reference implementation, it does not interface to OpenSSL yet.

Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.

Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.

Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.

Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

following reasons:

- it's not the way to engage XPG4v2 mode, defining _XOPEN_SOURCE to
  value less than 500 is (see standards(5));
- we need to work out strategy to handle _XOPEN_SOURCE, current state
  when we define e.g. _XOPEN_SOURCE to 500 in some files is inappropriate;
- sctp implementation on Solaris is incomplete, in sense that bss_dgram.c
  doesn't compile, because not all structures are defined, so that
  enabling sctp doesn't work anyway;

flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>

Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

VMS fixes: disable SCTP by default.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.

Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.

Move new structure fields to end of structures.

between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.

before rejecting multiple SGC restarts.

Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.

signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files

Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7

Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.

Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.

Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.

Further fixes for use_srtp extension.

Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.

Fix encoding of use_srtp extension to be compliant with RFC5764

some servers.