC_KEY_get0_public_key(ecdh),
+                            POINT_CONVERSION_UNCOMPRESSED, 
+                            NULL, 0, NULL);
+
+                        encodedPoint = (unsigned char *) 
+                            OPENSSL_malloc(encodedlen*sizeof(unsigned char)); 
+                        bn_ctx = BN_CTX_new();
+                        if ((encodedPoint == NULL) || (bn_ctx == NULL))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+
+
+                        encodedlen = EC_POINT_point2oct(group, 
+                            EC_KEY_get0_public_key(ecdh), 
+                            POINT_CONVERSION_UNCOMPRESSED, 
+                            encodedPoint, encodedlen, bn_ctx);
+
+                        if (encodedlen == 0) 
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+                                goto err;
+                                }
+
+                        BN_CTX_free(bn_ctx);  bn_ctx=NULL;
+
+                        /* XXX: For now, we only support named (not 
+                         * generic) curves in ECDH ephemeral key exchanges.
+                         * In this situation, we need four additional bytes
+                         * to encode the entire ServerECDHParams
+                         * structure. 
+                         */
+                        n = 4 + encodedlen;
+
+                        /* We'll generate the serverKeyExchange message
+                         * explicitly so we can set these to NULLs
+                         */
+                        r[0]=NULL;
+                        r[1]=NULL;
+                        r[2]=NULL;
+                        r[3]=NULL;
+                        }
+                else 
+#endif /* !OPENSSL_NO_ECDH */
                         {
                         al=SSL_AD_HANDSHAKE_FAILURE;
                         SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1201,6 +1503,31 @@ static int ssl3_send_server_key_exchange(SSL *s)
                         p+=nr[i];
                         }
 
+#ifndef OPENSSL_NO_ECDH
+                if (type & SSL_kECDHE) 
+                        {
+                        /* XXX: For now, we only support named (not generic) curves.
+                         * In this situation, the serverKeyExchange message has:
+                         * [1 byte CurveType], [2 byte CurveName]
+                         * [1 byte length of encoded point], followed by
+                         * the actual encoded point itself
+                         */
+                        *p = NAMED_CURVE_TYPE;
+                        p += 1;
+                        *p = 0;
+                        p += 1;
+                        *p = curve_id;
+                        p += 1;
+                        *p = encodedlen;
+                        p += 1;
+                        memcpy((unsigned char*)p, 
+                            (unsigned char *)encodedPoint, 
+                            encodedlen);
+                        OPENSSL_free(encodedPoint);
+                        p += encodedlen;
+                        }
+#endif
+
                 /* not anonymous */
                 if (pkey != NULL)
                         {
@@ -1213,8 +1540,6 @@ static int ssl3_send_server_key_exchange(SSL *s)
                                 j=0;
                                 for (num=2; num > 0; num--)
                                         {
-                                        EVP_MD_CTX_set_flags(&md_ctx,
-                                                EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                         EVP_DigestInit_ex(&md_ctx,(num == 2)
                                                 ?s->ctx->md5:s->ctx->sha1, NULL);
                                         EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1255,6 +1580,25 @@ static int ssl3_send_server_key_exchange(SSL *s)
                                 }
                         else
 #endif
+#if !defined(OPENSSL_NO_ECDSA)
+                                if (pkey->type == EVP_PKEY_EC)
+                                {
+                                /* let's do ECDSA */
+                                EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+                                EVP_SignUpdate(&md_ctx,&(d[4]),n);
+                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
+                                        (unsigned int *)&i,pkey))
+                                        {
+                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
+                                        goto err;
+                                        }
+                                s2n(i,p);
+                                n+=i+2;
+                                }
+                        else
+#endif
                                 {
                                 /* Is this error check actually needed? */
                                 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1278,11 +1622,15 @@ static int ssl3_send_server_key_exchange(SSL *s)
 f_err:
         ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+#ifndef OPENSSL_NO_ECDH
+        if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+        BN_CTX_free(bn_ctx);
+#endif
         EVP_MD_CTX_cleanup(&md_ctx);
         return(-1);
         }
 
-static int ssl3_send_certificate_request(SSL *s)
+int ssl3_send_certificate_request(SSL *s)
         {
         unsigned char *p,*d;
         int i,j,nl,off,n;
@@ -1371,7 +1719,7 @@ err:
         return(-1);
         }
 
-static int ssl3_get_client_key_exchange(SSL *s)
+int ssl3_get_client_key_exchange(SSL *s)
         {
         int i,al,ok;
         long n;
@@ -1389,7 +1737,14 @@ static int ssl3_get_client_key_exchange(SSL *s)
         KSSL_ERR kssl_err;
 #endif /* OPENSSL_NO_KRB5 */
 
-        n=ssl3_get_message(s,
+#ifndef OPENSSL_NO_ECDH
+        EC_KEY *srvr_ecdh = NULL;
+        EVP_PKEY *clnt_pub_pkey = NULL;
+        EC_POINT *clnt_ecpoint = NULL;
+        BN_CTX *bn_ctx = NULL; 
+#endif
+
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_SR_KEY_EXCH_A,
                 SSL3_ST_SR_KEY_EXCH_B,
                 SSL3_MT_CLIENT_KEY_EXCHANGE,
@@ -1433,8 +1788,9 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         rsa=pkey->pkey.rsa;
                         }
 
-                /* TLS */
-                if (s->version > SSL3_VERSION)
+                /* TLS and [incidentally] DTLS, including pre-0.9.8f */
+                if (s->version > SSL3_VERSION &&
+                    s->client_version != DTLS1_BAD_VER)
                         {
                         n2s(p,i);
                         if (n != i+2)
@@ -1495,7 +1851,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         i = SSL_MAX_MASTER_KEY_LENGTH;
                         p[0] = s->client_version >> 8;
                         p[1] = s->client_version & 0xff;
-                        if(RAND_pseudo_bytes(p+2, i-2) <= 0)  /* should be RAND_bytes, but we cannot work around a failure */
+                        if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
                                 goto err;
                         }
         
@@ -1594,7 +1950,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 n2s(p,i);
                 enc_ticket.length = i;
 
-                if (n < (long)enc_ticket.length + 6)
+                if (n < (int)enc_ticket.length + 6)
                         {
                         SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                 SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1607,7 +1963,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 n2s(p,i);
                 authenticator.length = i;
 
-                if (n < (long)(enc_ticket.length + authenticator.length + 6))
+                if (n < (int)(enc_ticket.length + authenticator.length) + 6)
                         {
                         SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                 SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1649,7 +2005,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         if (kssl_err.text)
                                 printf("kssl_err text= %s\n", kssl_err.text);
 #endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                 kssl_err.reason);
                         goto err;
                         }
@@ -1666,14 +2022,14 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         if (kssl_err.text)
                                 printf("kssl_err text= %s\n", kssl_err.text);
 #endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                 kssl_err.reason);
                         goto err;
                         }
 
                 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
                         {
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
                         goto err;
                         }
 
@@ -1719,6 +2075,24 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                 SSL_R_DATA_LENGTH_TOO_LONG);
                         goto err;
                         }
+                if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
+                    {
+                    /* The premaster secret must contain the same version number as the
+                     * ClientHello to detect version rollback attacks (strangely, the
+                     * protocol does not offer such protection for DH ciphersuites).
+                     * However, buggy clients exist that send random bytes instead of
+                     * the protocol version.
+                     * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. 
+                     * (Perhaps we should have a separate BUG value for the Kerberos cipher)
+                     */
+                    if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                               SSL_AD_DECODE_ERROR);
+                        goto err;
+                        }
+                    }
+
                 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
                 s->session->master_key_length=
@@ -1727,7 +2101,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
                 if (kssl_ctx->client_princ)
                         {
-                        int len = strlen(kssl_ctx->client_princ);
+                        size_t len = strlen(kssl_ctx->client_princ);
                         if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
                                 {
                                 s->session->krb5_client_princ_len = len;
@@ -1744,6 +2118,156 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 }
         else
 #endif  /* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+                if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+                {
+                int ret = 1;
+                int field_size = 0;
+                const EC_KEY   *tkey;
+                const EC_GROUP *group;
+                const BIGNUM *priv_key;
+
+                /* initialize structures for server's ECDH key pair */
+                if ((srvr_ecdh = EC_KEY_new()) == NULL) 
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                            ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+
+                /* Let's get server private key and group information */
+                if (l & SSL_kECDH) 
+                        { 
+                        /* use the certificate */
+                        tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
+                        }
+                else
+                        {
+                        /* use the ephermeral values we saved when
+                         * generating the ServerKeyExchange msg.
+                         */
+                        tkey = s->s3->tmp.ecdh;
+                        }
+
+                group    = EC_KEY_get0_group(tkey);
+                priv_key = EC_KEY_get0_private_key(tkey);
+
+                if (!EC_KEY_set_group(srvr_ecdh, group) ||
+                    !EC_KEY_set_private_key(srvr_ecdh, priv_key))
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                               ERR_R_EC_LIB);
+                        goto err;
+                        }
+
+                /* Let's get client's public key */
+                if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                            ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+
+                if (n == 0L) 
+                        {
+                        /* Client Publickey was in Client Certificate */
+
+                         if (l & SSL_kECDHE) 
+                                 {
+                                 al=SSL_AD_HANDSHAKE_FAILURE;
+                                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+                                 goto f_err;
+                                 }
+                        if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
+                            == NULL) || 
+                            (clnt_pub_pkey->type != EVP_PKEY_EC))
+                                {
+                                /* XXX: For now, we do not support client
+                                 * authentication using ECDH certificates
+                                 * so this branch (n == 0L) of the code is
+                                 * never executed. When that support is
+                                 * added, we ought to ensure the key 
+                                 * received in the certificate is 
+                                 * authorized for key agreement.
+                                 * ECDH_compute_key implicitly checks that
+                                 * the two ECDH shares are for the same
+                                 * group.
+                                 */
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                    SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
+                                goto f_err;
+                                }
+
+                        if (EC_POINT_copy(clnt_ecpoint,
+                            EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                        ERR_R_EC_LIB);
+                                goto err;
+                                }
+                        ret = 2; /* Skip certificate verify processing */
+                        }
+                else
+                        {
+                        /* Get client's public key from encoded point
+                         * in the ClientKeyExchange message.
+                         */
+                        if ((bn_ctx = BN_CTX_new()) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                    ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+
+                        /* Get encoded point length */
+                        i = *p; 
+                        p += 1;
+                        if (EC_POINT_oct2point(group, 
+                            clnt_ecpoint, p, i, bn_ctx) == 0)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                    ERR_R_EC_LIB);
+                                goto err;
+                                }
+                        /* p is pointing to somewhere in the buffer
+                         * currently, so set it to the start 
+                         */ 
+                        p=(unsigned char *)s->init_buf->data;
+                        }
+
+                /* Compute the shared pre-master secret */
+                field_size = EC_GROUP_get_degree(group);
+                if (field_size <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 
+                               ERR_R_ECDH_LIB);
+                        goto err;
+                        }
+                i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
+                if (i <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                            ERR_R_ECDH_LIB);
+                        goto err;
+                        }
+
+                EVP_PKEY_free(clnt_pub_pkey);
+                EC_POINT_free(clnt_ecpoint);
+                if (srvr_ecdh != NULL) 
+                        EC_KEY_free(srvr_ecdh);
+                BN_CTX_free(bn_ctx);
+
+                /* Compute the master secret */
+                s->session->master_key_length = s->method->ssl3_enc-> \
+                    generate_master_secret(s, s->session->master_key, p, i);
+                
+                OPENSSL_cleanse(p, i);
+                return (ret);
+                }
+        else
+#endif
                 {
                 al=SSL_AD_HANDSHAKE_FAILURE;
                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -1754,13 +2278,20 @@ static int ssl3_get_client_key_exchange(SSL *s)
         return(1);
 f_err:
         ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
+#ifndef OPENSSL_NO_ECDH
+        EVP_PKEY_free(clnt_pub_pkey);
+        EC_POINT_free(clnt_ecpoint);
+        if (srvr_ecdh != NULL) 
+                EC_KEY_free(srvr_ecdh);
+        BN_CTX_free(bn_ctx);
+#endif
         return(-1);
         }
 
-static int ssl3_get_cert_verify(SSL *s)
+int ssl3_get_cert_verify(SSL *s)
         {
         EVP_PKEY *pkey=NULL;
         unsigned char *p;
@@ -1769,7 +2300,7 @@ static int ssl3_get_cert_verify(SSL *s)
         int type=0,i,j;
         X509 *peer;
 
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_SR_CERT_VRFY_A,
                 SSL3_ST_SR_CERT_VRFY_B,
                 -1,
@@ -1880,6 +2411,23 @@ static int ssl3_get_cert_verify(SSL *s)
                 }
         else
 #endif
+#ifndef OPENSSL_NO_ECDSA
+                if (pkey->type == EVP_PKEY_EC)
+                {
+                j=ECDSA_verify(pkey->save_type,
+                        &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+                        SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
+                if (j <= 0)
+                        {
+                        /* bad signature */
+                        al=SSL_AD_DECRYPT_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+                            SSL_R_BAD_ECDSA_SIGNATURE);
+                        goto f_err;
+                        }
+                }
+        else
+#endif
                 {
                 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
                 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
@@ -1898,15 +2446,16 @@ end:
         return(ret);
         }
 
-static int ssl3_get_client_certificate(SSL *s)
+int ssl3_get_client_certificate(SSL *s)
         {
         int i,ok,al,ret= -1;
         X509 *x=NULL;
         unsigned long l,nc,llen,n;
-        unsigned char *p,*d,*q;
+        const unsigned char *p,*q;
+        unsigned char *d;
         STACK_OF(X509) *sk=NULL;
 
-        n=ssl3_get_message(s,
+        n=s->method->ssl_get_message(s,
                 SSL3_ST_SR_CERT_A,
                 SSL3_ST_SR_CERT_B,
                 -1,
@@ -1941,7 +2490,7 @@ static int ssl3_get_client_certificate(SSL *s)
                 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
                 goto f_err;
                 }
-        d=p=(unsigned char *)s->init_msg;
+        p=d=(unsigned char *)s->init_msg;
 
         if ((sk=sk_X509_new_null()) == NULL)
                 {
@@ -2080,3 +2629,209 @@ int ssl3_send_server_certificate(SSL *s)
         /* SSL3_ST_SW_CERT_B */
         return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
         }
+
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of curve_id2nid in s3_clnt.c. */
+static int nid2curve_id(int nid)
+{
+        /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
+         * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
+        switch (nid) {
+        case NID_sect163k1: /* sect163k1 (1) */
+                return 1;
+        case NID_sect163r1: /* sect163r1 (2) */
+                return 2;
+        case NID_sect163r2: /* sect163r2 (3) */
+                return 3;
+        case NID_sect193r1: /* sect193r1 (4) */ 
+                return 4;
+        case NID_sect193r2: /* sect193r2 (5) */ 
+                return 5;
+        case NID_sect233k1: /* sect233k1 (6) */
+                return 6;
+        case NID_sect233r1: /* sect233r1 (7) */ 
+                return 7;
+        case NID_sect239k1: /* sect239k1 (8) */ 
+                return 8;
+        case NID_sect283k1: /* sect283k1 (9) */
+                return 9;
+        case NID_sect283r1: /* sect283r1 (10) */ 
+                return 10;
+        case NID_sect409k1: /* sect409k1 (11) */ 
+                return 11;
+        case NID_sect409r1: /* sect409r1 (12) */
+                return 12;
+        case NID_sect571k1: /* sect571k1 (13) */ 
+                return 13;
+        case NID_sect571r1: /* sect571r1 (14) */ 
+                return 14;
+        case NID_secp160k1: /* secp160k1 (15) */
+                return 15;
+        case NID_secp160r1: /* secp160r1 (16) */ 
+                return 16;
+        case NID_secp160r2: /* secp160r2 (17) */ 
+                return 17;
+        case NID_secp192k1: /* secp192k1 (18) */
+                return 18;
+        case NID_X9_62_prime192v1: /* secp192r1 (19) */ 
+                return 19;
+        case NID_secp224k1: /* secp224k1 (20) */ 
+                return 20;
+        case NID_secp224r1: /* secp224r1 (21) */
+                return 21;
+        case NID_secp256k1: /* secp256k1 (22) */ 
+                return 22;
+        case NID_X9_62_prime256v1: /* secp256r1 (23) */ 
+                return 23;
+        case NID_secp384r1: /* secp384r1 (24) */
+                return 24;
+        case NID_secp521r1:  /* secp521r1 (25) */       
+                return 25;
+        default:
+                return 0;
+        }
+}
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_send_newsession_ticket(SSL *s)
+        {
+        if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
+                {
+                unsigned char *p, *senc, *macstart;
+                int len, slen;
+                unsigned int hlen;
+                EVP_CIPHER_CTX ctx;
+                HMAC_CTX hctx;
+                unsigned char iv[EVP_MAX_IV_LENGTH];
+                unsigned char key_name[16];
+
+                /* get session encoding length */
+                slen = i2d_SSL_SESSION(s->session, NULL);
+                /* Some length values are 16 bits, so forget it if session is
+                 * too long
+                 */
+                if (slen > 0xFF00)
+                        return -1;
+                /* Grow buffer if need be: the length calculation is as
+                 * follows 1 (size of message name) + 3 (message length
+                 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
+                 * 16 (key name) + max_iv_len (iv length) +
+                 * session_length + max_enc_block_size (max encrypted session
+                 * length) + max_md_size (HMAC).
+                 */
+                if (!BUF_MEM_grow(s->init_buf,
+                        26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
+                        EVP_MAX_MD_SIZE + slen))
+                        return -1;
+                senc = OPENSSL_malloc(slen);
+                if (!senc)
+                        return -1;
+                p = senc;
+                i2d_SSL_SESSION(s->session, &p);
+
+                p=(unsigned char *)s->init_buf->data;
+                /* do the header */
+                *(p++)=SSL3_MT_NEWSESSION_TICKET;
+                /* Skip message length for now */
+                p += 3;
+                EVP_CIPHER_CTX_init(&ctx);
+                HMAC_CTX_init(&hctx);
+                /* Initialize HMAC and cipher contexts. If callback present
+                 * it does all the work otherwise use generated values
+                 * from parent ctx.
+                 */
+                if (s->ctx->tlsext_ticket_key_cb)
+                        {
+                        if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+                                                         &hctx, 1) < 0)
+                                {
+                                OPENSSL_free(senc);
+                                return -1;
+                                }
+                        }
+                else
+                        {
+                        RAND_pseudo_bytes(iv, 16);
+                        EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                                        s->ctx->tlsext_tick_aes_key, iv);
+                        HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+                                        tlsext_tick_md(), NULL);
+                        memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
+                        }
+                l2n(s->session->tlsext_tick_lifetime_hint, p);
+                /* Skip ticket length for now */
+                p += 2;
+                /* Output key name */
+                macstart = p;
+                memcpy(p, key_name, 16);
+                p += 16;
+                /* output IV */
+                memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+                p += EVP_CIPHER_CTX_iv_length(&ctx);
+                /* Encrypt session data */
+                EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+                p += len;
+                EVP_EncryptFinal(&ctx, p, &len);
+                p += len;
+                EVP_CIPHER_CTX_cleanup(&ctx);
+
+                HMAC_Update(&hctx, macstart, p - macstart);
+                HMAC_Final(&hctx, p, &hlen);
+                HMAC_CTX_cleanup(&hctx);
+
+                p += hlen;
+                /* Now write out lengths: p points to end of data written */
+                /* Total length */
+                len = p - (unsigned char *)s->init_buf->data;
+                p=(unsigned char *)s->init_buf->data + 1;
+                l2n3(len - 4, p); /* Message length */
+                p += 4;
+                s2n(len - 10, p);  /* Ticket length */
+
+                /* number of bytes to write */
+                s->init_num= len;
+                s->state=SSL3_ST_SW_SESSION_TICKET_B;
+                s->init_off=0;
+                OPENSSL_free(senc);
+                }
+
+        /* SSL3_ST_SW_SESSION_TICKET_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+
+int ssl3_send_cert_status(SSL *s)
+        {
+        if (s->state == SSL3_ST_SW_CERT_STATUS_A)
+                {
+                unsigned char *p;
+                /* Grow buffer if need be: the length calculation is as
+                 * follows 1 (message type) + 3 (message length) +
+                 * 1 (ocsp response type) + 3 (ocsp response length)
+                 * + (ocsp response)
+                 */
+                if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
+                        return -1;
+
+                p=(unsigned char *)s->init_buf->data;
+
+                /* do the header */
+                *(p++)=SSL3_MT_CERTIFICATE_STATUS;
+                /* message length */
+                l2n3(s->tlsext_ocsp_resplen + 4, p);
+                /* status type */
+                *(p++)= s->tlsext_status_type;
+                /* length of OCSP response */
+                l2n3(s->tlsext_ocsp_resplen, p);
+                /* actual response */
+                memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
+                /* number of bytes to write */
+                s->init_num = 8 + s->tlsext_ocsp_resplen;
+                s->state=SSL3_ST_SW_CERT_STATUS_B;
+                s->init_off = 0;
+                }
+
+        /* SSL3_ST_SW_CERT_STATUS_B */
+        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+        }
+#endif
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 99e188086b..6df921f3c1 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -109,7 +109,7 @@
  *
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -161,6 +161,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_SSL_H 
 #define HEADER_SSL_H 
@@ -173,9 +178,17 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#ifndef OPENSSL_NO_DEPRECATED
 #ifndef OPENSSL_NO_X509
 #include <openssl/x509.h>
 #endif
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#endif
+#include <openssl/pem.h>
+#include <openssl/hmac.h>
+
 #include <openssl/kssl.h>
 #include <openssl/safestack.h>
 #include <openssl/symhacks.h>
@@ -239,7 +252,6 @@ extern "C" {
 #define SSL_TXT_LOW             "LOW"
 #define SSL_TXT_MEDIUM          "MEDIUM"
 #define SSL_TXT_HIGH            "HIGH"
-#define SSL_TXT_FIPS            "FIPS"
 #define SSL_TXT_kFZA            "kFZA"
 #define SSL_TXT_aFZA            "aFZA"
 #define SSL_TXT_eFZA            "eFZA"
@@ -270,7 +282,9 @@ extern "C" {
 #define SSL_TXT_RC4             "RC4"
 #define SSL_TXT_RC2             "RC2"
 #define SSL_TXT_IDEA            "IDEA"
+#define SSL_TXT_SEED            "SEED"
 #define SSL_TXT_AES             "AES"
+#define SSL_TXT_CAMELLIA        "CAMELLIA"
 #define SSL_TXT_MD5             "MD5"
 #define SSL_TXT_SHA1            "SHA1"
 #define SSL_TXT_SHA             "SHA"
@@ -282,6 +296,7 @@ extern "C" {
 #define SSL_TXT_SSLV3           "SSLv3"
 #define SSL_TXT_TLSV1           "TLSv1"
 #define SSL_TXT_ALL             "ALL"
+#define SSL_TXT_ECC             "ECCdraft" /* ECC ciphersuites are not yet official */
 
 /*
  * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
@@ -303,7 +318,7 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN       1
@@ -313,11 +328,6 @@ extern "C" {
 }
 #endif
 
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/pem.h>
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -369,6 +379,12 @@ typedef struct ssl_method_st
         int (*ssl_shutdown)(SSL *s);
         int (*ssl_renegotiate)(SSL *s);
         int (*ssl_renegotiate_check)(SSL *s);
+        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
+                max, int *ok);
+        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
+                int peek);
+        int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
+        int (*ssl_dispatch_alert)(SSL *s);
         long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
         long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
         SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
@@ -379,9 +395,9 @@ typedef struct ssl_method_st
         struct ssl_method_st *(*get_ssl_method)(int version);
         long (*get_timeout)(void);
         struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
-        int (*ssl_version)();
-        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
-        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
+        int (*ssl_version)(void);
+        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
+        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
         } SSL_METHOD;
 
 /* Lets make this into an ASN.1 type structure as follows
@@ -459,6 +475,13 @@ typedef struct ssl_session_st
         /* These are used to make removal of session-ids more
          * efficient and to implement a maximum cache size. */
         struct ssl_session_st *prev,*next;
+#ifndef OPENSSL_NO_TLSEXT
+        char *tlsext_hostname;
+        /* RFC4507 info */
+        unsigned char *tlsext_tick;     /* Session ticket */
+        size_t  tlsext_ticklen;         /* Session ticket length */     
+        long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+#endif
         } SSL_SESSION;
 
 
@@ -483,8 +506,17 @@ typedef struct ssl_session_st
  *             This used to be 0x000FFFFFL before 0.9.7. */
 #define SSL_OP_ALL                                      0x00000FFFL
 
+/* DTLS options */
+#define SSL_OP_NO_QUERY_MTU                 0x00001000L
+/* Turn on Cookie Exchange (on relevant for servers) */
+#define SSL_OP_COOKIE_EXCHANGE              0x00002000L
+/* Don't use RFC4507 ticket extension */
+#define SSL_OP_NO_TICKET                    0x00004000L
+
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
+/* If set, always create a new key when using tmp_ecdh parameters */
+#define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE                            0x00100000L
 /* Set to always use the tmp_rsa key when doing RSA operations,
@@ -546,6 +578,8 @@ typedef struct ssl_session_st
         SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
         SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+#define SSL_set_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
 
 
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -582,7 +616,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
 typedef struct ssl_comp_st
         {
         int id;
-        char *name;
+        const char *name;
 #ifndef OPENSSL_NO_COMP
         COMP_METHOD *method;
 #else
@@ -670,6 +704,14 @@ struct ssl_ctx_st
         /* get client cert callback */
         int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
 
+    /* cookie generate callback */
+    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
+        unsigned int *cookie_len);
+
+    /* verify cookie callback */
+    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
+        unsigned int cookie_len);
+
         CRYPTO_EX_DATA ex_data;
 
         const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
@@ -702,7 +744,6 @@ struct ssl_ctx_st
         void *msg_callback_arg;
 
         int verify_mode;
-        int verify_depth;
         unsigned int sid_ctx_length;
         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
         int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
@@ -710,10 +751,35 @@ struct ssl_ctx_st
         /* Default generate session ID callback. */
         GEN_SESSION_CB generate_session_id;
 
+        X509_VERIFY_PARAM *param;
+
+#if 0
         int purpose;            /* Purpose setting */
         int trust;              /* Trust setting */
+#endif
 
         int quiet_shutdown;
+
+#ifndef OPENSSL_NO_TLSEXT
+        /* TLS extensions servername callback */
+        int (*tlsext_servername_callback)(SSL*, int *, void *);
+        void *tlsext_servername_arg;
+        /* RFC 4507 session ticket keys */
+        unsigned char tlsext_tick_key_name[16];
+        unsigned char tlsext_tick_hmac_key[16];
+        unsigned char tlsext_tick_aes_key[16];
+        /* Callback to support customisation of ticket key setting */
+        int (*tlsext_ticket_key_cb)(SSL *ssl,
+                                        unsigned char *name, unsigned char *iv,
+                                        EVP_CIPHER_CTX *ectx,
+                                        HMAC_CTX *hctx, int enc);
+
+        /* certificate status request info */
+        /* Callback for status request */
+        int (*tlsext_status_cb)(SSL *ssl, void *arg);
+        void *tlsext_status_arg;
+#endif
+
         };
 
 #define SSL_SESS_CACHE_OFF                      0x0000
@@ -753,16 +819,18 @@ struct ssl_ctx_st
 #define SSL_CTX_sess_cache_full(ctx) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
 
-#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
-#define SSL_CTX_sess_get_new_cb(ctx)    ((ctx)->new_session_cb)
-#define SSL_CTX_sess_set_remove_cb(ctx,cb)      ((ctx)->remove_session_cb=(cb))
-#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
-#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
-#define SSL_CTX_sess_get_get_cb(ctx)    ((ctx)->get_session_cb)
-#define SSL_CTX_set_info_callback(ctx,cb)       ((ctx)->info_callback=(cb))
-#define SSL_CTX_get_info_callback(ctx)          ((ctx)->info_callback)
-#define SSL_CTX_set_client_cert_cb(ctx,cb)      ((ctx)->client_cert_cb=(cb))
-#define SSL_CTX_get_client_cert_cb(ctx)         ((ctx)->client_cert_cb)
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
 
 #define SSL_NOTHING     1
 #define SSL_WRITING     2
@@ -778,7 +846,7 @@ struct ssl_ctx_st
 struct ssl_st
         {
         /* protocol version
-         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
          */
         int version;
         int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
@@ -807,7 +875,7 @@ struct ssl_st
 
         /* true when we are actually in SSL_accept() or SSL_connect() */
         int in_handshake;
-        int (*handshake_func)();
+        int (*handshake_func)(SSL *);
 
         /* Imagine that here's a boolean member "init" that is
          * switched as soon as SSL_set_{accept/connect}_state
@@ -842,6 +910,7 @@ struct ssl_st
 
         struct ssl2_state_st *s2; /* SSLv2 variables */
         struct ssl3_state_st *s3; /* SSLv3 variables */
+        struct dtls1_state_st *d1; /* DTLSv1 variables */
 
         int read_ahead;         /* Read as many input bytes as possible
                                  * (for non-blocking reads) */
@@ -852,8 +921,12 @@ struct ssl_st
 
         int hit;                /* reusing a previous session */
 
+        X509_VERIFY_PARAM *param;
+
+#if 0
         int purpose;            /* Purpose setting */
         int trust;              /* Trust setting */
+#endif
 
         /* crypto */
         STACK_OF(SSL_CIPHER) *cipher_list;
@@ -898,7 +971,6 @@ struct ssl_st
         /* Used in SSL2 and SSL3 */
         int verify_mode;        /* 0 don't care about verify failure.
                                  * 1 fail if verify fails */
-        int verify_depth;
         int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
 
         void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
@@ -929,6 +1001,37 @@ struct ssl_st
         int first_packet;
         int client_version;     /* what was passed, used for
                                  * SSLv3/TLS rollback check */
+#ifndef OPENSSL_NO_TLSEXT
+        /* TLS extension debug callback */
+        void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
+                                        unsigned char *data, int len,
+                                        void *arg);
+        void *tlsext_debug_arg;
+        char *tlsext_hostname;
+        int servername_done;   /* no further mod of servername 
+                                  0 : call the servername extension callback.
+                                  1 : prepare 2, allow last ack just after in server callback.
+                                  2 : don't call servername callback, no ack in server hello
+                               */
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int tlsext_status_type;
+        /* Expect OCSP CertificateStatus message */
+        int tlsext_status_expected;
+        /* OCSP status request only */
+        STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
+        X509_EXTENSIONS *tlsext_ocsp_exts;
+        /* OCSP response received or to be sent */
+        unsigned char *tlsext_ocsp_resp;
+        int tlsext_ocsp_resplen;
+
+        /* RFC4507 session ticket expected to be received or sent */
+        int tlsext_ticket_expected;
+        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
+#else
+#define session_ctx ctx
+#endif
         };
 
 #ifdef __cplusplus
@@ -938,6 +1041,7 @@ struct ssl_st
 #include <openssl/ssl2.h>
 #include <openssl/ssl3.h>
 #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/dtls1.h> /* Datagram TLS */
 #include <openssl/ssl23.h>
 
 #ifdef  __cplusplus
@@ -1035,21 +1139,16 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
 
 #if 1 /*SSLEAY_MACROS*/
-#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
-        (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
-        (bp),(unsigned char **)(s_id))
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
-        bp,(unsigned char *)s_id)
+#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
 #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
         (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
 #define PEM_write_SSL_SESSION(fp,x) \
         PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
                 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_SSL_SESSION(bp,x) \
-        PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-                PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
+        PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
 #endif
 
 #define SSL_AD_REASON_OFFSET            1000
@@ -1078,6 +1177,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
 #define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
 #define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+#define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+#define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
 
 #define SSL_ERROR_NONE                  0
 #define SSL_ERROR_SSL                   1
@@ -1092,20 +1195,24 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_NEED_TMP_RSA                   1
 #define SSL_CTRL_SET_TMP_RSA                    2
 #define SSL_CTRL_SET_TMP_DH                     3
-#define SSL_CTRL_SET_TMP_RSA_CB                 4
-#define SSL_CTRL_SET_TMP_DH_CB                  5
-
-#define SSL_CTRL_GET_SESSION_REUSED             6
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST        7
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS         8
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       9
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       10
-#define SSL_CTRL_GET_FLAGS                      11
-#define SSL_CTRL_EXTRA_CHAIN_CERT               12
-
-#define SSL_CTRL_SET_MSG_CALLBACK               13
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG           14
-
+#define SSL_CTRL_SET_TMP_ECDH                   4
+#define SSL_CTRL_SET_TMP_RSA_CB                 5
+#define SSL_CTRL_SET_TMP_DH_CB                  6
+#define SSL_CTRL_SET_TMP_ECDH_CB                7
+
+#define SSL_CTRL_GET_SESSION_REUSED             8
+#define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
+#define SSL_CTRL_GET_FLAGS                      13
+#define SSL_CTRL_EXTRA_CHAIN_CERT               14
+
+#define SSL_CTRL_SET_MSG_CALLBACK               15
+#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
+
+/* only applies to datagram connections */
+#define SSL_CTRL_SET_MTU                17
 /* Stats */
 #define SSL_CTRL_SESS_NUMBER                    20
 #define SSL_CTRL_SESS_CONNECT                   21
@@ -1132,6 +1239,29 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_GET_MAX_CERT_LIST              50
 #define SSL_CTRL_SET_MAX_CERT_LIST              51
 
+/* see tls1.h for macros based on these */
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
+#define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
+#define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
+#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
+#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
+
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
+
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
+#endif
+
 #define SSL_session_reused(ssl) \
         SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
 #define SSL_num_renegotiations(ssl) \
@@ -1147,6 +1277,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
 #define SSL_CTX_set_tmp_dh(ctx,dh) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
 
 #define SSL_need_tmp_RSA(ssl) \
         SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
@@ -1154,6 +1286,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
 #define SSL_set_tmp_dh(ssl,dh) \
         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+#define SSL_set_tmp_ecdh(ssl,ecdh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
 
 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
@@ -1215,9 +1349,9 @@ int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 #endif
 int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
+int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
 int     SSL_use_certificate(SSL *ssl, X509 *x);
-int     SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+int     SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
 
 #ifndef OPENSSL_NO_STDIO
 int     SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
@@ -1253,6 +1387,7 @@ void	SSL_copy_session_id(SSL *to,const SSL *from);
 SSL_SESSION *SSL_SESSION_new(void);
 unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
 int     SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
 #ifndef OPENSSL_NO_FP_API
 int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
 #endif
@@ -1268,7 +1403,7 @@ int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
 int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
 int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
                                         unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char * const *pp,
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
                              long length);
 
 #ifdef HEADER_X509_H
@@ -1287,12 +1422,12 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,v
 #ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
-        unsigned char *d, long len);
+        const unsigned char *d, long len);
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
 
 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
@@ -1319,9 +1454,9 @@ int 	SSL_read(SSL *ssl,void *buf,int num);
 int     SSL_peek(SSL *ssl,void *buf,int num);
 int     SSL_write(SSL *ssl,const void *buf,int num);
 long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
-long    SSL_callback_ctrl(SSL *, int, void (*)());
+long    SSL_callback_ctrl(SSL *, int, void (*)(void));
 long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
-long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
+long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
 
 int     SSL_get_error(const SSL *s,int ret_code);
 const char *SSL_get_version(const SSL *s);
@@ -1345,6 +1480,10 @@ SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
 SSL_METHOD *TLSv1_server_method(void);  /* TLSv1.0 */
 SSL_METHOD *TLSv1_client_method(void);  /* TLSv1.0 */
 
+SSL_METHOD *DTLSv1_method(void);                /* DTLSv1.0 */
+SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
+SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+
 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
 
 int SSL_do_handshake(SSL *s);
@@ -1395,6 +1534,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
 SSL_SESSION *SSL_get_session(const SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
 void SSL_set_info_callback(SSL *ssl,
                            void (*cb)(const SSL *ssl,int type,int val));
 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
@@ -1462,11 +1602,27 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
                                  DH *(*dh)(SSL *ssl,int is_export,
                                            int keylength));
 #endif
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
+                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+                                           int keylength));
+void SSL_set_tmp_ecdh_callback(SSL *ssl,
+                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+                                           int keylength));
+#endif
 
 #ifndef OPENSSL_NO_COMP
+const COMP_METHOD *SSL_get_current_compression(SSL *s);
+const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
-int SSL_COMP_add_compression_method(int id,char *cm);
+const void *SSL_get_current_compression(SSL *s);
+const void *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const void *comp);
+void *SSL_COMP_get_compression_methods(void);
+int SSL_COMP_add_compression_method(int id,void *cm);
 #endif
 
 /* BEGIN ERROR CODES */
@@ -1479,11 +1635,36 @@ void ERR_load_SSL_strings(void);
 
 /* Function codes. */
 #define SSL_F_CLIENT_CERTIFICATE                         100
-#define SSL_F_CLIENT_FINISHED                            238
+#define SSL_F_CLIENT_FINISHED                            167
 #define SSL_F_CLIENT_HELLO                               101
 #define SSL_F_CLIENT_MASTER_KEY                          102
 #define SSL_F_D2I_SSL_SESSION                            103
+#define SSL_F_DO_DTLS1_WRITE                             245
 #define SSL_F_DO_SSL3_WRITE                              104
+#define SSL_F_DTLS1_ACCEPT                               246
+#define SSL_F_DTLS1_BUFFER_RECORD                        247
+#define SSL_F_DTLS1_CLIENT_HELLO                         248
+#define SSL_F_DTLS1_CONNECT                              249
+#define SSL_F_DTLS1_ENC                                  250
+#define SSL_F_DTLS1_GET_HELLO_VERIFY                     251
+#define SSL_F_DTLS1_GET_MESSAGE                          252
+#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
+#define SSL_F_DTLS1_GET_RECORD                           254
+#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
+#define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  277
+#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
+#define SSL_F_DTLS1_PROCESS_RECORD                       257
+#define SSL_F_DTLS1_READ_BYTES                           258
+#define SSL_F_DTLS1_READ_FAILED                          259
+#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST             260
+#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE              261
+#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE             262
+#define SSL_F_DTLS1_SEND_CLIENT_VERIFY                   263
+#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST            264
+#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE              265
+#define SSL_F_DTLS1_SEND_SERVER_HELLO                    266
+#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267
+#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
 #define SSL_F_GET_CLIENT_FINISHED                        105
 #define SSL_F_GET_CLIENT_HELLO                           106
 #define SSL_F_GET_CLIENT_MASTER_KEY                      107
@@ -1524,6 +1705,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_ENC                                   134
 #define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
+#define SSL_F_SSL3_GET_CERT_STATUS                       288
 #define SSL_F_SSL3_GET_CERT_VERIFY                       136
 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
 #define SSL_F_SSL3_GET_CLIENT_HELLO                      138
@@ -1531,10 +1713,12 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_GET_FINISHED                          140
 #define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
 #define SSL_F_SSL3_GET_MESSAGE                           142
+#define SSL_F_SSL3_GET_NEW_SESSION_TICKET                283
 #define SSL_F_SSL3_GET_RECORD                            143
 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
 #define SSL_F_SSL3_GET_SERVER_DONE                       145
 #define SSL_F_SSL3_GET_SERVER_HELLO                      146
+#define SSL_F_SSL3_NEW_SESSION_TICKET                    284
 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
 #define SSL_F_SSL3_PEEK                                  235
 #define SSL_F_SSL3_READ_BYTES                            148
@@ -1550,8 +1734,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
 #define SSL_F_SSL3_WRITE_BYTES                           158
 #define SSL_F_SSL3_WRITE_PENDING                         159
+#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 272
 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
+#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 273
 #define SSL_F_SSL_BAD_METHOD                             160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
 #define SSL_F_SSL_CERT_DUP                               221
@@ -1559,6 +1745,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CERT_INSTANTIATE                       214
 #define SSL_F_SSL_CERT_NEW                               162
 #define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               274
 #define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
 #define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
 #define SSL_F_SSL_CLEAR                                  164
@@ -1590,6 +1777,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_INIT_WBIO_BUFFER                       184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
 #define SSL_F_SSL_NEW                                    186
+#define SSL_F_SSL_PEEK                                   270
+#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             275
+#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             276
 #define SSL_F_SSL_READ                                   223
 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
@@ -1609,6 +1799,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_SHUTDOWN                               224
 #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
 #define SSL_F_SSL_UNDEFINED_FUNCTION                     197
+#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
 #define SSL_F_SSL_USE_CERTIFICATE                        198
 #define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
 #define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
@@ -1639,6 +1830,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_DH_P_LENGTH                            110
 #define SSL_R_BAD_DIGEST_LENGTH                          111
 #define SSL_R_BAD_DSA_SIGNATURE                          112
+#define SSL_R_BAD_ECC_CERT                               304
+#define SSL_R_BAD_ECDSA_SIGNATURE                        305
+#define SSL_R_BAD_ECPOINT                                306
 #define SSL_R_BAD_HELLO_REQUEST                          105
 #define SSL_R_BAD_LENGTH                                 271
 #define SSL_R_BAD_MAC_DECODE                             113
@@ -1668,17 +1862,22 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
 #define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
+#define SSL_R_CLIENTHELLO_TLSEXT                         157
 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
 #define SSL_R_COMPRESSION_FAILURE                        141
+#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 #define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
 #define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
 #define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+#define SSL_R_COOKIE_MISMATCH                            308
 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
 #define SSL_R_DATA_LENGTH_TOO_LONG                       146
 #define SSL_R_DECRYPTION_FAILED                          147
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
 #define SSL_R_DIGEST_CHECK_FAILED                        149
+#define SSL_R_DUPLICATE_COMPRESSION_ID                   309
+#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
@@ -1691,6 +1890,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_INVALID_CHALLENGE_LENGTH                   158
 #define SSL_R_INVALID_COMMAND                            280
 #define SSL_R_INVALID_PURPOSE                            278
+#define SSL_R_INVALID_STATUS_RESPONSE                    316
+#define SSL_R_INVALID_TICKET_KEYS_LENGTH                 275
 #define SSL_R_INVALID_TRUST                              279
 #define SSL_R_KEY_ARG_TOO_LONG                           284
 #define SSL_R_KRB5                                       285
@@ -1719,6 +1920,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
 #define SSL_R_MISSING_RSA_SIGNING_CERT                   170
 #define SSL_R_MISSING_TMP_DH_KEY                         171
+#define SSL_R_MISSING_TMP_ECDH_KEY                       311
 #define SSL_R_MISSING_TMP_RSA_KEY                        172
 #define SSL_R_MISSING_TMP_RSA_PKEY                       173
 #define SSL_R_MISSING_VERIFY_MESSAGE                     174
@@ -1747,6 +1949,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
 #define SSL_R_PACKET_LENGTH_TOO_LONG                     198
+#define SSL_R_PARSE_TLSEXT                               223
 #define SSL_R_PATH_TOO_LONG                              270
 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
 #define SSL_R_PEER_ERROR                                 200
@@ -1761,6 +1964,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
 #define SSL_R_PUBLIC_KEY_NOT_RSA                         210
 #define SSL_R_READ_BIO_NOT_SET                           211
+#define SSL_R_READ_TIMEOUT_EXPIRED                       312
 #define SSL_R_READ_WRONG_PACKET_TYPE                     212
 #define SSL_R_RECORD_LENGTH_MISMATCH                     213
 #define SSL_R_RECORD_TOO_LARGE                           214
@@ -1769,11 +1973,14 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
+#define SSL_R_SERVERHELLO_TLSEXT                         224
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 #define SSL_R_SHORT_READ                                 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME                225
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           226
 #define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
@@ -1808,12 +2015,15 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
 #define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
+#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             227
 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
 #define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
+#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
 #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
 #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
+#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
 #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
 #define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
 #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
@@ -1834,8 +2044,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNKNOWN_STATE                              255
 #define SSL_R_UNSUPPORTED_CIPHER                         256
 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
 #define SSL_R_UNSUPPORTED_PROTOCOL                       258
 #define SSL_R_UNSUPPORTED_SSL_VERSION                    259
+#define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
 #define SSL_R_WRITE_BIO_NOT_SET                          260
 #define SSL_R_WRONG_CIPHER_RETURNED                      261
 #define SSL_R_WRONG_MESSAGE_TYPE                         262
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 1153aeda74..4b1e2e9834 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -108,6 +108,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
@@ -118,6 +123,7 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
+#include <openssl/pq_compat.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -248,7 +254,11 @@ extern "C" {
 #endif
 
 #define SSL3_RT_MAX_PLAIN_LENGTH                16384
+#ifdef OPENSSL_NO_COMP
+#define SSL3_RT_MAX_COMPRESSED_LENGTH   SSL3_RT_MAX_PLAIN_LENGTH
+#else
 #define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#endif
 #define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
 #define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
@@ -289,6 +299,8 @@ typedef struct ssl3_record_st
 /*rw*/  unsigned char *data;    /* pointer to the record data */
 /*rw*/  unsigned char *input;   /* where the decode bytes are */
 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
+/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
+/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
         } SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
@@ -307,7 +319,12 @@ typedef struct ssl3_buffer_st
 #define SSL3_CT_RSA_EPHEMERAL_DH                5
 #define SSL3_CT_DSS_EPHEMERAL_DH                6
 #define SSL3_CT_FORTEZZA_DMS                    20
-#define SSL3_CT_NUMBER                          7
+/* SSL3_CT_NUMBER is used to size arrays and it must be large
+ * enough to contain all of the cert types defined either for
+ * SSLv3 and TLSv1.
+ */
+#define SSL3_CT_NUMBER                  7
+
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
@@ -392,6 +409,11 @@ typedef struct ssl3_state_st
 #ifndef OPENSSL_NO_DH
                 DH *dh;
 #endif
+
+#ifndef OPENSSL_NO_ECDH
+                EC_KEY *ecdh; /* holds short lived ECDH key */
+#endif
+
                 /* used when SSL_ST_FLUSH_DATA is entered */
                 int next_state;                 
 
@@ -420,6 +442,7 @@ typedef struct ssl3_state_st
 
         } SSL3_STATE;
 
+
 /* SSLv3 */
 /*client */
 /* extra state */
@@ -430,6 +453,8 @@ typedef struct ssl3_state_st
 /* read from server */
 #define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
 #define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
@@ -456,6 +481,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
 #define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
 #define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SESSION_TICKET_A     (0x1E0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SESSION_TICKET_B     (0x1E1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_A        (0x1F0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_B        (0x1F1|SSL_ST_CONNECT)
 
 /* server */
 /* extra state */
@@ -466,6 +495,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
 /* write to client */
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
@@ -495,10 +526,15 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SESSION_TICKET_A     (0x1F0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SESSION_TICKET_B     (0x1F1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_A        (0x200|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_B        (0x201|SSL_ST_ACCEPT)
 
 #define SSL3_MT_HELLO_REQUEST                   0
 #define SSL3_MT_CLIENT_HELLO                    1
 #define SSL3_MT_SERVER_HELLO                    2
+#define SSL3_MT_NEWSESSION_TICKET               4
 #define SSL3_MT_CERTIFICATE                     11
 #define SSL3_MT_SERVER_KEY_EXCHANGE             12
 #define SSL3_MT_CERTIFICATE_REQUEST             13
@@ -506,6 +542,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CERTIFICATE_VERIFY              15
 #define SSL3_MT_CLIENT_KEY_EXCHANGE             16
 #define SSL3_MT_FINISHED                        20
+#define SSL3_MT_CERTIFICATE_STATUS              22
+#define DTLS1_MT_HELLO_VERIFY_REQUEST    3
+
 
 #define SSL3_MT_CCS                             1
 
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
index 3d1299ee7b..4717c0e6e1 100644
--- a/src/lib/libssl/ssl_algs.c
+++ b/src/lib/libssl/ssl_algs.c
@@ -82,6 +82,16 @@ int SSL_library_init(void)
         EVP_add_cipher(EVP_aes_192_cbc());
         EVP_add_cipher(EVP_aes_256_cbc());
 #endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+        EVP_add_cipher(EVP_camellia_128_cbc());
+        EVP_add_cipher(EVP_camellia_256_cbc());
+#endif
+
+#ifndef OPENSSL_NO_SEED
+        EVP_add_cipher(EVP_seed_cbc());
+#endif
+
 #ifndef OPENSSL_NO_MD2
         EVP_add_digest(EVP_md2());
 #endif
@@ -101,11 +111,22 @@ int SSL_library_init(void)
         EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
         EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 #endif
+#ifndef OPENSSL_NO_ECDSA
+        EVP_add_digest(EVP_ecdsa());
+#endif
         /* If you want support for phased out ciphers, add the following */
 #if 0
         EVP_add_digest(EVP_sha());
         EVP_add_digest(EVP_dss());
 #endif
+#ifndef OPENSSL_NO_COMP
+        /* This will initialise the built-in compression algorithms.
+           The value returned is a STACK_OF(SSL_COMP), but that can
+           be discarded safely */
+        (void)SSL_COMP_get_compression_methods();
+#endif
+        /* initialize cipher/digest methods table */
+        ssl_load_ciphers();
         return(1);
         }
 
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index fc5fcce108..6e14f4d834 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -78,6 +78,11 @@ typedef struct ssl_session_asn1_st
         ASN1_INTEGER time;
         ASN1_INTEGER timeout;
         ASN1_INTEGER verify_result;
+#ifndef OPENSSL_NO_TLSEXT
+        ASN1_OCTET_STRING tlsext_hostname;
+        ASN1_INTEGER tlsext_tick_lifetime;
+        ASN1_OCTET_STRING tlsext_tick;
+#endif /* OPENSSL_NO_TLSEXT */
         } SSL_SESSION_ASN1;
 
 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
@@ -86,6 +91,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
         int v1=0,v2=0,v3=0,v4=0,v5=0;
         unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
         unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
+#ifndef OPENSSL_NO_TLSEXT
+        int v6=0,v9=0,v10=0;
+        unsigned char ibuf6[LSIZE2];
+#endif
         long l;
         SSL_SESSION_ASN1 a;
         M_ASN1_I2D_vars(in);
@@ -178,7 +187,33 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                 ASN1_INTEGER_set(&a.verify_result,in->verify_result);
                 }
 
-
+#ifndef OPENSSL_NO_TLSEXT
+        if (in->tlsext_hostname)
+                {
+                a.tlsext_hostname.length=strlen(in->tlsext_hostname);
+                a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
+                a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
+                }
+        if (in->tlsext_tick)
+                {
+                a.tlsext_tick.length= in->tlsext_ticklen;
+                a.tlsext_tick.type=V_ASN1_OCTET_STRING;
+                a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
+                /* If we have a ticket set session ID to empty because
+                 * it will be bogus. If liftime hint is -1 treat as a special
+                 * case because the session is being used as a container
+                 */
+                if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))
+                        a.session_id.length=0;
+                }
+        if (in->tlsext_tick_lifetime_hint > 0)
+                {
+                a.tlsext_tick_lifetime.length=LSIZE2;
+                a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
+                a.tlsext_tick_lifetime.data=ibuf6;
+                ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
+                }
+#endif /* OPENSSL_NO_TLSEXT */
         M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
         M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
         M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
@@ -200,6 +235,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
         if (in->verify_result != X509_V_OK)
                 M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
 
+#ifndef OPENSSL_NO_TLSEXT
+        if (in->tlsext_tick_lifetime_hint > 0)
+                M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
+        if (in->tlsext_tick)
+                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
+        if (in->tlsext_hostname)
+                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
+#endif /* OPENSSL_NO_TLSEXT */
         M_ASN1_I2D_seq_total();
 
         M_ASN1_I2D_put(&(a.version),            i2d_ASN1_INTEGER);
@@ -223,10 +266,18 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                                v4);
         if (in->verify_result != X509_V_OK)
                 M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
+#ifndef OPENSSL_NO_TLSEXT
+        if (in->tlsext_hostname)
+                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
+        if (in->tlsext_tick_lifetime_hint > 0)
+                M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
+        if (in->tlsext_tick)
+                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
+#endif /* OPENSSL_NO_TLSEXT */
         M_ASN1_I2D_finish();
         }
 
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
              long length)
         {
         int version,ssl_version=0,i;
@@ -242,18 +293,18 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
         M_ASN1_D2I_start_sequence();
 
         ai.data=NULL; ai.length=0;
-        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
         version=(int)ASN1_INTEGER_get(aip);
         if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
         /* we don't care about the version right now :-) */
-        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
         ssl_version=(int)ASN1_INTEGER_get(aip);
         ret->ssl_version=ssl_version;
         if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
         os.data=NULL; os.length=0;
-        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
         if (ssl_version == SSL2_VERSION)
                 {
                 if (os.length != 3)
@@ -286,22 +337,22 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
         ret->cipher=NULL;
         ret->cipher_id=id;
 
-        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
         if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
                 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
-        else /* if (ssl_version == SSL2_VERSION_MAJOR) */
+        else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
                 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
 
         if (os.length > i)
                 os.length = i;
-        if (os.length > sizeof ret->session_id) /* can't happen */
-                os.length = sizeof ret->session_id;
+        if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
+                os.length = sizeof(ret->session_id);
 
         ret->session_id_length=os.length;
-        OPENSSL_assert(os.length <= sizeof ret->session_id);
+        OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
         memcpy(ret->session_id,os.data,os.length);
 
-        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
         if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
                 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
         else
@@ -394,5 +445,56 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
         else
                 ret->verify_result=X509_V_OK;
 
+#ifndef OPENSSL_NO_TLSEXT
+        os.length=0;
+        os.data=NULL;
+        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
+        if (os.data)
+                {
+                ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
+                OPENSSL_free(os.data);
+                os.data = NULL;
+                os.length = 0;
+                }
+        else
+                ret->tlsext_hostname=NULL;
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
+        if (ai.data != NULL)
+                {
+                ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else if (ret->tlsext_ticklen && ret->session_id_length)
+                ret->tlsext_tick_lifetime_hint = -1;
+        else
+                ret->tlsext_tick_lifetime_hint = 0;
+        os.length=0;
+        os.data=NULL;
+        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
+        if (os.data)
+                {
+                ret->tlsext_tick = os.data;
+                ret->tlsext_ticklen = os.length;
+                os.data = NULL;
+                os.length = 0;
+#if 0
+                /* There are two ways to detect a resumed ticket sesion.
+                 * One is to set a random session ID and then the server
+                 * must return a match in ServerHello. This allows the normal
+                 * client session ID matching to work.
+                 */ 
+                if (ret->session_id_length == 0)
+                        {
+                        ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH;
+                        RAND_pseudo_bytes(ret->session_id,
+                                                ret->session_id_length);
+                        }
+#endif
+                }
+        else
+                ret->tlsext_tick=NULL;
+#endif /* OPENSSL_NO_TLSEXT */
+
         M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
         }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index b779e6bb4d..a32b2d4446 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -73,12 +73,12 @@
  * 3. All advertising materials mentioning features or use of this
  *    software must display the following acknowledgment:
  *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  *
  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  *    endorse or promote products derived from this software without
  *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
+ *    openssl-core@openssl.org.
  *
  * 5. Products derived from this software may not be called "OpenSSL"
  *    nor may "OpenSSL" appear in their names without prior written
@@ -87,7 +87,7 @@
  * 6. Redistributions of any form whatsoever must retain the following
  *    acknowledgment:
  *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  *
  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -102,6 +102,16 @@
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
 #include <stdio.h>
@@ -111,45 +121,42 @@
 # include <sys/types.h>
 #endif
 
-#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X)
-#include <dirent.h>
-#endif
-
-#if defined(WIN32)
-#include <windows.h>
-#include <tchar.h>
-#endif
-
-#ifdef NeXT
-#include <sys/dir.h>
-#define dirent direct
-#endif
-
+#include "o_dir.h"
 #include <openssl/objects.h>
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
 #include "ssl_locl.h"
-#include <openssl/fips.h>
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
         {
         static volatile int ssl_x509_store_ctx_idx= -1;
+        int got_write_lock = 0;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 
         if (ssl_x509_store_ctx_idx < 0)
                 {
-                /* any write lock will do; usually this branch
-                 * will only be taken once anyway */
+                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
                 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+                got_write_lock = 1;
                 
                 if (ssl_x509_store_ctx_idx < 0)
                         {
                         ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
                                 0,"SSL for verify callback",NULL,NULL,NULL);
                         }
-                
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
                 }
+
+        if (got_write_lock)
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        else
+                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+        
         return ssl_x509_store_ctx_idx;
         }
 
@@ -205,7 +212,6 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef OPENSSL_NO_DH
         if (cert->dh_tmp != NULL)
                 {
-                /* DH parameters don't have a reference count */
                 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
                 if (ret->dh_tmp == NULL)
                         {
@@ -236,6 +242,19 @@ CERT *ssl_cert_dup(CERT *cert)
         ret->dh_tmp_cb = cert->dh_tmp_cb;
 #endif
 
+#ifndef OPENSSL_NO_ECDH
+        if (cert->ecdh_tmp)
+                {
+                ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
+                if (ret->ecdh_tmp == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
+                        goto err;
+                        }
+                }
+        ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
+#endif
+
         for (i = 0; i < SSL_PKEY_NUM; i++)
                 {
                 if (cert->pkeys[i].x509 != NULL)
@@ -270,7 +289,11 @@ CERT *ssl_cert_dup(CERT *cert)
                         case SSL_PKEY_DH_DSA:
                                 /* We have a DH key. */
                                 break;
-                                
+
+                        case SSL_PKEY_ECC:
+                                /* We have an ECC key */
+                                break;
+
                         default:
                                 /* Can't happen. */
                                 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
@@ -285,7 +308,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
         return(ret);
         
-#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
 #ifndef OPENSSL_NO_RSA
@@ -296,6 +319,10 @@ err:
         if (ret->dh_tmp != NULL)
                 DH_free(ret->dh_tmp);
 #endif
+#ifndef OPENSSL_NO_ECDH
+        if (ret->ecdh_tmp != NULL)
+                EC_KEY_free(ret->ecdh_tmp);
+#endif
 
         for (i = 0; i < SSL_PKEY_NUM; i++)
                 {
@@ -335,6 +362,9 @@ void ssl_cert_free(CERT *c)
 #ifndef OPENSSL_NO_DH
         if (c->dh_tmp) DH_free(c->dh_tmp);
 #endif
+#ifndef OPENSSL_NO_ECDH
+        if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
+#endif
 
         for (i=0; i<SSL_PKEY_NUM; i++)
                 {
@@ -441,6 +471,10 @@ void ssl_sess_cert_free(SESS_CERT *sc)
         if (sc->peer_dh_tmp != NULL)
                 DH_free(sc->peer_dh_tmp);
 #endif
+#ifndef OPENSSL_NO_ECDH
+        if (sc->peer_ecdh_tmp != NULL)
+                EC_KEY_free(sc->peer_ecdh_tmp);
+#endif
 
         OPENSSL_free(sc);
         }
@@ -466,20 +500,22 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
                 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
                 return(0);
                 }
+        if (s->param)
+                X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
+                                                s->param);
+#if 0
         if (SSL_get_verify_depth(s) >= 0)
                 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
+#endif
         X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
 
-        /* We need to set the verify purpose. The purpose can be determined by
+        /* We need to inherit the verify parameters. These can be determined by
          * the context: if its a server it will verify SSL client certificates
          * or vice versa.
          */
-        if (s->server)
-                i = X509_PURPOSE_SSL_CLIENT;
-        else
-                i = X509_PURPOSE_SSL_SERVER;
 
-        X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
+        X509_STORE_CTX_set_default(&ctx,
+                                s->server ? "ssl_client" : "ssl_server");
 
         if (s->verify_callback)
                 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
@@ -726,7 +762,7 @@ err:
         if(x != NULL)
                 X509_free(x);
         
-        sk_X509_NAME_set_cmp_func(stack,oldcmp);
+        (void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
 
         return ret;
         }
@@ -742,157 +778,52 @@ err:
  * certs may have been added to \c stack.
  */
 
-#ifndef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_SYS_VMS         /* XXXX This may be fixed in the future */
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */
-
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir)
         {
-        DIR *d;
-        struct dirent *dstruct;
+        OPENSSL_DIR_CTX *d = NULL;
+        const char *filename;
         int ret = 0;
 
         CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-        d = opendir(dir);
 
         /* Note that a side effect is that the CAs will be sorted by name */
-        if(!d)
-                {
-                SYSerr(SYS_F_OPENDIR, get_last_sys_error());
-                ERR_add_error_data(3, "opendir('", dir, "')");
-                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
-                goto err;
-                }
-        
-        while((dstruct=readdir(d)))
+
+        while((filename = OPENSSL_DIR_read(&d, dir)))
                 {
                 char buf[1024];
                 int r;
-                
-                if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+
+                if(strlen(dir)+strlen(filename)+2 > sizeof buf)
                         {
                         SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
                         goto err;
                         }
-                
-                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
-                if (r <= 0 || r >= sizeof buf)
+
+#ifdef OPENSSL_SYS_VMS
+                r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
+#else
+                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
+#endif
+                if (r <= 0 || r >= (int)sizeof(buf))
                         goto err;
                 if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
                         goto err;
                 }
-        ret = 1;
-
-err:    
-        if (d) closedir(d);
-        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
-        return ret;
-        }
-
-#endif
-#endif
-
-#else /* OPENSSL_SYS_WIN32 */
-
-#if defined(_WIN32_WCE)
-# ifndef UNICODE
-#  error "WinCE comes in UNICODE flavor only..."
-# endif
-# if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE)
-#  define OPENSSL_NO_MULTIBYTE
-# endif
-# ifndef  FindFirstFile
-#  define FindFirstFile FindFirstFileW
-# endif
-# ifndef  FindNextFile
-#  define FindNextFile FindNextFileW
-# endif
-#endif
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-                                       const char *dir)
-        {
-        WIN32_FIND_DATA FindFileData;
-        HANDLE hFind;
-        int    ret = 0;
-        TCHAR *wdir = NULL;
-        size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */
-        char   buf[1024],*slash;
-
-        if (len_0 > (sizeof(buf)-14))   /* 14 is just some value... */
-                {
-                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-                return ret;
-                }
-
-        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
-        if (sizeof(TCHAR) != sizeof(char))
-                {
-                wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR));
-                if (wdir == NULL)
-                        goto err_noclose;
-#ifndef OPENSSL_NO_MULTIBYTE
-                if (!MultiByteToWideChar(CP_ACP,0,dir,len_0,
-                                        (WCHAR *)wdir,len_0))
-#endif
-                        for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i];
-
-                hFind = FindFirstFile(wdir, &FindFileData);
-                }
-        else    hFind = FindFirstFile((const TCHAR *)dir, &FindFileData);
 
-        /* Note that a side effect is that the CAs will be sorted by name */
-        if(hFind == INVALID_HANDLE_VALUE)
+        if (errno)
                 {
                 SYSerr(SYS_F_OPENDIR, get_last_sys_error());
-                ERR_add_error_data(3, "opendir('", dir, "')");
+                ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
                 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
-                goto err_noclose;
+                goto err;
                 }
 
-        strncpy(buf,dir,sizeof(buf));   /* strcpy is safe too... */
-        buf[len_0-1]='/';               /* no trailing zero!     */
-        slash=buf+len_0;
-
-        do      {
-                const TCHAR *fnam=FindFileData.cFileName;
-                size_t flen_0=_tcslen(fnam)+1;
-
-                if (flen_0 > (sizeof(buf)-len_0))
-                        {
-                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-                        goto err;
-                        }
-                /* else strcpy would be safe too... */
-
-                if (sizeof(TCHAR) != sizeof(char))
-                        {
-#ifndef OPENSSL_NO_MULTIBYTE
-                        if (!WideCharToMultiByte(CP_ACP,0,
-                                                (WCHAR *)fnam,flen_0,
-                                                slash,sizeof(buf)-len_0,
-                                                NULL,0))
-#endif
-                                for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i];
-                        }
-                else    strncpy(slash,(const char *)fnam,sizeof(buf)-len_0);
-
-                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-                        goto err;
-                }
-        while (FindNextFile(hFind, &FindFileData) != FALSE);
         ret = 1;
 
-err:    
-        FindClose(hFind);
-err_noclose:
-        if (wdir != NULL)
-                free(wdir);
-
+err:
+        if (d) OPENSSL_DIR_end(&d);
         CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
         return ret;
         }
 
-#endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 3df5e2fa80..725f7f3c1f 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -55,11 +55,67 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 #include <stdio.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
-#include <openssl/fips.h>
 #include "ssl_locl.h"
 
 #define SSL_ENC_DES_IDX         0
@@ -71,12 +127,20 @@
 #define SSL_ENC_NULL_IDX        6
 #define SSL_ENC_AES128_IDX      7
 #define SSL_ENC_AES256_IDX      8
-#define SSL_ENC_NUM_IDX         9
+#define SSL_ENC_CAMELLIA128_IDX 9
+#define SSL_ENC_CAMELLIA256_IDX 10
+#define SSL_ENC_SEED_IDX        11
+#define SSL_ENC_NUM_IDX         12
+
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
         NULL,NULL,NULL,NULL,NULL,NULL,
         };
 
+#define SSL_COMP_NULL_IDX       0
+#define SSL_COMP_ZLIB_IDX       1
+#define SSL_COMP_NUM_IDX        2
+
 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
 
 #define SSL_MD_MD5_IDX  0
@@ -102,18 +166,20 @@ typedef struct cipher_order_st
 
 static const SSL_CIPHER cipher_aliases[]={
         /* Don't include eNULL unless specifically enabled. */
-        {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
-        {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
+        /* Don't include ECC in ALL because these ciphers are not yet official. */
+        {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+        /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
+        {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
         {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
+        {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
         {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
         {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
         {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
         {0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
         {0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
         {0,SSL_TXT_DH,  0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
         {0,SSL_TXT_EDH, 0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
-
         {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
         {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
         {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
@@ -129,9 +195,11 @@ static const SSL_CIPHER cipher_aliases[]={
 #ifndef OPENSSL_NO_IDEA
         {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
 #endif
+        {0,SSL_TXT_SEED,0,SSL_SEED,  0,0,0,0,SSL_ENC_MASK,0},
         {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
         {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
         {0,SSL_TXT_AES, 0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
 
         {0,SSL_TXT_MD5, 0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
         {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
@@ -154,12 +222,9 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
         {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
         {0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_FIPS,  0, 0,  SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
         };
 
-static int init_ciphers=1;
-
-static void load_ciphers(void)
+void ssl_load_ciphers(void)
         {
         ssl_cipher_methods[SSL_ENC_DES_IDX]= 
                 EVP_get_cipherbyname(SN_des_cbc);
@@ -179,14 +244,73 @@ static void load_ciphers(void)
           EVP_get_cipherbyname(SN_aes_128_cbc);
         ssl_cipher_methods[SSL_ENC_AES256_IDX]=
           EVP_get_cipherbyname(SN_aes_256_cbc);
+        ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
+          EVP_get_cipherbyname(SN_camellia_128_cbc);
+        ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
+          EVP_get_cipherbyname(SN_camellia_256_cbc);
+        ssl_cipher_methods[SSL_ENC_SEED_IDX]=
+          EVP_get_cipherbyname(SN_seed_cbc);
 
         ssl_digest_methods[SSL_MD_MD5_IDX]=
                 EVP_get_digestbyname(SN_md5);
         ssl_digest_methods[SSL_MD_SHA1_IDX]=
                 EVP_get_digestbyname(SN_sha1);
-        init_ciphers=0;
         }
 
+
+#ifndef OPENSSL_NO_COMP
+
+static int sk_comp_cmp(const SSL_COMP * const *a,
+                        const SSL_COMP * const *b)
+        {
+        return((*a)->id-(*b)->id);
+        }
+
+static void load_builtin_compressions(void)
+        {
+        int got_write_lock = 0;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_SSL);
+        if (ssl_comp_methods == NULL)
+                {
+                CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+                got_write_lock = 1;
+                
+                if (ssl_comp_methods == NULL)
+                        {
+                        SSL_COMP *comp = NULL;
+
+                        MemCheck_off();
+                        ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+                        if (ssl_comp_methods != NULL)
+                                {
+                                comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+                                if (comp != NULL)
+                                        {
+                                        comp->method=COMP_zlib();
+                                        if (comp->method
+                                                && comp->method->type == NID_undef)
+                                                OPENSSL_free(comp);
+                                        else
+                                                {
+                                                comp->id=SSL_COMP_ZLIB_IDX;
+                                                comp->name=comp->method->name;
+                                                sk_SSL_COMP_push(ssl_comp_methods,comp);
+                                                }
+                                        }
+                                }
+                        MemCheck_on();
+                        }
+                }
+        
+        if (got_write_lock)
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+        else
+                CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+        }
+#endif
+
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
              const EVP_MD **md, SSL_COMP **comp)
         {
@@ -198,18 +322,14 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
         if (comp != NULL)
                 {
                 SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+                load_builtin_compressions();
+#endif
 
-                if (s->compress_meth == 0)
-                        *comp=NULL;
-                else if (ssl_comp_methods == NULL)
+                *comp=NULL;
+                ctmp.id=s->compress_meth;
+                if (ssl_comp_methods != NULL)
                         {
-                        /* bad */
-                        *comp=NULL;
-                        }
-                else
-                        {
-
-                        ctmp.id=s->compress_meth;
                         i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
                         if (i >= 0)
                                 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
@@ -248,6 +368,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                 default: i=-1; break;
                         }
                 break;
+        case SSL_CAMELLIA:
+                switch(c->alg_bits)
+                        {
+                case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
+                case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
+                default: i=-1; break;
+                        }
+                break;
+        case SSL_SEED:
+                i=SSL_ENC_SEED_IDX;
+                break;
+
         default:
                 i= -1;
                 break;
@@ -305,9 +437,18 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
         *tail=curr;
         }
 
-static unsigned long ssl_cipher_get_disabled(void)
+struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
+                         * where 128-bit and 256-bit algorithms simply will get
+                         * separate bits. */
+  unsigned long mask; /* everything except m256 */
+  unsigned long m256; /* applies to 256-bit algorithms only */
+};
+
+static struct disabled_masks ssl_cipher_get_disabled(void)
         {
         unsigned long mask;
+        unsigned long m256;
+        struct disabled_masks ret;
 
         mask = SSL_kFZA;
 #ifdef OPENSSL_NO_RSA
@@ -322,7 +463,9 @@ static unsigned long ssl_cipher_get_disabled(void)
 #ifdef OPENSSL_NO_KRB5
         mask |= SSL_kKRB5|SSL_aKRB5;
 #endif
-
+#ifdef OPENSSL_NO_ECDH
+        mask |= SSL_kECDH|SSL_kECDHE;
+#endif
 #ifdef SSL_FORBID_ENULL
         mask |= SSL_eNULL;
 #endif
@@ -333,17 +476,27 @@ static unsigned long ssl_cipher_get_disabled(void)
         mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
         mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
         mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
+        mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
 
         mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
         mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
 
-        return(mask);
+        /* finally consider algorithms where mask and m256 differ */
+        m256 = mask;
+        mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
+        mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
+        m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
+        m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
+
+        ret.mask = mask;
+        ret.m256 = m256;
+        return ret;
         }
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-                int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
-                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
+                int num_of_ciphers, unsigned long mask, unsigned long m256,
+                CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
+                CIPHER_ORDER **tail_p)
         {
         int i, co_list_num;
         SSL_CIPHER *c;
@@ -360,13 +513,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
         for (i = 0; i < num_of_ciphers; i++)
                 {
                 c = ssl_method->get_cipher(i);
+#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
                 /* drop those that use any of that is not available */
-#ifdef OPENSSL_FIPS
-                if ((c != NULL) && c->valid && !(c->algorithms & mask)
-                        && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
-#else
-                if ((c != NULL) && c->valid && !(c->algorithms & mask))
-#endif
+                if ((c != NULL) && c->valid && !IS_MASKED(c))
                         {
                         co_list[co_list_num].cipher = c;
                         co_list[co_list_num].next = NULL;
@@ -440,7 +589,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
         *ca_curr = NULL;        /* end of list */
         }
 
-static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
+static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
+                unsigned long algorithms, unsigned long mask,
                 unsigned long algo_strength, unsigned long mask_strength,
                 int rule, int strength_bits, CIPHER_ORDER *co_list,
                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
@@ -466,11 +616,20 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
 
                 cp = curr->cipher;
 
+                /* If explicit cipher suite, match only that one for its own protocol version.
+                 * Usual selection criteria will be used for similar ciphersuites from other version! */
+
+                if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
+                        {
+                        if (cp->id != cipher_id)
+                                continue;
+                        }
+
                 /*
                  * Selection criteria is either the number of strength_bits
                  * or the algorithm used.
                  */
-                if (strength_bits == -1)
+                else if (strength_bits == -1)
                         {
                         ma = mask & cp->algorithms;
                         ma_s = mask_strength & cp->algo_strength;
@@ -501,8 +660,22 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
                         {
                         if (!curr->active)
                                 {
-                                ll_append_tail(&head, curr, &tail);
-                                curr->active = 1;
+                                int add_this_cipher = 1;
+
+                                if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
+                                        {
+                                        /* Make sure "ECCdraft" ciphersuites are activated only if
+                                         * *explicitly* requested, but not implicitly (such as
+                                         * as part of the "AES" alias). */
+
+                                        add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
+                                        }
+                                
+                                if (add_this_cipher)
+                                        {
+                                        ll_append_tail(&head, curr, &tail);
+                                        curr->active = 1;
+                                        }
                                 }
                         }
                 /* Move the added cipher to this location */
@@ -583,7 +756,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
          */
         for (i = max_strength_bits; i >= 0; i--)
                 if (number_uses[i] > 0)
-                        ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
+                        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
                                         co_list, head_p, tail_p);
 
         OPENSSL_free(number_uses);
@@ -597,6 +770,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
         unsigned long algorithms, mask, algo_strength, mask_strength;
         const char *l, *start, *buf;
         int j, multi, found, rule, retval, ok, buflen;
+        unsigned long cipher_id = 0, ssl_version = 0;
         char ch;
 
         retval = 1;
@@ -686,6 +860,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                          * use strcmp(), because buf is not '\0' terminated.)
                          */
                          j = found = 0;
+                         cipher_id = 0;
+                         ssl_version = 0;
                          while (ca_list[j])
                                 {
                                 if (!strncmp(buf, ca_list[j]->name, buflen) &&
@@ -714,6 +890,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                                         (algo_strength & ca_list[j]->algo_strength);
                         mask_strength |= ca_list[j]->mask_strength;
 
+                        /* explicit ciphersuite found */
+                        if (ca_list[j]->valid)
+                                {
+                                cipher_id = ca_list[j]->id;
+                                ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
+                                break;
+                                }
+
                         if (!multi) break;
                         }
 
@@ -738,18 +922,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                          * rest of the command, if any left, until
                          * end or ':' is found.
                          */
-                        while ((*l != '\0') && ITEM_SEP(*l))
+                        while ((*l != '\0') && !ITEM_SEP(*l))
                                 l++;
                         }
                 else if (found)
                         {
-                        ssl_cipher_apply_rule(algorithms, mask,
+                        ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
                                 algo_strength, mask_strength, rule, -1,
                                 co_list, head_p, tail_p);
                         }
                 else
                         {
-                        while ((*l != '\0') && ITEM_SEP(*l))
+                        while ((*l != '\0') && !ITEM_SEP(*l))
                                 l++;
                         }
                 if (*l == '\0') break; /* done */
@@ -765,6 +949,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         {
         int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
         unsigned long disabled_mask;
+        unsigned long disabled_m256;
         STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
         const char *rule_p;
         CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
@@ -776,18 +961,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
                 return NULL;
 
-        if (init_ciphers)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-                if (init_ciphers) load_ciphers();
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-                }
-
         /*
          * To reduce the work to do we only want to process the compiled
          * in algorithms, so we first get the mask of disabled ciphers.
          */
-        disabled_mask = ssl_cipher_get_disabled();
+        {
+                struct disabled_masks d;
+                d = ssl_cipher_get_disabled();
+                disabled_mask = d.mask;
+                disabled_m256 = d.m256;
+        }
 
         /*
          * Now we have to collect the available ciphers from the compiled
@@ -806,7 +989,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                 }
 
         ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
-                                   co_list, &head, &tail);
+                                   disabled_m256, co_list, &head, &tail);
 
         /*
          * We also need cipher aliases for selecting based on the rule_str.
@@ -826,8 +1009,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
                 return(NULL);   /* Failure */
                 }
-        ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
-                                   head);
+        ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+                                   (disabled_mask & disabled_m256), head);
 
         /*
          * If the rule_string begins with DEFAULT, apply the default rule
@@ -871,11 +1054,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
          */
         for (curr = head; curr != NULL; curr = curr->next)
                 {
-#ifdef OPENSSL_FIPS
-                if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
                 if (curr->active)
-#endif
                         {
                         sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
@@ -897,7 +1076,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         if (*cipher_list_by_id != NULL)
                 sk_SSL_CIPHER_free(*cipher_list_by_id);
         *cipher_list_by_id = tmp_cipher_list;
-        sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+        (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
 
         return(cipherstack);
         }
@@ -905,13 +1084,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
         {
         int is_export,pkl,kl;
-        char *ver,*exp_str;
-        char *kx,*au,*enc,*mac;
+        const char *ver,*exp_str;
+        const char *kx,*au,*enc,*mac;
         unsigned long alg,alg2,alg_s;
 #ifdef KSSL_DEBUG
-        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+        static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
 #else
-        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+        static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
 #endif /* KSSL_DEBUG */
 
         alg=cipher->algorithms;
@@ -922,7 +1101,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
         pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
         kl=SSL_C_EXPORT_KEYLENGTH(cipher);
         exp_str=is_export?" export":"";
-
+        
         if (alg & SSL_SSLV2)
                 ver="SSLv2";
         else if (alg & SSL_SSLV3)
@@ -951,6 +1130,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
         case SSL_kEDH:
                 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
                 break;
+        case SSL_kECDH:
+        case SSL_kECDHE:
+                kx=is_export?"ECDH(<=163)":"ECDH";
+                break;
         default:
                 kx="unknown";
                 }
@@ -974,6 +1157,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
         case SSL_aNULL:
                 au="None";
                 break;
+        case SSL_aECDSA:
+                au="ECDSA";
+                break;
         default:
                 au="unknown";
                 break;
@@ -1012,6 +1198,18 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
                 default: enc="AES(?""?""?)"; break;
                         }
                 break;
+        case SSL_CAMELLIA:
+                switch(cipher->strength_bits)
+                        {
+                case 128: enc="Camellia(128)"; break;
+                case 256: enc="Camellia(256)"; break;
+                default: enc="Camellia(?""?""?)"; break;
+                        }
+                break;
+        case SSL_SEED:
+                enc="SEED(128)";
+                break;
+
         default:
                 enc="unknown";
                 break;
@@ -1098,35 +1296,63 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
         return(NULL);
         }
 
-static int sk_comp_cmp(const SSL_COMP * const *a,
-                        const SSL_COMP * const *b)
+#ifdef OPENSSL_NO_COMP
+void *SSL_COMP_get_compression_methods(void)
         {
-        return((*a)->id-(*b)->id);
+        return NULL;
+        }
+int SSL_COMP_add_compression_method(int id, void *cm)
+        {
+        return 1;
         }
 
+const char *SSL_COMP_get_name(const void *comp)
+        {
+        return NULL;
+        }
+#else
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
         {
+        load_builtin_compressions();
         return(ssl_comp_methods);
         }
 
 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         {
         SSL_COMP *comp;
-        STACK_OF(SSL_COMP) *sk;
 
         if (cm == NULL || cm->type == NID_undef)
                 return 1;
 
+        /* According to draft-ietf-tls-compression-04.txt, the
+           compression number ranges should be the following:
+
+           0 to 63:    methods defined by the IETF
+           64 to 192:  external party methods assigned by IANA
+           193 to 255: reserved for private use */
+        if (id < 193 || id > 255)
+                {
+                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
+                return 0;
+                }
+
         MemCheck_off();
         comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
         comp->id=id;
         comp->method=cm;
-        if (ssl_comp_methods == NULL)
-                sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
-        else
-                sk=ssl_comp_methods;
-        if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
+        load_builtin_compressions();
+        if (ssl_comp_methods
+                && !sk_SSL_COMP_find(ssl_comp_methods,comp))
                 {
+                OPENSSL_free(comp);
+                MemCheck_on();
+                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
+                return(1);
+                }
+        else if ((ssl_comp_methods == NULL)
+                || !sk_SSL_COMP_push(ssl_comp_methods,comp))
+                {
+                OPENSSL_free(comp);
                 MemCheck_on();
                 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
                 return(1);
@@ -1137,3 +1363,12 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
                 return(0);
                 }
         }
+
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
+        {
+        if (comp)
+                return comp->name;
+        return NULL;
+        }
+
+#endif
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 4bcf591298..50779c1632 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -75,7 +75,32 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_CLIENT_HELLO),  "CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),     "CLIENT_MASTER_KEY"},
 {ERR_FUNC(SSL_F_D2I_SSL_SESSION),       "d2i_SSL_SESSION"},
+{ERR_FUNC(SSL_F_DO_DTLS1_WRITE),        "DO_DTLS1_WRITE"},
 {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
+{ERR_FUNC(SSL_F_DTLS1_ACCEPT),  "DTLS1_ACCEPT"},
+{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),   "DTLS1_BUFFER_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),    "DTLS1_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
+{ERR_FUNC(SSL_F_DTLS1_ENC),     "DTLS1_ENC"},
+{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY),        "DTLS1_GET_HELLO_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE),     "DTLS1_GET_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),    "DTLS1_GET_MESSAGE_FRAGMENT"},
+{ERR_FUNC(SSL_F_DTLS1_GET_RECORD),      "DTLS1_GET_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),       "DTLS1_OUTPUT_CERT_CHAIN"},
+{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT),     "DTLS1_PREPROCESS_FRAGMENT"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),      "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD),  "DTLS1_PROCESS_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_READ_BYTES),      "DTLS1_READ_BYTES"},
+{ERR_FUNC(SSL_F_DTLS1_READ_FAILED),     "DTLS1_READ_FAILED"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),        "DTLS1_SEND_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),        "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY),      "DTLS1_SEND_CLIENT_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),       "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO),       "DTLS1_SEND_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),        "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),    "DTLS1_WRITE_APP_DATA_BYTES"},
 {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED),   "GET_CLIENT_FINISHED"},
 {ERR_FUNC(SSL_F_GET_CLIENT_HELLO),      "GET_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
@@ -116,6 +141,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_ENC),      "SSL3_ENC"},
 {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),       "SSL3_GENERATE_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),  "SSL3_GET_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS),  "SSL3_GET_CERT_STATUS"},
 {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY),  "SSL3_GET_CERT_VERIFY"},
 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),   "SSL3_GET_CLIENT_CERTIFICATE"},
 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
@@ -123,10 +149,12 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_GET_FINISHED),     "SSL3_GET_FINISHED"},
 {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
 {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE),      "SSL3_GET_MESSAGE"},
+{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),   "SSL3_GET_NEW_SESSION_TICKET"},
 {ERR_FUNC(SSL_F_SSL3_GET_RECORD),       "SSL3_GET_RECORD"},
 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),   "SSL3_GET_SERVER_CERTIFICATE"},
 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE),  "SSL3_GET_SERVER_DONE"},
 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET),       "SSL3_NEW_SESSION_TICKET"},
 {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN),        "SSL3_OUTPUT_CERT_CHAIN"},
 {ERR_FUNC(SSL_F_SSL3_PEEK),     "SSL3_PEEK"},
 {ERR_FUNC(SSL_F_SSL3_READ_BYTES),       "SSL3_READ_BYTES"},
@@ -142,8 +170,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK),  "SSL3_SETUP_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES),      "SSL3_WRITE_BYTES"},
 {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),    "SSL3_WRITE_PENDING"},
+{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),    "SSL_ADD_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),    "SSL_add_dir_cert_subjects_to_stack"},
 {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),   "SSL_add_file_cert_subjects_to_stack"},
+{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),    "SSL_ADD_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_BAD_METHOD),        "SSL_BAD_METHOD"},
 {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),      "SSL_BYTES_TO_CIPHER_LIST"},
 {ERR_FUNC(SSL_F_SSL_CERT_DUP),  "SSL_CERT_DUP"},
@@ -151,6 +181,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE),  "SSL_CERT_INSTANTIATE"},
 {ERR_FUNC(SSL_F_SSL_CERT_NEW),  "SSL_CERT_NEW"},
 {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
+{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),  "SSL_CHECK_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),    "SSL_CIPHER_PROCESS_RULESTR"},
 {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),      "SSL_CIPHER_STRENGTH_SORT"},
 {ERR_FUNC(SSL_F_SSL_CLEAR),     "SSL_clear"},
@@ -182,6 +213,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),  "SSL_INIT_WBIO_BUFFER"},
 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),       "SSL_load_client_CA_file"},
 {ERR_FUNC(SSL_F_SSL_NEW),       "SSL_new"},
+{ERR_FUNC(SSL_F_SSL_PEEK),      "SSL_peek"},
+{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),        "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),        "SSL_PREPARE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_READ),      "SSL_read"},
 {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),       "SSL_RSA_PRIVATE_DECRYPT"},
 {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),        "SSL_RSA_PUBLIC_ENCRYPT"},
@@ -201,6 +235,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_SHUTDOWN),  "SSL_shutdown"},
 {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),  "SSL_UNDEFINED_CONST_FUNCTION"},
 {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION),        "SSL_UNDEFINED_FUNCTION"},
+{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),   "SSL_UNDEFINED_VOID_FUNCTION"},
 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE),   "SSL_use_certificate"},
 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1),      "SSL_use_certificate_ASN1"},
 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE),      "SSL_use_certificate_file"},
@@ -234,6 +269,9 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_DH_P_LENGTH)       ,"bad dh p length"},
 {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH)     ,"bad digest length"},
 {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE)     ,"bad dsa signature"},
+{ERR_REASON(SSL_R_BAD_ECC_CERT)          ,"bad ecc cert"},
+{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE)   ,"bad ecdsa signature"},
+{ERR_REASON(SSL_R_BAD_ECPOINT)           ,"bad ecpoint"},
 {ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},
 {ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},
 {ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},
@@ -263,17 +301,22 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
 {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
+{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT)    ,"clienthello tlsext"},
 {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
 {ERR_REASON(SSL_R_COMPRESSION_FAILURE)   ,"compression failure"},
+{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
 {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
 {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
 {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
+{ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},
 {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
 {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
 {ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
 {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
 {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
 {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},
+{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
+{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
 {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
@@ -286,6 +329,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
 {ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
 {ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},
+{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
+{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
 {ERR_REASON(SSL_R_INVALID_TRUST)         ,"invalid trust"},
 {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG)      ,"key arg too long"},
 {ERR_REASON(SSL_R_KRB5)                  ,"krb5"},
@@ -314,6 +359,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
 {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
 {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY)    ,"missing tmp dh key"},
+{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY)  ,"missing tmp ecdh key"},
 {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
 {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},
 {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
@@ -342,6 +388,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
+{ERR_REASON(SSL_R_PARSE_TLSEXT)          ,"parse tlsext"},
 {ERR_REASON(SSL_R_PATH_TOO_LONG)         ,"path too long"},
 {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
 {ERR_REASON(SSL_R_PEER_ERROR)            ,"peer error"},
@@ -356,6 +403,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
 {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
 {ERR_REASON(SSL_R_READ_BIO_NOT_SET)      ,"read bio not set"},
+{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  ,"read timeout expired"},
 {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
 {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
 {ERR_REASON(SSL_R_RECORD_TOO_LARGE)      ,"record too large"},
@@ -364,11 +412,14 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
 {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
 {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
+{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
 {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
 {ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
 {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
 {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
 {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
+{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
+{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
 {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
 {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
 {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
@@ -403,12 +454,15 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
 {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
+{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
 {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
 {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
 {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
 {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
+{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
 {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
 {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
+{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
 {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
 {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
 {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
@@ -429,8 +483,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_UNKNOWN_STATE)         ,"unknown state"},
 {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
 {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
+{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
 {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL)  ,"unsupported protocol"},
 {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
+{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
 {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     ,"write bio not set"},
 {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
 {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    ,"wrong message type"},
@@ -448,15 +504,12 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 
 void ERR_load_SSL_strings(void)
         {
-        static int init=1;
+#ifndef OPENSSL_NO_ERR
 
-        if (init)
+        if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
                 {
-                init=0;
-#ifndef OPENSSL_NO_ERR
                 ERR_load_strings(0,SSL_str_functs);
                 ERR_load_strings(0,SSL_str_reasons);
-#endif
-
                 }
+#endif
         }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 2bd9a5af86..065411aea8 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -110,7 +110,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifdef REF_CHECK
 #  include <assert.h>
@@ -121,7 +125,11 @@
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
-#include <openssl/fips.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
@@ -132,7 +140,14 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
         ssl_undefined_function,
         (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
         (int (*)(SSL*, int))ssl_undefined_function,
-        (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
+        (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
+        0,      /* finish_mac_length */
+        (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
+        NULL,   /* client_finished_label */
+        0,      /* client_finished_label_len */
+        NULL,   /* server_finished_label */
+        0,      /* server_finished_label_len */
+        (int (*)(int))ssl_undefined_function
         };
 
 int SSL_clear(SSL *s)
@@ -272,19 +287,40 @@ SSL *SSL_new(SSL_CTX *ctx)
         s->msg_callback=ctx->msg_callback;
         s->msg_callback_arg=ctx->msg_callback_arg;
         s->verify_mode=ctx->verify_mode;
+#if 0
         s->verify_depth=ctx->verify_depth;
+#endif
         s->sid_ctx_length=ctx->sid_ctx_length;
         OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
         memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
         s->verify_callback=ctx->default_verify_callback;
         s->generate_session_id=ctx->generate_session_id;
+
+        s->param = X509_VERIFY_PARAM_new();
+        if (!s->param)
+                goto err;
+        X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+#if 0
         s->purpose = ctx->purpose;
         s->trust = ctx->trust;
+#endif
         s->quiet_shutdown=ctx->quiet_shutdown;
 
         CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
         s->ctx=ctx;
-
+#ifndef OPENSSL_NO_TLSEXT
+        s->tlsext_debug_cb = 0;
+        s->tlsext_debug_arg = NULL;
+        s->tlsext_ticket_expected = 0;
+        s->tlsext_status_type = -1;
+        s->tlsext_status_expected = 0;
+        s->tlsext_ocsp_ids = NULL;
+        s->tlsext_ocsp_exts = NULL;
+        s->tlsext_ocsp_resp = NULL;
+        s->tlsext_ocsp_resplen = -1;
+        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+        s->initial_ctx=ctx;
+#endif
         s->verify_result=X509_V_OK;
 
         s->method=ctx->method;
@@ -393,22 +429,22 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 
 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
         {
-        return X509_PURPOSE_set(&s->purpose, purpose);
+        return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
         }
 
 int SSL_set_purpose(SSL *s, int purpose)
         {
-        return X509_PURPOSE_set(&s->purpose, purpose);
+        return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
         }
 
 int SSL_CTX_set_trust(SSL_CTX *s, int trust)
         {
-        return X509_TRUST_set(&s->trust, trust);
+        return X509_VERIFY_PARAM_set_trust(s->param, trust);
         }
 
 int SSL_set_trust(SSL *s, int trust)
         {
-        return X509_TRUST_set(&s->trust, trust);
+        return X509_VERIFY_PARAM_set_trust(s->param, trust);
         }
 
 void SSL_free(SSL *s)
@@ -431,6 +467,9 @@ void SSL_free(SSL *s)
                 }
 #endif
 
+        if (s->param)
+                X509_VERIFY_PARAM_free(s->param);
+
         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
         if (s->bbio != NULL)
@@ -467,7 +506,16 @@ void SSL_free(SSL *s)
         /* Free up if allocated */
 
         if (s->ctx) SSL_CTX_free(s->ctx);
-
+#ifndef OPENSSL_NO_TLSEXT
+        if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
+        if (s->tlsext_ocsp_exts)
+                sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+                                                X509_EXTENSION_free);
+        if (s->tlsext_ocsp_ids)
+                sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+        if (s->tlsext_ocsp_resp)
+                OPENSSL_free(s->tlsext_ocsp_resp);
+#endif
         if (s->client_CA != NULL)
                 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
 
@@ -643,7 +691,7 @@ int SSL_get_verify_mode(const SSL *s)
 
 int SSL_get_verify_depth(const SSL *s)
         {
-        return(s->verify_depth);
+        return X509_VERIFY_PARAM_get_depth(s->param);
         }
 
 int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
@@ -658,7 +706,7 @@ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
 
 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
         {
-        return(ctx->verify_depth);
+        return X509_VERIFY_PARAM_get_depth(ctx->param);
         }
 
 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
@@ -676,7 +724,7 @@ void SSL_set_verify(SSL *s,int mode,
 
 void SSL_set_verify_depth(SSL *s,int depth)
         {
-        s->verify_depth=depth;
+        X509_VERIFY_PARAM_set_depth(s->param, depth);
         }
 
 void SSL_set_read_ahead(SSL *s,int yes)
@@ -850,7 +898,7 @@ int SSL_peek(SSL *s,void *buf,int num)
         {
         if (s->handshake_func == 0)
                 {
-                SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+                SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
                 return -1;
                 }
 
@@ -941,12 +989,19 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                 l=s->max_cert_list;
                 s->max_cert_list=larg;
                 return(l);
+        case SSL_CTRL_SET_MTU:
+                if (SSL_version(s) == DTLS1_VERSION)
+                        {
+                        s->d1->mtu = larg;
+                        return larg;
+                        }
+                return 0;
         default:
                 return(s->method->ssl_ctrl(s,cmd,larg,parg));
                 }
         }
 
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
         {
         switch(cmd)
                 {
@@ -1034,7 +1089,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
                 }
         }
 
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
         {
         switch(cmd)
                 {
@@ -1169,7 +1224,6 @@ int SSL_set_cipher_list(SSL *s,const char *str)
 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
         {
         char *p;
-        const char *cp;
         STACK_OF(SSL_CIPHER) *sk;
         SSL_CIPHER *c;
         int i;
@@ -1182,20 +1236,21 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
         sk=s->session->ciphers;
         for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                 {
-                /* Decrement for either the ':' or a '\0' */
-                len--;
+                int n;
+
                 c=sk_SSL_CIPHER_value(sk,i);
-                for (cp=c->name; *cp; )
+                n=strlen(c->name);
+                if (n+1 > len)
                         {
-                        if (len-- == 0)
-                                {
-                                *p='\0';
-                                return(buf);
-                                }
-                        else
-                                *(p++)= *(cp++);
+                        if (p != buf)
+                                --p;
+                        *p='\0';
+                        return buf;
                         }
+                strcpy(p,c->name);
+                p+=n;
                 *(p++)=':';
+                len-=n+1;
                 }
         p[-1]='\0';
         return(buf);
@@ -1272,6 +1327,29 @@ err:
         return(NULL);
         }
 
+#ifndef OPENSSL_NO_TLSEXT
+/** return a servername extension value if provided in Client Hello, or NULL.
+ * So far, only host_name types are defined (RFC 3546).
+ */
+
+const char *SSL_get_servername(const SSL *s, const int type)
+        {
+        if (type != TLSEXT_NAMETYPE_host_name)
+                return NULL;
+
+        return s->session && !s->tlsext_hostname ?
+                s->session->tlsext_hostname :
+                s->tlsext_hostname;
+        }
+
+int SSL_get_servername_type(const SSL *s)
+        {
+        if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
+                return TLSEXT_NAMETYPE_host_name;
+        return -1;
+        }
+#endif
+
 unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
         {
         unsigned long l;
@@ -1315,14 +1393,6 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
                 return(NULL);
                 }
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (meth->version < TLS1_VERSION))      
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                return NULL;
-                }
-#endif
-
         if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
                 {
                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1371,7 +1441,9 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
         ret->msg_callback=0;
         ret->msg_callback_arg=NULL;
         ret->verify_mode=SSL_VERIFY_NONE;
+#if 0
         ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
+#endif
         ret->sid_ctx_length=0;
         ret->default_verify_callback=NULL;
         if ((ret->cert=ssl_cert_new()) == NULL)
@@ -1380,6 +1452,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
         ret->default_passwd_callback=0;
         ret->default_passwd_callback_userdata=NULL;
         ret->client_cert_cb=0;
+        ret->app_gen_cookie_cb=0;
+        ret->app_verify_cookie_cb=0;
 
         ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
                         LHASH_COMP_FN(SSL_SESSION_cmp));
@@ -1397,6 +1471,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
                 goto err2;
                 }
 
+        ret->param = X509_VERIFY_PARAM_new();
+        if (!ret->param)
+                goto err;
+
         if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
                 {
                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
@@ -1421,6 +1499,20 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
         ret->extra_certs=NULL;
         ret->comp_methods=SSL_COMP_get_compression_methods();
 
+#ifndef OPENSSL_NO_TLSEXT
+        ret->tlsext_servername_callback = 0;
+        ret->tlsext_servername_arg = NULL;
+        /* Setup RFC4507 ticket keys */
+        if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+                || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
+                || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
+                ret->options |= SSL_OP_NO_TICKET;
+
+        ret->tlsext_status_cb = 0;
+        ret->tlsext_status_arg = NULL;
+
+#endif
+
         return(ret);
 err:
         SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1453,6 +1545,9 @@ void SSL_CTX_free(SSL_CTX *a)
                 }
 #endif
 
+        if (a->param)
+                X509_VERIFY_PARAM_free(a->param);
+
         /*
          * Free internal session cache. However: the remove_cb() may reference
          * the ex_data of SSL_CTX, thus the ex_data store can only be removed
@@ -1515,7 +1610,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
 
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
         {
-        ctx->verify_depth=depth;
+        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
         }
 
 void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
@@ -1525,6 +1620,13 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
         int rsa_enc_export,dh_rsa_export,dh_dsa_export;
         int rsa_tmp_export,dh_tmp_export,kl;
         unsigned long mask,emask;
+        int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDH
+        int have_ecdh_tmp;
+#endif
+        X509 *x = NULL;
+        EVP_PKEY *ecc_pkey = NULL;
+        int signature_nid = 0;
 
         if (c == NULL) return;
 
@@ -1545,6 +1647,9 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
         dh_tmp=dh_tmp_export=0;
 #endif
 
+#ifndef OPENSSL_NO_ECDH
+        have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
+#endif
         cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
         rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
         rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
@@ -1559,7 +1664,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 /* FIX THIS EAY EAY EAY */
         dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
         dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-
+        cpk= &(c->pkeys[SSL_PKEY_ECC]);
+        have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
         mask=0;
         emask=0;
 
@@ -1616,11 +1722,127 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
         emask|=SSL_kKRB5|SSL_aKRB5;
 #endif
 
+        /* An ECC certificate may be usable for ECDH and/or
+         * ECDSA cipher suites depending on the key usage extension.
+         */
+        if (have_ecc_cert)
+                {
+                /* This call populates extension flags (ex_flags) */
+                x = (c->pkeys[SSL_PKEY_ECC]).x509;
+                X509_check_purpose(x, -1, 0);
+                ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+                    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
+                ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+                    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
+                ecc_pkey = X509_get_pubkey(x);
+                ecc_pkey_size = (ecc_pkey != NULL) ? 
+                    EVP_PKEY_bits(ecc_pkey) : 0;
+                EVP_PKEY_free(ecc_pkey);
+                if ((x->sig_alg) && (x->sig_alg->algorithm))
+                        signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+#ifndef OPENSSL_NO_ECDH
+                if (ecdh_ok)
+                        {
+                        if ((signature_nid == NID_md5WithRSAEncryption) ||
+                            (signature_nid == NID_md4WithRSAEncryption) ||
+                            (signature_nid == NID_md2WithRSAEncryption))
+                                {
+                                mask|=SSL_kECDH|SSL_aRSA;
+                                if (ecc_pkey_size <= 163)
+                                        emask|=SSL_kECDH|SSL_aRSA;
+                                }
+                        if (signature_nid == NID_ecdsa_with_SHA1)
+                                {
+                                mask|=SSL_kECDH|SSL_aECDSA;
+                                if (ecc_pkey_size <= 163)
+                                        emask|=SSL_kECDH|SSL_aECDSA;
+                                }
+                        }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+                if (ecdsa_ok)
+                        {
+                        mask|=SSL_aECDSA;
+                        emask|=SSL_aECDSA;
+                        }
+#endif
+                }
+
+#ifndef OPENSSL_NO_ECDH
+        if (have_ecdh_tmp)
+                {
+                mask|=SSL_kECDHE;
+                emask|=SSL_kECDHE;
+                }
+#endif
         c->mask=mask;
         c->export_mask=emask;
         c->valid=1;
         }
 
+/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
+#define ku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+        {
+        unsigned long alg = cs->algorithms;
+        EVP_PKEY *pkey = NULL;
+        int keysize = 0;
+        int signature_nid = 0;
+
+        if (SSL_C_IS_EXPORT(cs))
+                {
+                /* ECDH key length in export ciphers must be <= 163 bits */
+                pkey = X509_get_pubkey(x);
+                if (pkey == NULL) return 0;
+                keysize = EVP_PKEY_bits(pkey);
+                EVP_PKEY_free(pkey);
+                if (keysize > 163) return 0;
+                }
+
+        /* This call populates the ex_flags field correctly */
+        X509_check_purpose(x, -1, 0);
+        if ((x->sig_alg) && (x->sig_alg->algorithm))
+                signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+        if (alg & SSL_kECDH) 
+                {
+                /* key usage, if present, must allow key agreement */
+                if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
+                        {
+                        return 0;
+                        }
+                if (alg & SSL_aECDSA) 
+                        {
+                        /* signature alg must be ECDSA */
+                        if (signature_nid != NID_ecdsa_with_SHA1)
+                                {
+                                return 0;
+                                }
+                        }
+                if (alg & SSL_aRSA)
+                        {
+                        /* signature alg must be RSA */
+                        if ((signature_nid != NID_md5WithRSAEncryption) &&
+                            (signature_nid != NID_md4WithRSAEncryption) &&
+                            (signature_nid != NID_md2WithRSAEncryption))
+                                {
+                                return 0;
+                                }
+                        }
+                } 
+        else if (alg & SSL_aECDSA)
+                {
+                /* key usage, if present, must allow signing */
+                if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
+                        {
+                        return 0;
+                        }
+                }
+
+        return 1;  /* all checks are ok */
+        }
+
 /* THIS NEEDS CLEANING UP */
 X509 *ssl_get_server_send_cert(SSL *s)
         {
@@ -1635,7 +1857,26 @@ X509 *ssl_get_server_send_cert(SSL *s)
         mask=is_export?c->export_mask:c->mask;
         kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
 
-        if      (kalg & SSL_kDHr)
+        if (kalg & SSL_kECDH)
+                {
+                /* we don't need to look at SSL_kECDHE 
+                 * since no certificate is needed for
+                 * anon ECDH and for authenticated
+                 * ECDHE, the check for the auth 
+                 * algorithm will set i correctly
+                 * NOTE: For ECDH-RSA, we need an ECC
+                 * not an RSA cert but for ECDHE-RSA
+                 * we need an RSA cert. Placing the
+                 * checks for SSL_kECDH before RSA
+                 * checks ensures the correct cert is chosen.
+                 */
+                i=SSL_PKEY_ECC;
+                }
+        else if (kalg & SSL_aECDSA)
+                {
+                i=SSL_PKEY_ECC;
+                }
+        else if (kalg & SSL_kDHr)
                 i=SSL_PKEY_DH_RSA;
         else if (kalg & SSL_kDHd)
                 i=SSL_PKEY_DH_DSA;
@@ -1659,6 +1900,7 @@ X509 *ssl_get_server_send_cert(SSL *s)
                 return(NULL);
                 }
         if (c->pkeys[i].x509 == NULL) return(NULL);
+
         return(c->pkeys[i].x509);
         }
 
@@ -1682,6 +1924,9 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
                 else
                         return(NULL);
                 }
+        else if ((alg & SSL_aECDSA) &&
+                 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
+                return(c->pkeys[SSL_PKEY_ECC].privatekey);
         else /* if (alg & SSL_aNULL) */
                 {
                 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
@@ -1887,6 +2132,12 @@ int ssl_undefined_function(SSL *s)
         return(0);
         }
 
+int ssl_undefined_void_function(void)
+        {
+        SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(0);
+        }
+
 int ssl_undefined_const_function(const SSL *s)
         {
         SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -2002,8 +2253,8 @@ SSL *SSL_dup(SSL *s)
         ret->rstate=s->rstate;
         ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
         ret->hit=s->hit;
-        ret->purpose=s->purpose;
-        ret->trust=s->trust;
+
+        X509_VERIFY_PARAM_inherit(ret->param, s->param);
 
         /* dup the cipher_list and cipher_list_by_id stacks */
         if (s->cipher_list != NULL)
@@ -2055,6 +2306,7 @@ void ssl_clear_cipher_ctx(SSL *s)
                 OPENSSL_free(s->enc_write_ctx);
                 s->enc_write_ctx=NULL;
                 }
+#ifndef OPENSSL_NO_COMP
         if (s->expand != NULL)
                 {
                 COMP_CTX_free(s->expand);
@@ -2065,6 +2317,7 @@ void ssl_clear_cipher_ctx(SSL *s)
                 COMP_CTX_free(s->compress);
                 s->compress=NULL;
                 }
+#endif
         }
 
 /* Fix this function so that it takes an optional type parameter */
@@ -2091,6 +2344,31 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
                 return(s->session->cipher);
         return(NULL);
         }
+#ifdef OPENSSL_NO_COMP
+const void *SSL_get_current_compression(SSL *s)
+        {
+        return NULL;
+        }
+const void *SSL_get_current_expansion(SSL *s)
+        {
+        return NULL;
+        }
+#else
+
+const COMP_METHOD *SSL_get_current_compression(SSL *s)
+        {
+        if (s->compress != NULL)
+                return(s->compress->meth);
+        return(NULL);
+        }
+
+const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+        {
+        if (s->expand != NULL)
+                return(s->expand->meth);
+        return(NULL);
+        }
+#endif
 
 int ssl_init_wbio_buffer(SSL *s,int push)
         {
@@ -2184,6 +2462,24 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
         return(ssl->ctx);
         }
 
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
+        {
+        if (ssl->ctx == ctx)
+                return ssl->ctx;
+#ifndef OPENSSL_NO_TLSEXT
+        if (ctx == NULL)
+                ctx = ssl->initial_ctx;
+#endif
+        if (ssl->cert != NULL)
+                ssl_cert_free(ssl->cert);
+        ssl->cert = ssl_cert_dup(ctx->cert);
+        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+        if (ssl->ctx != NULL)
+                SSL_CTX_free(ssl->ctx); /* decrement reference count */
+        ssl->ctx = ctx;
+        return(ssl->ctx);
+        }
+
 #ifndef OPENSSL_NO_STDIO
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
         {
@@ -2193,19 +2489,19 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                 const char *CApath)
         {
-        int r;
-        r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath);
-        return r;
+        return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
         }
 #endif
 
 void SSL_set_info_callback(SSL *ssl,
-                           void (*cb)(const SSL *ssl,int type,int val))
+        void (*cb)(const SSL *ssl,int type,int val))
         {
         ssl->info_callback=cb;
         }
 
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val)
+/* One compiler (Diab DCC) doesn't like argument names in returned
+   function pointer.  */
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 
         {
         return ssl->info_callback;
         }
@@ -2292,14 +2588,14 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
                                                           int is_export,
                                                           int keylength))
     {
-    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
     }
 
 void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
                                                   int is_export,
                                                   int keylength))
     {
-    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
     }
 #endif
 
@@ -2328,24 +2624,38 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
                                                         int keylength))
         {
-        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
         }
 
 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
                                                 int keylength))
         {
-        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
+        }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+                                                        int keylength))
+        {
+        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
+        }
+
+void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+                                                int keylength))
+        {
+        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
         }
 #endif
 
 
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
         {
-        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
         }
 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
         {
-        SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+        SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
         }
 
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6a0b7595f4..de94c0d0c7 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -108,6 +108,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_SSL_LOCL_H
 #define HEADER_SSL_LOCL_H
@@ -121,10 +126,13 @@
 #include <openssl/buffer.h>
 #include <openssl/comp.h>
 #include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
 #include <openssl/stack.h>
-#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/symhacks.h>
@@ -172,6 +180,20 @@
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
                          *((c)++)=(unsigned char)(((l)    )&0xff))
 
+#define l2n6(l,c)       (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+#define n2l6(c,l)       (l =((BN_ULLONG)(*((c)++)))<<40, \
+                         l|=((BN_ULLONG)(*((c)++)))<<32, \
+                         l|=((BN_ULLONG)(*((c)++)))<<24, \
+                         l|=((BN_ULLONG)(*((c)++)))<<16, \
+                         l|=((BN_ULLONG)(*((c)++)))<< 8, \
+                         l|=((BN_ULLONG)(*((c)++))))
+
 /* NOTE - c is not incremented as per l2c */
 #define l2cn(l1,l2,c,n) { \
                         c+=n; \
@@ -227,52 +249,58 @@
  * that the different entities within are mutually exclusive:
  * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
  */
-#define SSL_MKEY_MASK           0x0000003FL
+#define SSL_MKEY_MASK           0x000000FFL
 #define SSL_kRSA                0x00000001L /* RSA key exchange */
 #define SSL_kDHr                0x00000002L /* DH cert RSA CA cert */
 #define SSL_kDHd                0x00000004L /* DH cert DSA CA cert */
 #define SSL_kFZA                0x00000008L
 #define SSL_kEDH                0x00000010L /* tmp DH key no DH cert */
 #define SSL_kKRB5               0x00000020L /* Kerberos5 key exchange */
+#define SSL_kECDH               0x00000040L /* ECDH w/ long-term keys */
+#define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
 #define SSL_EDH                 (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
 
-#define SSL_AUTH_MASK           0x00000FC0L
-#define SSL_aRSA                0x00000040L /* Authenticate with RSA */
-#define SSL_aDSS                0x00000080L /* Authenticate with DSS */
+#define SSL_AUTH_MASK           0x00007F00L
+#define SSL_aRSA                0x00000100L /* Authenticate with RSA */
+#define SSL_aDSS                0x00000200L /* Authenticate with DSS */
 #define SSL_DSS                 SSL_aDSS
-#define SSL_aFZA                0x00000100L
-#define SSL_aNULL               0x00000200L /* no Authenticate, ADH */
-#define SSL_aDH                 0x00000400L /* no Authenticate, ADH */
-#define SSL_aKRB5               0x00000800L /* Authenticate with KRB5 */
+#define SSL_aFZA                0x00000400L
+#define SSL_aNULL               0x00000800L /* no Authenticate, ADH */
+#define SSL_aDH                 0x00001000L /* no Authenticate, ADH */
+#define SSL_aKRB5               0x00002000L /* Authenticate with KRB5 */
+#define SSL_aECDSA              0x00004000L /* Authenticate with ECDSA */
 
 #define SSL_NULL                (SSL_eNULL)
 #define SSL_ADH                 (SSL_kEDH|SSL_aNULL)
 #define SSL_RSA                 (SSL_kRSA|SSL_aRSA)
 #define SSL_DH                  (SSL_kDHr|SSL_kDHd|SSL_kEDH)
+#define SSL_ECDH                (SSL_kECDH|SSL_kECDHE)
 #define SSL_FZA                 (SSL_aFZA|SSL_kFZA|SSL_eFZA)
 #define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
 
-#define SSL_ENC_MASK            0x0087F000L
-#define SSL_DES                 0x00001000L
-#define SSL_3DES                0x00002000L
-#define SSL_RC4                 0x00004000L
-#define SSL_RC2                 0x00008000L
-#define SSL_IDEA                0x00010000L
-#define SSL_eFZA                0x00020000L
-#define SSL_eNULL               0x00040000L
-#define SSL_AES                 0x00800000L
-
-#define SSL_MAC_MASK            0x00180000L
-#define SSL_MD5                 0x00080000L
-#define SSL_SHA1                0x00100000L
+#define SSL_ENC_MASK            0x1C3F8000L
+#define SSL_DES                 0x00008000L
+#define SSL_3DES                0x00010000L
+#define SSL_RC4                 0x00020000L
+#define SSL_RC2                 0x00040000L
+#define SSL_IDEA                0x00080000L
+#define SSL_eFZA                0x00100000L
+#define SSL_eNULL               0x00200000L
+#define SSL_AES                 0x04000000L
+#define SSL_CAMELLIA            0x08000000L
+#define SSL_SEED                0x10000000L
+
+#define SSL_MAC_MASK            0x00c00000L
+#define SSL_MD5                 0x00400000L
+#define SSL_SHA1                0x00800000L
 #define SSL_SHA                 (SSL_SHA1)
 
-#define SSL_SSL_MASK            0x00600000L
-#define SSL_SSLV2               0x00200000L
-#define SSL_SSLV3               0x00400000L
+#define SSL_SSL_MASK            0x03000000L
+#define SSL_SSLV2               0x01000000L
+#define SSL_SSLV3               0x02000000L
 #define SSL_TLSV1               SSL_SSLV3       /* for now */
 
-/* we have used 007fffff - 9 bits left to go */
+/* we have used 1fffffff - 3 bits left to go. */
 
 /*
  * Export and cipher strength information. For each cipher we have to decide
@@ -302,9 +330,8 @@
 #define SSL_LOW                 0x00000020L
 #define SSL_MEDIUM              0x00000040L
 #define SSL_HIGH                0x00000080L
-#define SSL_FIPS                0x00000100L
 
-/* we have used 000001ff - 23 bits left to go */
+/* we have used 000000ff - 24 bits left to go */
 
 /*
  * Macros to check the export status and cipher strength for export ciphers.
@@ -345,7 +372,8 @@
 #define SSL_PKEY_DSA_SIGN       2
 #define SSL_PKEY_DH_RSA         3
 #define SSL_PKEY_DH_DSA         4
-#define SSL_PKEY_NUM            5
+#define SSL_PKEY_ECC            5
+#define SSL_PKEY_NUM            6
 
 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
  *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@@ -361,6 +389,15 @@
 #define CERT_PRIVATE_KEY        2
 */
 
+#ifndef OPENSSL_NO_EC
+/* From ECC-TLS draft, used in encoding the curve type in 
+ * ECParameters
+ */
+#define EXPLICIT_PRIME_CURVE_TYPE  1   
+#define EXPLICIT_CHAR2_CURVE_TYPE  2
+#define NAMED_CURVE_TYPE           3
+#endif  /* OPENSSL_NO_EC */
+
 typedef struct cert_pkey_st
         {
         X509 *x509;
@@ -387,6 +424,11 @@ typedef struct cert_st
         DH *dh_tmp;
         DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
 #endif
+#ifndef OPENSSL_NO_ECDH
+        EC_KEY *ecdh_tmp;
+        /* Callback for generating ephemeral ECDH keys */
+        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
 
         CERT_PKEY pkeys[SSL_PKEY_NUM];
 
@@ -412,6 +454,9 @@ typedef struct sess_cert_st
 #ifndef OPENSSL_NO_DH
         DH *peer_dh_tmp; /* not used for SSL 2 */
 #endif
+#ifndef OPENSSL_NO_ECDH
+        EC_KEY *peer_ecdh_tmp;
+#endif
 
         int references; /* actually always 1 at the moment */
         } SESS_CERT;
@@ -466,17 +511,201 @@ extern SSL3_ENC_METHOD ssl3_undef_enc_method;
 OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
 
-#ifdef OPENSSL_SYS_VMS
-#undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
-#endif
-
 
 SSL_METHOD *ssl_bad_method(int ver);
 SSL_METHOD *sslv2_base_method(void);
 SSL_METHOD *sslv23_base_method(void);
 SSL_METHOD *sslv3_base_method(void);
 
+extern SSL3_ENC_METHOD TLSv1_enc_data;
+extern SSL3_ENC_METHOD SSLv3_enc_data;
+extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
+#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+        { \
+        static SSL_METHOD func_name##_data= { \
+                TLS1_VERSION, \
+                tls1_new, \
+                tls1_clear, \
+                tls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_get_message, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                s_get_meth, \
+                tls1_default_timeout, \
+                &TLSv1_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+        { \
+        static SSL_METHOD func_name##_data= { \
+                SSL3_VERSION, \
+                ssl3_new, \
+                ssl3_clear, \
+                ssl3_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_get_message, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                s_get_meth, \
+                ssl3_default_timeout, \
+                &SSLv3_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+        { \
+        static SSL_METHOD func_name##_data= { \
+        TLS1_VERSION, \
+        tls1_new, \
+        tls1_clear, \
+        tls1_free, \
+        s_accept, \
+        s_connect, \
+        ssl23_read, \
+        ssl23_peek, \
+        ssl23_write, \
+        ssl_undefined_function, \
+        ssl_undefined_function, \
+        ssl_ok, \
+        ssl3_get_message, \
+        ssl3_read_bytes, \
+        ssl3_write_bytes, \
+        ssl3_dispatch_alert, \
+        ssl3_ctrl, \
+        ssl3_ctx_ctrl, \
+        ssl23_get_cipher_by_char, \
+        ssl23_put_cipher_by_char, \
+        ssl_undefined_const_function, \
+        ssl23_num_ciphers, \
+        ssl23_get_cipher, \
+        s_get_meth, \
+        ssl23_default_timeout, \
+        &ssl3_undef_enc_method, \
+        ssl_undefined_void_function, \
+        ssl3_callback_ctrl, \
+        ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+        { \
+        static SSL_METHOD func_name##_data= { \
+                SSL2_VERSION, \
+                ssl2_new,       /* local */ \
+                ssl2_clear,     /* local */ \
+                ssl2_free,      /* local */ \
+                s_accept, \
+                s_connect, \
+                ssl2_read, \
+                ssl2_peek, \
+                ssl2_write, \
+                ssl2_shutdown, \
+                ssl_ok, /* NULL - renegotiate */ \
+                ssl_ok, /* NULL - check renegotiate */ \
+                NULL, /* NULL - ssl_get_message */ \
+                NULL, /* NULL - ssl_get_record */ \
+                NULL, /* NULL - ssl_write_bytes */ \
+                NULL, /* NULL - dispatch_alert */ \
+                ssl2_ctrl,      /* local */ \
+                ssl2_ctx_ctrl,  /* local */ \
+                ssl2_get_cipher_by_char, \
+                ssl2_put_cipher_by_char, \
+                ssl2_pending, \
+                ssl2_num_ciphers, \
+                ssl2_get_cipher, \
+                s_get_meth, \
+                ssl2_default_timeout, \
+                &ssl3_undef_enc_method, \
+                ssl_undefined_void_function, \
+                ssl2_callback_ctrl,     /* local */ \
+                ssl2_ctx_callback_ctrl, /* local */ \
+        }; \
+        return &func_name##_data; \
+        }
+
+#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void)  \
+        { \
+        static SSL_METHOD func_name##_data= { \
+                DTLS1_VERSION, \
+                dtls1_new, \
+                dtls1_clear, \
+                dtls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                dtls1_get_message, \
+                dtls1_read_bytes, \
+                dtls1_write_app_data_bytes, \
+                dtls1_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                dtls1_get_cipher, \
+                s_get_meth, \
+                dtls1_default_timeout, \
+                &DTLSv1_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
@@ -487,7 +716,7 @@ SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);
 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
+int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
 int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
                         const SSL_CIPHER * const *bp);
@@ -504,6 +733,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
                        const EVP_MD **md,SSL_COMP **comp);
 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
+int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 X509 *ssl_get_server_send_cert(SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
@@ -511,6 +741,7 @@ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
+void ssl_load_ciphers(void);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
@@ -520,7 +751,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
+int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
 void ssl2_return_error(SSL *s,int reason);
 void ssl2_write_error(SSL *s);
 int ssl2_num_ciphers(void);
@@ -536,14 +767,17 @@ int	ssl2_shutdown(SSL *s);
 void    ssl2_clear(SSL *s);
 long    ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
 long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
+long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
 int     ssl2_pending(const SSL *s);
+long    ssl2_default_timeout(void );
 
 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
+int ssl3_send_newsession_ticket(SSL *s);
+int ssl3_send_cert_status(SSL *s);
 int ssl3_get_finished(SSL *s,int state_a,int state_b);
 int ssl3_setup_key_block(SSL *s);
 int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
@@ -584,10 +818,94 @@ int	ssl3_shutdown(SSL *s);
 void    ssl3_clear(SSL *s);
 long    ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
 long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
+long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
 int     ssl3_pending(const SSL *s);
 
+void ssl3_record_sequence_update(unsigned char *seq);
+int ssl3_do_change_cipher_spec(SSL *ssl);
+long ssl3_default_timeout(void );
+
+int ssl23_num_ciphers(void );
+SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+int ssl23_read(SSL *s, void *buf, int len);
+int ssl23_peek(SSL *s, void *buf, int len);
+int ssl23_write(SSL *s, const void *buf, int len);
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+long ssl23_default_timeout(void );
+
+long tls1_default_timeout(void);
+int dtls1_do_write(SSL *s,int type);
+int ssl3_read_n(SSL *s, int n, int max, int extend);
+int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_do_compress(SSL *ssl);
+int ssl3_do_uncompress(SSL *ssl);
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+        unsigned int len);
+unsigned char *dtls1_set_message_header(SSL *s, 
+        unsigned char *p, unsigned char mt,     unsigned long len, 
+        unsigned long frag_off, unsigned long frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
+int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
+
+int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
+int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
+int dtls1_read_failed(SSL *s, int code);
+int dtls1_buffer_message(SSL *s, int ccs);
+int dtls1_retransmit_message(SSL *s, unsigned short seq, 
+        unsigned long frag_off, int *found);
+void dtls1_clear_record_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
+void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
+long dtls1_default_timeout(void);
+SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+
+
+
+/* some client-only functions */
+int ssl3_client_hello(SSL *s);
+int ssl3_get_server_hello(SSL *s);
+int ssl3_get_certificate_request(SSL *s);
+int ssl3_get_new_session_ticket(SSL *s);
+int ssl3_get_cert_status(SSL *s);
+int ssl3_get_server_done(SSL *s);
+int ssl3_send_client_verify(SSL *s);
+int ssl3_send_client_certificate(SSL *s);
+int ssl3_send_client_key_exchange(SSL *s);
+int ssl3_get_key_exchange(SSL *s);
+int ssl3_get_server_certificate(SSL *s);
+int ssl3_check_cert_and_algorithm(SSL *s);
+
+int dtls1_client_hello(SSL *s);
+int dtls1_send_client_certificate(SSL *s);
+int dtls1_send_client_key_exchange(SSL *s);
+int dtls1_send_client_verify(SSL *s);
+
+/* some server-only functions */
+int ssl3_get_client_hello(SSL *s);
+int ssl3_send_server_hello(SSL *s);
+int ssl3_send_hello_request(SSL *s);
+int ssl3_send_server_key_exchange(SSL *s);
+int ssl3_send_certificate_request(SSL *s);
+int ssl3_send_server_done(SSL *s);
+int ssl3_check_client_hello(SSL *s);
+int ssl3_get_client_certificate(SSL *s);
+int ssl3_get_client_key_exchange(SSL *s);
+int ssl3_get_cert_verify(SSL *s);
+
+int dtls1_send_hello_request(SSL *s);
+int dtls1_send_server_hello(SSL *s);
+int dtls1_send_server_certificate(SSL *s);
+int dtls1_send_server_key_exchange(SSL *s);
+int dtls1_send_certificate_request(SSL *s);
+int dtls1_send_server_done(SSL *s);
+
+
+
 int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
 int ssl23_read_bytes(SSL *s, int n);
@@ -597,9 +915,24 @@ int tls1_new(SSL *s);
 void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
 long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
+long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
 SSL_METHOD *tlsv1_base_method(void );
 
+int dtls1_new(SSL *s);
+int     dtls1_accept(SSL *s);
+int     dtls1_connect(SSL *s);
+void dtls1_free(SSL *s);
+void dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+SSL_METHOD *dtlsv1_base_method(void );
+
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int dtls1_get_record(SSL *s);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+        unsigned int len, int create_empty_fragement);
+int dtls1_dispatch_alert(SSL *s);
+int dtls1_enc(SSL *s, int snd);
+
 int ssl_init_wbio_buffer(SSL *s, int push);
 void ssl_free_wbio_buffer(SSL *s);
 
@@ -616,8 +949,28 @@ int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
 
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
 
+#ifndef OPENSSL_NO_TLSEXT
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+int ssl_prepare_clienthello_tlsext(SSL *s);
+int ssl_prepare_serverhello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext(SSL *s);
+int ssl_check_serverhello_tlsext(SSL *s);
+#ifdef OPENSSL_NO_SHA256
+#define tlsext_tick_md  EVP_sha1
+#else
+#define tlsext_tick_md  EVP_sha256
+#endif
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+                                const unsigned char *limit, SSL_SESSION **ret);
+EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+#endif
 
 #endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index fb0bd4d045..27113eba50 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -131,7 +131,7 @@ end:
         }
 #endif
 
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
         {
         X509 *x;
         int ret;
@@ -181,7 +181,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
         {
-        int i,ok=0,bad=0;
+        int i;
 
         i=ssl_cert_type(NULL,pkey);
         if (i < 0)
@@ -202,47 +202,18 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
                 /* Don't check the public/private key, this is mostly
                  * for smart cards. */
                 if ((pkey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(pkey->pkey.rsa) &
-                         RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
+                        (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
+                        ;
                 else
 #endif
-                     if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+                if (!X509_check_private_key(c->pkeys[i].x509,pkey))
                         {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
-                                if (c->pkeys[i].x509 == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(
-                                                c->pkeys[i].x509,pkey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
+                        X509_free(c->pkeys[i].x509);
+                        c->pkeys[i].x509 = NULL;
+                        return 0;
                         }
-                else
-                        ok=1;
-                }
-        else
-                ok=1;
-
-        if (bad)
-                {
-                X509_free(c->pkeys[i].x509);
-                c->pkeys[i].x509=NULL;
-                return(0);
                 }
 
-        ERR_clear_error(); /* make sure no error from X509_check_private_key()
-                            * is left if we have chosen to ignore it */
         if (c->pkeys[i].privatekey != NULL)
                 EVP_PKEY_free(c->pkeys[i].privatekey);
         CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
@@ -364,6 +335,11 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
                 pkey=PEM_read_bio_PrivateKey(in,NULL,
                         ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
                 }
+        else if (type == SSL_FILETYPE_ASN1)
+                {
+                j = ERR_R_ASN1_LIB;
+                pkey = d2i_PrivateKey_bio(in,NULL);
+                }
         else
                 {
                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
@@ -382,10 +358,10 @@ end:
         }
 #endif
 
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
         {
         int ret;
-        unsigned char *p;
+        const unsigned char *p;
         EVP_PKEY *pkey;
 
         p=d;
@@ -418,7 +394,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 static int ssl_set_cert(CERT *c, X509 *x)
         {
         EVP_PKEY *pkey;
-        int i,ok=0,bad=0;
+        int i;
 
         pkey=X509_get_pubkey(x);
         if (pkey == NULL)
@@ -446,44 +422,23 @@ static int ssl_set_cert(CERT *c, X509 *x)
                 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
                         (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
                          RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
+                         ;
                 else
-#endif
-                {
+#endif /* OPENSSL_NO_RSA */
                 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
                         {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
-                                if (c->pkeys[i].privatekey == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(x,
-                                                c->pkeys[i].privatekey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
+                        /* don't fail for a cert/key mismatch, just free
+                         * current private key (when switching to a different
+                         * cert & key, first this function should be used,
+                         * then ssl_set_pkey */
+                        EVP_PKEY_free(c->pkeys[i].privatekey);
+                        c->pkeys[i].privatekey=NULL;
+                        /* clear error queue */
+                        ERR_clear_error();
                         }
-                else
-                        ok=1;
-                } /* OPENSSL_NO_RSA */
                 }
-        else
-                ok=1;
 
         EVP_PKEY_free(pkey);
-        if (bad)
-                {
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-                c->pkeys[i].privatekey=NULL;
-                }
 
         if (c->pkeys[i].x509 != NULL)
                 X509_free(c->pkeys[i].x509);
@@ -545,7 +500,7 @@ end:
         }
 #endif
 
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
         {
         X509 *x;
         int ret;
@@ -640,7 +595,7 @@ end:
         }
 #endif
 
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
         {
         int ret;
         const unsigned char *p;
@@ -699,6 +654,11 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
                 pkey=PEM_read_bio_PrivateKey(in,NULL,
                         ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
                 }
+        else if (type == SSL_FILETYPE_ASN1)
+                {
+                j = ERR_R_ASN1_LIB;
+                pkey = d2i_PrivateKey_bio(in,NULL);
+                }
         else
                 {
                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
@@ -717,11 +677,11 @@ end:
         }
 #endif
 
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
              long len)
         {
         int ret;
-        unsigned char *p;
+        const unsigned char *p;
         EVP_PKEY *pkey;
 
         p=d;
@@ -748,6 +708,8 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
         int ret=0;
         X509 *x=NULL;
 
+        ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+
         in=BIO_new(BIO_s_file_internal());
         if (in == NULL)
                 {
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 2ba8b9612e..ee88be2b88 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -122,10 +122,20 @@ SSL_SESSION *SSL_SESSION_new(void)
         ss->prev=NULL;
         ss->next=NULL;
         ss->compress_meth=0;
+#ifndef OPENSSL_NO_TLSEXT
+        ss->tlsext_hostname = NULL; 
+#endif
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
         return(ss);
         }
 
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+        {
+        if(len)
+                *len = s->session_id_length;
+        return s->session_id;
+        }
+
 /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
  * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
  * until we have no conflict is going to complete in one iteration pretty much
@@ -141,7 +151,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
 {
         unsigned int retry = 0;
         do
-                if(RAND_pseudo_bytes(id, *id_len) <= 0)
+                if (RAND_pseudo_bytes(id, *id_len) <= 0)
                         return 0;
         while(SSL_has_matching_session_id(ssl, id, *id_len) &&
                 (++retry < MAX_SESS_ID_ATTEMPTS));
@@ -198,12 +208,25 @@ int ssl_get_new_session(SSL *s, int session)
                         ss->ssl_version=TLS1_VERSION;
                         ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
                         }
+                else if (s->version == DTLS1_VERSION)
+                        {
+                        ss->ssl_version=DTLS1_VERSION;
+                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                        }
                 else
                         {
                         SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
                         SSL_SESSION_free(ss);
                         return(0);
                         }
+#ifndef OPENSSL_NO_TLSEXT
+                /* If RFC4507 ticket use empty session ID */
+                if (s->tlsext_ticket_expected)
+                        {
+                        ss->session_id_length = 0;
+                        goto sess_id_done;
+                        }
+#endif
                 /* Choose which callback will set the session ID */
                 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
                 if(s->generate_session_id)
@@ -245,6 +268,17 @@ int ssl_get_new_session(SSL *s, int session)
                         SSL_SESSION_free(ss);
                         return(0);
                         }
+#ifndef OPENSSL_NO_TLSEXT
+                sess_id_done:
+                if (s->tlsext_hostname) {
+                        ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+                        if (ss->tlsext_hostname == NULL) {
+                                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+                                SSL_SESSION_free(ss);
+                                return 0;
+                                }
+                        }
+#endif
                 }
         else
                 {
@@ -266,21 +300,41 @@ int ssl_get_new_session(SSL *s, int session)
         return(1);
         }
 
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
+                        const unsigned char *limit)
         {
         /* This is used only by servers. */
 
-        SSL_SESSION *ret=NULL,data;
+        SSL_SESSION *ret=NULL;
         int fatal = 0;
-
-        data.ssl_version=s->version;
-        data.session_id_length=len;
+#ifndef OPENSSL_NO_TLSEXT
+        int r;
+#endif
+  
         if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
                 goto err;
-        memcpy(data.session_id,session_id,len);
-
+#ifndef OPENSSL_NO_TLSEXT
+        r = tls1_process_ticket(s, session_id, len, limit, &ret);
+        if (r == -1)
+                {
+                fatal = 1;
+                goto err;
+                }
+        else if (r == 0 || (!ret && !len))
+                goto err;
+        else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+#else
+        if (len == 0)
+                goto err;
         if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+#endif
                 {
+                SSL_SESSION data;
+                data.ssl_version=s->version;
+                data.session_id_length=len;
+                if (len == 0)
+                        return 0;
+                memcpy(data.session_id,session_id,len);
                 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
                 ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
                 if (ret != NULL)
@@ -322,33 +376,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 
         /* Now ret is non-NULL, and we own one of its reference counts. */
 
-        if((s->verify_mode&SSL_VERIFY_PEER)
-           && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
-               || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
-            {
+        if (ret->sid_ctx_length != s->sid_ctx_length
+            || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
+                {
                 /* We've found the session named by the client, but we don't
                  * want to use it in this context. */
-                
-                if (s->sid_ctx_length == 0)
-                        {
-                        /* application should have used SSL[_CTX]_set_session_id_context
-                         * -- we could tolerate this and just pretend we never heard
-                         * of this session, but then applications could effectively
-                         * disable the session cache by accident without anyone noticing */
 
-                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-                        fatal = 1;
-                        goto err;
-                        }
-                else
-                        {
 #if 0 /* The client cannot always know when a session is not appropriate,
-           * so we shouldn't generate an error message. */
+       * so we shouldn't generate an error message. */
 
-                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+                SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
 #endif
-                        goto err; /* treat like cache miss */
-                        }
+                goto err; /* treat like cache miss */
+                }
+        
+        if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
+                {
+                /* We can't be sure if this session is being used out of
+                 * context, which is especially important for SSL_VERIFY_PEER.
+                 * The application should have used SSL[_CTX]_set_session_id_context.
+                 *
+                 * For this error case, we generate an error instead of treating
+                 * the event like a cache miss (otherwise it would be easy for
+                 * applications to effectively disable the session cache by
+                 * accident without anyone noticing).
+                 */
+                
+                SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+                fatal = 1;
+                goto err;
                 }
 
         if (ret->cipher == NULL)
@@ -534,6 +590,10 @@ void SSL_SESSION_free(SSL_SESSION *ss)
         if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
         if (ss->peer != NULL) X509_free(ss->peer);
         if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+#ifndef OPENSSL_NO_TLSEXT
+        if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
+        if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
+#endif
         OPENSSL_cleanse(ss,sizeof(*ss));
         OPENSSL_free(ss);
         }
@@ -568,7 +628,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
                 if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
                     session->krb5_client_princ_len > 0)
                 {
-                    s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
+                    s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
                     memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
                             session->krb5_client_princ_len);
                     s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
@@ -753,3 +813,72 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
                 }
         }
 
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+        int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
+        {
+        ctx->new_session_cb=cb;
+        }
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
+        {
+        return ctx->new_session_cb;
+        }
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+        void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
+        {
+        ctx->remove_session_cb=cb;
+        }
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
+        {
+        return ctx->remove_session_cb;
+        }
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+        SSL_SESSION *(*cb)(struct ssl_st *ssl,
+                 unsigned char *data,int len,int *copy))
+        {
+        ctx->get_session_cb=cb;
+        }
+
+SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
+                 unsigned char *data,int len,int *copy)
+        {
+        return ctx->get_session_cb;
+        }
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, 
+        void (*cb)(const SSL *ssl,int type,int val))
+        {
+        ctx->info_callback=cb;
+        }
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
+        {
+        return ctx->info_callback;
+        }
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+        int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
+        {
+        ctx->client_cert_cb=cb;
+        }
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
+        {
+        return ctx->client_cert_cb;
+        }
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+        int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
+        {
+        ctx->app_gen_cookie_cb=cb;
+        }
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+        int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
+        {
+        ctx->app_verify_cookie_cb=cb;
+        }
+
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
index b16d253081..73b02509d4 100644
--- a/src/lib/libssl/ssl_stat.c
+++ b/src/lib/libssl/ssl_stat.c
@@ -127,6 +127,8 @@ case SSL3_ST_CR_KEY_EXCH_A:	str="SSLv3 read server key exchange A"; break;
 case SSL3_ST_CR_KEY_EXCH_B:     str="SSLv3 read server key exchange B"; break;
 case SSL3_ST_CR_CERT_REQ_A:     str="SSLv3 read server certificate request A"; break;
 case SSL3_ST_CR_CERT_REQ_B:     str="SSLv3 read server certificate request B"; break;
+case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
+case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
 case SSL3_ST_CR_SRVR_DONE_A:    str="SSLv3 read server done A"; break;
 case SSL3_ST_CR_SRVR_DONE_B:    str="SSLv3 read server done B"; break;
 case SSL3_ST_CW_CERT_A:         str="SSLv3 write client certificate A"; break;
@@ -172,6 +174,8 @@ case SSL3_ST_SW_KEY_EXCH_A:	str="SSLv3 write key exchange A"; break;
 case SSL3_ST_SW_KEY_EXCH_B:     str="SSLv3 write key exchange B"; break;
 case SSL3_ST_SW_CERT_REQ_A:     str="SSLv3 write certificate request A"; break;
 case SSL3_ST_SW_CERT_REQ_B:     str="SSLv3 write certificate request B"; break;
+case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
+case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
 case SSL3_ST_SW_SRVR_DONE_A:    str="SSLv3 write server done A"; break;
 case SSL3_ST_SW_SRVR_DONE_B:    str="SSLv3 write server done B"; break;
 case SSL3_ST_SR_CERT_A:         str="SSLv3 read client certificate A"; break;
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index 8655a31333..06b86750fd 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -81,7 +81,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
         {
         unsigned int i;
-        char *s;
+        const char *s;
 
         if (x == NULL) goto err;
         if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
@@ -151,9 +151,25 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                         if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
                         }
 #endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_TLSEXT
+        if (x->tlsext_tick_lifetime_hint)
+                {
+                if (BIO_printf(bp,
+                        "\n    TLS session ticket lifetime hint: %ld (seconds)",
+                        x->tlsext_tick_lifetime_hint) <=0)
+                        goto err;
+                }
+        if (x->tlsext_tick)
+                {
+                if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0) goto err;
+                if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
+                        goto err;
+                }
+#endif
+#ifndef OPENSSL_NO_COMP
         if (x->compress_meth != 0)
                 {
-                SSL_COMP *comp;
+                SSL_COMP *comp = NULL;
 
                 ssl_cipher_get_evp(x,NULL,NULL,&comp);
                 if (comp == NULL)
@@ -165,6 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                         if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
                         }
                 }       
+#endif
         if (x->time != 0L)
                 {
                 if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
index 57205fb429..4d1e198cdc 100644
--- a/src/lib/libssl/t1_clnt.c
+++ b/src/lib/libssl/t1_clnt.c
@@ -72,26 +72,8 @@ static SSL_METHOD *tls1_get_client_method(int ver)
                 return(NULL);
         }
 
-SSL_METHOD *TLSv1_client_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD TLSv1_client_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
-                                sizeof(SSL_METHOD));
-                        TLSv1_client_data.ssl_connect=ssl3_connect;
-                        TLSv1_client_data.get_ssl_method=tls1_get_client_method;
-                        init=0;
-                        }
-                
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&TLSv1_client_data);
-        }
+IMPLEMENT_tls1_meth_func(TLSv1_client_method,
+                        ssl_undefined_function,
+                        ssl3_connect,
+                        tls1_get_client_method)
 
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 2c6246abf5..ed5a4a7255 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -115,7 +115,6 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
-#include <openssl/fips.h>
 
 static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
                         int sec_len, unsigned char *seed, int seed_len,
@@ -132,8 +131,6 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 
         HMAC_CTX_init(&ctx);
         HMAC_CTX_init(&ctx_tmp);
-        HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
         HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
         HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
         HMAC_Update(&ctx,seed,seed_len);
@@ -180,6 +177,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
         S2= &(sec[len]);
         len+=(slen&1); /* add for odd, make longer */
 
+        
         tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
         tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
 
@@ -233,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which)
         int client_write;
         EVP_CIPHER_CTX *dd;
         const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
         const SSL_COMP *comp;
+#endif
         const EVP_MD *m;
         int is_export,n,i,j,k,exp_label_len,cl;
         int reuse_dd = 0;
@@ -241,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which)
         is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
         c=s->s3->tmp.new_sym_enc;
         m=s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
         comp=s->s3->tmp.new_compression;
+#endif
         key_block=s->s3->tmp.key_block;
 
 #ifdef KSSL_DEBUG
@@ -265,8 +267,12 @@ int tls1_change_cipher_state(SSL *s, int which)
                         reuse_dd = 1;
                 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
                         goto err;
+                else
+                        /* make sure it's intialized in case we exit later with an error */
+                        EVP_CIPHER_CTX_init(s->enc_read_ctx);
                 dd= s->enc_read_ctx;
                 s->read_hash=m;
+#ifndef OPENSSL_NO_COMP
                 if (s->expand != NULL)
                         {
                         COMP_CTX_free(s->expand);
@@ -286,7 +292,10 @@ int tls1_change_cipher_state(SSL *s, int which)
                         if (s->s3->rrec.comp == NULL)
                                 goto err;
                         }
-                memset(&(s->s3->read_sequence[0]),0,8);
+#endif
+                /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
+                if (s->version != DTLS1_VERSION)
+                        memset(&(s->s3->read_sequence[0]),0,8);
                 mac_secret= &(s->s3->read_mac_secret[0]);
                 }
         else
@@ -295,12 +304,12 @@ int tls1_change_cipher_state(SSL *s, int which)
                         reuse_dd = 1;
                 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
                         goto err;
-                if ((s->enc_write_ctx == NULL) &&
-                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
-                        goto err;
+                else
+                        /* make sure it's intialized in case we exit later with an error */
+                        EVP_CIPHER_CTX_init(s->enc_write_ctx);
                 dd= s->enc_write_ctx;
                 s->write_hash=m;
+#ifndef OPENSSL_NO_COMP
                 if (s->compress != NULL)
                         {
                         COMP_CTX_free(s->compress);
@@ -315,13 +324,15 @@ int tls1_change_cipher_state(SSL *s, int which)
                                 goto err2;
                                 }
                         }
-                memset(&(s->s3->write_sequence[0]),0,8);
+#endif
+                /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
+                if (s->version != DTLS1_VERSION)
+                        memset(&(s->s3->write_sequence[0]),0,8);
                 mac_secret= &(s->s3->write_mac_secret[0]);
                 }
 
         if (reuse_dd)
                 EVP_CIPHER_CTX_cleanup(dd);
-        EVP_CIPHER_CTX_init(dd);
 
         p=s->s3->tmp.key_block;
         i=EVP_MD_size(m);
@@ -503,7 +514,7 @@ printf("\nkey block\n");
 #endif
                         }
                 }
-
+                
         return(1);
 err:
         SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
@@ -618,7 +629,15 @@ int tls1_enc(SSL *s, int send)
                         {
                         ii=i=rec->data[l-1]; /* padding_length */
                         i++;
-                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                        /* NB: if compression is in operation the first packet
+                         * may not be of even length so the padding bug check
+                         * cannot be performed. This bug workaround has been
+                         * around since SSLeay so hopefully it is either fixed
+                         * now or no buggy implementation supports compression 
+                         * [steve]
+                         */
+                        if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                && !s->expand)
                                 {
                                 /* First packet is even in size, so check */
                                 if ((memcmp(s->s3->read_sequence,
@@ -719,15 +738,35 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
         md_size=EVP_MD_size(hash);
 
         buf[0]=rec->type;
-        buf[1]=TLS1_VERSION_MAJOR;
-        buf[2]=TLS1_VERSION_MINOR;
+        if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
+                {
+                buf[1]=TLS1_VERSION_MAJOR;
+                buf[2]=TLS1_VERSION_MINOR;
+                }
+        else    {
+                buf[1]=(unsigned char)(ssl->version>>8);
+                buf[2]=(unsigned char)(ssl->version);
+                }
+
         buf[3]=rec->length>>8;
         buf[4]=rec->length&0xff;
 
         /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
         HMAC_CTX_init(&hmac);
         HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
-        HMAC_Update(&hmac,seq,8);
+
+        if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+                {
+                unsigned char dtlsseq[8],*p=dtlsseq;
+
+                s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+                memcpy (p,&seq[2],6);
+
+                HMAC_Update(&hmac,dtlsseq,8);
+                }
+        else
+                HMAC_Update(&hmac,seq,8);
+
         HMAC_Update(&hmac,buf,5);
         HMAC_Update(&hmac,rec->input,rec->length);
         HMAC_Final(&hmac,md,&md_size);
@@ -744,10 +783,13 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
-        for (i=7; i>=0; i--)
+        if ( SSL_version(ssl) != DTLS1_VERSION)
                 {
-                ++seq[i];
-                if (seq[i] != 0) break; 
+                for (i=7; i>=0; i--)
+                        {
+                        ++seq[i];
+                        if (seq[i] != 0) break; 
+                        }
                 }
 
 #ifdef TLS_DEBUG
@@ -810,6 +852,8 @@ int tls1_alert_code(int code)
         case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
         case SSL_AD_USER_CANCELLED:     return(TLS1_AD_USER_CANCELLED);
         case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
+        case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
+                                          (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
         default:                        return(-1);
                 }
         }
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index ca6c03d5af..35f04afa4a 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -58,13 +58,20 @@
 
 #include <stdio.h>
 #include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/ocsp.h>
 #include "ssl_locl.h"
 
-const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
+const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
 
-static long tls1_default_timeout(void);
+#ifndef OPENSSL_NO_TLSEXT
+static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
+                                const unsigned char *sess_id, int sesslen,
+                                SSL_SESSION **psess);
+#endif
 
-static SSL3_ENC_METHOD TLSv1_enc_data={
+SSL3_ENC_METHOD TLSv1_enc_data={
         tls1_enc,
         tls1_mac,
         tls1_setup_key_block,
@@ -78,45 +85,17 @@ static SSL3_ENC_METHOD TLSv1_enc_data={
         tls1_alert_code,
         };
 
-static SSL_METHOD TLSv1_data= {
-        TLS1_VERSION,
-        tls1_new,
-        tls1_clear,
-        tls1_free,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl3_read,
-        ssl3_peek,
-        ssl3_write,
-        ssl3_shutdown,
-        ssl3_renegotiate,
-        ssl3_renegotiate_check,
-        ssl3_ctrl,
-        ssl3_ctx_ctrl,
-        ssl3_get_cipher_by_char,
-        ssl3_put_cipher_by_char,
-        ssl3_pending,
-        ssl3_num_ciphers,
-        ssl3_get_cipher,
-        ssl_bad_method,
-        tls1_default_timeout,
-        &TLSv1_enc_data,
-        ssl_undefined_function,
-        ssl3_callback_ctrl,
-        ssl3_ctx_callback_ctrl,
-        };
-
-static long tls1_default_timeout(void)
+long tls1_default_timeout(void)
         {
         /* 2 hours, the 24 hours mentioned in the TLSv1 spec
          * is way too long for http, the cache would over fill */
         return(60*60*2);
         }
 
-SSL_METHOD *tlsv1_base_method(void)
-        {
-        return(&TLSv1_data);
-        }
+IMPLEMENT_tls1_meth_func(tlsv1_base_method,
+                        ssl_undefined_function,
+                        ssl_undefined_function,
+                        ssl_bad_method)
 
 int tls1_new(SSL *s)
         {
@@ -147,3 +126,751 @@ long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
         return(0);
         }
 #endif
+
+#ifndef OPENSSL_NO_TLSEXT
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
+        {
+        int extdatalen=0;
+        unsigned char *ret = p;
+
+        ret+=2;
+
+        if (ret>=limit) return NULL; /* this really never occurs, but ... */
+
+        if (s->tlsext_hostname != NULL)
+                { 
+                /* Add TLS extension servername to the Client Hello message */
+                unsigned long size_str;
+                long lenmax; 
+
+                /* check for enough space.
+                   4 for the servername type and entension length
+                   2 for servernamelist length
+                   1 for the hostname type
+                   2 for hostname length
+                   + hostname length 
+                */
+                   
+                if ((lenmax = limit - ret - 9) < 0 
+                || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 
+                        return NULL;
+                        
+                /* extension type and length */
+                s2n(TLSEXT_TYPE_server_name,ret); 
+                s2n(size_str+5,ret);
+                
+                /* length of servername list */
+                s2n(size_str+3,ret);
+        
+                /* hostname type, length and hostname */
+                *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
+                s2n(size_str,ret);
+                memcpy(ret, s->tlsext_hostname, size_str);
+                ret+=size_str;
+
+                }
+
+        if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
+                {
+                int ticklen;
+                if (s->session && s->session->tlsext_tick)
+                        ticklen = s->session->tlsext_ticklen;
+                else
+                        ticklen = 0;
+                /* Check for enough room 2 for extension type, 2 for len
+                 * rest for ticket
+                 */
+                if (limit - ret - 4 - ticklen < 0)
+                        return NULL;
+                s2n(TLSEXT_TYPE_session_ticket,ret); 
+                s2n(ticklen,ret);
+                if (ticklen)
+                        {
+                        memcpy(ret, s->session->tlsext_tick, ticklen);
+                        ret += ticklen;
+                        }
+                }
+
+        if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
+                {
+                int i;
+                long extlen, idlen, itmp;
+                OCSP_RESPID *id;
+
+                idlen = 0;
+                for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
+                        {
+                        id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+                        itmp = i2d_OCSP_RESPID(id, NULL);
+                        if (itmp <= 0)
+                                return NULL;
+                        idlen += itmp + 2;
+                        }
+
+                if (s->tlsext_ocsp_exts)
+                        {
+                        extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
+                        if (extlen < 0)
+                                return NULL;
+                        }
+                else
+                        extlen = 0;
+                        
+                if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
+                s2n(TLSEXT_TYPE_status_request, ret);
+                if (extlen + idlen > 0xFFF0)
+                        return NULL;
+                s2n(extlen + idlen + 5, ret);
+                *(ret++) = TLSEXT_STATUSTYPE_ocsp;
+                s2n(idlen, ret);
+                for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
+                        {
+                        /* save position of id len */
+                        unsigned char *q = ret;
+                        id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+                        /* skip over id len */
+                        ret += 2;
+                        itmp = i2d_OCSP_RESPID(id, &ret);
+                        /* write id len */
+                        s2n(itmp, q);
+                        }
+                s2n(extlen, ret);
+                if (extlen > 0)
+                        i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
+                }
+
+        if ((extdatalen = ret-p-2)== 0) 
+                return p;
+
+        s2n(extdatalen,p);
+        return ret;
+        }
+
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
+        {
+        int extdatalen=0;
+        unsigned char *ret = p;
+
+        ret+=2;
+        if (ret>=limit) return NULL; /* this really never occurs, but ... */
+
+        if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
+                { 
+                if (limit - ret - 4 < 0) return NULL; 
+
+                s2n(TLSEXT_TYPE_server_name,ret);
+                s2n(0,ret);
+                }
+        
+        if (s->tlsext_ticket_expected
+                && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 
+                { 
+                if (limit - ret - 4 < 0) return NULL; 
+                s2n(TLSEXT_TYPE_session_ticket,ret);
+                s2n(0,ret);
+                }
+
+        if (s->tlsext_status_expected)
+                { 
+                if ((long)(limit - ret - 4) < 0) return NULL; 
+                s2n(TLSEXT_TYPE_status_request,ret);
+                s2n(0,ret);
+                }
+
+        if ((extdatalen = ret-p-2)== 0) 
+                return p;
+
+        s2n(extdatalen,p);
+        return ret;
+        }
+
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
+        {
+        unsigned short type;
+        unsigned short size;
+        unsigned short len;
+        unsigned char *data = *p;
+        s->servername_done = 0;
+        s->tlsext_status_type = -1;
+
+        if (data >= (d+n-2))
+                return 1;
+        n2s(data,len);
+
+        if (data > (d+n-len)) 
+                return 1;
+
+        while (data <= (d+n-4))
+                {
+                n2s(data,type);
+                n2s(data,size);
+
+                if (data+size > (d+n))
+                        return 1;
+
+                if (s->tlsext_debug_cb)
+                        s->tlsext_debug_cb(s, 0, type, data, size,
+                                                s->tlsext_debug_arg);
+/* The servername extension is treated as follows:
+
+   - Only the hostname type is supported with a maximum length of 255.
+   - The servername is rejected if too long or if it contains zeros,
+     in which case an fatal alert is generated.
+   - The servername field is maintained together with the session cache.
+   - When a session is resumed, the servername call back invoked in order
+     to allow the application to position itself to the right context. 
+   - The servername is acknowledged if it is new for a session or when 
+     it is identical to a previously used for the same session. 
+     Applications can control the behaviour.  They can at any time
+     set a 'desirable' servername for a new SSL object. This can be the
+     case for example with HTTPS when a Host: header field is received and
+     a renegotiation is requested. In this case, a possible servername
+     presented in the new client hello is only acknowledged if it matches
+     the value of the Host: field. 
+   - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+     if they provide for changing an explicit servername context for the session,
+     i.e. when the session has been established with a servername extension. 
+   - On session reconnect, the servername extension may be absent. 
+
+*/      
+
+                if (type == TLSEXT_TYPE_server_name)
+                        {
+                        unsigned char *sdata;
+                        int servname_type;
+                        int dsize; 
+                
+                        if (size < 2) 
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        n2s(data,dsize);  
+                        size -= 2;
+                        if (dsize > size  ) 
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                } 
+
+                        sdata = data;
+                        while (dsize > 3) 
+                                {
+                                servname_type = *(sdata++); 
+                                n2s(sdata,len);
+                                dsize -= 3;
+
+                                if (len > dsize) 
+                                        {
+                                        *al = SSL_AD_DECODE_ERROR;
+                                        return 0;
+                                        }
+                                if (s->servername_done == 0)
+                                switch (servname_type)
+                                        {
+                                case TLSEXT_NAMETYPE_host_name:
+                                        if (s->session->tlsext_hostname == NULL)
+                                                {
+                                                if (len > TLSEXT_MAXLEN_host_name || 
+                                                        ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+                                                        {
+                                                        *al = TLS1_AD_UNRECOGNIZED_NAME;
+                                                        return 0;
+                                                        }
+                                                memcpy(s->session->tlsext_hostname, sdata, len);
+                                                s->session->tlsext_hostname[len]='\0';
+                                                if (strlen(s->session->tlsext_hostname) != len) {
+                                                        OPENSSL_free(s->session->tlsext_hostname);
+                                                        s->session->tlsext_hostname = NULL;
+                                                        *al = TLS1_AD_UNRECOGNIZED_NAME;
+                                                        return 0;
+                                                }
+                                                s->servername_done = 1; 
+
+                                                }
+                                        else 
+                                                s->servername_done = strlen(s->session->tlsext_hostname) == len 
+                                                        && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
+                                        
+                                        break;
+
+                                default:
+                                        break;
+                                        }
+                                 
+                                dsize -= len;
+                                }
+                        if (dsize != 0) 
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+
+                        }
+                else if (type == TLSEXT_TYPE_status_request
+                                                && s->ctx->tlsext_status_cb)
+                        {
+                
+                        if (size < 5) 
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+
+                        s->tlsext_status_type = *data++;
+                        size--;
+                        if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
+                                {
+                                const unsigned char *sdata;
+                                int dsize;
+                                /* Read in responder_id_list */
+                                n2s(data,dsize);
+                                size -= 2;
+                                if (dsize > size  ) 
+                                        {
+                                        *al = SSL_AD_DECODE_ERROR;
+                                        return 0;
+                                        }
+                                while (dsize > 0)
+                                        {
+                                        OCSP_RESPID *id;
+                                        int idsize;
+                                        if (dsize < 4)
+                                                {
+                                                *al = SSL_AD_DECODE_ERROR;
+                                                return 0;
+                                                }
+                                        n2s(data, idsize);
+                                        dsize -= 2 + idsize;
+                                        if (dsize < 0)
+                                                {
+                                                *al = SSL_AD_DECODE_ERROR;
+                                                return 0;
+                                                }
+                                        sdata = data;
+                                        data += idsize;
+                                        id = d2i_OCSP_RESPID(NULL,
+                                                                &sdata, idsize);
+                                        if (!id)
+                                                {
+                                                *al = SSL_AD_DECODE_ERROR;
+                                                return 0;
+                                                }
+                                        if (data != sdata)
+                                                {
+                                                OCSP_RESPID_free(id);
+                                                *al = SSL_AD_DECODE_ERROR;
+                                                return 0;
+                                                }
+                                        if (!s->tlsext_ocsp_ids
+                                                && !(s->tlsext_ocsp_ids =
+                                                sk_OCSP_RESPID_new_null()))
+                                                {
+                                                OCSP_RESPID_free(id);
+                                                *al = SSL_AD_INTERNAL_ERROR;
+                                                return 0;
+                                                }
+                                        if (!sk_OCSP_RESPID_push(
+                                                        s->tlsext_ocsp_ids, id))
+                                                {
+                                                OCSP_RESPID_free(id);
+                                                *al = SSL_AD_INTERNAL_ERROR;
+                                                return 0;
+                                                }
+                                        }
+
+                                /* Read in request_extensions */
+                                n2s(data,dsize);
+                                size -= 2;
+                                if (dsize > size) 
+                                        {
+                                        *al = SSL_AD_DECODE_ERROR;
+                                        return 0;
+                                        }
+                                sdata = data;
+                                if (dsize > 0)
+                                        {
+                                        s->tlsext_ocsp_exts =
+                                                d2i_X509_EXTENSIONS(NULL,
+                                                        &sdata, dsize);
+                                        if (!s->tlsext_ocsp_exts
+                                                || (data + dsize != sdata))
+                                                {
+                                                *al = SSL_AD_DECODE_ERROR;
+                                                return 0;
+                                                }
+                                        }
+                                }
+                                /* We don't know what to do with any other type
+                                * so ignore it.
+                                */
+                                else
+                                        s->tlsext_status_type = -1;
+                        }
+                /* session ticket processed earlier */
+
+                data+=size;             
+                }
+
+        *p = data;
+        return 1;
+        }
+
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
+        {
+        unsigned short type;
+        unsigned short size;
+        unsigned short len;  
+        unsigned char *data = *p;
+
+        int tlsext_servername = 0;
+
+        if (data >= (d+n-2))
+                return 1;
+
+        n2s(data,len);
+
+        while(data <= (d+n-4))
+                {
+                n2s(data,type);
+                n2s(data,size);
+
+                if (data+size > (d+n))
+                        return 1;
+
+                if (s->tlsext_debug_cb)
+                        s->tlsext_debug_cb(s, 1, type, data, size,
+                                                s->tlsext_debug_arg);
+
+                if (type == TLSEXT_TYPE_server_name)
+                        {
+                        if (s->tlsext_hostname == NULL || size > 0)
+                                {
+                                *al = TLS1_AD_UNRECOGNIZED_NAME;
+                                return 0;
+                                }
+                        tlsext_servername = 1;   
+                        }
+                else if (type == TLSEXT_TYPE_session_ticket)
+                        {
+                        if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
+                                || (size > 0))
+                                {
+                                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                                return 0;
+                                }
+                        s->tlsext_ticket_expected = 1;
+                        }
+                else if (type == TLSEXT_TYPE_status_request)
+                        {
+                        /* MUST be empty and only sent if we've requested
+                         * a status request message.
+                         */ 
+                        if ((s->tlsext_status_type == -1) || (size > 0))
+                                {
+                                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                                return 0;
+                                }
+                        /* Set flag to expect CertificateStatus message */
+                        s->tlsext_status_expected = 1;
+                        }
+
+                data+=size;             
+                }
+
+        if (data != d+n)
+                {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+                }
+
+        if (!s->hit && tlsext_servername == 1)
+                {
+                if (s->tlsext_hostname)
+                        {
+                        if (s->session->tlsext_hostname == NULL)
+                                {
+                                s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);   
+                                if (!s->session->tlsext_hostname)
+                                        {
+                                        *al = SSL_AD_UNRECOGNIZED_NAME;
+                                        return 0;
+                                        }
+                                }
+                        else 
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        }
+                }
+
+        *p = data;
+        return 1;
+        }
+
+int ssl_check_clienthello_tlsext(SSL *s)
+        {
+        int ret=SSL_TLSEXT_ERR_NOACK;
+        int al = SSL_AD_UNRECOGNIZED_NAME;
+
+        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 
+                ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
+        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
+                ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+
+        /* If status request then ask callback what to do.
+         * Note: this must be called after servername callbacks in case 
+         * the certificate has changed.
+         */
+        if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
+                {
+                int r;
+                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+                switch (r)
+                        {
+                        /* We don't want to send a status request response */
+                        case SSL_TLSEXT_ERR_NOACK:
+                                s->tlsext_status_expected = 0;
+                                break;
+                        /* status request response should be sent */
+                        case SSL_TLSEXT_ERR_OK:
+                                if (s->tlsext_ocsp_resp)
+                                        s->tlsext_status_expected = 1;
+                                else
+                                        s->tlsext_status_expected = 0;
+                                break;
+                        /* something bad happened */
+                        case SSL_TLSEXT_ERR_ALERT_FATAL:
+                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                al = SSL_AD_INTERNAL_ERROR;
+                                goto err;
+                        }
+                }
+        else
+                s->tlsext_status_expected = 0;
+        err:
+        switch (ret)
+                {
+                case SSL_TLSEXT_ERR_ALERT_FATAL:
+                        ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+                        return -1;
+
+                case SSL_TLSEXT_ERR_ALERT_WARNING:
+                        ssl3_send_alert(s,SSL3_AL_WARNING,al);
+                        return 1; 
+                                        
+                case SSL_TLSEXT_ERR_NOACK:
+                        s->servername_done=0;
+                        default:
+                return 1;
+                }
+        }
+
+int ssl_check_serverhello_tlsext(SSL *s)
+        {
+        int ret=SSL_TLSEXT_ERR_NOACK;
+        int al = SSL_AD_UNRECOGNIZED_NAME;
+
+        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 
+                ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
+        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
+                ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+
+        /* If we've requested certificate status and we wont get one
+         * tell the callback
+         */
+        if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
+                        && s->ctx->tlsext_status_cb)
+                {
+                int r;
+                /* Set resp to NULL, resplen to -1 so callback knows
+                 * there is no response.
+                 */
+                if (s->tlsext_ocsp_resp)
+                        {
+                        OPENSSL_free(s->tlsext_ocsp_resp);
+                        s->tlsext_ocsp_resp = NULL;
+                        }
+                s->tlsext_ocsp_resplen = -1;
+                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+                if (r == 0)
+                        {
+                        al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                        }
+                if (r < 0)
+                        {
+                        al = SSL_AD_INTERNAL_ERROR;
+                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                        }
+                }
+
+        switch (ret)
+                {
+                case SSL_TLSEXT_ERR_ALERT_FATAL:
+                        ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+                        return -1;
+
+                case SSL_TLSEXT_ERR_ALERT_WARNING:
+                        ssl3_send_alert(s,SSL3_AL_WARNING,al);
+                        return 1; 
+                                        
+                case SSL_TLSEXT_ERR_NOACK:
+                        s->servername_done=0;
+                        default:
+                return 1;
+                }
+        }
+
+/* Since the server cache lookup is done early on in the processing of client
+ * hello and other operations depend on the result we need to handle any TLS
+ * session ticket extension at the same time.
+ */
+
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+                                const unsigned char *limit, SSL_SESSION **ret)
+        {
+        /* Point after session ID in client hello */
+        const unsigned char *p = session_id + len;
+        unsigned short i;
+        if ((s->version <= SSL3_VERSION) || !limit)
+                return 1;
+        if (p >= limit)
+                return -1;
+        /* Skip past cipher list */
+        n2s(p, i);
+        p+= i;
+        if (p >= limit)
+                return -1;
+        /* Skip past compression algorithm list */
+        i = *(p++);
+        p += i;
+        if (p > limit)
+                return -1;
+        /* Now at start of extensions */
+        if ((p + 2) >= limit)
+                return 1;
+        n2s(p, i);
+        while ((p + 4) <= limit)
+                {
+                unsigned short type, size;
+                n2s(p, type);
+                n2s(p, size);
+                if (p + size > limit)
+                        return 1;
+                if (type == TLSEXT_TYPE_session_ticket)
+                        {
+                        /* If tickets disabled indicate cache miss which will
+                         * trigger a full handshake
+                         */
+                        if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+                                return 0;
+                        /* If zero length not client will accept a ticket
+                         * and indicate cache miss to trigger full handshake
+                         */
+                        if (size == 0)
+                                {
+                                s->tlsext_ticket_expected = 1;
+                                return 0;       /* Cache miss */
+                                }
+                        return tls_decrypt_ticket(s, p, size, session_id, len,
+                                                                        ret);
+                        }
+                p += size;
+                }
+        return 1;
+        }
+
+static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
+                                const unsigned char *sess_id, int sesslen,
+                                SSL_SESSION **psess)
+        {
+        SSL_SESSION *sess;
+        unsigned char *sdec;
+        const unsigned char *p;
+        int slen, mlen, renew_ticket = 0;
+        unsigned char tick_hmac[EVP_MAX_MD_SIZE];
+        HMAC_CTX hctx;
+        EVP_CIPHER_CTX ctx;
+        /* Need at least keyname + iv + some encrypted data */
+        if (eticklen < 48)
+                goto tickerr;
+        /* Initialize session ticket encryption and HMAC contexts */
+        HMAC_CTX_init(&hctx);
+        EVP_CIPHER_CTX_init(&ctx);
+        if (s->ctx->tlsext_ticket_key_cb)
+                {
+                unsigned char *nctick = (unsigned char *)etick;
+                int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+                                                        &ctx, &hctx, 0);
+                if (rv < 0)
+                        return -1;
+                if (rv == 0)
+                        goto tickerr;
+                if (rv == 2)
+                        renew_ticket = 1;
+                }
+        else
+                {
+                /* Check key name matches */
+                if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
+                        goto tickerr;
+                HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+                                        tlsext_tick_md(), NULL);
+                EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                                s->ctx->tlsext_tick_aes_key, etick + 16);
+                }
+        /* Attempt to process session ticket, first conduct sanity and
+         * integrity checks on ticket.
+         */
+        mlen = HMAC_size(&hctx);
+        eticklen -= mlen;
+        /* Check HMAC of encrypted ticket */
+        HMAC_Update(&hctx, etick, eticklen);
+        HMAC_Final(&hctx, tick_hmac, NULL);
+        HMAC_CTX_cleanup(&hctx);
+        if (memcmp(tick_hmac, etick + eticklen, mlen))
+                goto tickerr;
+        /* Attempt to decrypt session data */
+        /* Move p after IV to start of encrypted ticket, update length */
+        p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+        eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+        sdec = OPENSSL_malloc(eticklen);
+        if (!sdec)
+                {
+                EVP_CIPHER_CTX_cleanup(&ctx);
+                return -1;
+                }
+        EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
+        if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+                goto tickerr;
+        slen += mlen;
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        p = sdec;
+                
+        sess = d2i_SSL_SESSION(NULL, &p, slen);
+        OPENSSL_free(sdec);
+        if (sess)
+                {
+                /* The session ID if non-empty is used by some clients to
+                 * detect that the ticket has been accepted. So we copy it to
+                 * the session structure. If it is empty set length to zero
+                 * as required by standard.
+                 */
+                if (sesslen)
+                        memcpy(sess->session_id, sess_id, sesslen);
+                sess->session_id_length = sesslen;
+                *psess = sess;
+                s->tlsext_ticket_expected = renew_ticket;
+                return 1;
+                }
+        /* If session decrypt failure indicate a cache miss and set state to
+         * send a new ticket
+         */
+        tickerr:        
+        s->tlsext_ticket_expected = 1;
+        return 0;
+        }
+
+#endif
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
index fcc243f782..f5d8df634e 100644
--- a/src/lib/libssl/t1_meth.c
+++ b/src/lib/libssl/t1_meth.c
@@ -69,28 +69,8 @@ static SSL_METHOD *tls1_get_method(int ver)
                 return(NULL);
         }
 
-SSL_METHOD *TLSv1_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD TLSv1_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-                
-                if (init)
-                        {
-                        memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
-                                sizeof(SSL_METHOD));
-                        TLSv1_data.ssl_connect=ssl3_connect;
-                        TLSv1_data.ssl_accept=ssl3_accept;
-                        TLSv1_data.get_ssl_method=tls1_get_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        
-        return(&TLSv1_data);
-        }
+IMPLEMENT_tls1_meth_func(TLSv1_method,
+                        ssl3_accept,
+                        ssl3_connect,
+                        tls1_get_method)
 
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
index 1c1149e49f..b75636abba 100644
--- a/src/lib/libssl/t1_srvr.c
+++ b/src/lib/libssl/t1_srvr.c
@@ -73,26 +73,8 @@ static SSL_METHOD *tls1_get_server_method(int ver)
                 return(NULL);
         }
 
-SSL_METHOD *TLSv1_server_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD TLSv1_server_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
-                                sizeof(SSL_METHOD));
-                        TLSv1_server_data.ssl_accept=ssl3_accept;
-                        TLSv1_server_data.get_ssl_method=tls1_get_server_method;
-                        init=0;
-                        }
-                        
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&TLSv1_server_data);
-        }
+IMPLEMENT_tls1_meth_func(TLSv1_server_method,
+                        ssl3_accept,
+                        ssl_undefined_function,
+                        tls1_get_server_method)
 
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
index 21da59a73a..20f8f05e3d 100644
--- a/src/lib/libssl/test/CAss.cnf
+++ b/src/lib/libssl/test/CAss.cnf
@@ -24,10 +24,53 @@ organizationName_value		= Dodgy Brothers
 commonName                      = Common Name (eg, YOUR name)
 commonName_value                = Dodgy CA
 
+####################################################################
+[ ca ]
+default_ca      = CA_default            # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir             = ./demoCA              # Where everything is kept
+certs           = $dir/certs            # Where the issued certs are kept
+crl_dir         = $dir/crl              # Where the issued crl are kept
+database        = $dir/index.txt        # database index file.
+#unique_subject = no                    # Set to 'no' to allow creation of
+                                        # several ctificates with same subject.
+new_certs_dir   = $dir/newcerts         # default place for new certs.
+
+certificate     = $dir/cacert.pem       # The CA certificate
+serial          = $dir/serial           # The current serial number
+crl             = $dir/crl.pem          # The current CRL
+private_key     = $dir/private/cakey.pem# The private key
+RANDFILE        = $dir/private/.rand    # private random number file
+
+x509_extensions = v3_ca                 # The extentions to add to the cert
+
+name_opt        = ca_default            # Subject Name options
+cert_opt        = ca_default            # Certificate field options
+
+default_days    = 365                   # how long to certify for
+default_crl_days= 30                    # how long before next CRL
+default_md      = md5                   # which md to use.
+preserve        = no                    # keep passed DN ordering
+
+policy          = policy_anything
+
+[ policy_anything ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+
+
 [ v3_ca ]
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints = CA:true,pathlen:1
 keyUsage = cRLSign, keyCertSign
 issuerAltName=issuer:copy
-
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
index e81fc0733a..bdb3218f7a 100644
--- a/src/lib/libssl/test/bctest
+++ b/src/lib/libssl/test/bctest
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# This script is used by test/Makefile to check whether a sane 'bc'
+# This script is used by test/Makefile.ssl to check whether a sane 'bc'
 # is installed.
 # ('make test_bn' should not try to run 'bc' if it does not exist or if
 # it is a broken 'bc' version that is known to cause trouble.)
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
new file mode 100644
index 0000000000..2e95b48ba4
--- /dev/null
+++ b/src/lib/libssl/test/cms-examples.pl
@@ -0,0 +1,409 @@
+# test/cms-examples.pl
+# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+# project.
+#
+# ====================================================================
+# Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+#    software must display the following acknowledgment:
+#    "This product includes software developed by the OpenSSL Project
+#    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission. For written permission, please contact
+#    licensing@OpenSSL.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+#    nor may "OpenSSL" appear in their names without prior written
+#    permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+#    acknowledgment:
+#    "This product includes software developed by the OpenSSL Project
+#    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+
+# Perl script to run tests against S/MIME examples in RFC4134
+# Assumes RFC is in current directory and called "rfc4134.txt"
+
+use MIME::Base64;
+
+my $badttest = 0;
+my $verbose  = 1;
+
+my $cmscmd;
+my $exdir  = "./";
+my $exfile = "./rfc4134.txt";
+
+if (-f "../apps/openssl")
+        {
+        $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
+        }
+elsif (-f "..\\out32dll\\openssl.exe")
+        {
+        $cmscmd = "..\\out32dll\\openssl.exe cms";
+        }
+elsif (-f "..\\out32\\openssl.exe")
+        {
+        $cmscmd = "..\\out32\\openssl.exe cms";
+        }
+
+my @test_list = (
+    [ "3.1.bin"  => "dataout" ],
+    [ "3.2.bin"  => "encode, dataout" ],
+    [ "4.1.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.2.bin"  => "encode, verifyder, cont, rsa" ],
+    [ "4.3.bin"  => "encode, verifyder, cont_extern, dss" ],
+    [ "4.4.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.5.bin"  => "verifyder, cont, rsa" ],
+    [ "4.6.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.7.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.8.eml"  => "verifymime, dss" ],
+    [ "4.9.eml"  => "verifymime, dss" ],
+    [ "4.10.bin" => "encode, verifyder, cont, dss" ],
+    [ "4.11.bin" => "encode, certsout" ],
+    [ "5.1.bin"  => "encode, envelopeder, cont" ],
+    [ "5.2.bin"  => "encode, envelopeder, cont" ],
+    [ "5.3.eml"  => "envelopemime, cont" ],
+    [ "6.0.bin"  => "encode, digest, cont" ],
+    [ "7.1.bin"  => "encode, encrypted, cont" ],
+    [ "7.2.bin"  => "encode, encrypted, cont" ]
+);
+
+# Extract examples from RFC4134 text.
+# Base64 decode all examples, certificates and
+# private keys are converted to PEM format.
+
+my ( $filename, $data );
+
+my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
+
+$data = "";
+
+open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
+
+while (<IN>) {
+    next unless (/^\|/);
+    s/^\|//;
+    next if (/^\*/);
+    if (/^>(.*)$/) {
+        $filename = $1;
+        next;
+    }
+    if (/^</) {
+        $filename = "$exdir/$filename";
+        if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
+            $data = decode_base64($data);
+            open OUT, ">$filename";
+            binmode OUT;
+            print OUT $data;
+            close OUT;
+            push @cleanup, $filename;
+        }
+        elsif ( $filename =~ /\.cer$/ ) {
+            write_pem( $filename, "CERTIFICATE", $data );
+        }
+        elsif ( $filename =~ /\.pri$/ ) {
+            write_pem( $filename, "PRIVATE KEY", $data );
+        }
+        $data     = "";
+        $filename = "";
+    }
+    else {
+        $data .= $_;
+    }
+
+}
+
+my $secretkey =
+  "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
+
+foreach (@test_list) {
+    my ( $file, $tlist ) = @$_;
+    print "Example file $file:\n";
+    if ( $tlist =~ /encode/ ) {
+        run_reencode_test( $exdir, $file );
+    }
+    if ( $tlist =~ /certsout/ ) {
+        run_certsout_test( $exdir, $file );
+    }
+    if ( $tlist =~ /dataout/ ) {
+        run_dataout_test( $exdir, $file );
+    }
+    if ( $tlist =~ /verify/ ) {
+        run_verify_test( $exdir, $tlist, $file );
+    }
+    if ( $tlist =~ /digest/ ) {
+        run_digest_test( $exdir, $tlist, $file );
+    }
+    if ( $tlist =~ /encrypted/ ) {
+        run_encrypted_test( $exdir, $tlist, $file, $secretkey );
+    }
+    if ( $tlist =~ /envelope/ ) {
+        run_envelope_test( $exdir, $tlist, $file );
+    }
+
+}
+
+foreach (@cleanup) {
+    unlink $_;
+}
+
+if ($badtest) {
+    print "\n$badtest TESTS FAILED!!\n";
+}
+else {
+    print "\n***All tests successful***\n";
+}
+
+sub write_pem {
+    my ( $filename, $str, $data ) = @_;
+
+    $filename =~ s/\.[^.]*$/.pem/;
+
+    push @cleanup, $filename;
+
+    open OUT, ">$filename";
+
+    print OUT "-----BEGIN $str-----\n";
+    print OUT $data;
+    print OUT "-----END $str-----\n";
+
+    close OUT;
+}
+
+sub run_reencode_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.der";
+
+    system( "$cmscmd -cmsout -inform DER -outform DER"
+          . " -in $cmsdir/$tfile -out tmp.der" );
+
+    if ($?) {
+        print "\tReencode command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
+        print "\tReencode FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tReencode passed\n" if $verbose;
+    }
+}
+
+sub run_certsout_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.der";
+    unlink "tmp.pem";
+
+    system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
+          . " -in $cmsdir/$tfile -out tmp.der" );
+
+    if ($?) {
+        print "\tCertificate output command FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tCertificate output passed\n" if $verbose;
+    }
+}
+
+sub run_dataout_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    system(
+        "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
+
+    if ($?) {
+        print "\tDataout command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
+        print "\tDataout compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tDataout passed\n" if $verbose;
+    }
+}
+
+sub run_verify_test {
+    my ( $cmsdir, $tlist, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    $form   = "DER"                     if $tlist =~ /verifyder/;
+    $form   = "SMIME"                   if $tlist =~ /verifymime/;
+    $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
+    $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
+
+    $cmd =
+        "$cmscmd -verify -inform $form"
+      . " -CAfile $cafile"
+      . " -in $cmsdir/$tfile -out tmp.txt";
+
+    $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
+
+    system("$cmd 2>cms.err 1>cms.out");
+
+    if ($?) {
+        print "\tVerify command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tVerify content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tVerify passed\n" if $verbose;
+    }
+}
+
+sub run_envelope_test {
+    my ( $cmsdir, $tlist, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    $form = "DER"   if $tlist =~ /envelopeder/;
+    $form = "SMIME" if $tlist =~ /envelopemime/;
+
+    $cmd =
+        "$cmscmd -decrypt -inform $form"
+      . " -recip $cmsdir/BobRSASignByCarl.pem"
+      . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
+      . " -in $cmsdir/$tfile -out tmp.txt";
+
+    system("$cmd 2>cms.err 1>cms.out");
+
+    if ($?) {
+        print "\tDecrypt command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tDecrypt content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tDecrypt passed\n" if $verbose;
+    }
+}
+
+sub run_digest_test {
+    my ( $cmsdir, $tlist, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    my $cmd =
+      "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
+
+    system("$cmd 2>cms.err 1>cms.out");
+
+    if ($?) {
+        print "\tDigest verify command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tDigest verify content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tDigest verify passed\n" if $verbose;
+    }
+}
+
+sub run_encrypted_test {
+    my ( $cmsdir, $tlist, $tfile, $key ) = @_;
+    unlink "tmp.txt";
+
+    system( "$cmscmd -EncryptedData_decrypt -inform DER"
+          . " -secretkey $key"
+          . " -in $cmsdir/$tfile -out tmp.txt" );
+
+    if ($?) {
+        print "\tEncrypted Data command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tEncrypted Data content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tEncryptedData verify passed\n" if $verbose;
+    }
+}
+
+sub cmp_files {
+    my ( $f1, $f2 ) = @_;
+    my ( $fp1, $fp2 );
+
+    my ( $rd1, $rd2 );
+
+    if ( !open( $fp1, "<$f1" ) ) {
+        print STDERR "Can't Open file $f1\n";
+        return 0;
+    }
+
+    if ( !open( $fp2, "<$f2" ) ) {
+        print STDERR "Can't Open file $f2\n";
+        return 0;
+    }
+
+    binmode $fp1;
+    binmode $fp2;
+
+    my $ret = 0;
+
+    for ( ; ; ) {
+        $n1 = sysread $fp1, $rd1, 4096;
+        $n2 = sysread $fp2, $rd2, 4096;
+        last if ( $n1 != $n2 );
+        last if ( $rd1 ne $rd2 );
+
+        if ( $n1 == 0 ) {
+            $ret = 1;
+            last;
+        }
+
+    }
+
+    close $fp1;
+    close $fp2;
+
+    return $ret;
+
+}
+
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
new file mode 100644
index 0000000000..a84e089ddc
--- /dev/null
+++ b/src/lib/libssl/test/cms-test.pl
@@ -0,0 +1,453 @@
+# test/cms-test.pl
+# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+# project.
+#
+# ====================================================================
+# Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+#    software must display the following acknowledgment:
+#    "This product includes software developed by the OpenSSL Project
+#    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission. For written permission, please contact
+#    licensing@OpenSSL.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+#    nor may "OpenSSL" appear in their names without prior written
+#    permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+#    acknowledgment:
+#    "This product includes software developed by the OpenSSL Project
+#    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+
+# CMS, PKCS7 consistency test script. Run extensive tests on
+# OpenSSL PKCS#7 and CMS implementations.
+
+my $ossl_path;
+
+if ( -f "../apps/openssl" ) {
+    $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
+}
+elsif ( -f "..\\out32dll\\openssl.exe" ) {
+    $ossl_path = "..\\out32dll\\openssl.exe";
+}
+elsif ( -f "..\\out32\\openssl.exe" ) {
+    $ossl_path = "..\\out32\\openssl.exe";
+}
+else {
+    die "Can't find OpenSSL executable";
+}
+
+my $pk7cmd   = "$ossl_path smime ";
+my $cmscmd   = "$ossl_path cms ";
+my $smdir    = "smime-certs";
+my $halt_err = 1;
+
+my $badcmd = 0;
+my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
+
+my @smime_pkcs7_tests = (
+
+    [
+        "signed content DER format, RSA key",
+        "-sign -in smcont.txt -outform DER -nodetach"
+          . " -certfile $smdir/smroot.pem"
+          . " -signer $smdir/smrsa1.pem -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed detached content DER format, RSA key",
+        "-sign -in smcont.txt -outform DER"
+          . " -signer $smdir/smrsa1.pem -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+    ],
+
+    [
+        "signed content test streaming BER format, RSA",
+        "-sign -in smcont.txt -outform DER -nodetach"
+          . " -stream -signer $smdir/smrsa1.pem -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed content DER format, DSA key",
+        "-sign -in smcont.txt -outform DER -nodetach"
+          . " -signer $smdir/smdsa1.pem -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed detached content DER format, DSA key",
+        "-sign -in smcont.txt -outform DER"
+          . " -signer $smdir/smdsa1.pem -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+    ],
+
+    [
+        "signed detached content DER format, add RSA signer",
+        "-resign -inform DER -in test.cms -outform DER"
+          . " -signer $smdir/smrsa1.pem -out test2.cms",
+        "-verify -in test2.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+    ],
+
+    [
+        "signed content test streaming BER format, DSA key",
+        "-sign -in smcont.txt -outform DER -nodetach"
+          . " -stream -signer $smdir/smdsa1.pem -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed content test streaming BER format, 2 DSA and 2 RSA keys",
+        "-sign -in smcont.txt -outform DER -nodetach"
+          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+          . " -stream -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
+        "-sign -in smcont.txt -outform DER -noattr -nodetach"
+          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+          . " -stream -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
+        "-sign -in smcont.txt -nodetach"
+          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+          . " -stream -out test.cms",
+        "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
+        "-sign -in smcont.txt"
+          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+          . " -stream -out test.cms",
+        "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "enveloped content test streaming S/MIME format, 3 recipients",
+        "-encrypt -in smcont.txt"
+          . " -stream -out test.cms"
+          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+        "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+    ],
+
+    [
+"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
+        "-encrypt -in smcont.txt"
+          . " -stream -out test.cms"
+          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+        "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
+    ],
+
+    [
+"enveloped content test streaming S/MIME format, 3 recipients, key only used",
+        "-encrypt -in smcont.txt"
+          . " -stream -out test.cms"
+          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+        "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
+    ],
+
+    [
+"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+        "-encrypt -in smcont.txt"
+          . " -aes256 -stream -out test.cms"
+          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+        "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+    ],
+
+);
+
+my @smime_cms_tests = (
+
+    [
+        "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
+        "-sign -in smcont.txt -outform DER -nodetach -keyid"
+          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+          . " -stream -out test.cms",
+        "-verify -in test.cms -inform DER "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
+        "-sign -in smcont.txt -outform PEM -nodetach"
+          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+          . " -stream -out test.cms",
+        "-verify -in test.cms -inform PEM "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed content MIME format, RSA key, signed receipt request",
+        "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
+          . " -receipt_request_to test@openssl.org -receipt_request_all"
+          . " -out test.cms",
+        "-verify -in test.cms "
+          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+    ],
+
+    [
+        "signed receipt MIME format, RSA key",
+        "-sign_receipt -in test.cms"
+          . " -signer $smdir/smrsa2.pem"
+          . " -out test2.cms",
+        "-verify_receipt test2.cms -in test.cms"
+          . " -CAfile $smdir/smroot.pem"
+    ],
+
+    [
+        "enveloped content test streaming S/MIME format, 3 recipients, keyid",
+        "-encrypt -in smcont.txt"
+          . " -stream -out test.cms -keyid"
+          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+        "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+    ],
+
+    [
+        "enveloped content test streaming PEM format, KEK",
+        "-encrypt -in smcont.txt -outform PEM -aes128"
+          . " -stream -out test.cms "
+          . " -secretkey 000102030405060708090A0B0C0D0E0F "
+          . " -secretkeyid C0FEE0",
+        "-decrypt -in test.cms -out smtst.txt -inform PEM"
+          . " -secretkey 000102030405060708090A0B0C0D0E0F "
+          . " -secretkeyid C0FEE0"
+    ],
+
+    [
+        "enveloped content test streaming PEM format, KEK, key only",
+        "-encrypt -in smcont.txt -outform PEM -aes128"
+          . " -stream -out test.cms "
+          . " -secretkey 000102030405060708090A0B0C0D0E0F "
+          . " -secretkeyid C0FEE0",
+        "-decrypt -in test.cms -out smtst.txt -inform PEM"
+          . " -secretkey 000102030405060708090A0B0C0D0E0F "
+    ],
+
+    [
+        "data content test streaming PEM format",
+        "-data_create -in smcont.txt -outform PEM -nodetach"
+          . " -stream -out test.cms",
+        "-data_out -in test.cms -inform PEM -out smtst.txt"
+    ],
+
+    [
+        "encrypted content test streaming PEM format, 128 bit RC2 key",
+        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+          . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
+          . " -stream -out test.cms",
+        "-EncryptedData_decrypt -in test.cms -inform PEM "
+          . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
+    ],
+
+    [
+        "encrypted content test streaming PEM format, 40 bit RC2 key",
+        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+          . " -rc2 -secretkey 0001020304"
+          . " -stream -out test.cms",
+        "-EncryptedData_decrypt -in test.cms -inform PEM "
+          . " -secretkey 0001020304 -out smtst.txt"
+    ],
+
+    [
+        "encrypted content test streaming PEM format, triple DES key",
+        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+          . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
+          . " -stream -out test.cms",
+        "-EncryptedData_decrypt -in test.cms -inform PEM "
+          . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
+          . " -out smtst.txt"
+    ],
+
+    [
+        "encrypted content test streaming PEM format, 128 bit AES key",
+        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+          . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
+          . " -stream -out test.cms",
+        "-EncryptedData_decrypt -in test.cms -inform PEM "
+          . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
+    ],
+
+);
+
+my @smime_cms_comp_tests = (
+
+    [
+        "compressed content test streaming PEM format",
+        "-compress -in smcont.txt -outform PEM -nodetach"
+          . " -stream -out test.cms",
+        "-uncompress -in test.cms -inform PEM -out smtst.txt"
+    ]
+
+);
+
+print "PKCS#7 <=> PKCS#7 consistency tests\n";
+
+run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd );
+
+print "CMS => PKCS#7 compatibility tests\n";
+
+run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
+
+print "CMS <= PKCS#7 compatibility tests\n";
+
+run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
+
+print "CMS <=> CMS consistency tests\n";
+
+run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
+run_smime_tests( \$badcmd, \@smime_cms_tests,   $cmscmd, $cmscmd );
+
+if ( `$ossl_path version -f` =~ /ZLIB/ ) {
+    run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
+}
+else {
+    print "Zlib not supported: compression tests skipped\n";
+}
+
+print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
+
+if ($badcmd) {
+    print "$badcmd TESTS FAILED!!\n";
+}
+else {
+    print "ALL TESTS SUCCESSFUL.\n";
+}
+
+unlink "test.cms";
+unlink "test2.cms";
+unlink "smtst.txt";
+unlink "cms.out";
+unlink "cms.err";
+
+sub run_smime_tests {
+    my ( $rv, $aref, $scmd, $vcmd ) = @_;
+
+    foreach $smtst (@$aref) {
+        my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
+        if ($ossl8)
+                {
+                # Skip smime resign: 0.9.8 smime doesn't support -resign        
+                next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
+                # Disable streaming: option not supported in 0.9.8
+                $tnam =~ s/streaming//; 
+                $rscmd =~ s/-stream//;  
+                $rvcmd =~ s/-stream//;
+                }
+        system("$scmd$rscmd 2>cms.err 1>cms.out");
+        if ($?) {
+            print "$tnam: generation error\n";
+            $$rv++;
+            exit 1 if $halt_err;
+            next;
+        }
+        system("$vcmd$rvcmd 2>cms.err 1>cms.out");
+        if ($?) {
+            print "$tnam: verify error\n";
+            $$rv++;
+            exit 1 if $halt_err;
+            next;
+        }
+        if (!cmp_files("smtst.txt", "smcont.txt")) {
+            print "$tnam: content verify error\n";
+            $$rv++;
+            exit 1 if $halt_err;
+            next;
+        }
+        print "$tnam: OK\n";
+    }
+}
+
+sub cmp_files {
+    my ( $f1, $f2 ) = @_;
+    my ( $fp1, $fp2 );
+
+    my ( $rd1, $rd2 );
+
+    if ( !open( $fp1, "<$f1" ) ) {
+        print STDERR "Can't Open file $f1\n";
+        return 0;
+    }
+
+    if ( !open( $fp2, "<$f2" ) ) {
+        print STDERR "Can't Open file $f2\n";
+        return 0;
+    }
+
+    binmode $fp1;
+    binmode $fp2;
+
+    my $ret = 0;
+
+    for ( ; ; ) {
+        $n1 = sysread $fp1, $rd1, 4096;
+        $n2 = sysread $fp2, $rd2, 4096;
+        last if ( $n1 != $n2 );
+        last if ( $rd1 ne $rd2 );
+
+        if ( $n1 == 0 ) {
+            $ret = 1;
+            last;
+        }
+
+    }
+
+    close $fp1;
+    close $fp2;
+
+    return $ret;
+
+}
+
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
new file mode 100644
index 0000000000..e837c0b75b
--- /dev/null
+++ b/src/lib/libssl/test/smcont.txt
@@ -0,0 +1 @@
+Some test content for OpenSSL CMS
\ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
new file mode 100644
index 0000000000..d5677dbfbe
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smdsa1.pem
@@ -0,0 +1,34 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
+OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
+GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
+jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
+wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
+SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
+YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
+C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
+9fMUZq1v0ePD4Wo0Xkxo
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
+CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
+mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
+jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
+CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
+kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
+xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
+CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
+7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
+h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
+4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
+aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
+c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
+kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
+phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
+hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
new file mode 100644
index 0000000000..ef86c115d7
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smdsa2.pem
@@ -0,0 +1,34 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
+OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
+GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
+jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
+wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
+SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
+It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
+VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
+Nf8SimTZYB0/CKje6M5ufA==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
+CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
+mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
+jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
+CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
+kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
+xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
+g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
+6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
+j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
+FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
+rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
+FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
+FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
+6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
+jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
new file mode 100644
index 0000000000..eeb848dabc
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smdsa3.pem
@@ -0,0 +1,34 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
+OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
+GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
+jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
+wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
+SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
+GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
+TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
+Y+XZd0Sv69CatDIRYWvaIA==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
+CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
+mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
+jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
+CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
+kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
+xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
+M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
+aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
+pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
+VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
+aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
+c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
+k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
+rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
+OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
new file mode 100644
index 0000000000..249706c8c7
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smdsap.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
+Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
+gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
+qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
+Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
+GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
+Qw5z
+-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
new file mode 100644
index 0000000000..a59eb2684c
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smroot.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
+9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
+speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
+AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
+JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
+xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
+U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
+Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
+1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
+3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
+3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
+U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
+0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
+ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
+9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
+81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
+BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
+dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
+SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
+l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
+r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
new file mode 100644
index 0000000000..2cf3148e33
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smrsa1.pem
@@ -0,0 +1,31 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
+ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
+JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
+AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
+KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
+JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
+xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
+KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
+Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
+h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
+oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
+QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
+SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
+ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
+yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
+VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
+OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
+EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
+O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
+9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
+I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
new file mode 100644
index 0000000000..d41f69c82f
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smrsa2.pem
@@ -0,0 +1,31 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
+59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
+WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
+AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
++rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
+dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
+bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
+QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
+M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
+iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
+A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
+jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
+6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
+eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
+00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
+VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
+OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
+EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
+rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
+ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
+YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
new file mode 100644
index 0000000000..c8cbe55151
--- /dev/null
+++ b/src/lib/libssl/test/smime-certs/smrsa3.pem
@@ -0,0 +1,31 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
+ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
+h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
+AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
+iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
+/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
+ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
+hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
+OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
+RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
+9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
+GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
+VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
+Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
+Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
+VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
+OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
+EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
+tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
+jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
+PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
index 3ffed12a03..055269eab8 100644
--- a/src/lib/libssl/test/tcrl
+++ b/src/lib/libssl/test/tcrl
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
 cmd='../util/shlib_wrap.sh ../apps/openssl crl'
 
 if [ "$1"x != "x" ]; then
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
index 5b2faa78f1..b109cfe271 100644
--- a/src/lib/libssl/test/testca
+++ b/src/lib/libssl/test/testca
@@ -2,16 +2,16 @@
 
 SH="/bin/sh"
 if test "$OSTYPE" = msdosdjgpp; then
-    PATH=./apps\;../apps\;$PATH
+    PATH="../apps\;$PATH"
 else
-    PATH=../apps:$PATH
+    PATH="../apps:$PATH"
 fi
 export SH PATH
 
 SSLEAY_CONFIG="-config CAss.cnf"
 export SSLEAY_CONFIG
 
-OPENSSL="`pwd`/../util/shlib_wrap.sh openssl"
+OPENSSL="`pwd`/../util/opensslwrap.sh"
 export OPENSSL
 
 /bin/rm -fr demoCA
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
index 4571ea2875..f5ce7c0c45 100644
--- a/src/lib/libssl/test/testenc
+++ b/src/lib/libssl/test/testenc
@@ -7,8 +7,8 @@ cmd="../util/shlib_wrap.sh ../apps/openssl"
 cat $testsrc >$test;
 
 echo cat
-$cmd enc -non-fips-allow < $test > $test.cipher
-$cmd enc -non-fips-allow < $test.cipher >$test.clear
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
 cmp $test $test.clear
 if [ $? != 0 ]
 then
@@ -17,8 +17,8 @@ else
         /bin/rm $test.cipher $test.clear
 fi
 echo base64
-$cmd enc -non-fips-allow -a -e < $test > $test.cipher
-$cmd enc -non-fips-allow -a -d < $test.cipher >$test.clear
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
 cmp $test $test.clear
 if [ $? != 0 ]
 then
@@ -30,8 +30,8 @@ fi
 for i in `$cmd list-cipher-commands`
 do
         echo $i
-        $cmd $i -non-fips-allow -bufsize 113 -e -k test < $test > $test.$i.cipher
-        $cmd $i -non-fips-allow -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+        $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
         cmp $test $test.$i.clear
         if [ $? != 0 ]
         then
@@ -41,8 +41,8 @@ do
         fi
 
         echo $i base64
-        $cmd $i -non-fips-allow -bufsize 113 -a -e -k test < $test > $test.$i.cipher
-        $cmd $i -non-fips-allow -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+        $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
         cmp $test $test.$i.clear
         if [ $? != 0 ]
         then
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
index 79bb6e0edf..3e435ffbf9 100644
--- a/src/lib/libssl/test/tpkcs7
+++ b/src/lib/libssl/test/tpkcs7
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
 cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
index 20394b34c4..64fc28e88f 100644
--- a/src/lib/libssl/test/tpkcs7d
+++ b/src/lib/libssl/test/tpkcs7d
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
 cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
index 7e020210a5..77f37dcf3a 100644
--- a/src/lib/libssl/test/treq
+++ b/src/lib/libssl/test/treq
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
 cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
 
 if [ "$1"x != "x" ]; then
@@ -15,7 +8,7 @@ else
         t=testreq.pem
 fi
 
-if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then
+if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
   echo "skipping req conversion test for $t"
   exit 0
 fi
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
index 67b4a98841..249ac1ddcc 100644
--- a/src/lib/libssl/test/trsa
+++ b/src/lib/libssl/test/trsa
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
 if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   echo skipping rsa conversion test
   exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
index fb4a7213b9..6adbd531ce 100644
--- a/src/lib/libssl/test/tsid
+++ b/src/lib/libssl/test/tsid
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
 cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
 
 if [ "$1"x != "x" ]; then
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
index 1b9c8661f3..4a15b98d17 100644
--- a/src/lib/libssl/test/tx509
+++ b/src/lib/libssl/test/tx509
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
 cmd='../util/shlib_wrap.sh ../apps/openssl x509'
 
 if [ "$1"x != "x" ]; then
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 38838ea9a5..2d1d293e1a 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -55,6 +55,19 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #ifndef HEADER_TLS1_H 
 #define HEADER_TLS1_H 
@@ -65,7 +78,7 @@
 extern "C" {
 #endif
 
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    1
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
 
 #define TLS1_VERSION                    0x0301
 #define TLS1_VERSION_MAJOR              0x03
@@ -83,6 +96,93 @@ extern "C" {
 #define TLS1_AD_INTERNAL_ERROR          80      /* fatal */
 #define TLS1_AD_USER_CANCELLED          90
 #define TLS1_AD_NO_RENEGOTIATION        100
+/* codes 110-114 are from RFC3546 */
+#define TLS1_AD_UNSUPPORTED_EXTENSION   110
+#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+#define TLS1_AD_UNRECOGNIZED_NAME       112
+#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+#define TLS1_AD_UNKNOWN_PSK_IDENTITY    115     /* fatal */
+
+/* ExtensionType values from RFC 3546 */
+#define TLSEXT_TYPE_server_name                 0
+#define TLSEXT_TYPE_max_fragment_length         1
+#define TLSEXT_TYPE_client_certificate_url      2
+#define TLSEXT_TYPE_trusted_ca_keys             3
+#define TLSEXT_TYPE_truncated_hmac              4
+#define TLSEXT_TYPE_status_request              5
+#define TLSEXT_TYPE_elliptic_curves             10
+#define TLSEXT_TYPE_ec_point_formats            11
+#define TLSEXT_TYPE_session_ticket              35
+
+/* NameType value from RFC 3546 */
+#define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC 3546 */
+#define TLSEXT_STATUSTYPE_ocsp 1
+
+#ifndef OPENSSL_NO_TLSEXT
+
+#define TLSEXT_MAXLEN_host_name 255
+
+const char *SSL_get_servername(const SSL *s, const int type) ;
+int SSL_get_servername_type(const SSL *s) ;
+
+#define SSL_set_tlsext_host_name(s,name) \
+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
+
+#define SSL_set_tlsext_debug_callback(ssl, cb) \
+SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+
+#define SSL_set_tlsext_debug_arg(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
+
+#define SSL_set_tlsext_status_type(ssl, type) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
+
+#define SSL_get_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+#define SSL_set_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+#define SSL_get_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+#define SSL_set_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
+
+#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
+
+#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
+
+#define SSL_TLSEXT_ERR_OK 0
+#define SSL_TLSEXT_ERR_ALERT_WARNING 1
+#define SSL_TLSEXT_ERR_ALERT_FATAL 2
+#define SSL_TLSEXT_ERR_NOACK 3
+
+#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
+
+#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+
+#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+
+#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+
+#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+
+#endif
 
 /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
  * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -112,6 +212,60 @@ extern "C" {
 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
 #define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
 
+/* Camellia ciphersuites from RFC4132 */
+#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
+#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
+#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
+#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
+#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
+
+#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
+#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
+#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
+#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
+#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
+
+/* SEED ciphersuites from RFC4162 */
+#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
+#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
+#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
+#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
+#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
+#define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
+#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
+#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
+
+#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
+#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
+#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
+
+#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
+#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
+#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
+
+#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
+#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
+#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
+
+#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
+#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
+#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
+#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
+#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
+
 /* XXX
  * Inconsistency alert:
  * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -142,12 +296,68 @@ extern "C" {
 #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
 #define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
 
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+
+#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
+
+#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+
+#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
+
+#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
+
+/* Camellia ciphersuites from RFC4132 */
+#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
+#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
+
+#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
+#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
+
+/* SEED ciphersuites from RFC4162 */
+#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
+#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
+#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
+#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
 
 #define TLS_CT_RSA_SIGN                 1
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
 #define TLS_CT_DSS_FIXED_DH             4
-#define TLS_CT_NUMBER                   4
+#define TLS_CT_ECDSA_SIGN               64
+#define TLS_CT_RSA_FIXED_ECDH           65
+#define TLS_CT_ECDSA_FIXED_ECDH         66
+#define TLS_CT_NUMBER                   7
 
 #define TLS1_FINISH_MAC_LENGTH          12
 
@@ -193,3 +403,5 @@ extern "C" {
 #endif
 #endif
 
+
+