Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>

If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Also add comment to Configure reminding people to do that.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Accidentally omitted from commit 455b65df



Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY

Reviewed-by: Andy Polyakov <appro@openssl.org>

Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>

(Original commit adb46dbc

)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Sync libeay.num from 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9128d94)

Reviewed-by: Bodo Moeller <bodo@openssl.org>

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Document the new features

Reviewed-by: Tim Hudson <tjh@openssl.org>

GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>

Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>