If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.

Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.

(cherry picked from commit ac20719d)
Conflicts:
	ssl/t1_lib.c

Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks

(cherry picked from commit 67c408ce)
Conflicts:
	apps/s_client.c
	apps/s_server.c

Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.

(cherry picked from commit 36086186)
Conflicts:
	Configure
	apps/s_client.c
	apps/s_server.c
	ssl/ssl.h
	ssl/ssl3.h
	ssl/ssltest.c

(cherry picked from commit 2d752737)

(cherry picked from commit b45e874d)

(cherry picked from commit 3880579240d476d21f68fd01a391dd325920f479)

If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated
with the current certificate.

This means applications which call SSL_CTX_use_certificate_chain_file
and retrieve the additional chain using SSL_CTX_get_extra_chain_certs
will still work. An application which only wants to check the shared
extra certificates can call the new macro
SSL_CTX_get_extra_chain_certs_only
(cherry picked from commit a51f7676)

PR#3253

New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
(cherry picked from commit 0f78819c)

(cherry picked from commit f3efeaad)

(cherry picked from commit 88c21c47)

(cherry picked from commit ea131a06)

(cherry picked from commit d80b0eee)

(cherry picked from commit ebd14bfc)

(cherry picked from commit d162584b)

(cherry picked from commit 0a2d5003)

X509_ALGOR_[gs]et0()).

(cherry picked from commit fb0a5208)

suggestions from Pierre Delaage).
(cherry picked from commit 668bcfd5)

Resolved conflicts:

	util/pl/VC-32.pl

Submitted by: Pierre Delaage
(cherry picked from commit a006fef7)

Resolved conflicts:

	crypto/bio/bss_dgram.c
	ssl/d1_lib.c
	util/pl/VC-32.pl

(cherry picked from commit 80c42f3e)

(cherry picked from commit ae007d4d)

(cherry picked from commit 701d593f)

(cherry picked from commit 46a2b338)

(cherry picked from commit 71fa3bc5)

eliminating them as dead code.

Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
(cherry picked from commit 7753a3a6)

Add Vector Permutation AES and little-endian support.