but keep it disabled, too little gain... Add some Atom-specific
optimization.

When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191

(cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)

PR: 3202

If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967)

(cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986)

(and ensure stack alignment in the process)

It worked because it was never called.

SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.

Partial mitigation of PR#3200
(cherry picked from commit 0294b2be)

Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73)

Conflicts:

	crypto/x509/x509_vpm.c

Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)

New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)

(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)

This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.

Suggested by: Marcello Cerri

Suggested by: Marcello Cerri

AIX assembler doesn't hanle .align, which is essential for vpaes module.

PR: 3189
Submitted by: Oscar Ciurana

rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.

New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().