don't list it again under changes between 1.0.1h and 1.0.2.

(which didn't always handle value 0 correctly).

Reviewed-by:  <emilia@openssl.org>

Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode.

PR#3176
Reviewed-by: Rich Salz <rsalz@openssl.org>

Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961)

Conflicts:

	ssl/heartbeat_test.c
	ssl/ssl.h
	util/mkdef.pl

Reviewed-by: Stephen Henson <steve@openssl.org>

Reviewed-by: Stephen Henson <steve@openssl.org>

Reviewed-by: Stephen Henson <steve@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cba11f57)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 62352b81)

and improve performance by 10% on POWER[78].

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 5c359830)

statement of opinion rather than a fact.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c8d133e4)

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef15)

PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0)

PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2097a17c)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd54819)

PR#3452
(cherry picked from commit ca2015a6)

Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc)

The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)

PR#3445
(cherry picked from commit 1c3e9a7c)

Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
(cherry picked from commit 7efd0e77)

(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)

This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)

PR#3440
(cherry picked from commit 924e5eda)

  Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd340)

(cherry picked from commit c1d1b011)

Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53)

(cherry picked from commit 1b0fe79f)

(cherry picked from commit d11c70b2)

PR: #3424,#3423,#3422
(cherry picked from commit 021e5043)

(cherry picked from commit c4f8efab)

(cherry picked from commit 07b635cc)

PR#2985
(cherry picked from commit 9d23f422)

Based on feedback from Jeffrey Walton.

(cherry picked from commit b73ac027)

Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(cherry picked from commit 297c67fc)