diff -Nura -U10 openssl-1.0.0a.orig/crypto/bn/bn_exp2.c openssl-1.0.0a.work/crypto/bn/bn_exp2.c
--- openssl-1.0.0a.orig/crypto/bn/bn_exp2.c	2004-03-25 05:32:24.000000000 +0100
+++ openssl-1.0.0a.work/crypto/bn/bn_exp2.c	2010-06-25 20:27:03.000000000 +0200
@@ -294,18 +294,19 @@
 		
 		if (wvalue2 && b == wpos2)
 			{
 			/* wvalue2 is odd and < 2^window2 */
 			if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
 				goto err;
 			wvalue2 = 0;
 			r_is_one = 0;
 			}
 		}
-	BN_from_montgomery(rr,r,mont,ctx);
+	if (!BN_from_montgomery(rr,r,mont,ctx))
+		goto err;
 	ret=1;
 err:
 	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
 	BN_CTX_end(ctx);
 	bn_check_top(rr);
 	return(ret);
 	}
diff -Nura -U10 openssl-1.0.0a.orig/crypto/dsa/dsa_ossl.c openssl-1.0.0a.work/crypto/dsa/dsa_ossl.c
--- openssl-1.0.0a.orig/crypto/dsa/dsa_ossl.c	2007-03-28 02:15:26.000000000 +0200
+++ openssl-1.0.0a.work/crypto/dsa/dsa_ossl.c	2010-06-25 20:25:30.000000000 +0200
@@ -178,21 +178,21 @@
 		 * BN_num_bits(dsa->q) leftmost bits of the digest, see
 		 * fips 186-3, 4.2 */
 		dlen = BN_num_bytes(dsa->q);
 	if (BN_bin2bn(dgst,dlen,&m) == NULL)
 		goto err;
 
 	/* Compute  s = inv(k) (m + xr) mod q */
 	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
 	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
 	if (BN_cmp(s,dsa->q) > 0)
-		BN_sub(s,s,dsa->q);
+		if (!BN_sub(s,s,dsa->q)) goto err;
 	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 
 	ret=DSA_SIG_new();
 	if (ret == NULL) goto err;
 	ret->r = r;
 	ret->s = s;
 	
 err:
 	if (!ret)
 		{
diff -Nura -U10 openssl-1.0.0a.orig/crypto/evp/evp_enc.c openssl-1.0.0a.work/crypto/evp/evp_enc.c
--- openssl-1.0.0a.orig/crypto/evp/evp_enc.c	2010-03-01 02:52:47.000000000 +0100
+++ openssl-1.0.0a.work/crypto/evp/evp_enc.c	2010-06-25 20:48:48.000000000 +0200
@@ -197,20 +197,21 @@
 		switch(EVP_CIPHER_CTX_mode(ctx)) {
 
 			case EVP_CIPH_STREAM_CIPHER:
 			case EVP_CIPH_ECB_MODE:
 			break;
 
 			case EVP_CIPH_CFB_MODE:
 			case EVP_CIPH_OFB_MODE:
 
 			ctx->num = 0;
+			/* fall-through */
 
 			case EVP_CIPH_CBC_MODE:
 
 			OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
 					(int)sizeof(ctx->iv));
 			if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
 			memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
 			break;
 
 			default:
diff -Nura -U10 openssl-1.0.0a.orig/crypto/pkcs12/p12_key.c openssl-1.0.0a.work/crypto/pkcs12/p12_key.c
--- openssl-1.0.0a.orig/crypto/pkcs12/p12_key.c	2009-06-17 14:05:50.000000000 +0200
+++ openssl-1.0.0a.work/crypto/pkcs12/p12_key.c	2010-06-25 20:41:42.000000000 +0200
@@ -100,20 +100,21 @@
 	return ret;
 }
 
 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	     int saltlen, int id, int iter, int n, unsigned char *out,
 	     const EVP_MD *md_type)
 {
 	unsigned char *B, *D, *I, *p, *Ai;
 	int Slen, Plen, Ilen, Ijlen;
 	int i, j, u, v;
+	int ret = 0;
 	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
 	EVP_MD_CTX ctx;
 #ifdef  DEBUG_KEYGEN
 	unsigned char *tmpout = out;
 	int tmpn = n;
 #endif
 
 #if 0
 	if (!pass) {
 		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
@@ -137,75 +138,80 @@
 	D = OPENSSL_malloc (v);
 	Ai = OPENSSL_malloc (u);
 	B = OPENSSL_malloc (v + 1);
 	Slen = v * ((saltlen+v-1)/v);
 	if(passlen) Plen = v * ((passlen+v-1)/v);
 	else Plen = 0;
 	Ilen = Slen + Plen;
 	I = OPENSSL_malloc (Ilen);
 	Ij = BN_new();
 	Bpl1 = BN_new();
-	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
+	if (!D || !Ai || !B || !I || !Ij || !Bpl1)
+		goto err;
 	for (i = 0; i < v; i++) D[i] = id;
 	p = I;
 	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
 	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
 	for (;;) {
 		EVP_DigestInit_ex(&ctx, md_type, NULL);
 		EVP_DigestUpdate(&ctx, D, v);
 		EVP_DigestUpdate(&ctx, I, Ilen);
 		EVP_DigestFinal_ex(&ctx, Ai, NULL);
 		for (j = 1; j < iter; j++) {
 			EVP_DigestInit_ex(&ctx, md_type, NULL);
 			EVP_DigestUpdate(&ctx, Ai, u);
 			EVP_DigestFinal_ex(&ctx, Ai, NULL);
 		}
 		memcpy (out, Ai, min (n, u));
 		if (u >= n) {
-			OPENSSL_free (Ai);
-			OPENSSL_free (B);
-			OPENSSL_free (D);
-			OPENSSL_free (I);
-			BN_free (Ij);
-			BN_free (Bpl1);
-			EVP_MD_CTX_cleanup(&ctx);
 #ifdef DEBUG_KEYGEN
 			fprintf(stderr, "Output KEY (length %d)\n", tmpn);
 			h__dump(tmpout, tmpn);
 #endif
-			return 1;	
+			ret = 1;
+			goto end;
 		}
 		n -= u;
 		out += u;
 		for (j = 0; j < v; j++) B[j] = Ai[j % u];
 		/* Work out B + 1 first then can use B as tmp space */
-		BN_bin2bn (B, v, Bpl1);
-		BN_add_word (Bpl1, 1);
+		if (!BN_bin2bn (B, v, Bpl1)) goto err;
+		if (!BN_add_word (Bpl1, 1)) goto err;
 		for (j = 0; j < Ilen ; j+=v) {
-			BN_bin2bn (I + j, v, Ij);
-			BN_add (Ij, Ij, Bpl1);
+			if (!BN_bin2bn (I + j, v, Ij)) goto err;
+			if (!BN_add (Ij, Ij, Bpl1)) goto err;
 			BN_bn2bin (Ij, B);
 			Ijlen = BN_num_bytes (Ij);
 			/* If more than 2^(v*8) - 1 cut off MSB */
 			if (Ijlen > v) {
 				BN_bn2bin (Ij, B);
 				memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
 			/* If less than v bytes pad with zeroes */
 			} else if (Ijlen < v) {
 				memset(I + j, 0, v - Ijlen);
 				BN_bn2bin(Ij, I + j + v - Ijlen); 
 #endif
 			} else BN_bn2bin (Ij, I + j);
 		}
 	}
+
+err:
+	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+
+end:
+	OPENSSL_free (Ai);
+	OPENSSL_free (B);
+	OPENSSL_free (D);
+	OPENSSL_free (I);
+	BN_free (Ij);
+	BN_free (Bpl1);
+	EVP_MD_CTX_cleanup(&ctx);
+	return ret;
 }
 #ifdef DEBUG_KEYGEN
 void h__dump (unsigned char *p, int len)
 {
 	for (; len --; p++) fprintf(stderr, "%02X", *p);
 	fprintf(stderr, "\n");	
 }
 #endif
diff -Nura -U10 openssl-1.0.0a.orig/crypto/rsa/rsa_eay.c openssl-1.0.0a.work/crypto/rsa/rsa_eay.c
--- openssl-1.0.0a.orig/crypto/rsa/rsa_eay.c	2008-09-14 15:51:44.000000000 +0200
+++ openssl-1.0.0a.work/crypto/rsa/rsa_eay.c	2010-06-25 20:19:56.000000000 +0200
@@ -668,21 +668,21 @@
 		}
 
 	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
 		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
 			goto err;
 
 	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;
 
 	if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
-		BN_sub(ret, rsa->n, ret);
+		if (!BN_sub(ret, rsa->n, ret)) goto err;
 
 	p=buf;
 	i=BN_bn2bin(ret,p);
 
 	switch (padding)
 		{
 	case RSA_PKCS1_PADDING:
 		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
 		break;
 	case RSA_X931_PADDING:
diff -Nura -U10 openssl-1.0.0a.orig/crypto/x509v3/v3_ncons.c openssl-1.0.0a.work/crypto/x509v3/v3_ncons.c
--- openssl-1.0.0a.orig/crypto/x509v3/v3_ncons.c	2009-05-30 20:10:59.000000000 +0200
+++ openssl-1.0.0a.work/crypto/x509v3/v3_ncons.c	2010-06-25 20:29:11.000000000 +0200
@@ -182,21 +182,20 @@
 	if (sk_GENERAL_SUBTREE_num(trees) > 0)
 		BIO_printf(bp, "%*s%s:\n", ind, "", name);
 	for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
 		{
 		tree = sk_GENERAL_SUBTREE_value(trees, i);
 		BIO_printf(bp, "%*s", ind + 2, "");
 		if (tree->base->type == GEN_IPADD)
 			print_nc_ipadd(bp, tree->base->d.ip);
 		else
 			GENERAL_NAME_print(bp, tree->base);
-		tree = sk_GENERAL_SUBTREE_value(trees, i);
 		BIO_puts(bp, "\n");
 		}
 	return 1;
 	}
 
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
 	{
 	int i, len;
 	unsigned char *p;
 	p = ip->data;