AIX assembler doesn't hanle .align, which is essential for vpaes module.

PR: 3189
Submitted by: Oscar Ciurana

rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.

New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().

(cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7)

PR#3106

Some functions such as EVP_VerifyFinal only finalise a copy of the passed
context in case an application wants to digest more data. Doing this when
it is not needed is inefficient and many applications don't require it.

For compatibility the default is to still finalise a copy unless the
flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
context is finalised an *no* further data can be digested after
finalisation.

If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.

PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.

PR#3172

Submitted by: Marcelo Cerri

PR: 3165
Submitted by: Daniel Richard G.

PR: 3165

If the oid parameter is set to NULL in X509_add1_trust_object
create an empty list of trusted purposes corresponding to
"no purpose" if trust is checked.

Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.

PR: 3165

Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165

PR: 3165

Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771):
if the TLS Client Hello record length value would otherwise be > 255 and less
that 512 pad with a dummy extension containing zeroes so it is at least 512.

To enable it use an unused extension number (for example 0x4242) using
e.g. -DTLSEXT_TYPE_wtf=0x4242

WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.

Enable PSK ciphersuites with AES or DES3 in FIPS mode.

(cherry picked from commit a4947e4e)