Add tests for AEAD functions: AES-128-GCM, AES-256-GCM and
ChaCha20+Poly1305.

Add support for Chacha20 + Poly1305.

Switches AES-GCM ciphersuites to use AEAD interfaces.

This change allows AEADs to be used in ssl/ to implement SSL/TLS
ciphersuites.

This change adds an AEAD interface to EVP and an AES-GCM implementation
suitable for use in TLS.

The previous version of the function made adding AEAD changes very
difficult. This change should be a semantic no-op - it should be purely
a cleanup.

(cherry picked from commit dfcb42c6)

(cherry picked from commit d5605699)

(cherry picked from commit b85f8afe)

(cherry picked from commit bbc098ff)

Add some ECDH CMS tests.
(cherry picked from commit 5cdc25a7)

(cherry picked from commit 75787fd8)

Add a script to generate keys and certificates for the S/MIME and CMS
tests.

Update certificates and add EC examples.
(cherry picked from commit a0957d55)

(cherry picked from commit 5711885a)

(cherry picked from commit a3a2e3a4)

(cherry picked from commit a0aaa566)

(cherry picked from commit bd59f2b9)

Conflicts:

	crypto/dh/dh.h
	crypto/dh/dh_err.c

Sync error codes with 1.0.1.

Don't need to use temporary buffer if remaining length equals digest length.
(cherry picked from commit 3f6b6f0b)

Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc)

For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
(cherry picked from commit 41b920ef)

Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55)

Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
(cherry picked from commit 88e20b85)

Add X9.62 KDF to EC EVP_PKEY_METHOD.
(cherry picked from commit 25af7a5d)

Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d)

Add new tests to cms-test.pl covering PSS and OAEP.
(cherry picked from commit 32b18e03)

Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
(cherry picked from commit 02498cc8)

Document use of -keyopt to use RSA-PSS and RSA-OAEP modes.
(cherry picked from commit 4bf4a650)

Extend RSA ASN1 method to support CMS PSS signatures for both sign
and verify.

For signing the EVP_PKEY_CTX parameters are read and the appropriate
CMS structures set up.

For verification the CMS structures are analysed and the corresponding
parameters in the EVP_PKEY_CTX set.

Also add RSA-OAEP support.

For encrypt the EVP_PKEY_CTX parameters are used.

For decrypt the CMS structure is uses to set the appropriate EVP_PKEY_CTX
parameters.
(cherry picked from commit 0574cadf)

Also sync error codes with OpenSSL 1.0.1 and add new ones.

Add OAEP ctrls to retrieve MD and label. Return errors if
an attempt is made to set or retrieve OAEP parameters when
padding mode is not OAEP.
(cherry picked from commit 211a14f6)

Extend OAEP support. Generalise the OAEP padding functions to support
arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP
padding functions and add ctrls to set the additional parameters.
(cherry picked from commit 271fef0e)

Conflicts:

	CHANGES

Add some RSA error codes used by the FIPS module.

(cherry picked from commit ff7b6ce9)

(cherry picked from commit e0f7cfda)

Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.

This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
(cherry picked from commit e365352d)

(cherry picked from commit 81063953)

Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.
(cherry picked from commit 6af440ce)

Conflicts:

	crypto/objects/obj_dat.h
	crypto/objects/obj_mac.num

(cherry picked from commit e423c360)

Conflicts:

	crypto/objects/obj_dat.h
	crypto/objects/obj_mac.num

Backport support for FIPS 186-2 DSA parameter generation from
HEAD. Redirect to FIPS in FIPS mode and workaround prototype error.

Add support for DH parameter generation using DSA methods including
FIPS 186-3.
(cherry picked from commit 39090878)