diff -up openssl-1.0.0-beta4/apps/ca.c.backports2 openssl-1.0.0-beta4/apps/ca.c
--- openssl-1.0.0-beta4/apps/ca.c.backports2	2009-10-04 18:43:21.000000000 +0200
+++ openssl-1.0.0-beta4/apps/ca.c	2010-01-07 23:16:08.000000000 +0100
@@ -215,7 +215,6 @@ static int certify_spkac(X509 **xret, ch
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
-static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
@@ -2334,25 +2333,9 @@ static int certify_spkac(X509 **xret, ch
 			continue;
 			}
 
-		/*
-		if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
-			continue;
-		*/
-		
-		j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-		if (fix_data(nid, &j) == 0)
-			{
-			BIO_printf(bio_err,
-				"invalid characters in string %s\n",buf);
-			goto err;
-			}
-
-		if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
-			(unsigned char *)buf,
-			strlen(buf))) == NULL)
+		if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+				(unsigned char *)buf, -1, -1, 0))
 			goto err;
-
-		if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
 		}
 	if (spki == NULL)
 		{
@@ -2395,21 +2378,6 @@ err:
 	return(ok);
 	}
 
-static int fix_data(int nid, int *type)
-	{
-	if (nid == NID_pkcs9_emailAddress)
-		*type=V_ASN1_IA5STRING;
-	if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-	if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-	if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
-		return(0);
-	if (nid == NID_pkcs9_unstructuredName)
-		*type=V_ASN1_IA5STRING;
-	return(1);
-	}
-
 static int check_time_format(const char *str)
 	{
 	return ASN1_TIME_set_string(NULL, str);
diff -up openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c.backports2 openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c
--- openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c.backports2	2008-11-12 04:57:49.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c	2010-01-07 23:16:08.000000000 +0100
@@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(
 		if (!ameth->info)
 			goto err;
 		}
+	else
+		ameth->info = NULL;
 
 	if (pem_str)
 		{
@@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(
 		if (!ameth->pem_str)
 			goto err;
 		}
+	else
+		ameth->pem_str = NULL;
 
 	ameth->pub_decode = 0;
 	ameth->pub_encode = 0;
diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.backports2 openssl-1.0.0-beta4/crypto/bio/b_sock.c
--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.backports2	2010-01-07 23:16:08.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/bio/b_sock.c	2010-01-07 23:16:08.000000000 +0100
@@ -595,7 +595,7 @@ int BIO_get_accept_socket(char *host, in
 		struct sockaddr_in6 sa_in6;
 #endif
 	} server,client;
-	int s=INVALID_SOCKET,cs;
+	int s=INVALID_SOCKET,cs,addrlen;
 	unsigned char ip[4];
 	unsigned short port;
 	char *str=NULL,*e;
@@ -666,8 +666,10 @@ int BIO_get_accept_socket(char *host, in
 
 	if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
 
-	memcpy(&server, res->ai_addr,
-		res->ai_addrlen<=sizeof(server)?res->ai_addrlen:sizeof(server));
+	addrlen = res->ai_addrlen<=sizeof(server) ?
+			res->ai_addrlen :
+			sizeof(server);
+	memcpy(&server, res->ai_addr, addrlen);
 
 	(*p_freeaddrinfo.f)(res);
 	goto again;
@@ -679,6 +681,7 @@ int BIO_get_accept_socket(char *host, in
 	memset((char *)&server,0,sizeof(server));
 	server.sa_in.sin_family=AF_INET;
 	server.sa_in.sin_port=htons(port);
+	addrlen = sizeof(server.sa_in);
 
 	if (h == NULL || strcmp(h,"*") == 0)
 		server.sa_in.sin_addr.s_addr=INADDR_ANY;
@@ -712,7 +715,7 @@ again:
 		bind_mode=BIO_BIND_NORMAL;
 		}
 #endif
-	if (bind(s,&server.sa,sizeof(server)) == -1)
+	if (bind(s,&server.sa,addrlen) == -1)
 		{
 #ifdef SO_REUSEADDR
 		err_num=get_last_socket_error();
@@ -740,7 +743,7 @@ again:
 			if (cs != INVALID_SOCKET)
 				{
 				int ii;
-				ii=connect(cs,&client.sa,sizeof(client));
+				ii=connect(cs,&client.sa,addrlen);
 				closesocket(cs);
 				if (ii == INVALID_SOCKET)
 					{
diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.backports2 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c
--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.backports2	2010-01-07 23:16:08.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c	2010-01-07 23:16:08.000000000 +0100
@@ -335,11 +335,21 @@ static int dgram_write(BIO *b, const cha
 	if ( data->connected )
 		ret=writesocket(b->num,in,inl);
 	else
+		{
+		int peerlen = sizeof(data->peer);
+
+		if (data->peer.sa.sa_family == AF_INET)
+			peerlen = sizeof(data->peer.sa_in);
+#if OPENSSL_USE_IVP6
+		else if (data->peer.sa.sa_family == AF_INET6)
+			peerlen = sizeof(data->peer.sa_in6);
+#endif
 #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-		ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
+		ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
 #else
-		ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
+		ret=sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
 #endif
+		}
 
 	BIO_clear_retry_flags(b);
 	if (ret <= 0)
diff -up openssl-1.0.0-beta4/crypto/bn/bn_mul.c.backports2 openssl-1.0.0-beta4/crypto/bn/bn_mul.c
--- openssl-1.0.0-beta4/crypto/bn/bn_mul.c.backports2	2009-06-17 13:47:54.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/bn/bn_mul.c	2010-01-07 23:16:08.000000000 +0100
@@ -1032,15 +1032,15 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, c
 				goto err;
 			if (al > j || bl > j)
 				{
-				bn_wexpand(t,k*4);
-				bn_wexpand(rr,k*4);
+				if (bn_wexpand(t,k*4) == NULL) goto err;
+				if (bn_wexpand(rr,k*4) == NULL) goto err;
 				bn_mul_part_recursive(rr->d,a->d,b->d,
 					j,al-j,bl-j,t->d);
 				}
 			else	/* al <= j || bl <= j */
 				{
-				bn_wexpand(t,k*2);
-				bn_wexpand(rr,k*2);
+				if (bn_wexpand(t,k*2) == NULL) goto err;
+				if (bn_wexpand(rr,k*2) == NULL) goto err;
 				bn_mul_recursive(rr->d,a->d,b->d,
 					j,al-j,bl-j,t->d);
 				}
diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c.backports2 openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c
--- openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c.backports2	2009-09-02 17:51:28.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c	2010-01-07 23:16:08.000000000 +0100
@@ -132,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *c
 
 	ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
 
-	if (ret < 0)
+	if (ret <= 0)
 		return ret;
 	*siglen = sltmp;
 	return 1;
diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.backports2 openssl-1.0.0-beta4/crypto/evp/digest.c
--- openssl-1.0.0-beta4/crypto/evp/digest.c.backports2	2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/digest.c	2010-01-07 23:16:08.000000000 +0100
@@ -127,7 +127,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
 	{
 	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
 
-	EVP_MD_CTX_init(ctx);
+	if (ctx)
+		EVP_MD_CTX_init(ctx);
 
 	return ctx;
 	}
@@ -256,6 +257,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
 			{
 			ctx->update = type->update;
 			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+			if (ctx->md_data == NULL)
+				{
+				EVPerr(EVP_F_EVP_DIGESTINIT_EX,
+							ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
 			}
 		}
 #ifndef OPENSSL_NO_ENGINE
@@ -346,8 +353,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, 
 
 	if (in->md_data && out->digest->ctx_size)
 		{
-		if (tmp_buf) out->md_data = tmp_buf;
-		else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+		if (tmp_buf)
+			out->md_data = tmp_buf;
+		else
+			{
+			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+			if (!out->md_data)
+				{
+				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
 		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
 		}
 
diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.backports2 openssl-1.0.0-beta4/crypto/evp/evp_err.c
--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.backports2	2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c	2010-01-07 23:16:08.000000000 +0100
@@ -186,6 +186,8 @@ static ERR_STRING_DATA EVP_str_reasons[]
 {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
 {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
+{ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
+{ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.backports2 openssl-1.0.0-beta4/crypto/evp/evp.h
--- openssl-1.0.0-beta4/crypto/evp/evp.h.backports2	2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/evp.h	2010-01-07 23:16:08.000000000 +0100
@@ -1275,6 +1275,8 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR			 145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR			 146
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
+#define EVP_R_UNKNOWN_CIPHER				 160
+#define EVP_R_UNKNOWN_DIGEST				 161
 #define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
 #define EVP_R_UNSUPPORTED_ALGORITHM			 156
diff -up openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.backports2 openssl-1.0.0-beta4/crypto/evp/evp_pbe.c
--- openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.backports2	2008-11-05 19:38:57.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/evp_pbe.c	2010-01-07 23:17:15.000000000 +0100
@@ -174,12 +174,26 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_
 	if (cipher_nid == -1)
 		cipher = NULL;
 	else
+		{
 		cipher = EVP_get_cipherbynid(cipher_nid);
+		if (!cipher)
+			{
+			EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
+			return 0;
+			}
+		}
 
 	if (md_nid == -1)
 		md = NULL;
 	else
+		{
 		md = EVP_get_digestbynid(md_nid);
+		if (!md)
+			{
+			EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
+			return 0;
+			}
+		}
 
 	if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
 		{
diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.backports2 openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c
--- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.backports2	2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c	2010-01-07 23:16:08.000000000 +0100
@@ -208,7 +208,16 @@ RSA *RSA_new_method(ENGINE *engine)
 	ret->mt_blinding=NULL;
 	ret->bignum_data=NULL;
 	ret->flags=ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+		{
+#ifndef OPENSSL_NO_ENGINE
+	if (ret->engine)
+		ENGINE_finish(ret->engine);
+#endif
+		OPENSSL_free(ret);
+		return(NULL);
+		}
+
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 #ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.0.0-beta4/crypto/x509/x509_lu.c.backports2 openssl-1.0.0-beta4/crypto/x509/x509_lu.c
--- openssl-1.0.0-beta4/crypto/x509/x509_lu.c.backports2	2009-10-18 16:42:27.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/x509/x509_lu.c	2010-01-07 23:16:08.000000000 +0100
@@ -200,7 +200,13 @@ X509_STORE *X509_STORE_new(void)
 	ret->lookup_crls = 0;
 	ret->cleanup = 0;
 
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+		{
+		sk_X509_OBJECT_free(ret->objs);
+		OPENSSL_free(ret);
+		return NULL;
+		}
+
 	ret->references=1;
 	return ret;
 	}