BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)

PR: 2793

e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).

PR: 2792

tested, because kernel is not in shape to handle it *yet*. The code is
committed mostly to stimulate the kernel development.

(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley

If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.

Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...

PR: 2791
Submitted by: Ben Noordhuis

PR: 2790
Submitted by: Alexei Khlebnikov

PR: 2538

countermeasure.

PR: 2778

s_server.

Localize client hello extension parsing in t1_lib.c

enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.

PR: 2778

add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.

Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

PR: 2780

PR: 2775

PR: 2761
Submitted by: Corinna Vinschen