Reviewed-by: Rich Salz <rsalz@openssl.org>

listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: Emilia Kasper <emilia@openssl.org>

When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc2

.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Reviewed-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Ben Laurie <ben@openssl.org>

so the Win32 compile picks it up correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Conflicts:
	crypto/Makefile

The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	crypto/evp/evp_enc.c
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

Reviewed-by: Bodo Möller <bodo@openssl.org>

CVE-2014-3568

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

CVE-2014-3567

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>

handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Stephen Henson <steve@openssl.org>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>

If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Also add comment to Configure reminding people to do that.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Accidentally omitted from commit 455b65df



Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY

Reviewed-by: Andy Polyakov <appro@openssl.org>

Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>