Note that it initially applies to 1.0.2, and not to HEAD. This is
in order to allow development with existing libunbound installations
that are dependent on OpenSSL 1.0.x. More details in RT.

RT: 3003

Reencode certificates in X509_sign_ctx as well as X509_sign.

This was causing a problem in the x509 application when it modified an
existing certificate.
(cherry picked from commit c6d8adb8)

While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
(cherry picked from commit 3bdd8052)

(cherry picked from commit 04638f2f)

(cherry picked from commit 0ded2a06)

(cherry picked from commit 944bc29f)

Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
(cherry picked from commit 94782e0e)

enhance EC method to support setting curve type when generating keys and add parameter encoding option
(cherry picked from commit 24edfa9d)

The only standard compression method is stateful and is incompatible with
DTLS.

PR: 3005
(cherry picked from commit 5702e965)

PR: 3002
(cherry picked from commit 5c600465)

(cherry picked from commit 80ccc66d)

If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc6)

(cherry picked from commit 1546fb78)

(cherry picked from commit 342dbbbe)

PR: 3004
(cherry picked from commit 7c43601d)

Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.

Add documentation.
(cherry picked from commit e1f1d28f)

(cherry picked from commit 388aff08)

Two example programs one for command line argument processing and
one for configuration file processing.
(cherry picked from commit 3646578a)

Fix some typos and update version number first added: it has now been
backported to OpenSSL 1.0.2.
(cherry picked from commit 4365e4aa)

key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
(cherry picked from commit 43206a2d)

(cherry picked from commit 750398ac)

podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc27077)

(cherry picked from commit 9c437e2f)

Add description of "allocate and encode" operation for ASN1 routines.

Document how versioning will for after the letter release reaches
y.
(cherry picked from commit 2527b94f)

The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

PR:2984
(cherry picked from commit d980abb2)

(cherry picked from commit cbf9b4ae)