Reviewed-by: NRichard Levitte <levitte@openssl.org>

Remove duplicate defines from EVP source files.
Most of them were in evp.h, which is always included.
Add new ones evp_int.h
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK is now always defined in evp.h, so
remove conditionals on it
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2201)

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1231)

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

CVE-2016-2107

MR: #2572

This macro was defined by no-longer-supported __MWERKS__ compiler.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.
Reviewed-by: NTim Hudson <tjh@openssl.org>

They all stop including evp_locl.h, so we also take care of their
adaptation to opaque EVP_CIPHER_CTX, as was promised in an earlier
commit.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Note: there's a larger number of implementations in crypto/evp/ that
aren't affected because they include evp_locl.h.  They will be handled
in a separate commit.
Reviewed-by: NRich Salz <rsalz@openssl.org>

It was also found that stich performs suboptimally on AMD Jaguar, hence
execution is limited to XOP-capable and Intel processors.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

RT#4081
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

but keep it disabled, too little gain... Add some Atom-specific
optimization.

Excessive fragmentation put additional burden (of addtional MAC
calculations) on the other size and limiting fragments it to 1KB
limits the overhead to ~6%.

PR: 3002

It also ensures that valgring is happy.

(cherry picked from commit 529d27ea472fc2c7ba9190a15a58cb84012d4ec6)

Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f3c2a2d33785b5563d929d0472f1721)

countermeasure.

PR: 2778