This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee79888)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c
(cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c)

Conflicts:
	crypto/crypto.h
	ssl/d1_pkt.c
	ssl/s3_pkt.c

Add additional check to catch this in ASN1_item_verify too.

Reported by: Daniel Black <daniel.black@openquery.com>

Support renewing session tickets (backport from HEAD).

Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.

Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.

Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.

PR: 2896

Submitted by: Adam Langley

Submitted by: Adam Langley

  debugging code that's seldom used.

Have the new names start in column 48, that makes it easy to see when
the 31 character limit is reached (on a 80 column display, do the math)

Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.

to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)

Make sure tkeylen is initialised properly when encrypting CMS messages.

'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.