If using an old style TLSv1.2 PSK callback then the maximum possible PSK
len is PSK_MAX_PSK_LEN (256) - not 64.

Fixes #7261
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7267)

(cherry picked from commit f39a02c68abc8936db24499cb3cfcba206a2e7eb)

Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)

(cherry picked from commit cd6fe29f5bad1a350a039673e06f83ec7a7ef619)

Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called.

Fixes #7244
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)

(cherry picked from commit 524006dd1b80c1a86a20119ad988666a80d8d8f5)

This module includes bn.h via other headers, so it picks up the
definition from there and doesn't need to define them locally (any
more?).  Worst case scenario, the redefinition may be different and
cause all sorts of compile errors.

Fixes #7227
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7287)

(cherry picked from commit dda5396aaec315bdbcb080e42fb5cd0191f2ad72)

Fixes #7280
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7281)

(cherry picked from commit f52f2c1ae8f2ec378c5a20fb4104aa38edbabfcb)

The original issue is #7273 and this commit fixes part of that issue.

[skip ci]
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7275)

It turns out to be detrimental on some file systems that may or may not
be case sensitive (such as NTFS, which has a case sensitive mode).

Fixes #7172
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7172)

(cherry picked from commit d3c72e392ab72d418ea5147857701a8730def3fd)

These both indicate that the file descriptor we're trying to use as a
terminal isn't, in fact, a terminal.

Fixes #7271
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7272)

(cherry picked from commit 276bf8620ce35a613c856f2b70348f65ffe94067)

Historically SSL_CTX_set_ssl_version() has reset the cipher list
to the default.  Splitting TLS 1.3 ciphers to be tracked separately
caused a behavior change, in that TLS 1.3 cipher configuration was
preserved across calls to SSL_CTX_set_ssl_version().  To restore commensurate
behavior with the historical behavior, set the ciphersuites to the default as
well as setting the cipher list to the default.

Closes: #7226
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7270)

(cherry picked from commit 2340ed277b7c5365e83a32eb7d5fa32c4071fb21)

Fixes #7252
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7253)

(cherry picked from commit f9a22815f386dbe7a13822f0ac3629ae8521cd76)

This commit reuses a variable instead of reevaluating the expression
and updates an outdated comment in the EVP test.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7242)

(cherry picked from commit 523fcfb4c081ec346f117fd493103ddcd521e431)

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7236)

(cherry picked from commit d474100af0827d9ba87f3bb25a34867244552df5)

Specifically, include e_os.h to pick up alloca definition for WIN32.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7234)

(cherry picked from commit a825856ab719b0fcce229faad2b437fc88985251)

The latter causes problems when complex.h is #included.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)

(cherry picked from commit 972f67889b5a10c33dbc3d500cfa65b544e68b46)

coexist.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)

(cherry picked from commit da5fac72b1cba5651b871902eea234e693cf01e5)

Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.

CLA: trivial
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)

Reviewed-by: NBen Kaduk <kaduk@mit.edu>
GH: #7188
(cherry picked from commit 8e593f0a0dbcb3193548ced3c2e78fbbd201b2db)

It simply isn't available on older versions.

Issue submitted by Mark Daniels

Fixes #7229
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7230)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7209)

-early_data is not compatible with -www, -WWW, -HTTP or -rev.

Fixes #7200
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7206)

(cherry picked from commit 6ef40f1fc08f0c4ffb08438d63eed83eae7eb2b8)

Caused a compilation failure in some environments

Fixes #7204
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7205)

(cherry picked from commit bc278f30f0b766bfb82426c641dc1d51ace4a994)

The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.

Fixes #7182
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)

(cherry picked from commit c402e943cd0d748ca2a74a37caeccdfc59ce2870)

Fixes: #7161 (hopefully)
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7175)

(cherry picked from commit 6839a7a7f4973a3fc2f87b12664c26d524bef1f4)

Fixes a minor typo that would cause the linker to complain about not finding -lFuzzer

CLA: trivial
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7197)

(cherry picked from commit 8e8fe187f1559a7fc9f50cc4af7f880273a4eea2)

- fix to use secure URL in generated Windows resources
- fix a potentially uninitialized variable
- fix an unused variable warning

CLA: trivial
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7189)

Fixes #7186
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7193)

(cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8)

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)

Since the SSL code started using RSA_NO_PADDING, the CAPI engine became
unusable.  This change fixes that.

Fixes #7131
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7174)

Found by Coverity
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7169)

Fixes a Coverity complaint.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7170)

If sizeof(int) != sizeof(size_t) this may not work correctly.

Fixes a Coverity issue.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7168)

Reviewed-by: NBen Kaduk <kaduk@mit.edu>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7167)

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7164)

Hopefully this will resolve spurious travis failures.

[extended tests]
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7163)

Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7160)

It's actually not a real issue but caused by the absence of the default case
which does not occur in reality but which makes coverity see a code path where
pkey remains unassigned.

Reported by Coverity Scan (CID 1423323)
[extended tests]
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7158)

Reported by Coverity Scan (CID 1439138)
[extended tests]
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7156)

Reported by Coverity Scan (CID 1439136)
[extended tests]
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7155)