Reject invalid PSS parameters.

Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: Tim Hudson <tjh@openssl.org>

Free up ADB and CHOICE if already initialised.

CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

Fix Seg fault in DTLSv1_listen

The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next that can lead to a segmentation fault. Erorrs processing the initial
ClientHello can trigger this scenario. An example of such an error could
be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
server.

CVE-2015-0207

Reviewed-by: Richard Levitte <levitte@openssl.org>

Multiblock corrupted pointer fix

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>

Add support for ServerInfo SSL_CONF option.

Add support for ServerInfo SSL_CONF option and update documentation. This
was wrongly omitted from the 1.0.2 release.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Dead code removal from apps

Some miscellaneous removal of dead code from apps. Also fix an issue with
error handling with pkcs7.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 11abf92259e899f4f7da4a3e80781e84b0fb1a64)

Remove dead code from crypto

Some miscellaneous removal of dead code from lib crypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b7573c597c1932ef709b2455ffab47348b5c54e5)

Fix seg fault in s_time

Passing a negative value for the "-time" option to s_time results in a seg
fault. This commit fixes it so that time has to be greater than 0.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit dfef52f6f277327e118fdd0fe34486852c2789b6)

Add sanity check to PRF

The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 668f6f08c62177ab5893fc26ebb67053aafdffc8)

Fix memset call in stack.c

The function sk_zero is supposed to zero the elements held within a stack.
It uses memset to do this. However it calculates the size of each element
as being sizeof(char **) instead of sizeof(char *). This probably doesn't
make much practical difference in most cases, but isn't a portable
assumption.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 7132ac830fa08d9a936e011d7c541b0c52115b33)

Move malloc fail checks closer to malloc

Move memory allocation failure checks closer to the site of the malloc in
dgst app. Only a problem if the debug flag is set...but still should be
fixed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit be1477adc97e76f4b83ed8075589f529069bd5d1)

Add malloc failure checks

Add some missing checks for memory allocation failures in ca app.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549)

Fix regression in ASN1_UTCTIME_cmp_time_t

Previously, ASN1_UTCTIME_cmp_time_t would return 1 if s > t, -1 if
s < t, and 0 if s == t.

This behavior was broken in a refactor [0], resulting in the opposite
time comparison behavior.

[0]: 904348a4922333106b613754136305db229475ea

PR#3706

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit da27006df06853a33b132133699a7aa9d4277920)

Avoid reading an unused byte after the buffer

Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60)

Fix undefined behaviour in shifts.

Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts.
If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable
in an integer, behaviour is undefined. In other words, you can't shift into the sign bit
of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24.

(For consistency, cast other shifts, too.)

Caught by -fsanitize=shift

Submitted by Nick Lewycky (Google)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8b37e5c14f0eddb10c7f91ef91004622d90ef361)

additional configuration documentation

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 3d764db7a24e3dca1a3ee57202ce3c818d592141)

ASN.1 print fix.

When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 5dc1247a7494f50c88ce7492518bbe0ce6f124fa)

SSL_check_chain fix

If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY
or the type of the public key is unrecognised then the local variable
|cpk| in tls1_check_chain does not get initialised. Subsequently an
attempt is made to deref it (after the "end" label), and a seg fault will
result.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit d813f9eb383a93e472e69750cd1edbb170205ad2)

Fix missing return checks in v3_cpols.c

Fixed assorted missing return value checks in c3_cpols.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c5f2b5336ab72e40ab91e2ca85639f51fa3178c6)

Fix dsa_pub_encode

The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40)

Fix dh_pub_encode

The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2)

Fix asn1_item_print_ctx

The call to asn1_do_adb can return NULL on error, so we should check the
return value before attempting to use it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00)

ASN1_primitive_new NULL param handling

ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7)

Fix EVP_DigestInit_ex with NULL digest

Calling EVP_DigestInit_ex which has already had the digest set up for it
should be possible. You are supposed to be able to pass NULL for the type.
However currently this seg faults.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit a01087027bd0c5ec053d4eabd972bd942bfcd92f)

Fix error handling in bn_exp

In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485)

evp/e_aes.c: fix SPARC T4-specific problem:

- SIGSEGV/ILL in CCM (RT#3688);

Reviewed-by: Matt Caswell <matt@openssl.org>

Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit ac5a110621ca48f0bebd5b4d76d081de403da29e)

Cleanse buffers

Cleanse various intermediate buffers used by the PRF (backported version
from master).

Reviewed-by: Richard Levitte <levitte@openssl.org>

Harmonize return values in dtls1_buffer_record

Ensure all malloc failures return -1.

Reported by Adam Langley (Google).

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a)

BIO_debug_callback: Fix output on 64-bit machines

BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 460e920d8a274e27aab36346eeda6685a42c3314)

Prevent handshake with unseeded PRNG

Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)

If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.

For example using the following command with an unseeded openssl will
succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

CVE-2015-0285

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e1b568dd2462f7cacf98f3d117936c34e2849a6b)

Fix wrong numbers being passed as string lengths

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0b142f022e2c5072295e00ebc11c5b707a726d74)

update ordinals

Reviewed-by: Matt Caswell <matt@openssl.org>

Wrong SSL version in DTLS1_BAD_VER ClientHello

Since commit 741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.

RT#3711

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f7683aaf36341dc65672ac2ccdbfd4a232e3626d)

Fix DTLS1_BAD_VER regression

Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER).

Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3703

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5178a16c4375471d25e1f5ef5de46febb62a5529)

fix warning

Reviewed-by: Richard Levitte <levitte@openssl.org>

Cleanse PKCS#8 private key components.

New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1)

Additional CMS documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e3013932df2d899e8600c305342bc14b682dc0d1)

Remove export ciphers from the DEFAULT cipher list

They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Update mkerr.pl for new format

Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Use constants not numbers

This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c

RT#3725

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit fd865cadcb603918bdcfcf44e487721c657a1117)

Unchecked malloc fixes

Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e)

Conflicts:
crypto/bio/bss_dgram.c

Check public key is not NULL.

CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)

Fix format script.

The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)

Fix d2i_SSL_SESSION for DTLS1_BAD_VER

Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.

This change fixes d2i_SSL_SESSION for that DTLS version.

Based on an original patch by David Woodhouse <dwmw2@infradead.org>

RT#3704

Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl_asn1.c

Fixed missing return value checks.

Added various missing return value checks in tls1_change_cipher_state.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix missing return value checks.

Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Conflicts:
ssl/s3_srvr.c

Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a988036259a4e119f6787b4c585f506226330120)

Update the SHA* documentation
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit f7812493a0da6b740274135ce340ff7505027057)

Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
the extract-names.pl script.

RT#3718

Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix some minor documentation issues

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Remove pointless free, and use preferred way of calling d2i_* functions

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Add dire warnings about the "reuse" capability of the d2i_* functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Fix a failure to NULL a pointer freed on error.

Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Conflicts:
crypto/evp/Makefile
test/Makefile

Document -no_explicit

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b)

Fix crash in SPARC T4 XTS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 775b669de3ba84d8dce16ff5e2bdffe263c05c4b)

sha/asm/sha1-586.pl: fix typo.

The typo doesn't affect supported configuration, only unsupported masm.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3372c4fffa0556a688f8f1f550b095051398f596)

typo

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 15b5d6585de098e48acebc8366a9956ee57c8f2d)

Fix null-pointer dereference

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43)

Fix memory leak

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit edac5dc220d494dff7ee259dfd84335ffa50e938)

Avoid a double-free in an error path.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b)

Restore -DTERMIO/-DTERMIOS on Windows platforms.

The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically.  Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration.  The answer is to restore those macro definitions for
the affected configuration targets.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c)

Conflicts:
Configure

Assume TERMIOS is default, remove TERMIO on all Linux.

The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911)

Conflicts:
Configure
crypto/ui/ui_openssl.c

Transfer a fix from 1.0.1

manually picked from e7b85bc40200961984925604ca444517359a6067
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit 774ccae63c3a41a3f0762cbc818271d3ef9f369f)

RT3684: rand_egd needs stddef.h

Reviewed-by: Andy Polyakov <appro@openssl.org>

RT3670: Check return from BUF_MEM_grow_clean

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b0333e697c008d639c56f48e9148cb8cba957e32)

Missing OPENSSL_free on error path.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981)

Fix hostname validation in the command-line tool to honour negative return values.

Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0923e7df9eafec6db9c75405d7085ec8581f01bd)

objects/obj_xref.h: revert reformat.

obj_xref.h was erroneously restored to pre-reformat state.

Reviewed-by: Matt Caswell <matt@openssl.org>

Bring objects.pl output even closer to new format.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca)

Fix memory leak reporting.

Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)

Harmonize objects.pl output with new format.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57)

Fix error handling in ssltest

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67)

Fixed bad formatting in crypto/des/spr.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b)

Make objxref.pl output in correct format

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434)

Preliminary ASN1_TIME documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a724e79ed761ea535a6c7457c90da5ff4b1cea69)

Check PKCS#8 pkey field is valid before cleansing.

PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)

cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5da05a26f21e7c43a156b65b13a9bc968a6c78db)

modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b2991c081aba5351a3386bdde2927672d53e5c99)

VMS exit codes weren't handled well enough and were unclear

Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit e00ab250c878f7a7f0ae908a6305cebf6883a244)

dso_vms needs to add the .EXE extension if there is none already

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6)

Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583)

Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe)

Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.

RT#3657

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)

Remove obsolete support for old code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 3d0cf918078fecee8b040807a2603e41937092f6)

Remove unused eng_rsax and related asm file

Reviewed-by: Andy Polyakov <appro@openssl.org>

Make OPENSSL_config truly ignore errors.

Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)

Fix segfault with empty fields as last in the config.

Reviewed-by: Tim Hudson <tjh@openssl.org>

FIPS build fixes.

PR#3673

Reviewed-by: Tim Hudson <tjh@openssl.org>

Prepare for 1.0.2a-dev

Reviewed-by: Stephen Henson <steve@openssl.org>

Prepare for 1.0.2 release

Reviewed-by: Stephen Henson <steve@openssl.org>

make update

Reviewed-by: Stephen Henson <steve@openssl.org>

Updates to CHANGES for 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

NEWS update

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

Fix for reformat problems with e_padlock.c

Reviewed-by: Andy Polyakov <appro@openssl.org>

Fix post-reformat errors preventing windows compilation

Reviewed-by: Tim Hudson <tjh@openssl.org>

Fix formatting error in pem.h

Reviewed-by: Andy Polyakov <appro@openssl.org>

Use inner algorithm when printing certificate.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 004efdbb41f731d36bf12d251909aaa08704a756)