(cherry picked from commit 351f0a124bffaa94d2a8abdec2e7dde5ae9c457d)

(cherry picked from commit 0dd5b94a)

When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309.
(cherry picked from commit 300b9f0b)

(cherry picked from commit 5f8e9a47)

(cherry picked from commit 3143a332)

Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd)

Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.

Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)

(cherry picked from commit 4e6c12f3)

(cherry picked from commit 997d1aac)

(cherry picked from commit 6eebcf34)

Enable TLS padding extension using official value from:

http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
(cherry picked from commit cd6bd5ff)

Conflicts:

	CHANGES
	ssl/tls1.h

(cherry picked from commit 6cc00684)

Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d)

(cherry picked from commit dbb7654d)

New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd)

A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
(cherry picked from commit 10378fb5)

Use a previously unused value as we will be updating multiple released
branches.
(cherry picked from commit 0737acd2)

Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be34)

Conflicts:

	CHANGES

(cherry picked from commit a029788b)

PR: 3275
(cherry picked from commit ea38f020)

[but don't let it mask make's].

PR: 3269
(cherry picked from commit 2f34088e)

(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)

PR: 3201
(cherry picked from commit 03da57fe)

Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c80)

Allegedly formwarding to NUL: sometimes creates NUL file in file
system.

PR: 3250
(cherry picked from commit 63aff300)

PR: 3251
Suggested by: Thorsten Schöning

PR: 3251
Suggested by: Thorsten Schning
(cherry picked from commit 779c51c6)

when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
(cherry picked from commit 758954e0)

(cherry picked from commit c55fef76)

Conflicts:

	util/pl/VC-32.pl