ECDHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEECDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEECDH should probably be deprecated at some
point, though.

other parts of packet tracing emit the standard "ECDHE" label instead
of "EECDH".  This change brings the output of ssl_print_client_keyex()
and ssl_print_server_keyex() into accordance with the standard term.

The standard terminology in https://tools.ietf.org/html/rfc4492 is
ECDHE.  "openssl ciphers" outputs ECDHE.  But users of the library
currently cannot specify ECDHE, they must specify EECDH.

This change allows users to specify the common term in cipher suite
strings without breaking backward compatibility.

(cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)

(and shave off cycle even from integer-only code)

(and update performance data, and fix typo)

Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.

but keep it disabled, too little gain... Add some Atom-specific
optimization.

When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191

(cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)

PR: 3202

If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)

(cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986)

(and ensure stack alignment in the process)

It worked because it was never called.

SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.

Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)

Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73e3bd10ce6e76867482e8d137071298d7)

Conflicts:

	crypto/x509/x509_vpm.c

Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)

New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)

(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)

This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.