PR: 2435,2440

continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.

reference implementation, it does not interface to OpenSSL yet.

Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.

Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.

Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>

Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

VMS fixes: disable SCTP by default.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.

Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.

between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.

Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.

signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.

Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7

PR: 2613
Submitted by: Leena Heino

(most restrictive about r2 and r13 usage).

are passed zero-extended, not sign-extended.
PR: 2682