This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.

Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.

PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.

Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.

Add support for DH parameter generation using DSA methods including
FIPS 186-3.

Make DHparams_dup work properly with X9.42 DH parameters.

Don't need to use temporary buffer if remaining length equals digest length.

Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.

Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.

Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.

Conflicts:
	ssl/ssltest.c

This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00

Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c

Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this
avoids the nonce generation which would otherwise break the test.

Reinstate ecdsatest.

Disable ECDSA test temporarily: it is incompatible with ECDSA nonces.

Add some ECDH CMS tests.

Add a script to generate keys and certificates for the S/MIME and CMS
tests.

Update certificates and add EC examples.

For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.

Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.

Add X9.62 KDF to EC EVP_PKEY_METHOD.

Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.

Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.

Add support for key wrap algorithms via EVP interface.

Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.

Move test code to evptests.txt

Keep original function names for nonce versions so we don't have to change
error function codes.

This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.

In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.