If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967)

(cherry picked from commit a6c62f0c)

(and ensure stack alignment in the process)

It worked because it was never called.

SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.

Partial mitigation of PR#3200
(cherry picked from commit 0294b2be)

Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73)

Conflicts:

	crypto/x509/x509_vpm.c

Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)

New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)

(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)

This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.

Suggested by: Marcello Cerri

Suggested by: Marcello Cerri

AIX assembler doesn't hanle .align, which is essential for vpaes module.

PR: 3189
Submitted by: Oscar Ciurana

rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.

New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().

(cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7)

PR#3106

Some functions such as EVP_VerifyFinal only finalise a copy of the passed
context in case an application wants to digest more data. Doing this when
it is not needed is inefficient and many applications don't require it.

For compatibility the default is to still finalise a copy unless the
flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
context is finalised an *no* further data can be digested after
finalisation.

If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.