Opdated to openssl-1.0.1h

xkeyboard-config fontconfig libX11 libxcb xcb-proto mesa xserver git update 26 June 2014

xserver          commit a3b44ad8db1fa2f3b81c1ff9498f31c5323edd37
libxcb           commit 125135452a554e89e49448e2c1ee6658324e1095
libxcb/xcb-proto commit 84bfd909bc3774a459b11614cfebeaa584a1eb38
xkeyboard-config commit 39a226707b133ab5540c2d30176cb3857e74dcca
libX11           commit a4679baaa18142576d42d423afe816447f08336c
fontconfig       commit 274f2181f294af2eff3e8db106ec8d7bab2d3ff1
mesa             commit 9a8acafa47558cafeb37f80f4b30061ac1962c69

17 files changed, 608 insertions, 69 deletions

diff --git a/openssl/ssl/Makefile b/openssl/ssl/Makefile
index debe07405..0045d8983 100644
--- a/openssl/ssl/Makefile
+++ b/openssl/ssl/Makefile
@@ -15,7 +15,7 @@ KRB5_INCLUDES=
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c
+TEST=ssltest.c heartbeat_test.c
 APPS=
 
 LIB=$(TOP)/libssl.a
diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c
index 2e8cf681e..04aa23107 100644
--- a/openssl/ssl/d1_both.c
+++ b/openssl/ssl/d1_both.c
@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 		frag->msg_header.frag_off = 0;
 		}
 	else
+		{
 		frag = (hm_fragment*) item->data;
+		if (frag->msg_header.msg_len != msg_hdr->msg_len)
+			{
+			item = NULL;
+			frag = NULL;
+			goto err;
+			}
+		}
+
 
 	/* If message is already reassembled, this must be a
 	 * retransmit and can be dropped.
@@ -674,8 +683,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 		item = pitem_new(seq64be, frag);
 		if (item == NULL)
 			{
-			goto err;
 			i = -1;
+			goto err;
 			}
 
 		pqueue_insert(s->d1->buffered_messages, item);
@@ -784,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 	int i,al;
 	struct hm_header_st msg_hdr;
 
+	redo:
 	/* see if we have the required fragment already */
 	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
 		{
@@ -842,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 					s->msg_callback_arg);
 			
 			s->init_num = 0;
-			return dtls1_get_message_fragment(s, st1, stn,
-				max, ok);
+			goto redo;
 			}
 		else /* Incorrectly formated Hello request */
 			{
diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c
index 106939f24..6bde16fa2 100644
--- a/openssl/ssl/d1_lib.c
+++ b/openssl/ssl/d1_lib.c
@@ -176,9 +176,12 @@ static void dtls1_clear_queues(SSL *s)
 
 	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
 		{
-		frag = (hm_fragment *)item->data;
-		OPENSSL_free(frag->fragment);
-		OPENSSL_free(frag);
+		rdata = (DTLS1_RECORD_DATA *) item->data;
+		if (rdata->rbuf.buf)
+			{
+			OPENSSL_free(rdata->rbuf.buf);
+			}
+		OPENSSL_free(item->data);
 		pitem_free(item);
 		}
 	}
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index 8186462d4..438c0913d 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -239,14 +239,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 	}
 #endif
 
-	/* insert should not fail, since duplicates are dropped */
-	if (pqueue_insert(queue->q, item) == NULL)
-		{
-		OPENSSL_free(rdata);
-		pitem_free(item);
-		return(0);
-		}
-
 	s->packet = NULL;
 	s->packet_length = 0;
 	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -259,7 +251,16 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 		pitem_free(item);
 		return(0);
 		}
-	
+
+	/* insert should not fail, since duplicates are dropped */
+	if (pqueue_insert(queue->q, item) == NULL)
+		{
+		SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+		OPENSSL_free(rdata);
+		pitem_free(item);
+		return(0);
+		}
+
 	return(1);
 	}
 
diff --git a/openssl/ssl/d1_srvr.c b/openssl/ssl/d1_srvr.c
index 9975e2087..1384ab0cb 100644
--- a/openssl/ssl/d1_srvr.c
+++ b/openssl/ssl/d1_srvr.c
@@ -1356,6 +1356,7 @@ int dtls1_send_server_key_exchange(SSL *s)
 			    (unsigned char *)encodedPoint, 
 			    encodedlen);
 			OPENSSL_free(encodedPoint);
+			encodedPoint = NULL;
 			p += encodedlen;
 			}
 #endif
diff --git a/openssl/ssl/heartbeat_test.c b/openssl/ssl/heartbeat_test.c
new file mode 100644
index 000000000..d8cc55998
--- /dev/null
+++ b/openssl/ssl/heartbeat_test.c
@@ -0,0 +1,465 @@
+/* test/heartbeat_test.c */
+/*
+ * Unit test for TLS heartbeats.
+ *
+ * Acts as a regression test against the Heartbleed bug (CVE-2014-0160).
+ *
+ * Author:  Mike Bland (mbland@acm.org, http://mike-bland.com/)
+ * Date:    2014-04-12
+ * License: Creative Commons Attribution 4.0 International (CC By 4.0)
+ *          http://creativecommons.org/licenses/by/4.0/deed.en_US
+ *
+ * OUTPUT
+ * ------
+ * The program returns zero on success. It will print a message with a count
+ * of the number of failed tests and return nonzero if any tests fail.
+ *
+ * It will print the contents of the request and response buffers for each
+ * failing test. In a "fixed" version, all the tests should pass and there
+ * should be no output.
+ *
+ * In a "bleeding" version, you'll see:
+ *
+ *   test_dtls1_heartbleed failed:
+ *     expected payload len: 0
+ *     received: 1024
+ *   sent 26 characters
+ *     "HEARTBLEED                "
+ *   received 1024 characters
+ *     "HEARTBLEED                \xde\xad\xbe\xef..."
+ *   ** test_dtls1_heartbleed failed **
+ *
+ * The contents of the returned buffer in the failing test will depend on the
+ * contents of memory on your machine.
+ *
+ * MORE INFORMATION
+ * ----------------
+ * http://mike-bland.com/2014/04/12/heartbleed.html
+ * http://mike-bland.com/tags/heartbleed.html
+ */
+
+#include "../ssl/ssl_locl.h"
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_SYS_WINDOWS)
+
+/* As per https://tools.ietf.org/html/rfc6520#section-4 */
+#define MIN_PADDING_SIZE	16
+
+/* Maximum number of payload characters to print as test output */
+#define MAX_PRINTABLE_CHARACTERS	1024
+
+typedef struct heartbeat_test_fixture
+	{
+	SSL_CTX *ctx;
+	SSL *s;
+	const char* test_case_name;
+	int (*process_heartbeat)(SSL* s);
+	unsigned char* payload;
+	int sent_payload_len;
+	int expected_return_value;
+	int return_payload_offset;
+	int expected_payload_len;
+	const char* expected_return_payload;
+	} HEARTBEAT_TEST_FIXTURE;
+
+static HEARTBEAT_TEST_FIXTURE set_up(const char* const test_case_name,
+	const SSL_METHOD* meth)
+	{
+	HEARTBEAT_TEST_FIXTURE fixture;
+	int setup_ok = 1;
+	memset(&fixture, 0, sizeof(fixture));
+	fixture.test_case_name = test_case_name;
+
+	fixture.ctx = SSL_CTX_new(meth);
+	if (!fixture.ctx)
+		{
+		fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n",
+			test_case_name);
+		setup_ok = 0;
+		goto fail;
+		}
+
+	fixture.s = SSL_new(fixture.ctx);
+	if (!fixture.s)
+		{
+		fprintf(stderr, "Failed to allocate SSL for test: %s\n", test_case_name);
+		setup_ok = 0;
+		goto fail;
+		}
+
+	if (!ssl_init_wbio_buffer(fixture.s, 1))
+		{
+		fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
+			test_case_name);
+		setup_ok = 0;
+		goto fail;
+		}
+
+	if (!ssl3_setup_buffers(fixture.s))
+		{
+		fprintf(stderr, "Failed to setup buffers for test: %s\n",
+			test_case_name);
+		setup_ok = 0;
+		goto fail;
+		}
+
+	/* Clear the memory for the return buffer, since this isn't automatically
+	 * zeroed in opt mode and will cause spurious test failures that will change
+	 * with each execution.
+	 */
+	memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len);
+
+	fail:
+	if (!setup_ok)
+		{
+		ERR_print_errors_fp(stderr);
+		exit(EXIT_FAILURE);
+		}
+	return fixture;
+	}
+
+static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char* const test_case_name)
+	{
+	HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
+		DTLSv1_server_method());
+	fixture.process_heartbeat = dtls1_process_heartbeat;
+
+	/* As per dtls1_get_record(), skipping the following from the beginning of
+	 * the returned heartbeat message:
+	 * type-1 byte; version-2 bytes; sequence number-8 bytes; length-2 bytes
+	 *
+	 * And then skipping the 1-byte type encoded by process_heartbeat for
+	 * a total of 14 bytes, at which point we can grab the length and the
+	 * payload we seek.
+	 */
+	fixture.return_payload_offset = 14;
+	return fixture;
+	}
+
+/* Needed by ssl3_write_bytes() */
+static int dummy_handshake(SSL* s)
+	{
+	return 1;
+	}
+
+static HEARTBEAT_TEST_FIXTURE set_up_tls(const char* const test_case_name)
+	{
+	HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
+		TLSv1_server_method());
+	fixture.process_heartbeat = tls1_process_heartbeat;
+	fixture.s->handshake_func = dummy_handshake;
+
+	/* As per do_ssl3_write(), skipping the following from the beginning of
+	 * the returned heartbeat message:
+	 * type-1 byte; version-2 bytes; length-2 bytes
+	 *
+	 * And then skipping the 1-byte type encoded by process_heartbeat for
+	 * a total of 6 bytes, at which point we can grab the length and the payload
+	 * we seek.
+	 */
+	fixture.return_payload_offset = 6;
+	return fixture;
+	}
+
+static void tear_down(HEARTBEAT_TEST_FIXTURE fixture)
+	{
+	ERR_print_errors_fp(stderr);
+	SSL_free(fixture.s);
+	SSL_CTX_free(fixture.ctx);
+	}
+
+static void print_payload(const char* const prefix,
+		const unsigned char *payload, const int n)
+	{
+	const int end = n < MAX_PRINTABLE_CHARACTERS ? n
+	    : MAX_PRINTABLE_CHARACTERS;
+	int i = 0;
+
+	printf("%s %d character%s", prefix, n, n == 1 ? "" : "s");
+	if (end != n) printf(" (first %d shown)", end);
+	printf("\n  \"");
+
+	for (; i != end; ++i)
+		{
+		const unsigned char c = payload[i];
+		if (isprint(c)) fputc(c, stdout);
+		else printf("\\x%02x", c);
+		}
+	printf("\"\n");
+	}
+
+static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture)
+	{
+	int result = 0;
+	SSL* s = fixture.s;
+	unsigned char *payload = fixture.payload;
+	unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1];
+	int return_value;
+	unsigned const char *p;
+	int actual_payload_len;
+
+	s->s3->rrec.data = payload;
+	s->s3->rrec.length = strlen((const char*)payload);
+	*payload++ = TLS1_HB_REQUEST;
+	s2n(fixture.sent_payload_len, payload);
+
+	/* Make a local copy of the request, since it gets overwritten at some
+	 * point */
+	memcpy((char *)sent_buf, (const char*)payload, sizeof(sent_buf));
+
+	return_value = fixture.process_heartbeat(s);
+
+	if (return_value != fixture.expected_return_value)
+		{
+		printf("%s failed: expected return value %d, received %d\n",
+					 fixture.test_case_name, fixture.expected_return_value,
+					 return_value);
+		result = 1;
+		}
+
+	/* If there is any byte alignment, it will be stored in wbuf.offset. */
+	p = &(s->s3->wbuf.buf[
+			fixture.return_payload_offset + s->s3->wbuf.offset]);
+	actual_payload_len = 0;
+	n2s(p, actual_payload_len);
+
+	if (actual_payload_len != fixture.expected_payload_len)
+		{
+		printf("%s failed:\n  expected payload len: %d\n  received: %d\n",
+					 fixture.test_case_name, fixture.expected_payload_len,
+					 actual_payload_len);
+		print_payload("sent", sent_buf, strlen((const char*)sent_buf));
+		print_payload("received", p, actual_payload_len);
+		result = 1;
+		}
+	else
+		{
+		char* actual_payload = BUF_strndup((const char*)p, actual_payload_len);
+		if (strcmp(actual_payload, fixture.expected_return_payload) != 0)
+			{
+			printf("%s failed:\n  expected payload: \"%s\"\n  received: \"%s\"\n",
+						 fixture.test_case_name, fixture.expected_return_payload,
+						 actual_payload);
+			result = 1;
+			}
+		OPENSSL_free(actual_payload);
+		}
+
+	if (result != 0)
+		{
+		printf("** %s failed **\n--------\n", fixture.test_case_name);
+		}
+	return result;
+	}
+
+static int honest_payload_size(unsigned char payload_buf[])
+	{
+	/* Omit three-byte pad at the beginning for type and payload length */
+	return strlen((const char*)&payload_buf[3]) - MIN_PADDING_SIZE;
+	}
+
+#define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
+	HEARTBEAT_TEST_FIXTURE fixture = set_up_##type(__func__);\
+	int result = 0
+
+#define EXECUTE_HEARTBEAT_TEST()\
+	if (execute_heartbeat(fixture) != 0) result = 1;\
+	tear_down(fixture);\
+	return result
+
+static int test_dtls1_not_bleeding()
+	{
+	SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+	/* Three-byte pad at the beginning for type and payload length */
+	unsigned char payload_buf[] = "   Not bleeding, sixteen spaces of padding"
+		"                ";
+	const int payload_buf_len = honest_payload_size(payload_buf);
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = payload_buf_len;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = payload_buf_len;
+	fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_dtls1_not_bleeding_empty_payload()
+	{
+	int payload_buf_len;
+
+	SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+	/* Three-byte pad at the beginning for type and payload length, plus a NUL
+	 * at the end */
+	unsigned char payload_buf[4 + MIN_PADDING_SIZE];
+	memset(payload_buf, ' ', sizeof(payload_buf));
+	payload_buf[sizeof(payload_buf) - 1] = '\0';
+	payload_buf_len = honest_payload_size(payload_buf);
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = payload_buf_len;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = payload_buf_len;
+	fixture.expected_return_payload = "";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_dtls1_heartbleed()
+	{
+	SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+	/* Three-byte pad at the beginning for type and payload length */
+	unsigned char payload_buf[] = "   HEARTBLEED                ";
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = 0;
+	fixture.expected_return_payload = "";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_dtls1_heartbleed_empty_payload()
+	{
+	SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+	/* Excluding the NUL at the end, one byte short of type + payload length +
+	 * minimum padding */
+	unsigned char payload_buf[MIN_PADDING_SIZE + 3];
+	memset(payload_buf, ' ', sizeof(payload_buf));
+	payload_buf[sizeof(payload_buf) - 1] = '\0';
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = 0;
+	fixture.expected_return_payload = "";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_dtls1_heartbleed_excessive_plaintext_length()
+	{
+	SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+	/* Excluding the NUL at the end, one byte in excess of maximum allowed
+	 * heartbeat message length */
+	unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2];
+	memset(payload_buf, ' ', sizeof(payload_buf));
+	payload_buf[sizeof(payload_buf) - 1] = '\0';
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = honest_payload_size(payload_buf);
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = 0;
+	fixture.expected_return_payload = "";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_tls1_not_bleeding()
+	{
+	SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+	/* Three-byte pad at the beginning for type and payload length */
+	unsigned char payload_buf[] = "   Not bleeding, sixteen spaces of padding"
+					"                ";
+	const int payload_buf_len = honest_payload_size(payload_buf);
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = payload_buf_len;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = payload_buf_len;
+	fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_tls1_not_bleeding_empty_payload()
+	{
+	int payload_buf_len;
+
+	SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+	/* Three-byte pad at the beginning for type and payload length, plus a NUL
+	 * at the end */
+	unsigned char payload_buf[4 + MIN_PADDING_SIZE];
+	memset(payload_buf, ' ', sizeof(payload_buf));
+	payload_buf[sizeof(payload_buf) - 1] = '\0';
+	payload_buf_len = honest_payload_size(payload_buf);
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = payload_buf_len;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = payload_buf_len;
+	fixture.expected_return_payload = "";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_tls1_heartbleed()
+	{
+	SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+	/* Three-byte pad at the beginning for type and payload length */
+	unsigned char payload_buf[] = "   HEARTBLEED                ";
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = 0;
+	fixture.expected_return_payload = "";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+static int test_tls1_heartbleed_empty_payload()
+	{
+	SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+	/* Excluding the NUL at the end, one byte short of type + payload length +
+	 * minimum padding */
+	unsigned char payload_buf[MIN_PADDING_SIZE + 3];
+	memset(payload_buf, ' ', sizeof(payload_buf));
+	payload_buf[sizeof(payload_buf) - 1] = '\0';
+
+	fixture.payload = &payload_buf[0];
+	fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+	fixture.expected_return_value = 0;
+	fixture.expected_payload_len = 0;
+	fixture.expected_return_payload = "";
+	EXECUTE_HEARTBEAT_TEST();
+	}
+
+#undef EXECUTE_HEARTBEAT_TEST
+#undef SETUP_HEARTBEAT_TEST_FIXTURE
+
+int main(int argc, char *argv[])
+	{
+	int num_failed;
+
+	SSL_library_init();
+	SSL_load_error_strings();
+
+	num_failed = test_dtls1_not_bleeding() +
+	    test_dtls1_not_bleeding_empty_payload() +
+	    test_dtls1_heartbleed() +
+	    test_dtls1_heartbleed_empty_payload() +
+	    /* The following test causes an assertion failure at
+	     * ssl/d1_pkt.c:dtls1_write_bytes() in versions prior to 1.0.1g: */
+	    (OPENSSL_VERSION_NUMBER >= 0x1000107fL ?
+	     test_dtls1_heartbleed_excessive_plaintext_length() : 0) +
+	    test_tls1_not_bleeding() +
+	    test_tls1_not_bleeding_empty_payload() +
+	    test_tls1_heartbleed() +
+	    test_tls1_heartbleed_empty_payload() +
+	    0;
+
+	ERR_print_errors_fp(stderr);
+
+	if (num_failed != 0)
+		{
+		printf("%d test%s failed\n", num_failed, num_failed != 1 ? "s" : "");
+		return EXIT_FAILURE;
+		}
+	return EXIT_SUCCESS;
+	}
+
+#else /* OPENSSL_NO_HEARTBEATS*/
+
+int main(int argc, char *argv[])
+	{
+		return EXIT_SUCCESS;
+	}
+#endif /* OPENSSL_NO_HEARTBEATS */
diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c
index a6b3c01af..0457af878 100644
--- a/openssl/ssl/s3_clnt.c
+++ b/openssl/ssl/s3_clnt.c
@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
 		case SSL3_ST_CR_FINISHED_A:
 		case SSL3_ST_CR_FINISHED_B:
 
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
 				SSL3_ST_CR_FINISHED_B);
 			if (ret <= 0) goto end;
@@ -915,6 +916,7 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
 		goto f_err;
 		}
+	    s->s3->flags |= SSL3_FLAGS_CCS_OK;
 	    s->hit=1;
 	    }
 	else	/* a miss or crap from the other end */
@@ -2510,6 +2512,13 @@ int ssl3_send_client_key_exchange(SSL *s)
 			int ecdh_clnt_cert = 0;
 			int field_size = 0;
 
+			if (s->session->sess_cert == NULL) 
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+				goto err;
+				}
+
 			/* Did we send out the client's
 			 * ECDH share for use in premaster
 			 * computation as part of client certificate?
diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c
index 96ba63262..59011e39c 100644
--- a/openssl/ssl/s3_pkt.c
+++ b/openssl/ssl/s3_pkt.c
@@ -110,6 +110,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "ssl_locl.h"
@@ -580,10 +581,11 @@ int ssl3_do_compress(SSL *ssl)
 int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 	{
 	const unsigned char *buf=buf_;
-	unsigned int tot,n,nw;
-	int i;
+	unsigned int n,nw;
+	int i,tot;
 
 	s->rwstate=SSL_NOTHING;
+	OPENSSL_assert(s->s3->wnum <= INT_MAX);
 	tot=s->s3->wnum;
 	s->s3->wnum=0;
 
@@ -598,6 +600,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 			}
 		}
 
+	/* ensure that if we end up with a smaller value of data to write 
+	 * out than the the original len from a write which didn't complete 
+	 * for non-blocking I/O and also somehow ended up avoiding 
+	 * the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
+	 * it must never be possible to end up with (len-tot) as a large
+	 * number that will then promptly send beyond the end of the users
+	 * buffer ... so we trap and report the error in a way the user
+	 * will notice
+	 */
+	if (len < tot)
+		{
+		SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
+		return(-1);
+		}
+
+
 	n=(len-tot);
 	for (;;)
 		{
@@ -641,9 +659,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	SSL3_BUFFER *wb=&(s->s3->wbuf);
 	SSL_SESSION *sess;
 
- 	if (wb->buf == NULL)
-		if (!ssl3_setup_write_buffer(s))
-			return -1;
 
 	/* first check if there is a SSL3_BUFFER still being written
 	 * out.  This will happen with non blocking IO */
@@ -659,6 +674,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 		/* if it went, fall through and send more stuff */
 		}
 
+ 	if (wb->buf == NULL)
+		if (!ssl3_setup_write_buffer(s))
+			return -1;
+
 	if (len == 0 && !create_empty_fragment)
 		return 0;
 
@@ -1055,7 +1074,7 @@ start:
 				{
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->off=0;
-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
 					ssl3_release_read_buffer(s);
 				}
 			}
@@ -1297,6 +1316,15 @@ start:
 			goto f_err;
 			}
 
+		if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+			goto f_err;
+			}
+
+		s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
 		rr->length=0;
 
 		if (s->msg_callback)
@@ -1431,7 +1459,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
 	if (s->s3->tmp.key_block == NULL)
 		{
-		if (s->session == NULL) 
+		if (s->session == NULL || s->session->master_key_length == 0)
 			{
 			/* might happen if dtls1_read_bytes() calls this */
 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index 9ac19c05f..503bed3fe 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
 		case SSL3_ST_SR_CERT_VRFY_A:
 		case SSL3_ST_SR_CERT_VRFY_B:
 
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
 
 		case SSL3_ST_SR_FINISHED_A:
 		case SSL3_ST_SR_FINISHED_B:
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
 				SSL3_ST_SR_FINISHED_B);
 			if (ret <= 0) goto end;
@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
 #else
 				if (s->s3->next_proto_neg_seen)
+					{
+					s->s3->flags |= SSL3_FLAGS_CCS_OK;
 					s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
+					}
 				else
 					s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
 #endif
@@ -2097,6 +2102,11 @@ int ssl3_send_certificate_request(SSL *s)
 		s->init_num=n+4;
 		s->init_off=0;
 #ifdef NETSCAPE_HANG_BUG
+		if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
+			{
+			SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+			goto err;
+			}
 		p=(unsigned char *)s->init_buf->data + s->init_num;
 
 		/* do the header */
@@ -2813,6 +2823,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 			unsigned char premaster_secret[32], *start;
 			size_t outlen=32, inlen;
 			unsigned long alg_a;
+			int Ttag, Tclass;
+			long Tlen;
 
 			/* Get our certificate private key*/
 			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -2834,26 +2846,15 @@ int ssl3_get_client_key_exchange(SSL *s)
 					ERR_clear_error();
 				}
 			/* Decrypt session key */
-			if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) 
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-				goto gerr;
-				}
-			if (p[1] == 0x81)
-				{
-				start = p+3;
-				inlen = p[2];
-				}
-			else if (p[1] < 0x80)
-				{
-				start = p+2;
-				inlen = p[1];
-				}
-			else
+			if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED || 
+				Ttag != V_ASN1_SEQUENCE ||
+			 	Tclass != V_ASN1_UNIVERSAL) 
 				{
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
 				goto gerr;
 				}
+			start = p;
+			inlen = Tlen;
 			if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
 
 				{
diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com
index c7bc6fbd7..05bda755b 100644
--- a/openssl/ssl/ssl-lib.com
+++ b/openssl/ssl/ssl-lib.com
@@ -857,7 +857,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4'"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
@@ -1022,6 +1022,18 @@ $!  Finish up the definition of CC.
 $!
 $   IF COMPILER .EQS. "DECC"
 $   THEN
+$!    Not all compiler versions support MAYLOSEDATA3.
+$     OPT_TEST = "MAYLOSEDATA3"
+$     DEFINE /USER_MODE SYS$ERROR NL:
+$     DEFINE /USER_MODE SYS$OUTPUT NL:
+$     'CC' /NOCROSS_REFERENCE /NOLIST /NOOBJECT -
+       /WARNINGS = DISABLE = ('OPT_TEST', EMPTYFILE) NL:
+$     IF ($SEVERITY)
+$     THEN
+$       IF CCDISABLEWARNINGS .NES. "" THEN -
+         CCDISABLEWARNINGS = CCDISABLEWARNINGS+ ","
+$       CCDISABLEWARNINGS = CCDISABLEWARNINGS+ OPT_TEST
+$     ENDIF
 $     IF CCDISABLEWARNINGS .EQS. ""
 $     THEN
 $       CC4DISABLEWARNINGS = "DOLLARID"
diff --git a/openssl/ssl/ssl.h b/openssl/ssl/ssl.h
index 7219a0e64..4c1242c9d 100644
--- a/openssl/ssl/ssl.h
+++ b/openssl/ssl/ssl.h
@@ -553,7 +553,7 @@ struct ssl_session_st
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
+#define SSL_OP_TLSEXT_PADDING				0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
 #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
@@ -562,6 +562,8 @@ struct ssl_session_st
 
 /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
 #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x0
+/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x0
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
diff --git a/openssl/ssl/ssl3.h b/openssl/ssl/ssl3.h
index cb8b2492e..37f19e3ab 100644
--- a/openssl/ssl/ssl3.h
+++ b/openssl/ssl/ssl3.h
@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
+#define SSL3_FLAGS_CCS_OK			0x0080
  
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
  * restart a handshake because of MS SGC and so prevents us
diff --git a/openssl/ssl/ssl_asn1.c b/openssl/ssl/ssl_asn1.c
index 38540be1e..477500371 100644
--- a/openssl/ssl/ssl_asn1.c
+++ b/openssl/ssl/ssl_asn1.c
@@ -408,6 +408,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 		if (os.length != 3)
 			{
 			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+			c.line=__LINE__;
 			goto err;
 			}
 		id=0x02000000L|
@@ -420,6 +421,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 		if (os.length != 2)
 			{
 			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+			c.line=__LINE__;
 			goto err;
 			}
 		id=0x03000000L|
@@ -429,6 +431,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	else
 		{
 		c.error=SSL_R_UNKNOWN_SSL_VERSION;
+		c.line=__LINE__;
 		goto err;
 		}
 	
@@ -521,6 +524,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
 		{
 		c.error=SSL_R_BAD_LENGTH;
+		c.line=__LINE__;
 		goto err;
 		}
 	    else
diff --git a/openssl/ssl/ssl_err.c b/openssl/ssl/ssl_err.c
index 370fb57e3..49ab43e0e 100644
--- a/openssl/ssl/ssl_err.c
+++ b/openssl/ssl/ssl_err.c
@@ -541,7 +541,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
 {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
 {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
-{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"},
+{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbeats"},
 {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"},
 {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"},
 {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
diff --git a/openssl/ssl/ssl_lib.c b/openssl/ssl/ssl_lib.c
index 6dbc3c1f7..ef6258ca9 100644
--- a/openssl/ssl/ssl_lib.c
+++ b/openssl/ssl/ssl_lib.c
@@ -1349,6 +1349,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 
 	p=buf;
 	sk=s->session->ciphers;
+
+	if (sk_SSL_CIPHER_num(sk) == 0)
+		return NULL;
+
 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
 		int n;
diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c
index 0c4cddedf..ac8c15399 100644
--- a/openssl/ssl/t1_enc.c
+++ b/openssl/ssl/t1_enc.c
@@ -1048,14 +1048,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	if (!stream_mac)
 		EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
 printf("seq=");
 {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
 printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
 #endif
 
 	if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
@@ -1185,7 +1181,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
 	if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
 		 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
 
-	rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+	rv = tls1_PRF(ssl_get_algorithm2(s),
 		      val, vallen,
 		      NULL, 0,
 		      NULL, 0,
diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c
index bddffd92c..3b8d5153e 100644
--- a/openssl/ssl/t1_lib.c
+++ b/openssl/ssl/t1_lib.c
@@ -617,6 +617,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
 #ifndef OPENSSL_NO_HEARTBEATS
 	/* Add Heartbeat extension */
+	if ((limit - ret - 4 - 1) < 0)
+		return NULL;
 	s2n(TLSEXT_TYPE_heartbeat,ret);
 	s2n(1,ret);
 	/* Set mode:
@@ -661,36 +663,35 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 ret += el;
                 }
 #endif
-
-#ifdef TLSEXT_TYPE_padding
 	/* Add padding to workaround bugs in F5 terminators.
 	 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
 	 *
 	 * NB: because this code works out the length of all existing
 	 * extensions it MUST always appear last.
 	 */
-	{
-	int hlen = ret - (unsigned char *)s->init_buf->data;
-	/* The code in s23_clnt.c to build ClientHello messages includes the
-	 * 5-byte record header in the buffer, while the code in s3_clnt.c does
-	 * not. */
-	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-		hlen -= 5;
-	if (hlen > 0xff && hlen < 0x200)
+	if (s->options & SSL_OP_TLSEXT_PADDING)
 		{
-		hlen = 0x200 - hlen;
-		if (hlen >= 4)
-			hlen -= 4;
-		else
-			hlen = 0;
+		int hlen = ret - (unsigned char *)s->init_buf->data;
+		/* The code in s23_clnt.c to build ClientHello messages
+		 * includes the 5-byte record header in the buffer, while
+		 * the code in s3_clnt.c does not.
+		 */
+		if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+			hlen -= 5;
+		if (hlen > 0xff && hlen < 0x200)
+			{
+			hlen = 0x200 - hlen;
+			if (hlen >= 4)
+				hlen -= 4;
+			else
+				hlen = 0;
 
-		s2n(TLSEXT_TYPE_padding, ret);
-		s2n(hlen, ret);
-		memset(ret, 0, hlen);
-		ret += hlen;
+			s2n(TLSEXT_TYPE_padding, ret);
+			s2n(hlen, ret);
+			memset(ret, 0, hlen);
+			ret += hlen;
+			}
 		}
-	}
-#endif
 
 	if ((extdatalen = ret-p-2)== 0) 
 		return p;
@@ -845,6 +846,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	/* Add Heartbeat extension if we've received one */
 	if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
 		{
+		if ((limit - ret - 4 - 1) < 0)
+			return NULL;
 		s2n(TLSEXT_TYPE_heartbeat,ret);
 		s2n(1,ret);
 		/* Set mode: