* shrink bindings more

* readd a binding we do need

* readd two more bindings we need

* remove every error we don't use in cryptography or pyopenssl

sorry external consumers, carrying things we don't use and don't have
downstream tests for has become too much of a burden

* re-add a constant we need for tests for now

* pyopenssl needs these three

X509 signing for RSA keys that are too small. Let's just say signing
failed and attach the more specific problem as the error stack. A bit
uglier, but far more generic and stable to OpenSSL/LibreSSL/BoringSSL

Also be a bit more generic for OCSP signing

the quest to stop using unstable openssl error codes continues

* start trying to make our error handling a bit more generic

* remove more and black

* attach error stack to memorylimit error

* blaaack

* test FIPS mode on centos8

* remove branch we don't take

* simpler

* better comment

* rename

* revert some things that don't matter

* small cleanups

* bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test

This will allow OpenSSL 1.1.1 on 32-bit (including our Windows 32-bit
builders) to fail as expected. Technically this isn't a malloc error,
but rather failing because the allocation requested is larger than
32-bits, but raising a MemoryError still seems appropriate

* what you want an endif too?

* Raise MemoryError when backend.derive_scrypt can't malloc enough

* Expose ERR_R_MALLOC_FAILURE and use the reason_match pattern to catch it

* Add test_scrypt_malloc_failure in test_scrypt

* let's see if this passes

* add comment to filippo's blog post about scrypt's params