The different -I compiler parameters will take care of the rest...
Reviewed-by: NTim Hudson <tjh@openssl.org>

Conflicts:
	crypto/evp/evp_enc.c
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c

Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Reviewed-by: NBodo Möller <bodo@openssl.org>

CVE-2014-3568
Reviewed-by: NEmilia Kasper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

CVE-2014-3567
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Related to CVE-2014-3513

This fix was developed by the OpenSSL Team
Reviewed-by: NTim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

RT: 3553
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

handling out of #ifndef OPENSSL_NO_DTLS1 section.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NGeoffrey Thorpe <geoff@geoffthorpe.net>

If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NDr Stephen Henson <steve@openssl.org>

RT: 3541
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Also add comment to Configure reminding people to do that.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Accidentally omitted from commit 455b65dfReviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

RT: 3541
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: NRich Salz <rsalz@openssl.org>

(Original commit adb46dbc)

Use the new constant-time methods consistently in s3_srvr.c
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Sync libeay.num from 1.0.2
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>
(cherry picked from commit e9128d9401ad617e17c5eb3772512c24b038b967)

Reviewed-by: NBodo Moeller <bodo@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>