If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NDr Stephen Henson <steve@openssl.org>

RT: 3541
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Also add comment to Configure reminding people to do that.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Accidentally omitted from commit 455b65dfReviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

RT: 3541
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: NRich Salz <rsalz@openssl.org>

(Original commit adb46dbc)

Use the new constant-time methods consistently in s3_srvr.c
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Sync libeay.num from 1.0.2
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>
(cherry picked from commit e9128d9401ad617e17c5eb3772512c24b038b967)

Reviewed-by: NBodo Moeller <bodo@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

RT: 3333,3165
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Document the new features
Reviewed-by: NTim Hudson <tjh@openssl.org>

GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

RT: 3149
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT: 3149
Reviewed-by: NRich Salz <rsalz@openssl.org>

Submitted by Shay Gueron, Intel Corp.
RT: 3149
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Move the readdir() lines out of the if statement, so
that flist is available globally.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>

If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.
Reviewed-by: NTim Hudson <tjh@openssl.org>