[openssl-commits] [openssl] master-pre-reformat create

Matt Caswell matt at openssl.org
Mon Feb 9 13:14:09 UTC 2015

The annotated tag master-pre-reformat has been created
        at  e422e1a89576a7bef94ec5ec7db3e3c7dc77e009 (tag)
   tagging  4b618848f9beb8271f24883694e097caa70013c0 (commit)
 tagged by  Matt Caswell
        on  Mon Feb 9 13:11:58 2015 +0000

- Log -----------------------------------------------------------------
Pre reformat of master

Reviewed-by: Richard Levitte <levitte at openssl.org>

Adam Langley (20):
      Fix for EXP-RC2-CBC-MD5
      Add volatile qualifications to two blocks of inline asm to stop GCC from     eliminating them as dead code.
      Ensure that x**0 mod 1 = 0.
      Ensure that, when generating small primes, the result is actually of the     requested size. Fixes OpenSSL #2701.
      This change alters the processing of invalid, RSA pre-master secrets so     that bad encryptions are treated like random session keys in constant     time.
      Don't SEGFAULT when trying to export a public DSA key as a private key.
      Limit the number of empty records that will be processed consecutively     in order to prevent ssl3_get_record from never returning.
      Add secure DSA nonce flag.
      Make `safe' (EC)DSA nonces the default.
      Support ALPN.
      Add tests for ALPN functionality.
      Avoid double free when processing DTLS packets.
      Fix memory leak from zero-length DTLS fragments.
      Fix return code for truncated DTLS fragment.
      Remove some duplicate DTLS code.
      RT3065: ec_private_key_dont_crash
      psk_client_callback, 128-byte id bug.
      Don't set client_version to the ServerHello version.
      Premaster secret handling fixes
      Ensure that the session ID context of an SSL* is updated     when its SSL_CTX is updated.

Adam Williamson (1):
      RT3511: doc fix; req default serial is random

Alan Hryngle (1):
      Return smaller of ret and f.

Alok Menghrajani (3):
      Fixes a minor typo in the EVP docs.
      Improves the proxy certificates howto doc.
      Improves certificates HOWTO

Alon Bar-Lev (1):
      RT1771: Add string.h include.

Andreas Westfeld (1):
      Fix typo in ideatest.c

André Guerreiro (1):
      Add documentation on -timeout option in the ocsp utility

Andy Polyakov (1908):
      crypto/bn/asm/mips3.s is obsolete. I'm moving it to crypto/bn/asm/obsolete     in order to replace it with a new version.
      crypto/bn/asm/mips3.s is moved to crypto/bn/asm/obsolete/
      MIPS III/IV assembler module is reimplemented.
      Get rid of redundant multiplications in bn_div_words.
      - performance retunes, v8plus bn_*_comba routines are reimplemented;     - support for GNU assembler (read SPARC Linux);
      GNU assembler (read SPARC Linux) support added.
      Added support for SPARC Linux.
      Minor MD5 tune-up for WIN32 on Intel.
      SGI IRIX config updates.
      SPARC Solaris config updates.
      when invoking bn_*_comba[48] result->top wasn't always set correctly.
      Bignum division tune-up. Idea is to move multiplications in front of     loop body and replace 'em with addition/subtraction.
      Extra i386+gcc bn_div.c tune-up featuring inline division and saving     the remainder left in %edx. Here is the resulting performance improvement     matrix (improvement as a result of this *and* previous tune-up committed     two days ago). The results were obtained by profiling the "div" part of     the crypto/bn/bnspeed.c.
      Minor MIPS III/IV tune-up.
      md32_common.h update and accompanying MD5 update.
      RIPEMD160 shape-up. Major news are that it's operational on all platforms     now and I'm putting it back to 'make test' later today.
      RIPEMD160 shape-up Intel assembler companion. Cycle counter benchmarks     went down from 1050 to 921 cycles on Pentium II. I haven't checked the     figures on Pentium yet.
      RIPEMD160 shape-up. Final touch.
      SHA clean-up and (LP64) tune-up.
      SHA clean-up Intel assembler companion.
      Initial support for MacOS.
      RC4 tune-up.
      RC4 tune-up featuring 30-40% performance improvement on most RISC     platforms. See crypto/rc4/rc4_enc.c for further details.
      RC4 tune-up featuring 30-40% performance improvement on most RISC     platforms. See crypto/rc4/rc4_enc.c for further details.
      MacOS updates.
      Initial support for MacOS is now available
      Late break-in patch for MacOS support.
      Even more late break-in MacOS tidbits...
      Even more late break-in MacOS tidbits (last for today)...
      Minor documentation update.
      Makefile clean-ups, crypto/bn/asm/alpha.s compiles on Alpha Linux.
      MacOS updates. Initial support for GUSI (MacOS socket implementation)     is added.
      Enhanced support for Alpha Linux. See CHANGES for details.
      Alpha Linux update companion.
      Metrowerks for Motorola tune-up.
      Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least     passes 'make test' now:-)
      Further work on MacOS port. See INSTALL.MacOS for details.
      Support for "multiply high" instruction, see BN_UMULT_HIGH comment in     crypto/bn/bn_lcl.h for further details. It should be noted that for     the moment of this writing the code was tested only on Alpha. If     compiled with DEC C the C implementation exhibits 12% performance     improvement over the crypto/bn/asm/alpha.s (on EV56 box running     AlphaLinux). GNU C is (unfortunately) 8% behind the assembler     implementation. But it's OpenVMS Alpha users who *may* benefit most     as 'apps/openssl speed rsa' exhibits 6 (six) times performance     improvement over the original VMS bignum implementation. Where "*may*"     means "as soon as code is enabled though #define SIXTY_FOUR_BIT and     crypto/bn/asm/vms.mar is skipped."
      New xcbc_ok test vector is required after the parity bits in cbc2_key     were fixed up. The catch is that in the DESX test the cbc2_key is used     as whitening key where *all* 64 bits are significant.
      Support for MacOS X (Rhapsody) is added. Also get rid of volatile     qualifier in asm definitions as it prevents compiler from moving     the instruction(s) during optimization pass.
      HP-UX tune-up: new unified configs, HP C compiler bug workaround.
      test_mont was exercising 100-bit multiplication modulus X*I-bit, where     X is 5120 on 32-bit and 151552 on 64-bit architectures and I varies     from 0 to 4. As result the test was *unreasonably* slow and virtually     impossible to complete on 64-bit architectures (e.g. IRIX bc couldn't     even swallow such long lines).
      New NO_INLINE_ASM macro. Primary target for the moment is Solaris x86     which can't stand GNU C assembler templates.
      Avoid GNU C assembler templates under Solaris x86.
      Move CAST_S_tables to read-only segment.
      Move initial key to read-only segment.
      Move primes to read-only segment.
      There're two (incompatible) ways to write multi-threaded programs under     IRIX, one is to call sproc(2) when every thread does get own pid and     POSIX threads when all the threads share same pid.
      Linux is almost the only one where getpid() == thread-id. IRIX is     another one, but only if you stick to sproc(2).
      BN_div_recp fix. I've ran divtest for 10 mins and it didn't exhibit a     single fault:-) Needless to mention that bnbug.c posted couple of days     ago passes as well...
      Statement that it fails only on 32-bit architectures isn't true.
      MacOS tidbits. Add new files to the project, update config.
      IRIX6* tests passed.
      More tests passed.
      MacOS pseudo-random entropy collector.
      GCC 2.95.2 from IRIX 6.5 -mabi=64 compiler bug workaround:-(
      MT-support for IRIX 6.x and Alpha-Linux
      Compaq C warns that "the expression 'p=scan_esc(p)' modifies the variable     'p' more than once without an intervening sequence point.  This behavior     is undefined." What it essentially complains about is 'p=p+=1'. Now it's     changed to 'p=p+1'...
      The IRIX fix. Asm recap and corresponding declation.
      Assembler support for IA-64. See the source code commentary for further     details (performance numbers and accompanying discussions:-). Note that     the code is not engaged in ./Configure yet. I'll add it later this week     along with updates for .spec file.
      Get rid of RAW dependency warnings.
      Get rid of "possible WAW dependency" warnings.
      This fixes "Spurious test failures on IRIX?" reported in April. Apparently     I was wrong in conclusions about when addition starts overflowing in combaX     routines.
      Missing line 0.9.6b release and IA-64 patch advertisement:-)
      Support for 64-bit Solaris build with GCC 3.0 and later. It should be     explicitely noted that 64-bit SPARCv9 ABI is not officially supported     by GCC 3.0 (support is scheduled for 3.1 release), but it appears to     work, at the very least 'make test' passes...
      Typo in stty command lines.
      Support for Intel and HP-UXi assemblers.
      Enhanced support for IA-64 Linux and HP-UX (as well as better support for     HP-UX in common in ./config). Note that for the moment of this writing     none of 64-bit platforms pass bntest. I'm committing this anyway as it's     too frustrating to patch snapshots over and over while 0.9.6 is known to     work.
      Just a "get to know your system" bit.
      linux64-sparcv9 support finally debugged and tested.
      Workaround for GCC-ia64 compiler bug.
      BN_sqr test failure entry.
      IA-32 assembler modules (primarily DES) PIC-ification. Idea is to keep     shared libraries shared.
      DES PIC-ification. Windows companion.
      x86_64 performance patch.
      New DETECT_GNU_LD procedure.
      Solaris shared build fix-ups. See RT#238,239 for details.
      As you might have noticed I tried to change for . prefix, because it's     the one to be used to denote local labels in single function scope.     Problem is that SHA uses same label set across functions, therefore I     have to switch back to $ prefix.
      Ooops! No ROTATE on some platforms after x86_64 performance patch...
      DES PIC-ification. "Cygwin" companion. Problem was that preprocessor macro     is not expanded if prepended with a $-sign.
      Always forget this one...
      'a=b c=$a; echo $c' doesn't necessarily prints "b", '' vs. "", $s in     Makefiles... I suppose it wasn't tested very much...
      Make "perl des-586.pl a.out" work, see RT#402
      Fix for RT#405, Solaris refuses to invoke preprocessor if egrep returns 1.     Linux for example doesn't exhibit this behaviour, but I add "exit 0" to all     potentially affected rules, just to be on the safe side.
      Better wording?
      Fix for "shift count too large" when compiling for hpux-parisc2 and     irix-mips. The bug was introduced with accelerated support for x86_64.     My fault! Fixed now.
      FAQ addenum as discussed in RT#417.
      UltraSPARC performance "tune-up."
      I can't confirm the claim being removed and nobody seems to speak up for it.
      It probably belongs in PROBLEMS, but it's more likely to be a FAQ.
      My English is definitely not good as my assembly skills:-) And it looks like     titles can't be multi-line...
      I implemented this when troubleshooting performance problem on SPARC Solaris.     As there is an apparent interest for optimization for footprint, I figured     that this can eventually become useful.
      Very old submission (from 2000) of UltraSPARC assembler DES implementation.     It was not accepted because code is not PIC, too UltraSPARC-specific when     it doesn't have to and 32-bit only. I'm committing the original version     mostly for reference purposes. 64, PIC, blended CPU tune-up follows shortly.     Obtained from: http://inet.uni2.dk/~svolaf/des.htm
      UltraSPARC assembler DES implementation tune-up. The code can be     compiled for any SPARC CPU (UltraSPARC performance is *not* affected),     can be compiled for 64-bit ABI and is position-independent.
      Complete integration of SPARC assembler DES implementation. Tested on Solaris     only. I'll keep my eyes open for Linux and OpenBSD targets.
      Support for Intel compiler. More details will be provided in closing note     for RT#17 as snapshot becomes available for download.
      HP/UX 11i make gets upset by this line containing nothing but a Tab
      pa-risc2.s was not PIC, see RT#426. I strip call to fprintf as it's     never called anyway (it's a debugging assertion). If pa-risc2W.s is     PIC remains to be seen...
      Support for ILP32 on HPUX-IA64.
      Unified targets for ELF assembler modules. Tested on Linux, Solaris and     FreeBSD. Goal is to extend support even to SCO5, UnixWare/OpenUnix...
      Redundant now as it's moved to ./Makefile.org.
      Oops! I've toasted Cygwin! Fixed now.
      GAS can't stand stub, which is stb's synonym.
      Another GAS fix-up and some commentary...
      Fix a typo.
      Finalizing asm support for UnixWare, SCO, OpenUnix... Note that I've     replaced #if logic around bn_sub_part_words in bn_mul.c. I rely upon     OPENSSL_BN_ASM_PART_WORDS being added by ./Configure script. Would it     still work on non-Unix platforms?
      At least OpenBSD implements PIC in the same way ELF does.
      Avoid unnecessary pollution of object module name table. Cygwin shared     build workaround (DJGPP swallows it too). One probably should do same     as with ELF calling it COFF, but I'm very short in COFF platforms, so     I just go for easy ad-hoc solution. I'll take care of merge to 0.9.7     later.
      Just an extra comment.
      OpenBSD FAQ update. Apparently gas from binutils-2.x makes it impossible to     use gcc -fPIC ... on OpenBSD-i386. Alternative solution is provided.
      Minor FAQ update
      Fix for AIX shared build, see RT#463.
      Caldera/SCO targets erroneously limit themselves to 386. See RT#464.
      -lresolv is not present on SCO Unix, RT#460.
      SCO target missed .so suffix.
      Oops! Missed closing quote... Didn't have time to verify before a snapshot     was cut...
      This is an *initial* tune-up. This update puts Itanium2 back on par with     Itanium. I mean if overall performance improvement over C version was X     for Itanium, it's X even for Itanium2.
      Suggestion was to change ${MACHINE} to i586 in lines in question. Well,     "whatever" doesn't the same (avoids 386 being passed to ./Configure),     consistent with other elder SCO targets and denotes that we probably     shouldn't care much about every out-of-date platform.
      The patch speaks for itself.
      Workaround for lame compiler bug introduced in "CPU pack" for MSVC6SP5.
      Provide "dummy" &main::picmeup even in Windows perlasm modules.
      ./config failed to correctly detect if gcc uses 64-bit ABI on HP-UX.     PR: 772
      hpux64-parisc2-gcc target added. Once it is verified, ./config should     be modified to choose it instead of hpux64-parisc-gcc, which should     then be removed. hpux64-parisc-cc is removed already now as redundant     [in case you wonder, 64-bit HP-UX ABI *implies* PA-RISC2.0].
      SHA-1 assembler tune-up for Intel P4
      Get rid of bogus warning when compiling with Sun vendor compiler.
      Fix declaration inconsistency in ecparam.c.
      Even though C specification explicitly says that constant type "stretches"     automatically to accomodate the value, some compilers fail to do so. Most     notably 0x0123456789ABCDEF should come out as long long in 32-bit context,     but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m)     arithmetics in hpux-parisc2-cc build. Therefore this fix...
      CFB DES sync-up with FIPS branch.
      #undef _POSIX_C_SOURCE in ui_openssl.c ruined IRIX builds. Comment on why     _POSIX_C_SOURCE needed in first place.
      HP/UX PA-RISC 2 targets update.
      Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl
      Typo in crypto/bn/asm/x86_64.c, bn_div_words().     PR: 821
      IRIX 6.x shared build fix-up.
      This is essentially Intel 32-bit compiler tune-up. To start with all     available compiler versions generated bogus machine code trying to     compile new crypto/des/cfb_enc.c. Secondly, 8th version defines     __GNUC__ macro, but fails to compile *some* inline assembler correctly.     Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,     which is used now instead of offensive asm. Finally, unnecessary linker     dependencies are eliminated. Most notably dependency from libirc.a     caused trouble at application start-up, if libcrypto.so is linked with     -Bsymbolic (which it is).
      Improved PowerPC support. Proper ./config support for ppc targets,     especially for AIX. But most important BIGNUM assembler implementation     submitted by IBM.
      Oops! Typo in ./config...
      Support for IA-32 SSE2 instruction set.
      SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper     config and run-time support is added.     PR: 788     Submitted by: <dean at arctic.org>     Reviewed by: <appro>
      SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and     is subject to change as C implementation is added...
      SHA-224/-256/-384/-512 implementation. This is just sheer code commit.     Makefile modifications, make test, etc. will appear later...
      CHANGES to mention improved PowerPC platform support.
      size_t-fication of message digest APIs. We should size_t-fy more APIs...
      Make reservations for FIPS code in HEAD branch, so that the moment FIPS     comes in we have required macros in place.
      Final API adaptation. Final, "all openssl" performance numbers [not mixture     of different implementations]. Real-life performance improvement is rated     at 2-3x, not 6x as preliminary announced.
      Stress collector/padding function.
      SHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2     code, Makefile update.
      While size_t-fying let's not forget to update documentation:-)
      SHA-256/-512 test and benchmark.
      Framework for glueing BIO layer and Win32 compiler run-time. Goal is to     make it possible to produce for a unified binary build, which can be     used with a variety of Win32 compilers.
      Documentation note for Win32 glue between BIO layer and compiler run-time.
      SHA-224 test vectors added.
      Attempt to unify hpux-shared rules. More adjustments might be required     after more tests...
      Eliminate compiler warnings and throw in performance table.
      Make sure we return 0 if test passed.
      Unified hpux-shared rule. Verified with both 32- and 64-bit builds and     both vendor and GNU compilers. ./engine shared build are still busted.     I mean always were...
      hpux-shared rules to cover even for GNU ld.
      gcc -Wcast-qual clean-up.
      Typo in linux-ppc64 target.
      Kill unused macro and reimplement it for that single context it can     actually be used, namely x86* platforms [because they don't bomb on     unaligned access]. This resulted in 30-40% [depending on message     length] improvement for SHA-256 compiled with gcc and running on P4.     In the lack of assembler implementation I give the compiler all the     help it can possibly get:-)
      Final SHA-256/-512 touches. Extra md_len field in SHA[256|512]_CTX     reserves for truncated hash function output mode and makes SHA224     thread-safe. Next stop is integration with EVP and we're done...
      Typo in commentary section.
      Make sha-256/-512 naming in speed.c consistent with their names as they     will appear at EVP leyer.
      objects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear     "draft," but we have to start somewhere...
      EVP bindings to new SHA algorithms.
      Extend HMAC_MAX_MD_CBLOCK to accomodate SHA-512.
      Mention new SHA algorithms in CHANGES. This completes the integration.
      Working on HP-UX shared support...
      32-bit PA-RISC requires -Bsymbolic when linking libcrypto.sl. Without     this flag RAND_poll ends up in end-less loop calling RAND_add. But     don't ask me why...
      Minimal work-around for ./engine shared builds. "Minimal" means that I     think that proper Makefile clean-up is required.
      SHA fails to compile on x86_64 if compiled with custom flags, without     recommended -DMD32_REG_T=int in particular.     PR: 893     Submitted by: Michal Ludvig <michal-list at logix.cz>
      New scalable bn_mul_add_words loop, which provides up to >20% overall     performance improvement. Make module more gcc friendly and clarify     copyright issues for division routine.
      New SHA algorithms  assembler implementation for IA-64. Note that despite     module name both SHA-256 and SHA-512 are supported.
      AES assembler implementation for IA-64. Note that there is no anchor from     C code yet...
      Minor (+12% on P4) performance tweak for sha512_block_sse2.
      RC4 tune-up for AMD64. Performance improvement of 2.22x is measured for     linux-x86_64 target.
      Integration of RC4 AMD64 module.
      IA-64 is intolerant to misaligned access. It was a problem on Win64 as     we were mislead by _MSC_VER macro, which is defined by *all* Windows     Microsoft compilers.
      Add licensing terms.
      Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes.     I also used this opportunity to clean up some out-of-date targets and     re-group targets by OS.
      Type in Configure and TABLE update.
      Anchor AES and SHA-256/-512 assembler from C.
      Make rand_win.c UNICODE savvy.
      All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and     SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'.
      Run SHA-256/-512 tests through EVP...
      EVP_Digest is size_t-fied, clean up test programs accordingly.
      #include <limits.h> is required at least on HP-UX and IRIX. And what's     with HP-UX offering 14 for NAME_MAX?
      WinCE should always be compiled as UNICODE, even debugging version...
      Adapt rc4-amd64.pl for Win64/AMD64 assembler.
      Win64 placeholder targets. This is merely naming suggestion. As we know     Win64 comes in two flavors, IA-64/Itanium and AMD64/Opteron. The     suggestion is to refer to former as WIN64I and latter - WIN64A
      VC-NT was taken away by mistake, putting it back...
      Various IA-64 assembler fix-ups.
      Build-n-link new IA-64 modules on Linux and HP-UX.
      TABLE update.
      Minor HP-UX make update. IA-64-based HP-UX favor .so extension for shared     libraries. Old .sl extension works just fine, but it .so which is default.
      Typos and due casts. As for the latter. It's "safe" to cast as below,     because "wrong" casts will either be optimized away or never performed.
      Some compilers are just too whiny. DEC C doesn't like long long...
      Some compilers are just too whiny. Nothing makes Microsoft compiler     stop complaining about loss of precision, but explicit cast.
      Make SHA-256/-512 optional. Note that no-sha switches off *all* SHA.
      'apps/openssl dgst -help' update and minor apps/speed.c update.
      Minor 64-bit md32_common.h update and minor unsignification of digests.
      Stricter boundary condition check in HMAC_Init_ex.
      Make bio_ok.c 64-bit savvy.
      Typos, typos...
      Make bio_ok.c Microsoft compiler savvy.
      Zero key-length for HMAC is apparently OK.
      Add framework for yet another assembler module dubbed "cpuid." Idea     is to have a placeholder to small routines, which can be written only     in assembler. In IA-32 case this includes processor capability     identification and access to Time-Stamp Counter. As discussed earlier     OPENSSL_ia32cap is introduced to control recently added SSE2 code     pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the     code is operational on ELF platforms only. I haven't checked it yet,     but I have all reasons to believe that Windows build should fail to     link too. I'll be looking into it shortly...
      This is so to say "damage control" for jumbo "cpuid" patch, see     http://cvs.openssl.org/chngview?cn=12493. Now all platform should     be operational, while SSE2 code pathes get engaged on ELF platforms     only.
      DLLEntryPoint is a collective name, not what linker looks for. However,     if we explicitly intruct the linker to set entry point, then we become     obliged to initialize run-time library. Instead we can pick name run-time     will call and such name is DllMain. Note that this applies to both     "native" Win32 environment and Cygwin:-)
      Deprecate cpp and gaswin targets. New coff fills in for gaswin, but cpp is     going out...
      Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified"     COFF and a.out targets [similar to ELF targets]. You might notice some     rudementary support for shared mingw builds under cygwin. It works (it     produces cryptoeay32.dll and ssleay32.dll with everything exported by     name), but it's primarily for testing/debugging purposes, at least for     now...
      OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted...
      Cygwin fix-up for shared build.
      VIA C3 processor extends IA-32 instruction set with instuctions     performing AES encryption in hardware, as well as one accessing     hardware RNG. As you surely imagine this engine access this     extended instruction set. Well, only AES for the moment, support     for RNG is to be added later on...     PR: 889     Submitted by: Michal Ludvig <michal at logix.cz>
      Minor clean-up to make Microsoft compiler shut up.
      Avoid a.out name table pollition.
      If they ask for 386, keep it as 386 as possible...
      Padlock engine update to fix a typo in MSC assembler and to address     potential corruption problem if user manages to inter-leave aligined     and misaligned requests [as well as some MSC-specific tweaks].
      Make aes_ctr.c 64-bit savvy.
      Minor VIA Padlock engine update: eliminate -Wunused warning when *not*     compiling the engine and inline memcpy in performance critical pathes.
      crypto/perlasm update primarily to unify Netware modules. Once it's verified     x86*_nw.pl will be deleted. In addition this update implements initseg     on several additional [in addition to ELF] platforms. Functions registered     with initseg are supposed to be called prior main().
      Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff.
      OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a     symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter     is the only one to be exported to application.
      Proper support for OpenBSD-i386 shared build, including assember modules!     "Proper" means "compiles and passes test." Versioning is broken (I think).
      TABLE OpenBSD-i386 update
      x86 assembler updates: more instructions, new OPENSSL_instrument_halt     [for DJGPP]...
      Make VIA Padlock engine more platform friendly and eliminate compiler     warning.
      sha256_block advances the input pointer double as fast sometimes. Fix the     bug and test that it's actually gone.     PR: 950
      SHA1 asm Pentium tune-up. Performance loss is not as bad anymore.
      Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid     "remaining relocations" in assembler modules. The latter seems to     be new behaviour, elder as/ld managed to resolve this relocations     as internal. It's possible to address this problem differently,     but I settle for -Bsymbolic...     PR: 546
      As was shown by Marc Bevand reordering of couple of load operations     results in even higher performance gain of 3.3x:-) At least on     Opteron...
      RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's     apparently impossible to compose blended code with would perform     satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR     code-path is introduced and P4 core is detected at run-time. This     way we keep original performance on non-P4 implementations and     turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
      linux-x86_64 didn't link after EM64T RC4 tune-up...
      RC4 IA-64 assembler implementation.
      Engage RC4 IA-64 assembler module.
      Summarize recent RC4 tune-ups.
      perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.
      Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.
      sha1_block_asm_data_order can't hash if message crosses 2GB boundary.
      Add 0.9.7 specific comments to RC4 assembler modules.
      I've introduced a bug to i386 RC4 assembler, which would emerge with     certain mix of calls to RC4 routine not covered by rc4test.c.     It's fixed now. In addition this patch inadvertently fixes minor     performance problem: in 0.9.7 context P4 was performing 12% slower     than the original implementation...
      Fix rc4-ia64.S to pass more exhaustive regression tests.
      Extend RC4 test.
      SHA1 assembler for IA-64.
      Engage SHA1 IA64 assembler on IA64 platforms.
      Solaris x86 perlasm update.
      Refine PowerPC platform support.
      AES x86 assembler implementation.
      Eliminate copies of TeN and TdN, use those found in assembler module.
      x86 perlasm update to accomodate aes-586.pl.
      Engage AES x86 assembler module on ELF platforms.
      Engage AES x86 assembler module for COFF and a.out targets.
      Eliminate redundant memcpy of IV material. Performance improvement varies     from platform to platform and can be as large as 20%.
      Remove yet another redundant memcpy. Not at least performance critical,     essentially cosmetic modification...
      Remove CPU detect for IRIX targets. Performance gain is less than 1%,     it makes more sense to strive for broader binary compatibility...
      As new major IRIX release is highly unlikely to appear [and break following],     I change from -notall to -none synonym in irix rules to improve backward     compatibility with IRIX 5.x.     PR: 987
      Minor cygwin update.     PR: 949
      Oops-kind typos in aes-ia64.S...
      AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1     performance, but anyway...
      Minor AES x86 assembler tune-up.
      Commentary update for AES IA-64 assembler module.
      Remove naming conflict between variable and label.
      Fix Win32 test-suit.
      Make whiny compilers stop complaining about missing prototype.
      Borrow #include <string[s].h> from e_os.h.
      DJGPP update.     PR: 989     Submitted by: Doug Kaufman
      Permit "monolithic" AES assembler implementations, i.e. such which would     replace *whole* aes_core.c, not only AES_[de|en]crypt routines.
      DJGPP documentation note update.
      FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.     Well, no-options seem to be busted in HEAD currently, which should/will be     fixed one way or another (see PR#989 for a possible alternative).
      O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.     PR: 998
      Fix an "oops" typo! Well, it was a debugging left-over...
      "Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better     performance on recent microarchitectures.
      Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX     environments.
      INSTALL.DJGPP sync.     PR: 989
      Don't zap AES CBC IV, when decrypting truncated content in place.
      Reserve for AES CBC assembler implementation...
      Fix a typo in a.out assembler modules.
      Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark.
      Bug-fix in CBC encrypt tail processing and commentary section update.
      linux-parisc update.     PR: 990     Submitted by: Mike Frysinger <vapier at gentoo.org>
      linux-arm target update.     PR: 991
      Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for     hand-coded zero-copy AES_cbc_encrypt.
      Default to AES u32 being unsinged int and not long. This improves cache     locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-).     The choice is guarded by newly introduced AES_LONG macro, which needs     to be defined only on 16-bit platforms which we don't support (not that     I know of). Meaning that one could as well skip long option altogether.
      Fold a bunch of linux and *BSD targets into [linux|BSD]-generic[32|64].     Idea is to provide unified "fall-down" case for all rare platforms out     there. ./config is free to enable some optimizations, such as endianness     specification, specific -mcpu flags...
      ./Configure to respect $thread_cflag variable.
      FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after     http://cvs.openssl.org/chngview?cn=12843.
      Please BSD make...
      Respect the fact that most interactive shells don't restore stty settings     and make it work in non-interactive mode...
      Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms     and SafeDllSearchMode in Windows.
      Shut whiny make's up.
      Drop redundant -lc from a number of rules in Makefile.shared. It's     perfectly safe [compiler driver adds it] and in some situation even     perfectly appropriate [mixing -pthread and -lc on FreeBSD can have     lethal effect on apps/openssl]. I'd say we should get rid of more,     but I remove those I can test myself...
      Mention no-sse2 option in INSTALL note.
      Make util/shlib_wrap.sh [Open]BSD-friendly.
      Make Makefile.shared BSD make-friendly, remove more redundant -lc, set up     OBJECT_MODE for AIX.
      Reliable BSD-x86-elf detection in ./config.
      This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF     and GNU binutils, but kept BSD make... And I took the opportunity to     unify other targets to this common least denominator...
      Remove unused assembler modules.
      Avoid re-build avalanches with HP-UX make.
      Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32.
      Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially     introduced for a reason [like bug in initial gcc port], but proposed     =&r is treated correctly by senior 3.2, so we can assume it's safe now.     PR: 1031
      Some non-GNU compilers (such as Sun C) define __i386.
      Solaris x86 linker erroneously pads .init segment with zeros instead of     nops, which causes SEGV at startup. So I don't align anymore.
      Extend Solaris x86 support to amd64.
      +45% RC4 performance boost on Intel EM64T core. Unrolled loop providing     further +35% will follow...
      Harmonize cygwin/mingw and VC targets.
      Implement OPENSSL_showfatal and make it Win32 GUI and service aware     [meaning that it will detect in which context application is running     and either write message to stderr, post a dialog or log an event].
      Recognize MSYS/MINGW environment.
      Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and     OPENSSL_stderr stub.
      Parameterize do_solaris rules in Makefile.shared.
      Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs.
      Fix typos.
      Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL.
      Final(?) touches to mingw shared support.
      Addenum to http://cvs.openssl.org/chngview?cn=13054.
      More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more...
      Final touch to mingw shared.
      Fix for bug emerged in openvpn conext.
      Prototype mnemonics in padlock_verify_context for better portability     [read support for Solaris assembler].
      Mitigate cache-timing attack in CBC mode. This is done by implementing     compressed tables (2x compression factor) and by pre-fetching them into     processor cache prior every CBC en-/decryption pass. One can argue why     just CBC? Well, it's commonly used mode in real-life applications and     API allows us to amortize the prefetch costs for larger data chunks...
      Throw in x86_64 AT&T to MASM assembler converter to facilitate development     of dual-ABI Unix/Win64 modules.
      Avoid aliasing between stack frames and S-boxes. Compress prefetch code.
      Avoid L1 cache aliasing even between key and S-boxes.
      Pointer to BN_MONT_CTX could be used uninitialized.
      Fold rules in test/Makefiles [from stable].
      Allow for ./config no-sha0 [from stable].
      Cygwin/mingw sync with stable.
      Remove false positives and resolve some of remaining ones.
      x86_64 assembler translator update.
      Rename amd64 modules to x86_64 and update RC4 implementation.
      Cpuid modules updates.
      Commentary update.
      Cygwin doesn't expose Win32 [not "officially"].
      Throw in md5-x86_64 assembler.
      Engage md5-x86_64 assembler module.
      Cvs missed adapted module itself, here it goes...
      x86_64 assembler translator update.
      Commentary update motivating code update in 0.9.7.
      Fix constants.     PR: 1059
      x86_64 assembler translator update.
      Eliminate "statement with no effect" warning when OPENSSL_assert macro     is used with constant assertion.
      Allow for 64-bit cache-line alignments in code segment.
      Comply with optimization manual (no data should share cache-line with code).
      Fool-proofing Makefiles
      +20% performance improvement of P4-specific RC4_CHAR loop.
      Consolidate BUILDENV [idea is to keep all variables in one place].
      Simplify shared rules, link run-path into applications only.
      Make Makefile.shared quiet again.
      Further BUILDENV clean-up, 'make depend' is operational again.
      Further BUILDENV refinement, further fool-proofing of Makefiles and     [most importantly] put back dependencies accidentaly eliminated in     check-in #13342.
      Improve shell portability of new rules in Makefile.shared.
      Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h     first everywhere in crypto and skip stdio.h and string.h [because it     includes them].
      Disclaim 16-bit support.
      OPENSSL_Applink update.
      mdc2test is not built by default anymore.
      Keep disclaming 16-bit support.
      Engage Applink for VC builds.
      Engage Applink in mingw. Note that application-side module is not     compiled into *our* aplpications. That's because mingw is always     consistent with itself. Having library-side code linked into .dll     makes it possible to deploy the .dll with user-code compiled with     another compiler [which is pretty much the whole point behind Applink].
      Don't emit SSE2 instructions unless were asked to.     PR: 1073
      FAQ update to mention Applink.
      FAQ to mention no-sse2.
      Move _WIN32_WINNT definition from command line to e_os.h. The change is     inspired by VC6 failure report. In addition abstain from taking screen     snapshots when running in NT service context.
      Default to no-sse2 on selected platforms.
      Still SEGV trouble in .init segment under Solaris x86...
      OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to     make no-sha512 more effective on platforms, which don't support 64-bit     integer type of *any* kind.
      Be more consistent with OPENSSL_NO_SHA256.
      Platform update from 8-stable.
      Platform update from 8-stable.
      Fix typo in ./config.
      Missing sparcv8.o rule.     PR: 1082
      Mention more GCC bugs in ./PROBLEMS.
      "Show" more respect to no-sha* config options.     PR: 1086
      PSS update [from 0.9.7].
      Fix inconsistensy between 8 and HEAD.
      ./PROBLEMS to mention workarounds for ULTRIX build problems.     PR: 1092
      Unify BSDi target.
      New function, DSO_pathbyaddr, to find pathname for loaded shared object     by an address within it. Tested on Linux, Solaris, IRIX, Tru64, Darwin,     HP-UX, Win32, few BSD flavors...
      Change mention of Makefile.ssl to Makefile.
      FAQ to mention no-sha512 as option for compilers without support for 64-bit     integer type.
      Allow BIO_s_file to open and sequentially access files larger than 2GB on     affected platforms.     PR: 973
      "Liberate" dtls from BN dependency. Fix bug in replay/update.
      Allow for dso load by explicit path on HP-UX.
      Eliminate gcc -pedantic warnings.
      Handle wrap-arounds and revive missing assignment.
      Solaris x86_64 /usr/ccs/bin/as support.
      Refine ELF detection on BSD platforms.
      Fix typo in ssl/d1_pkt.c.
      Solaris-specific Makefile.shared update from 098.
      TABLE was out-of-sync.
      no-asm didn't prevent make from compiling assembler modules.
      Jumbo Makfiles update.
      HP-UX specific updates to Makefile.org and Makefile.shared.
      Rename mips3.o to bn-mips3.o [it's better in long run] and adjust the     rule to accomodate gcc4, which no longer support SGI as.
      Typo in bn-mips3 rule.
      Missed -c in IRIX rules.
      Darwin specific update for Configure and Makefile.shared.
      Replace emms with finit in x86cpuid.
      Omit padding in RC4_KEY on IA-64. The idea behind padding was to reserve     room for aligning of the key schedule itself [specific alignment is     required for future performance improvements], but OpenSSH "abuses"     our API by making copies and restoring RC4_KEY, thus ruining the     alignment and making it impossible to recover the key schedule.     PR: 1114
      Minimum requirement for Solaris x86 was always Pentium. Reflect this in     Configure line. TABLE update accomodates other recent ./Configure changes...
      Minor (final?) Makefiles polish.
      Unify some SCO targets.
      Fix typos in apps/apps.c
      Eliminate dependency on UNICODE macro.
      Mention hpux64-ia64-cc blowfish failure in PROBLEMS.
      A report suggests that there're nasm version, which defaults to 16-bit     segmenting...
      Replace _int64 with __int64, which is more widely accepted among Win32     compiler vendors.
      AES_cbc_encrypt to allow end-user to retain small blocks performance by     aligning the key schedule in a specific manner.
      Typos in commentary section.
      Pedantic polish to aes-586.pl:-)
      Decimal printout of a BN is wrong on PPC, it's sparse with very few     significant digits. As soon it verifies elsewhere it goes to 0.9.8 and     0.9.7.
      More elegant solution to "sparse decimal printout on PPC" problem.
      Trap condition should be 64-bit when it's due.
      Fix bugs in bug-fix to x509/by_dir.c.     PR: 1131
      Pull up Win64 support from 0.9.8.
      CHANGES and TABLE sync with 0.9.8.
      Latest Intel compiler means every word in "if copying [with memcpy] takes     place between objects that overlap, the behavior is undefined." It's hard     to comprehend, but it reportedly manages to be case.
      AES x86_64 assembler implementation.
      complementary x86_64-xlate.pl update.
      Commentary section update.
      ~15% better AES x86_64 assembler.
      Fix unwind directives in IA-64 assembler modules. This helps symbolic     debugging and doesn't affect functionality.
      Unrolled RC4 IA-64 loop gives 40% improvement over current assembler     implementation [as predicted].
      This update implements following improvements.
      Switch to new RC4 IA-64 module.
      Retire original rc4-ia64.S.
      MD5 IA-64 assembler implementation. Original copy for reference purposes.
      This update gets endianness-neutrality right and adds second required     entry point, md5_block_asm_data_order.
      Engage MD5 assembler module.
      Fix bug [SHA1 IA-64 being disabled] introduced with Stratus VOS update.     PR: 1130
      Perl stylistic/cosmetic update for aes-x86_64.pl.
      Typo in version number.
      Pedantic polish to rc4-ia64.pl.
      Syncronize BSD-ia64 with other IA64-based platforms.
      Pedantic polish to md5-ia64.S.
      Pedantic polish to aes-ia64 and sha512-ia64.
      SHA-256/-512 x86_64 assembler module.
      Engage SHA-256/-512 x86_64 assembler module.
      Eliminate gcc warning in dso_win32.c.
      Pull up mkdef.pl from 0.9.8.
      Unify VC-32.pl and VC-CE.pl scripts and update INSTALL.W32.
      Commentary section update in sha512-x86_64.pl.
      Fix #if _MSC_VER clause in aes_locl.h
      Eliminate dependency on 3rd party wcedefs.mak.
      Implement complementary LoadLibraryA shim under WCE.
      Type in OSF1 platform name.
      Eliminate bogus #if WCEPLATFORM!=MS_HPC_PRO [which by the way unconditionally     invalidated the whole clause] and replace it with #if _WIN32_WCE>=210.
      Stick to -DWCE_PLATFORM_$wceplatf, as that's what is apparently set by     Visual Studio IDE.
      Optimize for space on embedded WCE.
      Keep disclaiming 16-bit support.
      WCE-specific fix for cryptlib.c.
      WCE-specific update for VC-32.pl.
      Abstain from GUI calls in rand_win.c in NT service context.
      PIC-ify SPARC assembler in alternative manner to eliminate dependency on     OPENSSL_PIC macro.
      WCE update, mostly typos.
      3-4 times better RSA/DSA performance on WIN64A target. Well, on AMD64 CPU,     EMT64T will hardly exhibit better performance...
      Final(?) WinCE update.
      Add support for more recent WCE SDK.
      Suppress "deprecated" warnings introduced in VC8.
      Fix Intel assembler warnings.
      Mention wcecompat update INSTALL.WCE.
      Fix typo in WCE section in VC-32.pl
      Pedantic polish to WCE-specific #if clause in ectest.c
      Eliminate reference to removed platform line.
      bswapl usage should be masked by I386_ONLY.     PR: 1195
      Oops-type typo.     PR: 1195
      Missing space in VC-32.pl.
      Another missing space in VC-32.pl [from 0.9.8].
      Mention BN_sqr failure on x86 platforms in ./RPOBLEMS.     PR: 1176 [and others]
      Proper solution to nasm compilation problems in Borland context.
      BC-32.pl updates.
      Refine AIX support.     PR: 1198
      MD5 x86_64 assembler update.
      Fix typo: "powepc" vs "powerpc." G-r-r-r-r.     PR: 1198
      IA-32 BN tune-up. Performance imrpovement varies with platform and     keylength, this time larger improvement for shorter keys, and reaches     15%. Both SSE2 and IALU code pathes are improved.
      "Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.     PR: 1196     Submitted by: Russel Ruby
      Latest MSVCR80 doesn't tolerate unsupported signal numbers, throwing     fatal exceptions.
      Broaden compatibility among Windows SDK versions. Elder versions don't have     ULONG_PTR, so we replace it with equally wide SIZE_T.
      Fix SunOS 4 building issue.     PR: 1196
      Fix missing applink call.
      Fix typo.
      Add reference implementation for bn_[mul|sqr]_mont, new candidates for     assembler implementation.
      Reserve for SMALL_FOOTPRINT bn_asm.c. Currently OPENSSL_SMALL_FOOTPRINT     is defined on Windows CE targets.
      Fix typo in exptest.c.
      Zap DES_UNROLL when SMALL_FOOTPRINT is in effect.
      Fix typo in INSTALL.WCE.
      Mention "no-dso doesn't remove -ldl" in PROBLEMS.     PR: 1160
      Leave the decision to call/implement bn_sqr_mont to assembler developer.
      Refine logic in bn_mont.c and eliminate redundant BN_CTX pulls.
      Throw in Montgomery multiplication assembler for x86_64.
      x86_64-mont.pl readability improvement.
      Throw in bn/asm/x86-mont.pl Montgomery multiplication "teaser".
      Add timestamp to x86-mont.pl.
      Broaden compatibility amount Win32 headers even further [some don't have     SIZE_T].
      Fix bug in SMALL_FOOTPRINT path and clarify comment.
      Make sure x86-mont.pl returns zero even if compiled with no-sse2.
      Flip saved argument block and tp [required for non-SSE2 path].
      Yet another "teaser" Montgomery multiply module, for UltraSPARC. It's not     integrated yet, but it's tested and benchmarked [see commentary section     for further details].
      util/pl/OS2-EMX.pl sync.
      Add rudimentary aix64-gcc target.
      Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES.
      Add support for 32-bit ABI to sparcv9a-mont.pl module.
      Eliminate gcc warning in bn_mont.c.
      bn_asm.c update.
      Integrate sparcv9a-mont.pl into UltraSPARC builds.
      Clarify binary compatibility with HAL/Fujitsu SPARC64 family.
      Move DES_SPtrans to where it really belongs, dec_enc to be specific.
      Eliminate ~3.5KB of duplicate code in des-586.pl and reserve for folded     loop option, which can give further 3KB code reduction.
      Fix typos in macos x targets.
      Eliminate false preprocessor dependencies introduced with VOS support.
      +20% SHA512 performance improvement on x86.
      Fix install problems on MacOS X and HP-UX.     PR: 1218,1185
      Add -install_name in link_a.darwin rule.     PR: 1218
      Make pshufw optional and update performance table in sha512-sse2.pl     [as per http://cvs.openssl.org/chngview?cn=14551].
      Disable BIO_s_fd on CE and disable fd:N as password passing option on     all _WIN32 [see commentary for clarification].
      Reserve for OPENSSL_NO_POSIX_IO macro which is to eliminate references     to open/read/write/close. First OPENSSL_NO_POSIX_IO target would be     Windows CE.
      Mask libcrypto references to stat with OPENSSL_NO_POSIX_IO.
      Get rid of arcane reference to _fmode in apps/apps.h. Binary open is     handles properly by bss_file.c, which renders _fmode redundant.
      Make cygwin work in directories mounted with 'text' attribute.
      Engage OPENSSL_NO_POSIX_IO on Windows CE.
      Eliminate dependency on read/write/stat in apps under _WIN32.
      Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for     all Windows targets.
      Eliminate crypto/tmdiff.[ch].
      Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it     temporarily[!] removes support for couple of esoteric platforms [well,     Netware, vxWorks and VMS].
      Fix newly introduced typos and warnings in ./apps.
      x86_64-xlate.pl commentary section update.
      The typos never stop. Fix one in apps/apps.c.
      Keep removing references to tmdiff.
      Revive app_tminterval for VMS.
      Revive app_tminterval for vxworks.
      Revive app_tminterval for Netware.
      First draft for WCE PortSDK support. Once again! It's *draft* which requires     more work, i.e. more modifications are due...
      Eliminate VC compiler warning.
      Address MASM-specific problems introduced with     http://cvs.openssl.org/chngview?cn=14547.
      Move declaration for optional bn_mul_mont to bn_lcl.h in order to hide     it from mkdef.pl.
      One of Win64 rules lacked bufferoverflowu.lib.
      Improve cross-compiler portability of applink.c module and mention     CRYPTO_malloc_init in FAQ.
      Tidying up WinCE support.
      Minor perlasm clean-up.
      AIX -blibpath is not accumulative, one apparently has to specify even     self-obvious /usr/lib:/lib.     PR: 1239
      Mention PROBLEMS in FAQ.
      Avoid end-less loop when libcrypto.a is manually deleted, but 'make clean'     was not executed. It doesn't excuse user from running 'make clean', it     simply avoids process table exhaustion.     PR: 1236     Submitted by: Michael Richardson
      Throw in comment so that one doesn't get tempted to optimize it away.
      Attempt to resolve sporadic SEGV crashes in bn_sub_words in OpenSSH. I'm     baffled why it crashes and does it sporadically...
      Apply "better safe than sorry" approach after addressing sporadic SEGV in     bn_sub_words to the rest of the sparcv8plus.S.
      Keep shutting up VC8.     PR: 1243
      Whirlpool hash implementation. The fact that subdirectory and .h file are     called whrlpool is not a typo, but a way to keep the names shorter than     8 characters. Remaining TODO list comprises adding OID, EVP, corresponding     flag to apps/openssl dgst, benchmark, engage assembler...
      Add missing Makefile and fix couple of typos in commentary.
      Remove development leftover from whrlpool/asm/wp-mmx.pl.
      Add Whirlpool OID.
      Fix typos in wp-mmx.pl.
      Adapt Whirlpool API for EVP.
      Add Whirlpool to EVP.
      Mention Whirlpool in dgst -help.
      Whirlpool for x86_64.
      x86cpuid.pl update.
      Couple other benchmark comparisons for wp-x86_64.pl.
      Fix typos in wp-mmx.pl.
      Support for indirect calls in x86 assembler modules.
      Initial draft for AES for UltraSPARC assembler.
      Revoke the option to share AES S-boxes between C and assembler. It wastes     space, but gives total flexibility [back].
      Engage AES for UltraSPARC in sparcv9 targets.
      Minor aes-sparcv9.pl optimization.
      Allow for bn(64,32) on LP64 platforms.
      Switch 64-bit sparcv9 platforms from bn(64,64) to bn(64,32). This doesn't     have impact on performance, because amount of multiplications does not     increase with this switch, not on sparcv9 that is. On the contrary, it     actually improves performance, because it spares a load of instructions     used to chase carries. Not to mention that BN assembler modules can be     shared more freely between 32- and 64-bit builts.
      Add IALU-only bn_mul_mont for SPARCv9. See commentary section for details.
      sparccpuid module update.
      To exclude contention for shared FPU on T1, trade 3% of DES performance.
      Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and     keep disclaiming narrower than 32-bit support.
      We all make typos:-) Fix just introduced ones in bn.h
      Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES.
      Allow for warning-free passing of -Wl options on config command line. One     possible usage is to pass -Wl,-z,-noexecstack on Linux to ensure the stack     is marked non-executable. Well, -Wa,--noexecstack works fine too...
      Make room for Whirlpool assembler in Configure.
      Engage Whirlpool assembler and mention Whirlpool in CHANGES.
      Make framework for Whirlpool assembler flexible.
      Unify sparcv9 assembler naming and build rules among 32- and 64-bit builds.     Engage run-time switch between bn_mul_mont_fpu and bn_mul_mont_int.
      Fix typos in osf1 shared rules.     PR: 1248     Submitted by: Nikola Milutinovic
      Make bio.h resistant to gnu-ish __attribute__ redefenitions.     PR: 1252
      Put back OPENSSL_SYS_MSDOS definition to revive DJGPP built.     PR: 1247
      Missing CFLAG in couple of depend: targets.     PR: 1247     Submitted by: Doug Kaufman
      Keep disclaiming 16-bit platform support. For now remove WIN16 references     from .h files...
      Typo in sparcv8cap.c.
      Eliminate possible mapping leak.
      As SPARCV9 CPU flavor is [expected to be] detected at run-time, we can     afford to relax SPARCV9/8+ compiler command line and produce "unversal"     binaries as we used to.
      Lower PADLOCK_CHUNK till value, which doesn't affect the benchmark results.     Well, it's even contrary, 512 was observed to *improve* performance by 5%.     Excuse ourselves from treating C7 specially.
      Minor sparcv9 clean-ups.
      Fix CFB and OFB modes in eng_padlock.c. Engine was consistent with itself,     but not interoperable with the rest of the world. test_padlock script is     added mostly for reference.
      Add DSO_global_lookup_func implementation. See commentary in dso_lib.c     for further details.
      Oops! Remove junk...
      Fix mapping "leak" in newly introduced win32_globallookup.
      util/mkerr.pl update to address various mkerr.pl problems [such as failure     to handle multi-line comments and endless loop while parsing overloaded     gnu-ish __attribute__].
      "Relax" prototype and rename DSO_global_lookup_func to DSO_global_lookup.
      Make b_sock.c IPv6 savvy.
      Typo in win32_globallookup.
      ./util update, which covers various issues, but most importantly mkerr.pl     and mkdef.pl spinning in endless loop.
      Fix typo and purify logic in b_sock.c
      Compile Windows with winsock2.h. But note that we still link with wsock32!     This works because wsock32 commonly loads ws2_32 anyway and we [intend to]     check upon presense of winsock2-specific API at run-time.
      Refine login in b_sock.c.
      SHA-1 for x86_64.
      Yet another "teaser" Montgomery multiplication module, for PowerPC.
      SHA1 for PowerPC.
      Typo in linux-ppc line.
      PPC assembler distiller update.
      Minor PPC assembler updates.
      Futher minor PPC assembler update.
      Tiny up hpux targets.
      Tune up AES CFB. Performance improvement varies from 10% to 50% from     platform to platform. Its absolute value is within few percents     marginal from that of ECB.
      Minor sha1-ppc.pl update.
      Add sha512-ppc.pl module.
      Minor ppc-xlate.pl update.
      Correct logical error in STRICT_ALIGNMENT check and remove copy of     eay licence, as module is practically rewritten from scratch [well,     even original submission was obviously "almost, but not quite,     entirely unlike" any other eay *_cfb.c module, not to mention new     functions].
      Reimplement AES_ofb128_encrypt.
      Sync aes.h with http://cvs.openssl.org/chngview?cn=15336.
      Fix obvious typo.
      Mitigate cache-collision timing attack on last round.
      Mitigate the hazard of cache-collision timing attack on last round. Well,     prefetch could have been moved closer to Td4 references. Something for     later consideration...
      Mitigate the hazard of cache-collision timing attack on last round. The     only chance for T[ed]4 to get evicted in this module is when its cache     "overlaps" with last 128 bits of key schedule.
      Prepare playground for AES experimental code.
      Typos(?) in HEAD/crypto/evp/p_lib.c.
      Unsigned vs signed comparison warning.
      Fix compiler warnings.
      Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are     those referencing compact, 256-byte, S-boxes.
      Reimplement outer rounds as "compact" in x86 assembler. This has rather     strong impact on decrypt performance, 20-25%. One probably should consider     switching between slower and faster routines depending on how much data     we were asked to process.
      Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively     256 byte S-box. AES_cbc_encrypt needs further work as it should also use     slow routines when processing smaller amount of data.
      perlasm/x86unix.pl update.
      Engage assembler in solaris64-x86_64-cc.
      Real Bourne shell doesn't interpret ==, but =.
      Switch to compact S-box when generating AES key schedule.
      Switch to compact S-box when generating AES key schedule.
      Agressively prefetch S-box in SSE codepatch, relax alignment requirement,     check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor     optimization, typos...
      Revised AES_cbc_encrypt in x86 assembler module.
      +20% tune-up for Power5.
      Fix bug in x86unix.pl introduced in latest update.     PR: 1380
      Fix bug in aes-586.pl.
      Rewrite sha1-586.pl.
      Improve 386 portability of aes-586.pl.
      Remove x86ms.pl and reimplement x86*.pl.
      As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.
      Race condition in ms/uplink.c.     PR: 1382
      Build error on non-unix.     PR: 1390
      Re-implement md32_common.h [make it simpler!] and eliminate code rendered     redundant as result.
      Linking errors on IA64 and typo in aes-ia64.S.
      Support for .asciz directive in perlasm modules.
      Synchronize SHA1 assembler with md32_common.h update.
      VIA-specific Montgomery multiplication routine.
      Further synchronizations with md32_common.h update.
      bn/asm/ppc.pl to use ppc-xlate.pl.
      Further synchronizations with md32_common.h update, consistent naming     for low-level SHA block routines.
      Typo in perlasm/x86asm.pl.
      Fix bug in big-endian path and optimize it for size.
      Temporary fix for sha256 IA64 assembler.
      Gcc over-optimizes PadLock AES CFB codepath, tell it not to.
      Avoid application relink on every make invocation.
      Align data payload for better performance.
      Rudimentary support for cross-compiling.
      Make c_rehash more platform neutral and make it work in mixed environment,     such as MSYS with "native" Win32 perl.
      Allow for mingw cross-compile configuration.
      Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even     recent mingw modifications.
      Fix mingw warnings.
      OPENSSL_ia32cap.pod update.
      Yet another mingw warning.
      Harmonize dll naming in mingw builds.
      Further mingw build procedure updates.
      Minor portability update to c_rehash.
      sha512-ppc.pl mutli-thread safety fix.
      Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently     doesn't give performance improvement.
      This is "informational" commit. Its mere purpose is to expose "modulo     factor" in inner loops.
      Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor     over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.
      Minor optimizations based on intruction level profiler feedback.
      Clarify HAL SPARC64 support situation in sparcv9a-mont.pl.
      Camellia portability fixes.
      Fix bugs in Camellia CBC routine.
      Improve Camellia code readability.
      Eliminate redundant variable in Camellia CBC routine.
      Montgomery multiplication routine for Alpha.
      Minor, +10%, tune-up for x86_64-mont.pl.
      alpha-mont.pl: gcc portability fix and make-rule.
      Engage alpha-mont module. Actually verified on Tru64 only.
      Eliminate 64-bit alignment limitation in sparcv9a-mont.
      x86-mont.pl sse2 tune-up and integer-only squaring procedure.
      Make sha.h more "portable."
      Oops! New prototype code creeped through...
      Fix for "strange errors" exposed by ccgost engine. The fix is     two extra insructions in sqradd loop at line #503.
      Minor performance improvements to x86-mont.pl.
      Move eng_padlock.c to ./engines.
      Allow opensslwrap.sh to access engines from build tree.
      Minor clean-up in crypto/engine.
      Minor clean-up in crypto/bn/asm.
      Montgomery multiplication for MIPS III/IV. Not engaged.
      #include <stddef.h> in digest headers.
      opensslwrap.sh to respect $OPENSSL_ENGINES.
      Montgomery multiplication for ARMv4.
      Make armv4t-mont module backward binary compatible with armv4 and rename it     accordingly.
      SHA1 for ARMv4 and Thumb.
      Minor optimization for sha1-armv4 module.
      AES for ARMv4.
      Minor touch to aes-armv4.pl.
      Minimize aes_core.c footprint when AES_[en|de]crypt is implemented in     assembler.
      sparcv9a-mont was modified to handle 32-bit aligned input, but check     for 64-bit alignment was not removed.
      nasm fixes.
      Various PowerPC config updates.
      Remove obsolete comment.
      Two extra instructions in RC4 character loop give 80% performance     improvement on Core2. I still need to detect Core2 and choose this     path...
      link warnings caused by nasm modules.
      Fixes for aix-shared rules.
      aix[64]-cc config lines update.
      Allow shared builds for aix[64]-gcc targets.
      Reserve for assembler implementation of RC4_set_key and implement x86 one.
      Update x86cpuid.pl to correctly detect shared cache and to support new     RC4_set_key.
      RC4_set_key for x86_64 and Core2 optimization.     PR: 1447
      Reimplement rc4-586.pl, relicense rc4-x86_64.pl.
      s390x assembler pack.
      Engage s390x assembler modules.
      s390x optimizations.
      Bug in apps/dgst.c.
      Typo in s390x_asm.
      Typo in commit #16187.
      rll does not seem to be available on legacy s390.
      Revert irrelevant changes from commit #16191.
      Fix s390x bugs and correct performance coefficients.
      Fine reading of manual suggests that km can return non-normal completion code.
      Fix bug introduced in cn#16195.
      SHA for sparcv9.
      Engage SHA for sparcv9.
      Detect UltraSPARC T1 in ./config.
      Commentary updates to SHA for sparcv9.
      Mention Core2 in sha1-x86_64.
      Make sha*-ia64 modules alignment neutral.
      As all assembler modules are alignment neutral, allow C to pass unaligned     content.
      x86_64 assembler updates.
      Profiling revealed that OPENSSL_cleanse consumes *more* CPU time than     sha1_block_data_order when hashing short messages. Move OPENSSL_cleanse     to "cpuid" assembler module and gain 2x.
      Add alphacpuid.s
      Fix linking error after adding alphacpuid.s.
      Throw in ppccpuid module.
      Initial draft of AES for PPC.
      sparccpuid.s update.
      ppc-xlate.pl update.
      x86cpuid fixes.     PR: 1526
      Typo in x509_txt.c.
      --enable-auto-image-base in cygwin build.     PR: 1517     Submitted by: vinschen at redhat.com
      Typo in aes-ppc.pl.
      Padlock engine fails to compile with -O0 -fPIC.
      OPENSSL_IMPLEMENT_GLOBAL caused more grief than it's worth (it's used twice     in legacy code). I'd rather just remove it along with legacy interface,     but it's probably not as appropriate as I'd like. Reimplement the macro.
      SHA256 for ARMv4.
      AES_set_[en|de]crypt_key for s390x.
      s390x gas can't handle .align 128.
      AES_set_[en|de]crypt_key for ARMv4.
      Eliminate conditional final subtraction in Montgomery multiplication.
      Commentary updates and minor optimization for bn_mont.c.
      Privatize BN_*_no_branch.
      Eliminate conditional final subtraction in Montgomery assembler modules.
      SPARC Solaris and Linux assemblers treat .align directive differently.     PR: 1547
      Make some shortcuts in sparcv9cap.c. Trouble is that di_walk_node result     is inconsistent among CPU generations.
      Typo in Linux part of sparcv9cap.c     PR: 1532
      bn_asm for s390x.
      Optimize OPENSSL_cleanse.
      CHANGES update from 098-stable.
      Typo in x86_64-mont.pl.     PR: 1549
      Flush output in x86_64cpuid.pl.
      Latest bn_mont.c modification broke ECDSA test. I've got math wrong, which     is fixed now.
      Fix build problem on Tru64.
      Typo in str_lib.c     PR: 1177
      bn_mul_recursive doesn't handle all cases correctly, which results in     BN_mul failures at certain key-length mixes.     PR: 1427
      EVP_*_cfb1 was broken.     PR: 1318
      Add _x86_64_AES_[en|de]crypt_compact.
      Various minor updates to AES assembler modules.
      gas -g doesn't tolerate unpadded .bytes in code segment.
      shlib_wrap.sh update.
      _x86_64_AES_[en|de]crypt_compact: size optimization and aggressive     T[ed]4 prefetch.
      Minor optimization in AES_set_encryption_key for x86_64.
      Lppc_AES_[en|de]crypt_compact: size optimization.
      Complete synchronization of aes-x86_64 with aes-586.
      x86*cpuid update.
      md32_common.h update.
      Allow for option to skip hardware support.
      Configure update from 098.
      x86 perlasm updates.
      ia64cpuid update.
      AES for IA64 update.
      Respect ISO aliasing rules.     PR: 1296
      Make ppccpuid AIX friendly.
      As for inline vs. __inline. The original code implies that most compilers     understand inline, while WIN32 ones insist on __inline. Well, there are     other compilers that insist on __inline. At the same time it turned out     that most compilers understand both __inline and inline. I could find     only one that doesn't understand __inline, Sun C. In other words it seems     that __inline as preferred choice provides better coverage...
      Make preprocessor logic more fail-safe.
      Buglet fixes and minor optimization in aes-x86_86 assembler.
      Typo in ppccpuid.pl.
      Proper support for shared build under MacOS X.
      MacOS X update.
      Typos in ./config.     PR: 1563
      Workaround MSVC6 compiler bug.
      Make x86_64 modules work under Win64/x64.
      IRIX and Tru64 platform updates.
      shlib_wrap update, IRIX section.
      shlib_wrap commentary update.
      Make room for Camellia assembler.
      Make naming more consistent.
      Improve cache locality in linux64-sparcv9.
      aes_ige suffered SIGBUS on RISC platforms.
      Add darwin64-x86_64-cc target.
      Unify RC4 settings among darwin platforms.
      Compress and more aggressively constify ec_curve.c [the latter is     achieved by minimizing link relocations].
      Offer darwin64-x86_64-cc as option.
      Constify seed and md2.
      Add sha512_block implementation optimized for small register bank.     On x86 it gives same performance, while code size shrinks >10 times.
      SHA256/512 for x86.
      SHA512 for ARMv4.
      Commentary updates.
      More Intel cc fix-ups.
      Engage new x86 assembler modules.
      Remove sha512-sse2.pl.
      Make bn2dec work on "SIXTY_FOUR_BIT" platforms.     PR: 1456
      BSD run-time linkers apparently demand RPATH on .so objects.     PR: 1381
      Minor fix in link_[oa].hpux.
      It's inappropraite to override application signal, nor is it appropriate     to shut down Winsock unless we know it won't be used [and we never do].     PR: 1439
      Minor sha[256|512]-586 performance tweaks.
      Remove pq_compat.h.
      Mention SHA2 in openssl.pod.     PR: 1575
      Mention aes in enc.pod.     PR: 1529
      Remove excessive whitespaces from bio.h
      Minimize stack utilization in probable_prime.
      Eliminate redundant make rule.
      Wire DES weak_keys to read-only segment.
      Constify obj_dat.[ch], as well as minimize linker relocations.
      Wire RC4 key_table to read-only segment.
      Minor formatting fixes in crypto/sha/asm.
      Addenum to "Constify obj_dat.[ch]."
      Fix indentation in d1_both.c.
      Clarify commentary in sha512-sparcv9.pl.
      Make sha512-armv4.pl byte-order neutral.
      10% performance tweak in 64-bit mode.
      ARMv4 assembler pack.
      Minor ARMv4 update.
      Move -march=armv4t to ./config.
      Yet another ARM update. It appears to be more appropriate to make     developers responsible for -march choice.
      Switch to RFC-compliant version encoding in DTLS.
      DTLS RFC4347 requires client to use rame random field in reply to     HelloVerifyRequest.
      DTLS RFC4347 says HelloVerifyRequest resets Finished MAC.
      Make ChangeCipherSpec compliant with DTLS RFC4347.
      Basic idea behind explicit IV is to make it unpredictable for attacker.     Until now it was xor between CBC residue and 1st block from last datagram,     or in other words still predictable.
      Oops! This was erroneously left out commit #16632.
      Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention     s390x assembler pack in CHANAGES.
      Prohibit RC4 in DTLS.
      Make it possible to link VC static lib with either /MT or /MD application.     PR: 1230
      Addendum to commit #16651.
      size_t-fy crypto/buffer.
      Addendum to commit #16654.
      Make DTLS1 record layer MAC calculation RFC compliant.
      Respect cookie length set by app_gen_cookie_cb.
      Synchronize CHANGES between 0.9.8 and HEAD.
      DTLS fixes from 0.9.8-stable.
      Fix warnings in d1_both.c [from 0.9.8-stable].
      Bunch of constifications.
      Make ssl compile [from 098-stable, bug is masked by default].
      Don't let DTLS ChangeCipherSpec increment handshake sequence number.     PR: 1587
      Commit #16325 fixed one thing but broke DH with certain moduli.
      Combat [bogus] relocations in some assember modules.
      Synchronize x86nasm.pl with x86unix.pl.
      Structure symbol decorations, optimize label handling...
      Some assembler are allergic to lea reg,BYTE PTR[...].
      gmp engine was non-operational.
      x86 perlasm overhaul.
      Disable support for Metrowerks assembler. Assembler itself is broken,     specifically it incorrectly encodes EA offsets between 128 and 255.
      Mac OS X x86 assembler support.
      Engage x86 assembler in Mac OS X build.
      Source readability fix, which incidentally works around XLC compiler bug.
      ppc-xlate.pl update.
      New Montgomery multiplication module, ppc64-mont.pl. Reference, non-optimized     implementation. This is essentially informational commit.
      This is also informational commit exposing loop modulo scheduling "factor."
      Final (for this commit series) optimized version and with commentary section.
      perlasm/x86*.pl updates.
      NASM has recently changed name of win32 pre-compiled binary.     PR: 1627
      x86gas.pl update.
      Last dso_dlfcn.c check-in said "Use Dl_info only on systems where it is     known to exist. It does not exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin"     and disabled it on banch of systems it's known to exists, such as FreeBSD,     Solaris, 64-bit HP-UX, MacOS X. Get it straight.
      Make AES_T[ed] private to aes-586 module.
      Make aes-x86_64 work with debug Win64 build.
      engine/ccgost Win32 portability fixes.
      Compensate for BSDi shell bug.
      Cygwin compatibility fix to apps/ocsp.c.
      Fix unsigned/signed warnings in ssl.
      Automate assembler support in mk1mf even further.
      Unify x86 perlasm make rules.
      rc4-x86_64 portability fix.
      Make all x86_64 modules independent on current working directory.
      Allow to specify filename on sha1-ia64.pl command line.
      Automate assembler support for Win64 targets (more work is needed).
      Unify ppc assembler make rules.
      crypto/rc5/Makefile was erroneously omitted from last perlasm unification.     Also remove obsolete and now misleading comments.
      rc5/asm/rc5-586.pl was erroneously omitted from last perlasm unification.
      ppc64-mont optimization.
      Micro-profiling assisted "optimization" for Power6. Essentially it's so     to say educational commit. Reordering instructions doesn't improve     performance much, rather exhibits Power6 limitations.
      Ad-hockery for Platform SDK ml64.
      Support for NASM>=2 in Win64/x64 build.
      Make x86_64-mont.pl work with debug Win64 build.
      Fix fast reduction on NIST curves (as well BN_NIST_ADD_ONE macro).     PR: 1593
      Do BN_nist_mod_384 by the book, as cheating doesn't work. Other functions     will be revised too.     PR: 1593
      Clarifying comment.
      Fix remaining BN_nist_mod_*.     PR: 1593
      Resolve __DECC warning and keep disclaiming support for 16-bit platforms.
      Takanori Yanagisawa has shown how to correctly use pre-computed values.     So in a sense this commit reverts few latest ones fixing bugs in original     code and improving it, most notably adding 64-bit support [though not in     BN_nist_mod_224 yet].     PR: 1593
      Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug.     PR: 1667
      Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit     platforms.
      Depict future Win64/x64 development.
      Reaffirm that NASM is the only supported assembler for Win32 build.
      x86nasm.pl update: use pre-defined macros and allow for /safeseh link.
      x86masm.pl cosmetics.
      des-596.pl update: short-circuit reference to DES_SPtrans.
      x86_64cpuid.pl cosmetics: harmonize $dir treatment with other modules.
      x86masm.pl: harmonize functions' alignment.
      Remove junk argument to function_begin in sha/asm/*-586.pl.     PR: 1681
      mem_dbg.c: avoid compiler warnings.     PR: 1693     Submitted by: Stefan Neis
      x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH.
      perlasm update: implement dataseg directive.
      Split ms/uplink.pl to corresponding platform versions.
      sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on     8KB block, +60% on 1KB, +160% on 256B...
      sha1-armv4-large cosmetics.
      AIX build updates.
      DTLS didn't handle alerts correctly.     PR: 1632
      dtls1_write_bytes consumers expect amount of bytes written per call, not     overall.     PR: 1604
      Winsock handles SO_RCVTIMEO in unique manner...     PR: 1648
      Fix yesterday typos in bss_dgram.c.
      Fix EC_KEY_check_key.
      Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and     reimplement BN_nist_mod_521.
      Optimize bn_correct_top.
      Fix argument order in BN_nnmod call and implement rigorous boundary     condition check.
      x86_64-xlate.pl update: refine SEH support.
      Camellia update. Quoting camellia.c:
      Harmonize Camellia API with version 1.x.
      Fix crash in BN_rshift.     PR: 1663
      Minor clean-up in bn_lib.c: constification and optimization.
      ec2_mult.c readability update.
      Fix typo in ./config.
      .cvsignore update: ignore all flavors of shared objects.
      randfile.c: .rnd can become orphaned on VMS.
      size_t-fy AES, Camellia and RC4.
      size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require     underlying cipher to be size_t-fied, it allows for size_t, signed and     unsigned long. It maintains source and even binary compatibility.
      Fix warnings after commit#17578.
      Fix SHA512 and optimize BN for mingw64.
      Fix bss_log.c on Windows.
      Minor perlasm updates.
      Add initial support for mingw64.     PR: 1693     Submitted by: Alon Bar-Lev
      Revert commit #17603, it should have been part of #17617.
      x86_64-xlate.pl to support MacOS X and mingw64.
      x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules.
      Update make rules for x86_64 assembler pack.
      Configure update: clean-ups and most notably engage x86_64 assembler     on MacOS X.
      x86_64-xlate.pl update, engage x86_64 assembler in mingw64.
      Add Camellia assembler x86 and x86_64 modules.
      no-asm didn't exclude Camellia assembler.
      Bring C bn_mul_mont template closer to assembler.
      SEED to support OPENSSL_SMALL_FOOTPRINT: ~2x size decrease on x86.
      128-bit block cipher modes consolidation. As consolidated functions     rely on indirect call to block functions, they are not as fast as     non-consolidated routines. However, performance loss(*) is within     measurement error and consolidation advantages are considered to     outweigh it.
      SEGV in AES_cbc_encrypt in aes-x86_64 assembler module.     PR: 1801     Submitted by: Huang Ying
      perlasm/x86* update: support for 3 and 4 argument instructions.
      x86_64-xlate.pl: fix masm hexadecimal constants.
      x86_64 assembler pack: add support for Win64 SEH.
      cmll-x86_64.pl: bug fix and size optimization of Win64 SEH section.
      make depend to work with cross-gcc, compensate for msys glitch.     PR: 1753     Submitted by: Alon Bar-Lev
      This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another     .DLL, in particular static build. The issue has been discussed in RT#1230     and later on openssl-dev, and mutually exclusive approaches were suggested.     This completes compromise solution suggested in RT#1230.     PR: 1230
      Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible     to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit     expands it even to apps catalog and actually omits the macro in question     from Configure.
      Optimize #undef DES_UNROLL for size.
      cmll-x86_64.pl: Win64 SEH section to handle pushf/popf in CBC routine.
      Optimize CAST for size on 64-bit platforms. For reference, CAST_LONG being     unsigned long must be attributed to 16-bit support. As we don't support     16-bit platoforms anymore, there is no reason to waste twice required     space on CAST S-boxes (16KB vs. 8KB) or key schedule.
      crypto/modes: make modes.h selfsufficient and rename block_f to block128_t.
      Engage crypto/modes.
      Patch the omission from prvious commit #17716.
      Windows-specific addenum to "engage crypto/modes" commit #17716.
      Revisit RT#1801 and complete fix.
      cmll-x86_64.pl: fix bug in cbc tail processing and comply with Win64 ABI spec.
      Add modes/cts128.c, Ciphertext Stealing implementation.
      x86_64-xlate.pl: support for binary constants, such as 0b1010101.
      Fix "possible loss of data" Win64 compiler warnings.
      bn_lib.c: [re-]fix Win64 compiler warning.
      Styling update to makefiles: $() to denote make substitutions and $${} -     shell ones.
      Styling update to makefiles: eliminate redundant pipes.
      Makefile.shared: improve portability of commit#17753.
      Add UltraSPARC VIS-powered SHA1 block procedure.
      Reserve for "multilib" suffix, the one allowing to perform multi-ABI     installations. It's not enabled in Makefiles yet.
      s390x assembler pack update.
      sha1-sparcv9a.pl: fix bug in commentary section.
      linux-s390x failed link after assembler pack update.
      s390x-mont.pl: optimize prologue.
      RC4 for s390x.
      rc4-s390x.pl: allow for older assembler and optimize character loop.
      Make SPARC assembler Pirify-friendly (Purify can't cope with certain     PIC constructs).
      Excuse myself from integrating sha1-sparcv9a.pl into build system, but     make it Purify-friendly...
      Make SPARC assembler modules *really* Purify-friendly.
      aes-390x.pl: commentary update.
      Camellia update: make it respect NO_[INLINE_]ASM and typo in assembler.
      Expand OPENSS_ia32cap to 64 bits.
      Handle push/pop %rbx in epi/prologue (this is Win64 SEH thing).
      AESNI perlasm update.
      Addenum to commit#18074: Expand OPENSSL_ia32cap to 64 bits.
      Engage nasm optimizations in Win64 build.
      Improve readability of bio/b_sock.c
      Minor shaX-s390x.pl update.
      e_padlock: add support for x86_64 gcc.
      Intel AES-NI engine.
      aesni-x86.pl: fix typos.
      aesni-x86.pl: fix another typo and add test script.
      Update test/test_padlock script.
      v3_alt.c: otherName parsing fix.
      AES-NI engine jumbo update.
      aesni-x86_64.pl: resolve LNK1223 error.
      eng_aesni.c: fix assembler declarations.
      ec_mult.c: fix C4334 win64 compiler warning.
      cryptlib.c: eliminate dependency on _strtoui64, older Windows CRT don't have it.
      Engage cmll-x86_64.pl in Win64 build and make it compile correctly.
      eng_aesni.c: win32 fix.
      Make CAPI engine UNICODE aware (it didn't work on Win64).
      Make it possible to compile CAPI engine under mingw64.
      Avoid double dialogs in OpenSSLDie on Windows.
      libeay.num: add ENGINE_load_aesni.
      cryptlib.c: refine logic in OpenSSLDie (addenum to commit#18118).
      e_padlock.c: fix typo (missing #endif) and switch to __builtin_alloca     (with introduction of 64-bit support alloca must be  declared and there     is no standard way of doing that, switching to __bultin_alloca is     considered appropriate because code explicitly targets gcc anyway).
      x86_64-xlate.pl: small commentary update.
      x86_64cpuid.pl: refine shared cache detection logic.
      x86cpuid.pl: sync OPENSSL_ia32_cpuid with x86_64cpuid.pl.
      x86[_64]cpuid.pl: further refine shared cache detection.
      sha1-x86* assembler update: F_40_59 and Atom-specific optimizations.
      cmll-x86_64.pl: small buglet in CBC subroutine.     PR: 2035
      Combat gcc 4.4.1 aliasing rules.
      aesni-x86.pl: eliminate development comments.
      b_sock.c: fix compiler warning.
      bss_dgram.c: more elegant solution to PR#2069. Use socklen_t heuristic     from b_sock.c, don't assume that caller always passes pointer to buffer     large enough to hold sockaddr_storage.     PR: 2069
      x86masm.pl: eliminate linker "multiple sections found with different     attributes" warning.
      x86_64-xlate.pl: new gas requires sign extention in lea instruction.     This resolves md5-x86_64.pl and sha1-x86_64.pl bugs, but without modifying     the code.     PR: 2094,2095
      sha512.c: there apparently is ILP32 PowerPC platform, where it is safe to     inline 64-bit assembler instructions. Normally it's inappropriate, because     signalling doesn't preserve upper halves of general purpose registers.     Meaning that it's only safe if signals are blocked for the time "wide"     code executes.     PR: 1998
      SHA1 assembler show off: minor performance updates and new modules for     forgotten CPUs.
      Add sha512-parisc.pl.
      OPENSSL_ia32cap.pod update.
      util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and     eliminate duplicate code.     PR: 2086
      cms-test.pl: use EXE_EXT.     PR: 2107
      bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER.     PR: 2110
      ppc64-mont.pl: adapt for 32-bit and engage for all builds.
      ppccap.c: tidy up.     ppc64-mont.pl: missing predicate in commentary.
      Switch to new uplink assembler.
      Throw in more PA-RISC assembler.
      Update sha512-parisc.pl and add make rules.
      PA-RISC assembler: missing symbol and typos.
      Deploy multilib config-line parameter. It was added in February to allow     for kind of installation suggested in ticket #2003 from August. What it     effectively does now, is arrange pre-configured default $libdir value.     Note that it also fixes ENGINESDIR, i.e. harmonizes it with install path.
      ppccap.c: fix compiler warning and perform sanity check outside signal masking.     ppc64-mont.pl: clarify comment and fix spelling.
      Adapt mingw config for newer mingw environment. Note modified conditional     compilation in e_capi.c.     PR: 2113
      b_sock.c: correct indirect calls on WinSock platforms.     PR: 2130     Submitted by: Eugeny Gostyukhin
      Add Montgomery multiplication module for IA-64.
      ppc64-mont.pl: commentary update.
      Fix compilation on older Linux. Linux didn't always have sockaddr_storage,     not to mention that first sockaddr_storage had __ss_family, not ss_family.     In other words it makes more sense to avoid sockaddr_storage...
      sendto is reportedly picky about destination socket address length.     PR: 2114     Submitted by: Robin Seggelmann
      http://cvs.openssl.org/chngview?cn=19053 made me wonder if bind() and     connect() are as finicky as sendto() when it comes to socket address     length. As it turned out they are, therefore the fix. Note that you     can't reproduce the problem on Linux, it was failing on Solaris,     FreeBSD, most likely on more...
      ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit     HP-UX thing).
      ia64-mont.pl: add shorter vector support ("shorter" refers to 512 bits and     less).
      bn_lcl.h: add MIPS III-specific BN_UMULT_LOHI as alternative to porting     crypto/bn/asm/mips3.s from IRIX. Performance improvement is not as     impressive as with complete assembler, but still... it's almost 2.5x     [on R5000].
      Minor updates to ppccap.c and ppccpuid.pl.
      apps/speed.c: limit loop counters to 2^31 in order to avoid overflows     in performance calculations. For the moment there is only one code     fast enough to suffer from this: Intel AES-NI engine.     PR: 2096
      s390x assembler update: add support for run-time facility detection.
      rand_win.c: handle GetTickCount wrap-around.
      x86_64-xlate.pl: refine sign extension logic when handling lea.     PR: 2094,2095
      Enable PA-RISC assembler in Configure (feedback from PA-RISC 2.0 is still     needed).
      rand_win.c: fix time limit logic.
      OPENSSL_cleanse to accept zero length parameter [matching C implementation].
      pariscid.pl: OPENSSL_cleanse to compile on PA-RISC 2.0W and to accept zero     length parameter.
      ia64cpuid.S: OPENSSL_cleanse to accept zero length parameter.
      parisc-mont.pl: PA-RISC 2.0 code path optimization based on intruction-     level profiling data resulted in almost 50% performance improvement.     PA-RISC 1.1 is also reordered in same manner, mostly to be consistent,     as no gain was observed, not on PA-7100LC.
      Add assigned OIDs, as well as "anonymous" ones for AES counter mode.
      Add AES counter mode to EVP.
      Reserve for option to implement AES counter in assembler.
      Fix s390x-specific HOST_l2c|c2l.
      ppccap.c: portability fix.
      Initial version of Galois Counter Mode implementation. Interface is still     subject to change...
      gcm128.c: add option for streamed GHASH, simple benchmark, minor naming     change.
      Add GHASH x86 assembler.
      Add GHASH x86_64 assembler.
      ghash-ia64.pl: new file, GHASH for Itanium.     ghash-x86_64.pl: minimize stack frame usage.     ghash-x86.pl: modulo-scheduling MMX loop in respect to input vector     results in up to 10% performance improvement.
      Fix UPLINK typo.
      e_capi.c: fix typo.
      GHASH assembler: new ghash-sparcv9.pl module and saner descriptions.
      bss_file.c: fix MSC 6.0 warning.
      rand_win.c: fix logical bug in readscreen.
      dso_dlfcn.c: fix compile failure on Tru64.
      ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but     I can't think of any other cause for failure
      cryptlib.c: allow application to override OPENSSL_isservice.     PR: 2194
      alpha-mont.pl: comply with stack alignment requirements.
      sparccpuid.S: some assembler is allergic to apostrophes in comments.
      sha1-alpha.pl: engage it in build.
      Add ghash-alpha.pl assembler module.
      ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug.
      sha1-alpha.pl: addenum till commit #19547.
      perlasm/x86*: add support to SSE>2 and pclmulqdq. x86_64-xlate.pl provides     correct solution to problem addressed in committ #19244.
      AESNI engine: add counter mode.
      cts128.c: add support for NIST "Ciphertext Stealing" proposal.
      gcm128.c: commentary and formatting updates.
      AESNI engine: update test_aesni.
      aes-ppc.pl: 10% performance improvement on Power6.
      [co]fb128.c: fix "n=0" bug.
      gcm128.c and assembler modules: change argument order for gcm_ghash_4bit.     ghash-x86*.pl: fix performance numbers for Core2, as it turned out     previous ones were "tainted" by variable clock frequency.
      x86_64cpuid.pl: ml64 is allergic to db on label line.
      md5-ia64.S: fix assembler warning.
      bss_file.c: reserve for option to encode file name with UTF-8.
      Take gcm128.c and ghash assembler modules into the build loop.
      Add ghash-parisc.pl.
      bss_file.c: refine UTF-8 logic on Windows.
      Add ghash-armv4.pl.
      "Jumbo" update for crypto/modes:     - introduce common modes_lcl.h;     - ctr128.c: implement additional CRYPTO_ctr128_encrypt_ctr32 interface;     - gcm128.c: add omitted ARM initialization, remove ctx.ctr;
      Revert previous Linux-specific/centric commit#19629. If it really has to     be done, it's definitely not the way to do it. So far answer to the     question was to ./config -Wa,--noexecstack (adopted by RedHat).
      x86_64-xlate.pl: refine some regexp's and add support for OWORD/QWORD PTR.
      x86asm.pl: consistency imrovements.
      GCM "jumbo" update:     - gcm128.c: support for Intel PCLMULQDQ, readability improvements;     - asm/ghash-x86.pl: splitted vanilla, MMX, PCLMULQDQ subroutines;     - asm/ghash-x86_64.pl: add PCLMULQDQ implementations.
      ghash-x86[_64].pl: add due credit.
      rc4-x86_64.pl: "Westmere" optimization.
      gcm128.c: commentary update.
      ghash-x86.pl: MMX optimization (+20-40%) and commentary update.
      gcm128.c: P.-M. Hager has tipped about possibility to fold reductions     in gcm_ghash_4bit. Taking the idea a step further I've added extra     256+16 bytes of per-key storage, so that one can speak about 3rd variant     in addition to "256B" and "4KB": "528B" one. Commonly it should be     ~50% faster than "256B" implementation or ~25% slower than "4KB" one.
      Configure: update mingw config-lines.
      x86_64-xlate.pl: refine mingw support and regexps, update commentary.
      VC-32.pl: unconditionally generate symbols.pdb.
      x86 perlasm: add support for 16-bit values.
      ghash-x86.pl: "528B" variant of gcm_ghash_4bit_mmx gives 20-40%     improvement.
      ghash-x86.pl: commentary updates.
      ghash-x86_64.pl: "528B" variant delivers further >30% improvement.
      VC-32.pl: fix /Fd name generation.     PR: 2284
      SPARCv9 assembler pack: refine CPU detection on Linux, fix for "unaligned     opcodes detected in executable segment" error.
      crypto/sparc*: eliminate _sparcv9_rdwrasi.
      ghash-sparcv9.pl: fix Makefile rule and add performance data for T1.
      ghash-armv4.pl: excuse myself from implementing "528B" flavour.
      sparcv9cap.c: reiterate CPU detection logic.
      PROBLEMS: MacOS X is not necessarily a problem anymore.
      rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3).     PR: 2296
      crypto/*/Makefile: unify "catch-all" assembler make rules and harmonize     ARM assembler modules.
      armv4-mont.pl: addenum to previous commit#19749.
      Harmonize s390x assembler modules with "catch-all" rules from commit#19749.
      Rework framework for assembler support for AES counter mode and add     AES_ctr32_encrypt to aes-s390x.pl.
      gcm128.c: API modification and readability improvements,     add ghash benchmark to apps/speed.c.
      INSTALL.W32: mention _OPENSSL_isservice().     PR: 2194
      Configure: fix aes_ctr.o regexp.
      ARM assembler pack: reschedule instructions for dual-issue pipeline.     Modest improvement coefficients mean that code already had some     parallelism and there was not very much room for improvement. Special     thanks to Ted Krovetz for benchmarking the code with such patience.
      sha1-armv4-large.pl: add performance data for Cortex A8 core.
      aes-s390x.pl: revisit buffer allocation and add performance data.
      Makefile.shared: update link_o.dawrin rule.     PR: 2306
      Makefile.shared: debugging line slipped through in previous commit.
      Configure: suppress $multilib with non-system $prefix.     PR: 2307
      Makefile.shared: link_o.darwin comment update.
      aesni-x86[_64].pl: fine-tune, add CCM subroutine, add performance data.
      perlasm/x86asm.pl: move aesni and pclmulqdq opcodes to aesni-x86.pl and     ghash-x86.pl.
      aesni-x86_64.pl: fix typos.
      perlasm/x86_64-xlate.pl: extend SSE>2 to ml64.
      aes-x86_64.pl: remove redundant instructions.
      eng_aesni.c: switch to CRYPTO_ctr128_encrypt_ctr32.
      modes/Makefile: update clean rule.
      ghash-ia64.pl: excuse myself from implementing "528B" variant.
      rc4-s390x.pl: harmonize build rule with other similar rules.
      sha1-alpha.pl: commentary update.
      ms/: update do_win64*.bat and remove redundant mingw32.bat.
      Replace alphacpuid.s with alphacpuid.pl to ensure it makes to release tar-balls.     PR: 2309
      aes-x86_64.pl: commit#19797 was overzealous, partially reverse.
      alphacpuid.pl: fix brown-bag bug.
      md32_common.h: modify MD32_REG_T pre-processing logic [triggered by clang].
      gcm128.c: add CRYPTO_gcm128_[en|de]crypt_ctr32.
      rc5_locl.h: make inline assembler clang-friendly.
      sha1-armv4-large.pl: reschedule instructions for dual-issue pipeline.
      crypto/modes/Makefile: fix typo in ghash-parisc.s rule.
      Makefile.share: fix brown-bag typo in link_o.darwin.
      gcm128.c: fix typo in CRYPTO_gcm128_encrypt_ctr32 name.
      engine/Makefile: harmonize engine install rule for .dylib extension on MacOS X.     PR: 2319
      util/cygwin.sh: maintainer's update.
      sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour     of unified procedure relying on SIGILL.     PR: 2321
      ghash-ia64.pl: 50% performance improvement of gcm_ghash_4bit.
      modes/asm/ghash-*.pl: switch to [more reproducible] performance results     collected with 'apps/openssl speed ghash'.
      Add ghash-s390x.pl.
      crypto/bn/asm/s390x.S: drop redundant instructions.
      crypto/ppc[cpuid|cap]: call CPU detection once and detect AltiVec.
      Configure: remove redundant -DMD32_REG_T=int.
      sha1-armv4-large.pl: more readable input pickup.
      Alpha assembler pack: adapt for Linux.     PR: 2335
      VC-32.pl: default to nasm if neither nasm or nasmw is is found at the moment.     PR: 2338
      s390x assembler pack: extend OPENSSL_s390xcap_P to 128 bits.
      ghash-s390x.pl: reschedule instructions for better performance.
      sha1-mips.pl, mips-mont.pl: unify MIPS assembler modules in respect to     ABI and binutils.
      Add unified mips.pl, which will replace mips3.s.
      MIPS assembler pack: enable it in Configure, add SHA2 module, fix make rules,     update commentary...
      sha512-mips.pl: add missing byte swap for little-endians.
      x86_64-xlate.pl: fix LNK4078 and LNK4210 link warnings.     PR 2356
      sha512-mips.pl: fix "little-endian" typos.
      Add aes-mips.pl assembler module.
      sha512-mips.pl: add missing 64-bit byte swap.
      Configure: update mips[32|64]_asm lines.
      s390x.S: fix typo in bn_mul_words.     PR: 2380
      INSTALL.W32: document trouble with symlinks under MSYS.     PR: 2377
      s390x assembler pack: adapt for -m31 build, see commentary in Configure     for more details.
      TABLE update.
      Configure: make -mno-cygwin optional on mingw platforms.     PR: 2381
      bss_file.c: refine UTF8 logic.     PR: 2382
      apps/x590.c: harmonize usage of STDout and out_err.     PR: 2323
      e_capi.c: change from ANSI to TCHAR domain. This makes it compilable on     Windows CE/Mobile, yet keeps it normal Windows loop.     PR: 2350
      e_capi.c: rearrange #include-s to improve portability.     PR: 2394
      gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt.     PR: 2432     Submitted by: Michael Heyman
      gcm128.c: allow multiple calls to CRYPTO_gcm128_aad.
      gcm128.c: add boundary condition checks.
      ccm128.c: initial draft.
      ccm128.c: initialize ctx->block (what I was smoking?).
      xts128.c: initial draft.
      x86gas.pl: make data_short work on legacy systems.
      gcm128.c: make it work with no-sse2.
      Configure: engage assembler in Android target.
      dso_dlfcn.c: make it work on Tru64 4.0.     PR: 2316
      s390x assembler pack: tune-up and support for new z196 hardware.
      xts128.c: minor optimization.
      ghash-x86.pl: optimize for Sandy Bridge.
      ia64-mont.pl: optimize short-key performance.
      gcm128.c: tidy up, minor optimization, rearrange gcm128_context.
      ARM assembler pack: profiler-assisted optimizations and NEON support.
      ARM assembler pack: add missing arm_arch.h.
      gcm128.c: fix shadow warnings.
      ccm128.c: minor optimization and bugfix in CRYPTO_ccm128_[en|de]crypt.
      Multiple assembler packs: add experimental memory bus instrumentation.
      ccm128.c: fix STRICT_ALIGNMENT another bug in CRYPTO_ccm128_decrypt.
      perlasm/x86[nm]asm.pl: make OPENSSL_instrument_bus[2] compile.
      ccm128.c: fix Win32 compiler warning.
      perlasm/x86gas.pl: make OPENSSL_instrument_bus[2] compile.
      xts128.c: minor optimization and clarified prototype.
      xts128.c: fix bug introduced in commit#20704. Bug affected encryption of     vectors whose lenght was not multiples of 16 bytes.
      ccm128.c: add CRYPTO_ccm128_[en|de]crypt_ccm64 and minor optimization.
      gcm128.c: minor optimization.
      bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign.     Exact improvement coefficients vary from one benchmark and platform to     another, e.g. it performs 70%-33% better on ARM, hereafter less for     longer keys, and 100%-90% better on x86_64.
      xts128.c: minor optimizaton.
      ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code     for details and performance data).
      ARM assembler pack: engage newly introduced armv4-gf2m module.
      x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for     details and performance data).
      IA-64 assembler pack: fix typos and make it work on HP-UX.
      Optimized bn_nist.c. Performance improvement varies from one benchmark     and platform to another. It was measured to deliver 20-30% better     performance on x86 platforms and 30-40% on x86_64, on nistp384 benchmark.
      fips_canister.c: initial support for cross-compiling. "Initial" refers     to the two-entry list of verified platforms in #ifndef     FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section.
      fips_canister.c: fix typo.
      fips_canister.c: pick more neutral macro name.
      bn_nist.c: fix shadowing warnings.
      x86_64-xlate.pl: allow "base-less" effective address, add palignr, move     pclmulqdq.
      x86_64 assembler pack: add x86_64-gf2m module.
      x86gas.pl: add palignr and move pclmulqdq.
      cms-test.pl: make it work with not-so-latest perl.
      ppc-xlate.pl: get linux64 declaration right.
      x86[_64]cpuid.pl: handle new extensions.
      e_padlock.c: make it compile on MacOS X.
      x86_64cpuid.pl: allow shared build to work without -Bsymbolic.     PR: 2466
      x86_64-xlate.pl: add inter-register movq and make x86_64-gfm.s compile on     Solaris, MacOS X, elderly gas...
      x86gas.pl: don't omit .comm OPENSSL_ia32cap_P on MacOS X.
      aesni-x86_64.pl: make it compile on MacOS X.
      ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see     commentary for details].
      ec_cvt.c: ARM comparison results were wrong, clarify the background.
      ppccap.c: addenum to recent EC optimizations.
      x86_64-gf2m.pl: add Win64 SEH.
      aesni-x86[_64].pl: optimize for Sandy Bridge and add XTS mode.
      spacrv9cap.c: addenum to recent EC optimizations.
      rc4-586.pl: 50% improvement on Core2 and 80% on Westmere.
      e_padlock.c: last x86_64 commit didn't work with some optimizers.
      rc4-586.pl: optimize unused code path.
      e_padlock.c: fix typo.
      x86_64cpuid.pl: get AVX masking right.
      rc4-586.pl: optimize even further...
      rc4-x86_64.pl: major optimization for contemporary Intel CPUs.
      PPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data.
      x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30.
      rc4-x86_64.pl: RC4_options fix-up.
      rc4-x86_64.pl: fix due credit.
      aes-ppc.pl: handle unaligned data on page boundaries.
      sha1-586|x86_64.pl: add SSSE3 and AVX code paths.
      x86cpuid.pl: last commit broke platforms with perl with 64-bit integer.
      sha1-586|x86_64.pl: minor portability fix.
      Various mingw64 fixes.
      aesni-x86[_64].pl: relax alignment requirement.
      e_aes.c: integrate AESNI directly into EVP.
      e_aes.c: fix aes_cfb1_cipher.
      e_aes.c: fix typo.
      x86[_64]cpuid.pl: add function accessing rdrand instruction.
      x86_64cpuid.pl: fix typo.
      e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes.
      rc4_skey.c: remove dead/redundant code (it's never compiled) and     misleading/obsolete comment.
      Minor x86_64 perlasm update.
      rc4-x86_64.pl: commentary update.
      s390x assembler pack: add s390x-gf2m.pl and harmonize AES_xts_[en|de]crypt.
      Configure: clean up linux32-s390x line.
      crypto/bn/Makefile: fix typo.
      md5-x86_86.pl: remove redundant instructions.
      rc4-586.pl: add Atom performance results.
      crypto/sha/asm/sha[1|512]-mips.pl: minor updates.
      crypto/whrlpool/wp_block.c: harmonize OPENSSL_ia32cap_P.
      crypto/aes/Makefile: make it work on IRIX.
      x86_64-xlate.pl: masm-specific update.
      sha1-x86_64.pl: fix win64-specific typos and add masm support.
      s390x-gf2m.pl: commentary update (final performance numbers turned to be     higher).
      sha1-x86_64.pl: nasm 2.07 screws up labels if AVX path is compiled.
      x86_64-xlate.pl: sha1 and md5 warnings made it to nasm 2.09, extend gnu     assembler workaround to all assemblers.
      x86_64-mont.pl: add squaring procedure and improve RSA sign performance     by up to 38% (4096-bit benchmark on Core2).
      evp.h: add flag to distinguish AEAD ciphers and pair of control codes...
      ssl/t1_enc.c: initial support for AEAD ciphers.
      ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac     combos that can be implemented as AEAD ciphers.
      perlasm/cbc.pl: fix tail processing bug.     PR: 2557
      config: detect if assembler supports --noexecstack and pass it down.
      ms/uplink.c: fix Visual Studio 2010 warning.
      fips/Makefile: HP-UX-specific update.
      ARM assembler pack: add platform run-time detection.
      sha512-sparcv9.pl: minor optimization of sha256.
      Add RSAX builtin engine. It optimizes RSA1024 sign benchmark.
      aes-ppc.pl: minor optimization favoring embedded processors (performance     of "big" processors is unaffected).
      fips_canister.c: add support for embedded ppc linux.
      util/incore: make transition smoother.
      util/incore: fix brown-bag bug.
      cryptlib.c: OPENSSL_ia32cap environment variable to interpret ~ as cpuid mask.
      aes/asm/aesni-*.pl: fix CCM and further optimize it.     modes/ccm128.c: minor branch optimization.
      x86_64-mont.pl: futher optimization resulting in up to 48% improvement     (4096-bit RSA sign benchmark on Core2) in comparison to initial version     from 2005.
      Add provisory support for RDRAND instruction.
      alphacpuid.pl: fix alignment bug.     alpha-mont.pl: fix typo.     PR: 2577
      This commit completes recent modular exponentiation optimizations on     x86_64 platform. It targets specifically RSA1024 sign (using ideas     from http://eprint.iacr.org/2011/239) and adds more than 10% on most     platforms. Overall performance improvement relative to 1.0.0 is ~40%     in average, with best result of 54% on Westmere. Incidentally ~40%     is average improvement even for longer key lengths.
      x86_64-xlate.pl: fix movzw.
      SPARC assembler pack: fix FIPS linking errors.
      armv4-mont.pl: profiler-assisted optimization gives 8%-14% improvement     (more for longer keys) on RSA/DSA.
      eng_rdrand.c: make it link in './config 386' case.
      x86_64-mont5.pl: add missing Win64 support.
      bn_div.c: remove duplicate code by merging BN_div and BN_div_no_branch.
      Makefile.org: get commit#21249 right.
      modexp512-x86_64.pl: make it work with ml64.
      eng_rsax.c: improve portability.
      Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
      util/incore: fix typo.
      bn_exp.c: improve portability.
      crypto/bn/bn_gf2m.c: make it work with BN_DEBUG.
      config: don't add -Wa options with no-asm.
      Padlock engine: make it independent of inline assembler.
      engines/asm/e_padlock-x86_64.pl: name it right and fix small bug.
      Add so called Vector Permutation AES x86[_64] assembler, see     http://crypto.stanford.edu/vpaes/ for background information.     It's not integrated into build system yet.
      vpaes-x86[_64]*.pl: fix typo.
      Allow for dynamic base in Win64 FIPS module.
      Integrate Vector Permutation AES into build system.
      sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.     Other Intel processors +5%, Opteron -2%.
      sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.
      Make latest assembler additions (vpaes and e_padlock) work in Windows build.
      Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet.
      bsaes-x86_64.pl: add due credit.
      e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2).
      e_padlock-x86.pl: previous C3-specific fix was incomplete.
      e_padlock-x86*.pl: Nano-related update.
      e_padlock-x86_64.pl: fix typo.
      e_padlock: add CTR mode.
      e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug.
      e_padlock-x86_64.pl: brown-bag bug in stack pointer handling.
      e_padlock-x86[_64].pl: protection against prefetch errata.
      Remove eng_aesni.c as AES-NI support is integrated directly at EVP.
      aesni-x86[_64].pl: fix bug in CCM code.
      e_aes.c: fix bug in aesni_gcm_tls_cipher.
      Add android-x86.
      Engage bsaes-x86_64.pl, bit-sliced AES.
      bn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to     be shifted in specific cases.
      bn_mont.c: simplify BN_from_montgomery_word.
      x86_64-mont.pl: minor optimization.
      bn_exp.c: further optimizations using more ideas from     http://eprint.iacr.org/2011/239.
      bn_mont.c: get corner cases right in updated BN_from_montgomery_word.
      c_allc.c: add aes-xts to loop.
      [bs|vp]aes-x86[_64].pl: typos and clarifications.
      bsaes-x86_64.pl: make it work with ml64.
      x86_64-xlate.pl: make vpaes-x86_64.pl and rc4-md5-x86_64 work with ml64,     fix bug in .crt section alignment.     PR: 2620, 2624
      evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls     (trade 2% small-block performance), engage bit-sliced AES in GCM.
      engines/.cvsignore: stop whining about e_padlock-*.s.
      fips_enc.c: assign minimal block size to bad_cipher [to avoid arithmetic     exceptions in TLS layer].
      fips/*: extend fipsro segmenting to all _MSC_VER builds (including WinCE).
      fipssyms.h: assign alias to newly introduced bn_gather5.
      arm_arch.h: add missing pre-defined macro, __ARM_ARCH_5TEJ__.
      fips_canister.c: more cross-compiler platfroms verified.
      Remove superseded MIPS assembler modules.
      vxworks-mips: unify and add assembler.
      Drain unused MacOS directory.
      sha1-mips.pl: fix typo.
      fips/fips_[canister|premain].c: make it work with VC6 and add sentinels     even to code segments.
      armcap.c: auto-setup processor capability vector.
      fips.c: x86[_64] capability masking.
      fips.c: remove preprocessor artefact.
      mk1mk.pl: cleanup engines' handling and make fips build work on WIN64I.
      x86gas.pl: relax .init segment alignment.
      config: in cross-compile case interrogate cross-compiler, not host, work     around sub-shell limitation.
      fips_canister.c: harmonize fingerprinting for all Windows, CE or not.
      cryptlib.c: remove stdio dependency in Windows fipscanister.lib.
      e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
      e_aes.c: fold even aesni_ccm_cipher.
      bsaes-x86_64.pl: add decryption procedure (with unoptimized reference     InvMixColumns).
      bsaes-x86_64.pl: optimize InvMixColumns.
      bn_exp.c: fix corner case in new constant-time code.
      bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c.
      ppc.pl: fix bug in bn_mul_comba4.     PR: 2636     Submitted by: Charles Bryant
      x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.     PR: 2633
      armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler.
      e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's     return value after custom flag was rightly reverted.
      fipsld, incore: switch to new cross-compile support.
      fips_premain.c: fix warning about _exit on MacOS X.
      fips_canister.c: add cross-compiler support for iOS (it applies even to     MacOS X, because it's easier to handle it this way).
      Configure: allow ./config to pass compiler flags with white spaces.
      Configure: initial support for iOS.
      config: KERNEL_BITS envrionment variable to control choice between 32- and     64-bit darwin builds.
      config: KERNEL_BITS envrionment variable to control choice between 32-     and 64-bit Solaris builds.
      Configure: harmonize darwin64-x86_64-cc line with assembler pack.
      x86cpuid.pl: compensate for imaginary virtual machines.
      arm_arch.h: allow to specify __ARM_ARCH__ elsewhere.
      bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt.
      Makefile.org: proper libclean on MacOS X.
      engines/: get rid of cvs warnings on MacOS X, proper clean in ccgost.
      Configure, x86gas.pl: fix linker warnings in 32-bit Darwin build.
      cryptlib.c, etc.: fix linker warnings in 64-bit Darwin build.
      e_aes.c: additional sanity check in aes_xts_cipher.
      rc4test.c: commit#21684 broke x86_64 shared Linux build. This is temporary     solution so that one can build rc4test...
      bn_nist.c: fix strict-aliasing compiler warning.
      bsaes-x86_64.pl: add Win64 SEH and "hadrware" calls to aes-x86_64.pl.
      Configure, e_aes.c: allow for XTS assembler implementation.
      Configure: reimplement commit#21695.
      bsaes-x86_64.pl: fix buffer overrun in tail processing.
      bn/asm/mips.pl: fix typos.
      x86-mont.pl: fix bug in integer-only squaring path.     PR: 2648
      perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction.
      modexp512-x86_64.pl: Solaris protability fix.
      vpaes-x86.pl: portability fix.     PR: 2657
      vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl.     PR: 2657
      apps/speed.c: Cygwin alarm() fails sometimes.     PR: 2655
      apps/speed.c: fix typo in last commit.
      update CHANGES.
      bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions.
      cmac.c: optimize make_kn and move zero_iv to const segment.
      aes-sparcv9.pl: clean up regexp     PR: 2685
      asn1/t_x509.c: fix serial number print, harmonize with a_int.c.     PR: 2675     Submitted by: Annie Yousar
      ecdsa.pod: typo.     PR: 2678     Submitted by: Annie Yousar
      speed.c: typo in pkey_print_message.     PR: 2681     Submitted by: Annie Yousar
      doc/apps: formatting fixes.     PR: 2683     Submitted by: Annie Yousar
      ec_pmeth.c: fix typo in commentary.     PR: 2677     Submitted by: Annue Yousar
      Sanitize usage of <ctype.h> functions. It's important that characters     are passed zero-extended, not sign-extended.     PR: 2682
      aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification     (most restrictive about r2 and r13 usage).
      sha512-sparcv9.pl: work around V8+ warning.
      cryptlib.c: make even non-Windows builds "strtoull-agnostic".
      Fix OPNESSL vs. OPENSSL typos.     PR: 2613     Submitted by: Leena Heino
      cryptlib.c: sscanf warning.
      x86_64-xlate.pl: proper solution for RT#2620.
      ghash-x86.pl: engage original MMX version in no-sse2 builds.
      hpux-parisc2-*: engage assembler.
      bn_nist.c: make new optimized code dependent on BN_LLONG.
      apps/s_cb.c: recognized latest TLS version.
      seed.c: incredibly enough seed.c can fail to compile on Solaris with certain     flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>
      Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for     following reasons:
      x86cpuid.pl: fix processor capability detection on pre-586.
      Add bit-sliced AES for ARM NEON. This initial version is effectively     reference implementation, it does not interface to OpenSSL yet.
      bsaes-armv7.pl: change preferred contact.
      Configure: make no-whirlpool work.
      x86_64-xlate.pl: remove old kludge.     PR: 2435,2440
      ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER.
      ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build.
      bsaes-armv7.pl: optmize Sbox and key conversion.
      bsaes-x86_64.pl: optimize key conversion.
      vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate     distance between local labels.     PR: 2762
      eng_all.c: revert previous "disable Padlock" commit, which was unjustified.
      e_padlock-x86[_64].pl: better understanding of prefetch errata and proper     workaround.
      ans1/tasn_prn.c: avoid bool in variable names.     PR: 2776
      perlasm/x86masm.pl: fix last fix.
      sha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select.
      modes/gcm128.c: fix self-test.
      bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND.
      util/cygwin.sh update.     PR: 2761     Submitted by: Corinna Vinschen
      vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt.     PR: 2775
      modes_lcl.h: make it work on i386.     PR: 2780
      CHANGES: harmonize with 1.0.0 and 1.0.1.
      ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444).
      aes-s390x.pl: make it more foolproof [inspired by 1.0.1].
      aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].
      aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build.
      ghash-s390x.pl: fix typo [that can induce SEGV in 31-bit build].
      e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag     countermeasure.
      s3_srvr.c: fix typo.     PR: 2538
      Minor compatibility fixes.     PR: 2790     Submitted by: Alexei Khlebnikov
      OPENSSL_NO_SOCK fixes.     PR: 2791     Submitted by: Ben Noordhuis
      C64x+ assembler pack. linux-c64xplus build is *not* tested nor can it be     tested, because kernel is not in shape to handle it *yet*. The code is     committed mostly to stimulate the kernel development.
      e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs.
      e_rc4_hmac_md5.c: harmonize zero-length fragment handling with     e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).
      Makefile.org: clear yet another environment variable.     PR: 2793
      e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms.     PR: 2792
      objxref.pl: improve portability.
      s23_clnt.c: ensure interoperability by maitaining client "version capability"     vector contiguous.     PR: 2802
      CHANGES: fix typos and clarify.
      CHANGES: clarify.
      ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance     of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,     why slower algorithm are affected more...     PR: 2794     Submitted by: Ashley Lai
      perlasm: fix symptom-less bugs, missing semicolons and 'my' declarations.
      ppccap.c: assume no features under 32-bit AIX kernel.
      s2_clnt.c: compensate for compiler bug.
      sha256-586.pl optimization.
      sha256-586.pl: tune away regression on Nehalem core and incidentally     improve performance on Atom and P4.
      aesni-x86_64.pl: make it possibel to use in Linux kernel.
      sha512-x86_64.pl: >5% better performance.
      sha256-586.pl: full unroll to deliver additional ~16%, add Sandy Bridge-     specific code path.
      Revert random changes from commit#22606.
      b_sock.c: make getsockopt work in cases when optlen is 64-bit value.
      bss_dgram.c: make getsockopt work in cases when optlen is 64-bit value.
      bss_dgram.c: add BIO_CTRL_DGRAM_SET_DONT_FRAG.
      x86[_64] assembly pack: update benchmark results.
      sha256-586.pl: squeeze some more, most notably ~10% on Nehalem.
      sha256-586.pl: add AVX and XOP code paths.
      sha256t.c: make sure unrolled loop is tested.
      sha256-586.pl: fix linking error.
      sha512-x86_64.pl: fix typo.
      sha512-x86_64.pl: add SIMD code paths.
      sha512-x86_64.pl: fix typo.
      x86_64 assembly pack: make it possible to compile with Perl located on     path with spaces.
      sha256-586.pl: fix typos.
      bss_dgram.c: fix typos in Windows code.
      crypto/bn/*.h: move PTR_SIZE_INT to private header.
      bn_nist.c: compensate for VC bug [with optimization off!].
      x86gas.pl: treat OPENSSL_ia32cap_P accordingly to .hidden status.
      sha1-586.pl: let masm compile AVX code.
      sha512-586.pl: optimize SSE2 code path, +5-7% on most CPUs, +13% on AMD K8.
      wp-mmx.pl: ~10% performance improvement.
      rc5.h: stop wasting space on 64-bit platforms [breaks binary compatibility!].
      sha1-s390x.pl: lingering comment update.
      sha256-armv4.pl: 4% performance improvement.
      sha512-ia64.pl: 15-20% performance improvement.
      sha512-s390x.pl: lingering comment update.
      wp-x86_64.pl: ~10% performance improvement.
      test_aesni: harmonize with AES-NI support at EVP layer.
      mk1mf.pl: replace chop to make it work in mixture of perls for Windows.
      sha1-[586|x86_64].pl: shave off one instruction from body_40_59, it's     2% less instructions in SIMD code paths, so 2% improvement in average:-)
      sha512-x86_64.pl: minimum gas requirement for AMD XOP.
      sha512-x86_64.pl: revert previous change and solve the problem through     perlasm/x86_64-xlate.pl instead.
      gcm128.c: fix AAD-only case with AAD length not divisible by 16.
      ./Configure: libcrypto.a can grow to many GB because of ar bug.
      gosthash.c: use memmove in circle_xor8, as input pointers can be equal.
      bss_dgram.c: fix compilation failure and warning on Windows with     contemporary SDK.
      MIPS assembly pack: assign default value to $flavour.
      Configure: add mips-mont to MIPS32 builds.
      sha1-armv4-large.pl: comply with ABI.
      Add linux-x32 target.
      Harmonize CHANGES in HEAD.
      TABLE update addendum to commit#22775.
      x86cpuid.pl: hide symbols [backport from x86_64].
      bn_lcl.h: gcc removed support for "h" constraint, which broke inline     assembler.
      sha512-armv4.pl: optimize for Snapdragon S4.
      bsaes-armv7.pl: minor performance squeeze on Snapdragon S4.
      bsaes-armv7.pl: even closer shave.
      bsaes-armv7.pl: closest shave. While 0.3 cpb improvement on S4 appears     insignificant, it's actually 4 cycles less for 14 instructions sequence!
      e_aes.c: uninitialized variable in aes_ccm_init_key.
      sha512-sparcv9.pl: fix binutils compilation error.
      aes-mips.pl: interleave load and integer instructions for better performance.
      MIPS assembly pack: add MIPS[32|64]R2 code.
      Configure: add MIPS targets.
      MIPS assembly pack: add support for SmartMIPS ASE.
      Configure: allow for compiler options starting with double dash.
      config: detect linux-mips* targets.
      sparcv9cap.c: add SPARC-T4 feature detection.
      Add md5-sparcv9.pl.
      md5-sparcv9.pl: more accurate performance result.
      sparc_arch.h: add assembler helpers (and make it work on Solaris).
      md5-sparcv9.pl: add hardware SPARC T4 support.
      sha[1|512]-sparcv9.pl: add hardware SPARC T4 support.
      Add SPARC T4 AES support.
      aest4-sparcv9.pl: split it to AES-specific and reusable part.
      Add SPARC T4 Camellia support.
      perlasm/sparcv9_modes.pl: "cooperative" optimizations based on suggestions     from David Miller.
      [aes|cmll]t4-sparcv9.pl: addendum to previous sparcv9_modes.pl commit.
      [md5|sha1|sha512]-sparcv9.pl: "cooperative" optimizations based on     suggestions from David Miller.
      md5-sparcv9.pl: avoid %asi modifications, improve short input performance     by 30-20%.
      sparcv9_modes.pl: membars are reported as must-have.
      aix[64]-cc: get MT support right (gcc targets are not affected).
      Add VIS3 Montgomery multiplication.
      Add VIS3-capable sparcv9-gf2m module.
      linux-pcc: make it more robust and recognize KERNEL_BITS variable.
      ghash-sparcv9.pl: add VIS3 code path.
      perlasm/sparcv9_modes.pl: fix typo in IV save code and switch to less     aggressive ASI.
      [aes|cmll]t4-sparcv9.pl: unify argument handling.
      SPARCv9 assembly pack: harmonize ABI handling (so that it's handled in one     place at a time, by pre-processor in .S case and perl - in .s).
      test_t4: cover even Camellia.
      util/pl/VC-32.pl: make fipscanister.lib universally usable.
      util/fipslink.pl: allow for single-step link.
      e_os.h: skip redundant headers in fipscanister build.
      util/fipslink.pl: fix typo.
      util/fipslink.pl: further adjustments.
      e_os.h: keep stdin redifinitions to "normal" Windows.
      mk1mf.pl: correct flags.
      ghash-sparcv9.pl: 22% improvement on T4.
      e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and     leave comment about CTR mode.
      cbc128.c: fix strict aliasing warning.
      crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from     previous cbc128.c commit].
      bn_word.c: fix overflow bug in BN_add_word.
      ppccap.c: restrict features on AIX 5.
      ppccap.c: fix typo.
      aes-586.pl: Atom-specific optimization, +44/29%, minor improvement on others.     vpaes-x86.pl: minor performance squeeze.
      aes-x86_64.pl: Atom-specific optimizations, +10%.     vpaes-x86_64.pl: minor performance squeeze.
      Support for SPARC T4 MONT[MUL|SQR] instructions.
      perlasm/sparcv9_modes.pl: addendum to commit#22966.
      Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability.
      cryptlib.c: revert typo.
      x86_64-gcc.c: resore early clobber constraint.
      AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
      Update support for Intel compiler: add linux-x86_64-icc and fix problems.
      C64x+ assembly pack: improve EABI support.
      aes-s390x.pl: harmonize software-only code path [and minor optimization].
      aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
      cryptlib.c: fix logical error.
      ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
      aes-s390x.pl: fix XTS bugs in z196-specific code path.
      fips/fipsld: improve cross-compile support.
      d1_lib.c,bss_dgram.c: eliminate dependency on _ftime.
      VC-32.pl: fix typo.
      util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on     suggestions from Pierre Delaage).
      util/pl/VC-32.pl fix typo.
      dso/dso_win32.c: fix compiler warning.
      engine/cchost: fix bugs.
      engines/e_capi.c: fix typo.
      engines/cchost/gost_crypt.c: fix typo.
      gost_crypt.c: more intuitive ceiling.
      .gitignore adjustments
      sha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores.
      engines/ccgost: add test case.
      gost_crypt.c: add assertions.
      More .gitignore adjustments.
      Improve WINCE support.
      gost2814789t.c: portability fixes.
      sha512-ppc.pl: minimize stack frame.
      bn/asm/mips.pl: hardwire local call to bn_div_words.
      Configure: update linux-mips* lines.
      TABLE update.
      x86_64 assembly pack: make Windows build more robust.
      x86_64 assembly pack: keep making Windows build more robust.
      ssl/s3_cbc.c: uint64_t portability fix.
      ssl/s3_cbc.c: md_state alignment portability fix.
      s3/s3_cbc.c: allow for compilations with NO_SHA256|512.     (cherry picked from commit d5371324d978e4096bf99b9d0fe71b2cb65d9dc8)
      ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
      e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
      e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.     (cherry picked from commit 529d27ea472fc2c7ba9190a15a58cb84012d4ec6)
      ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV".
      e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.
      s3_cbc.c: fix warning [in Windows build].
      s3_cbc.c: get rid of expensive divisions.
      s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal.
      sparccpuid.S: work around emulator bug on T1.
      bn_nist.c: work around clang 3.0 bug.
      sha512-x86_64.pl: add AVX2 code path.
      [aesni-]sha1-x86_64.pl: code refresh.
      ghash-x86[_64].pl: code refresh.
      sha1-586.pl: code refresh.
      sha256-586.pl: code refresh.
      x86_64-gf2m.pl: add missing Windows build fix for #2963.
      x86_64-gf2m.pl: fix typo.
      x86cpuid.pl: make it work with older CPUs.
      ghash-x86_64.pl: fix length handling bug.
      evptests.txt: additional GCM test vectors.
      e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
      ghash-x86_64.pl: minor optimization.
      aesni-x86_64.pl: optimize CTR even further.
      ghash-x86_64.pl: add AVX code path.
      aesni-x86_64.pl: optimize CTR even further.
      aesni-x86_64.pl: fix typo and optimize small block performance.
      Add AES-NI GCM stitch.
      des_enc.m4: add missing #include.
      Add support for SPARC T4 DES opcode.
      evptests.txt: add XTS test vectors
      dest4-sparcv9.pl: add clarification comment.
      gcm128.c: fix linking problems in 32-bit Windows build.
      e_aes.c: reserve for future extensions.
      aesni-x86_64.pl: optimize CBC decrypt.
      cryptlib.c: fix typo in OPENSSL_showfatal.
      crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.
      Fix Windows linking error in GOST test case.
      bsaes-armv7.pl: take it into build loop.
      bsaes-armv7.pl: add bsaes_cbc_encrypt and bsaes_ctr32_encrypt_blocks.
      aesni-x86_64.pl: minor CTR performance improvement.
      x86_64-xlate.pl: minor size/performance improvement.
      Add AES-SHA256 stitch.
      vpaes-x86[_64].pl: minor Atom-specific optimization.
      sha512-x86_64.pl: +16% optimization for Atom.
      aesni-sha1-x86_64.pl: Atom-specific optimization.
      aesni-x86_64.pl: optimize XTS.
      crypto/bn/bn_exp.c: SPARC portability fix.
      x86cpuid.pl: fix extended feature flags detection.
      ghash-x86_64.pl: add Haswell performance data.
      sha[256|512]-586.pl: add more SIMD code paths.
      sha512-x86_64.pl: upcoming-Atom-specific optimization.
      sha1-x86_64.pl: add AVX2+BMI code path.
      aesni-sha256-x86_64.pl: harmonize with latest sha512-x86_64.pl.
      aesni-sha1-x86_64.pl: update performance data.
      PA-RISC assembler pack: switch to bve in 64-bit builds.
      Optimize SPARC T4 MONTMUL support.
      SPARC T4 DES support: fix typo.
      aesni-sha256-x86_64.pl: fix typo in Windows SEH.
      x86_64-xlate.pl: Windows fixes.
      bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca.
      config: fix executable format detection on latest FreeBSD.
      bn/bn_exp.c: harmonize.
      bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family.
      Add RSAZ assembly modules.
      Take RSAZ modules into build loop, add glue and engage.
      Remove RSAX engine, superseded by RSAZ module.
      sha512-586.pl: fix typo.
      bn/asm/rsaz-avx2.pl: Windows-specific fix.
      crypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI.
      crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.
      crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
      crypto/bn/asm/x86_64-mont.pl: minor optimization.
      crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
      bsaes-armv7.pl: remove byte order dependency and minor optimization.
      bsaes-armv7.pl: remove partial register operations in CTR subroutine.
      Add support for Cygwin-x86_64.
      crypto/armcap.c: fix typo in rdtsc subroutine.
      aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.
      aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains.
      evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX.
      x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256.
      Configire: take multi-block modules into build loop.
      evp/e_aes_cbc_hmac_sha*.c: multi-block glue code.
      x86_64-xlate.pl: fix jrcxz in nasm case.
      rsaz-x86_64.pl: add MULX/ADCX/ADOX code path.
      bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path.
      perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
      evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
      aes/asm/bsaes-*.pl: improve decrypt performance.
      sha/asm/sha*-mb-x86_64.pl: commentary update.
      evp/evp.h: add multi-block contstants and parameter type.
      evp/e_aes_cbc_hmac_sha*.c: harmonize names, fix bugs.
      ssl/s3_pkt.c: add initial multi-block encrypt.
      Configure: recognize experimental-multiblock.
      bn/bn_exp.c: prefer MULX/AD*X over AVX2.
      bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache].
      aes/asm/bsaes-x86_64.pl: fix Windows-specific bug in XTS.
      evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB.
      MIPS assembly pack: get rid of deprecated instructions.
      Initial aarch64 bits.
      bn/asm/*x86_64*.pl: correct assembler requirement for ad*x.
      PPC assembly pack: add .size directives.
      PPC assembly pack: make new .size directives profiler-friendly.
      bn/asm/x86_64-mont.pl: minor optimization [for Decoded ICache].
      engines/e_aep.c: make it BN_ULONG-size and endian "neutral".
      sha/asm/sha1-ppc.pl: add little-endian support.
      perlasm/ppc-xlate.pl: add .quad directive     sha/asm/sha512-ppc.pl: add little-endian support.
      aes/asm/aes-ppc.pl: add little-endian support.
      perlas/ppc-xlate.pl: fix typo.
      sha/asm/sha512-ppc.pl: fix typo.
      modes/asm/ghash-alpha.pl: make it work with older assembler.
      engines/ccgost/gost89.h: make word32 defintion unconditional.
      modes/asm/ghash-alpha.pl: make it work with older assembler for real.
      Makfile.org: make FIPS build work with BSD make.
      Make Makefiles OSF-make-friendly.
      modes/asm/ghash-alpha.pl: fix typo.
      srp/srp_grps.h: make it Compaq C-friendly.
      Configure: add linux-ppc64le target.
      Add Vector Permutation AES for PPC.
      Take vpaes-ppc module into loop.
      ppc64-mont.pl: eliminate dependency on GPRs' upper halves.
      vpaes-ppc.pl: fix bug in IV handling and comply with ABI.
      bn/asm/rsaz-x86_64.pl: fix prototype.
      crypto/bn/rsaz*: fix licensing note.
      crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
      bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
      Configure: remove vpaes-ppc from aix targets.
      aes/asm/vpaes-ppc.pl: comply with ABI.
      perlasm/ppc-xlate.pl: improve linux64le support.
      perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX.
      bn/asm/armv4-mont.pl: add NEON code path.
      bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
      x86_64-xlate.pl: minor update.
      PPC assembly pack: improve AIX support (enable vpaes-ppc).
      sha512.c: fullfull implicit API contract in SHA512_Transform.
      PPC assembly pack update addendum.
      evp/e_[aes|camellia].c: fix typo in CBC subroutine.
      sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.     (and ensure stack alignment in the process)
      ARM assembly pack: make it work with older toolchain.
      FAQ: why SIGILL?
      sparcv9cap.c: omit random detection.
      aesni-sha1-x86_64.pl: add stiched decrypt procedure,     but keep it disabled, too little gain... Add some Atom-specific     optimization.
      ssl/t1_enc.c: optimize PRF (suggested by Intel).
      aesni-sha1-x86_64.pl: refine Atom-specific optimization.     (and update performance data, and fix typo)
      sha/asm/sha256-armv4.pl: add NEON code path.     (and shave off cycle even from integer-only code)
      aes/asm/vpaes-ppc.pl: add little-endian support.
      PPC assembly pack: relax 64-bit requirement for little-endian support.
      bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.
      crypto/sha/asm/sha1-x86_64.pl update:
      crypto/aes/asm/aesni-x86[_64].pl update, up to 14% improvement on     Atom Silvermont. On other CPUs one can observe 1% loss on some     algorithms.
      modes/asm/ghash-s390x.pl: +15% performance improvement on z10.
      s3_pkt.c: move ssl3_release_write_buffer to ssl3_write_bytes.
      [aesni|sha*]-mb-x86_64.pl: add data prefetching.
      evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements.
      ssl/s3_pkt.c: move multi-block processing to ssl3_write_bytes.
      e_aes_cbc_hmac_sha[1|256].c: fix compiler warning.
      ghash-x86[_64].pl: ~15% improvement on Atom Silvermont     (other processors unaffected).
      evp/e_aes_cbc_hmac_sha*.c: improve cache locality.
      aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont.
      x86[_64]cpuid.pl: add low-level RDSEED.
      ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
      aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak.
      config: recognize ARMv8/AArch64 target.
      x509/by_dir.c: fix run-away pointer (and potential SEGV)     when adding duplicates in add_cert_dir.
      BC-32.pl: refresh Borland C support.
      ms/do_win64a.bat: forward to NUL, not NUL:.
      aes/asm/vpaes-ppc.pl: fix traceback info.
      ssl/t1_enc.c: check EVP_MD_CTX_copy return value.
      Configure: blended processor target in solaris-x86-cc.
      sha/asm/sha512-x86_64.pl: fix compilation error on Solaris.
      sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2.
      des/asm/des-586.pl: shortcut reference to DES_SPtrans.
      rc4/asm/rc4-586.pl: allow for 386-only build.
      perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF.
      perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms.
      Configure: mark unixware target as elf-1.
      Makefile.org: fix syntax error on Solaris.
      bss_dgram.c,d1_lib.c: make it compile with mingw.
      test/Makefile: allow emulated test (e.g. under wine).
      dh_check.c: check BN_CTX_get's return value.
      SPARC T4 assembly pack: treat zero input length in CBC.
      engines/ccgost/gosthash.c: simplify and avoid SEGV.
      vpaes-[x86_64|ppc].pl: fix typo, which for some reason triggers rkhunter.
      crypto/modes/gcm128.c: more strict aliasing fixes.
      aes/asm/bsaes-x86_64.pl: Atom-specific optimization.
      bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication     algorithm suggested in following paper:
      crypto/armcap.c: detect ARMv8 capabilities [in 32-bit build].
      sha/asm/sha1-armv4-large.pl: add NEON and ARMv8 code paths.     sha/asm/sha256-armv4.pl: add ARMv8 code path.
      C64x+ assembly pack: make it work with older toolchain.
      C64x+ assembply pack: add RC4 module.
      md5/asm/md5-[586|x86_64].pl: +15% on Atom.
      Add "teaser" AES module for PowerISA 2.07.
      Add "teaser" AES module for ARMv8.
      aesv8-armx.pl: optimize by adding 128-bit code paths.
      aesv8-armx.pl: fix typo.
      vpaes-ppc.pl: comply with ABI.
      aesp8-ppc.pl: add optimized CBC decrypt.
      aesp8-ppc.pl: optimize CBC decrypt even further.
      aesv8-armx.pl: add CTR implementation.
      Add linux-aarch64 taget.
      Add SHA for ARMv8.
      linux-aarch64: engage SHA modules.
      Engage ARMv8 AES support.
      sha[1|256]-armv4: harmonize with arm_arch.h.
      armv4cpuid.S: switch to CNTVCT tick counter.
      Engage POWER8 AES support.
      evp/e_aes.c: populate HWAES_* to remaning modes.
      evp/e_aes.c: add erroneously omitted break;
      aesp8-ppc.pl: fix typos.
      aesv8-armx.pl update:
      Add GHASH for ARMv8 Crypto Extension.
      Engage GHASH for ARMv8.
      sha[1|512]-armv8.pl: get instruction endianness right.
      ARM assembly pack: get ARMv7 instruction endianness right.
      aesni-mb-x86_64.pl: add Win64 SEH.
      Add support for Intel SHA extension.
      ghash-x86_64.pl: optimize for upcoming Atom.
      Enable multi-block support by default.
      Facilitate back-porting of AESNI and SHA modules.     Fix SEH and stack handling in Win64 build.
      sha1-x86_64.pl: add missing rex prefix in shaext.
      aesni-sha256-x86_64.pl: add missing rex in shaext.
      evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build.
      aesp8-ppc.pl: add CTR mode.
      aesni-sha[1|256]-x86_64.pl: fix logical error and MacOS X build.
      ARMv8 assembly pack: add Cortex performance numbers.
      aesv8-armx.pl: inclrease interleave factor.
      x86_64 assembly pack: allow clang to compile AVX code.
      x86_64 assembly pack: addendum to last clang commit.
      aesv8-armx.pl: rigid input verification in key setup.
      aesp8-ppc.pl: rigid input verification in key setup.
      bn_exp.c: move check for AD*X to rsaz-avx2.pl.
      bn/asm/rsaz-avx2.pl: fix occasional failures.
      x86_64 assembly pack: refine clang detection.
      sha512-x86_64.pl: fix linking problem under Windows.
      Add SHA256/512 for PowerISA 2.07.
      Engage SHA256/512 for PowerISA 2.07.
      perlasm/ppc-xlate.pl update.
      bn_exp.c: fix x86_64-specific crash with one-word modulus.
      e_os.h: limit _MSC_VER trickery to older compilers.
      apps/speed.c: add multi-block benchmark.
      s3_pkt.c: fix typo.
      sha512-x86_64.pl: fix typo.
      sha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
      apps/speed.c: fix compiler warnings in multiblock_speed().
      Please Clang's sanitizer.
      Please Clang's sanitizer, addendum.
      x86_64 assembly pack: improve masm support.
      Add GHASH for PowerISA 2.07.
      Engage GHASH for PowerISA 2.07.
      Revert "Engage GHASH for PowerISA 2.07."
      Revert "Add GHASH for PowerISA 2.07."
      Add GHASH for PowerISA 2.0.7.
      Engage GHASH for PowerISA 2.0.7.
      sha1-ppc.pl: shave off one cycle from BODY_20_39     and improve performance by 10% on POWER[78].
      CHANGES: mention new platforms.
      sha1-mb-x86_64.pl: fix typo.
      crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
      sha1-mb-x86_64.pl: add commentary.
      bn/asm/rsaz-*.pl: allow spaces in Perl path name.
      apps/speed.c: add -misalign command-line argument.
      x86[_64] assembly pack: add Silvermont performance data.
      md5-x86_64.pl: work around warning.
      Configure: add configuration for crypto/ec/asm extensions.
      perlasm/x86_64-xlate.pl: handle inter-bank movd.
      Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
      Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
      Configure: engage ECP_NISTZ256.
      crypto/bn/asm/x86_64-mont*.pl: add missing clang detection.
      Harmonize Tru64 and Linux make rules.
      crypto/ecp_nistz256.c: harmonize error codes.
      crypto/rsa/rsa_chk.c: harmonize error codes.
      CHANGES: mention ECP_NISTZ256.
      e_os.h: allow inline functions to be compiled by legacy compilers.
      crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
      crypto/bn/bn_nist.c: bring original failing code back for reference.
      e_os.h: refine inline override logic (to address warnings in debug build).
      crypto/cast/asm/cast-586.pl: +5% on PIII and remove obsolete readme.
      aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
      Add missing credit.
      Configure: add ios64 target.
      ecp_nistz256 update.
      md32_common.h: address compiler warning in HOST_c2l.
      ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling.
      armv4cpuid.S: fix compilation error in pre-ARMv7 build.
      ecp_nistz256-x86_64.pl: fix occasional failures.
      Remove inconsistency in ARM support.     This facilitates "universal" builds, ones that target multiple     architectures, e.g. ARMv5 through ARMv7. See commentary in     Configure for details.
      CHANGES: mention "universal" ARM support.
      Revert "CHANGES: mention "universal" ARM support."
      CHANGES: mention "universal" ARM support.
      Fix irix-cc build.
      Fix for CVE-2014-3570 (with minor bn_asm.c revamp).
      Add Broadwell performance results.

Annie Yousar (1):
      RT2679: Fix error if keysize too short

Ard Biesheuvel (1):
      Added support for ARM/NEON based bit sliced AES in XTS mode

Ben Laurie (617):
      Add strictness, fix variable substition bugs.
      Autodetect FreeBSD 3.
      Fix option listing.
      Require Perl 5.
      This is not a bug in NT Perl, its a bug in Configure.
      Deal with generated files.
      Make Configure work again after eliminating files.
      Add prototypes. Make Montgomery stuff explicitly for that purpose.
      Fix incorrect DER encoding of SETs and all knock-ons from that.
      Fix pem/err ordering.
      Fix name delete problem.
      Document recent changes.
      Fix tests for ssleay -> openssl.
      Don't confuse matters by using the wrong library.
      Fix reference counting.
      Pass on BIO_CTRL_FLUSH.     Submitted by: Arne Ansper <arne at ats.cyber.ee>
      Remove the bugfix that was really a bug.     Submitted by: Arne Ansper <arne at ats.cyber.ee>
      Only free if it ain't NULL.
      Free the right thing.
      Make the world a safer place (if people object to this kind of change, speak up     soon - I intend to do a lot of it!).
      Fix export tests.
      Fix numeric -newkey args.     Contributed by: Bodo Moeller <3moeller at informatik.uni-hamburg.de>
      Send the right CAs to the client.
      Fix DH key generation.     Contributed by: Anonymous <nobody at replay.com>
      Accept NULL in *_free.
      Get rid of redundant files.
      Sort openssl functions by name.
      Fix comment.
      Add prototype, fix parameter passing bug.
      More prototypes.
      More prototypes.
      More prototypes.
      More prototypes.
      More prototypes.
      More prototypes.
      Generate an error on an invalid directory.
      Remove pointless MD5 hash.     Contributed by: Anonymous <nobody at replay.com>
      Oops. Missing NULL frees.
      Correct Linux 1 recognition.     Contributed by: Ulf Möller <ulf at fitug.de>
      Fix major cockup with short keys in CAST-128.
      Dispose of generated programs.
      Ignore auto-generated programs.
      Spelling mistake.
      Finally lay dependencies to rest (I hope!).
      This time, get it right.
      Correct bracketing error.
      Minor constification.
      Make sure people know when they need to rebuild the Makefile.
      Reduce header dependencies.
      Declare correctly on FreeBSD.
      Update dependencies.
      Oops. One header too many.
      Update dependencies.
      Add dependencies.
      Update dependencies.
      Break circular dependency between pem and err.
      More pissing about to get pem.h to behave properly.
      Squeeze a bit more speed out of MD5 assembler.
      Yet more pissing about to get PEM built at the right moment.
      Clear error we don't care about.
      Typo in arguments.
      Diagnose errors.
      Process extensions when they are there.
      Slightly improved diagnostics.
      Minor tweaks to keep Perl 5.001 happy.
      More exactitude with function arguments.
      Update dependencies.
      Tidy up asm stuff.
      Actually use BN when selected!
      Some cleanup.
      Whoops, missed one.
      In the absence of feedback either way, commit the fix that looks right for     wrong keylength with export null ciphers.
      Add support for 3DES CBCM mode.
      Fix ghastly DES declarations, and all consequential warnings.
      Update dependencies.
      Finally(?) fix DES stuff.
      Add OAEP.
      Fix case of new functions in error files.
      Generate errors when public/private key check is done.
      Fix a warning.
      Fix warning.
      Add support for new TLS export ciphersuites.
      Undo a couple of kludges.
      More stuff for new TLS ciphersuites.
      Add syslogging BIO.
      Fix more warnings.
      Add reliable BIO.
      Code for reliable BIO.
      Fix clearly untested "clever" hack.
      Perhaps if I do a tiny bit of docco, others may follow?
      Update dependencies.
      Experiment with doxygen documentation.
      doxygen configuration file.
      More truth in declarations.
      Add functions to add certs to stacks, used for CA file/path stuff in servers.
      Supper's cooking.
      Permit null ciphers.
      Fix export ciphersuites, again.
      Put the dependencies back.
      Fix names of cert stack functions.
      Disable new TLS1 ciphersuites.
      Fix a typo.
      Always make links.
      Linux MIPS support.
      Fix DWP when only given three parameters.
      Fix perl assembler.
      Don't make links on Windoze.
      Don't make links in INSTALL doc - also, work first time!
      Make links no longer needed.
      Correct English.
      Go faster.
      Fix quad checksum bug.
      Remake cert links when the app is built.
      Use the right compiler for ctx_size.
      This is now generated, it seems.
      Solaris shared library support.
      Allow bsdi-gcc - see if it gets anyone anywhere.
      Update dependencies.
      Fail if test fails.
      Fix security hole.
      Fix Alpha assembler, remove redundant file.
      Linux PPC support.
      Don't shadow.
      Update dependencies.
      Don't shadow.
      Install signal handler if we are using sigaction.
      Rid the world of more evil casts.
      Adjust renegotiation slightly.
      Rid the world of yet more evil casts.
      gcc claims this is a shadow, though I can't find what it is shadowing...
      Add type-safe STACKs and SETs.
      Just use an ANSI declaration, instead.
      Add new experimental ciphersuites. Bring naming into line with RFC.
      Fix some warnings. Contributed by Anonymous.
      Another STACK bites the dust.
      Massive constification.
      Update dependencies.
      Fix const declarations.
      const correctness.
      Update dependencies.
      Fix DES export ciphersuites.
      Remove some unnecessary(?) casting.
      Reverse unexplained change.
      Work with -pedantic!
      Don't shadow.
      Another safe stack.
      Another stack.
      Another stack.
      Update dependencies.
      Yet another stack.
      Some more stack stuff.
      Add other people who've done stackification.
      Bodo didn't do that.
      Make -pedantic work again.
      Avoid shadowing, and a bit of constification while I'm at it.
      Update dependencies.
      Get rid of the cast.
      Add actual testing to bntest...
      Get rid of casts.
      Convert void *.
      Switch to new version numbering scheme.
      Prepare for a beta release.
      On seconds thoughts, the version number shoud _never_ decrease.
      Don't include top-level CVS directory.
      Prepare for final(?) beta.
      Move to beta 3.
      Here we go: prepare to roll 0.9.3.
      Move on to 0.9.4.
      Update dependencies.
      Prepare to release 0.9.3a
      And carry on with development...
      More safe stack.
      Another safe stack.
      Another safe stack.
      Another stack.
      Yet another stack.
      More stack.
      Move stack implementations to more natural places.
      Evil cast extermination.
      Make samples compile.
      More evil cast removal.
      Some constification and stacks that slipped through the cracks (how?).
      Aha! That's how pkcs12 got missed from stackification.
      const/type fixes.
      Survive pedanticism.
      Make "make test" fail if bntest fails an internal selfcheck.
      I keep forgetting to fix this: update the IV! Most important!
      Oops. Get rid of now incorrect comment.
      Fix warnings.
      Don't shadow.
      Make it compile under -pedantic.
      More diagnostics.
      Fix warnings.
      Fix warnings.
      Correct warnings.
      Fix warnings.
      Fix warnings.
      Don't return stuff from void functions.
      Fix (spurious) warnings.
      Fix warning.
      Update dependencies.
      Make salting the default. Fail gracefully if the input is not salted.
      Make NO_RSA compile with pedantic.
      Fix shadow.
      Correct time in seconds instead of minutes.
      Fix signed/unsigned warnings.
      Add support for Compaq Atalla crypto accelerator.
      Reflect API changes.
      Get rid of evil cast.
      Declare memset.
      Get definition of ssize_t.
      Allow UTCTIME objects to be retrieved. Check for imminent cert expiry.
      Typesafety thought police.
      Typesafety Thought Police Part 2.
      Typesafety Thought Police part 3.
      Typesafe Thought Police part 4.
      Typesafety Thought Police part 5.
      Typesafety Thought Police last part.
      Yet more typesafety.
      EVP constification.
      Use up-to-date functions.
      Don't let top go below zero!
      max -> dmax in bn_check_top.
      Use the passed buffer in ERR_error_string!
      Diagnose EOF on memory BIOs (or you just get mysterious errors with no error     message).
      Add demo state machine.
      Distinguish between assertions and conditions that should cause death.
      Handle WANT_READ more correctly (thanks to Bodo).
      Ignore executable.
      Document an old change.
      Always return a value.
      Make this stuff compile.
      Make Rijndael work! Those long flights have some good points.
      Better handling of EVP names, add EVP to speed.
      Oops! Read a full buffer instead of some spurious number from elswhere.
      Fix warnings.
      Fix a warning.
      Can't remember why this was needed?
      BN assembler is no longer option on x86.
      Make depend.
      Improve the state machine.
      Rijdael CBC mode and partial undebugged SSL support.
      Fix warning.
      Delete a redundant line.
      Fix a memory leak (there's another around here somewhere, though).     PR:
      Fix warning.
      Update nCipher header with more liberal licence.
      Remove unnecessary casts.
      Correct const-ness.
      Speed test decrypt EVP operations.
      Don't update argc, argv for decrypt flag!
      Use & instead of % - worth about 4% for 8 byte blocks.
      Handle the common case first (where input size is a multiple of block size).     Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to     regain that later.
      A better compromise between encrypt and decrypt (but why isn't it as fast     for encrypt?).
      Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for     OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery     is available).
      Only set the verify callback if there's one to set!
      Make EVPs allocate context memory, thus making them extensible. Rationalise     DES's keyschedules.
      Really add the EVP and all of the DES changes.
      Remove //.
      Remove old unused stuff.
      Document DES changes better.
      Make /dev/crypto work with new EVP structures.
      This ghastly hack prevents CVS wars over Kerberos (which is disabled by default).
      Header bloat reduction for EVP_PKEY.
      Get rid of the stuff we, err, got rid of.
      Reinstate accidentally deleted code.
      Remove extra whitespace. Sorry.
      Parameter correction for CIOFSESSION.
      Fix memory leak.
      Start to reduce some of the header bloat.
      Move CIPHER_CTX cleanups to _Final routines instead of _Init, which avoids     problems with leaks and uninitialised structures.
      Add first cut symmetric crypto support.
      Add EVP test program.
      Add AES tests.
      Add RC4 support to OpenBSD.
      More tests.
      Add digests.
      Test digests.
      Fix SSL memory leak.
      Make MD functions take EVP_MD_CTX * instead of void *, add copy() function.
      Redo type-safety fix.
      Now need sha.h for some reason.
      Remove duplication.
      Look up MD5 by name.
      Add a cleanup function for MDs.
      Fix warning.
      Don't clean up stuff twice.
      Fix warning.
      Add paralellism to speed - note that this currently causes a weird memory leak.
      If verify fails, say why.
      Improve back compatibility.
      Security fix.
      Return value could be undefined.
      Add client_cert_cb prototype.
      Prototype info function.
      Constification, missing declaration, update dependencies.
      Fix memory leak.
      Stupid apps should die, not fail silently.
      Other errors are possible.
      Constification, add config to /dev/crypto.
      Make no config file not an error. Move /dev/crypto config to ctrl.
      Support old DES APIs by default.
      Fix warnings.
      Fix warnings.
      Handle read errors.
      Fix warnings, makefile cockup.
      Security fixes brought forward from 0.9.7.
      Correct asm exclusions.
      Fix warning.
      Old-style callbacks can be NULL!
      Blow away Makefile.ssl.
      Don't debug.
      Make tags target useful.
      Take account of Makefile.ssl removal.
      Give everything prototypes (well, everything that's actually used).
      Get rid of irritating noise.
      Simplicate and add lightness.
      If input is bad, we still need to clear the buffer.
      Add prototypes.
      Add debug target, remove cast, note possible bug.
      Flag changes in Configure and config, too.
      make depend.
      Add DTLS support.
      Add prototype.
      Redundant changes.
      There must be an explicit way to build the .o!
      Propagate BUILDENV into subdirectories.
      Fix warnings.
      Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes.
      Fix warning.
      Make D-H safer, include well-known primes.
      Generate primes, too.
      Fix warnings.
      Make things static that should be. Declare stuff in headers that should be.     Fix warnings.
      Forward port of IGE mode.
      Fix various warnings.
      Add RFC 3779 support.
      Fix warning.
      Don't die if the value is NULL (Coverity CID 98).
      Make sure we detect corruption.
      Die if serial number is invalid.
      Return an error if the serial number is badly formed. (Coverity ID 116).
      Missing return on error. Coverity ID 115.
      Don't free a NULL. Coverity ID 112.
      Fix buffer overrun. Coverity ID 106.
      Handle bad content type. Coverity ID 99.
      Resource leak.
      Free memory. Coverity ID 62.
      Avoid overrun. Coverity ID 60.
      Don't use a negative number as a length. Coverity ID 57.
      Missing config file.
      Don't dereference NULL argument. Coverity ID 52.
      Errors should actually be errors.
      Fix duplicate error number.
      Don't copy from a nonexistent next. Coverity ID 47.
      If you're going to check for negative, use an signed integer! Coverity ID 122.
      Yet another resource leak. Coverity ID 123.
      AES IGE mode speedup.
      More IGE speedup.
      Inline function declarations have to be prototypes.
      Fix warning.
      Typo? Why did this work, anyway?
      make errors.
      The other half of make errors.
      Fix dependencies. Make depend.
      New release.
      Fix warnings.
      Fix buffer overflow.
      Missing headers.
      LHASH revamp. make depend.
      Memory saving patch.
      Only include windows headers when under windows.
      More type-checking.
      Fix warning.
      Ignoring errors in makedepend can hide problems.
      Add missing DTLS1_BAD_VER (hope I got the value right).
      Type-checked (and modern C compliant) OBJ_bsearch.
      Type-safe OBJ_bsearch_ex.
      Add XMPP STARTTLS support.
      Set comparison function in v3_add_canonize().
      Fix warning a different way.
      Add JPAKE.
      Fix warning.
      More size_tification.
      Fix warning.
      Fix warnings.
      Fix asserts. Fix incorrect dependency.
      Only one of these needs to be signed.
      J-PAKE is not experimental in HEAD.
      Ignore saved Makefile.
      Aftermath of a clashing size_t fix (now only format changes).
      Ignore generated ASM.
      Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.
      Missing return values (Coverity ID 204).
      Check for NULL before use (Coverity ID 203).
      Return error if DH_new() fails (Coverity ID 150).
      *** empty log message ***
      Back out pointless change.
      pval must always be set when pk7_cb() does anything (Coverity ID 146).
      !a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145).
      Remove misleading dead code. Constify. (Coverity ID 142)
      Handle the unlikely event that BIO_get_mem_data() returns -ve.
      Deal with the unlikely event that EVP_MD_CTX_size() returns an error.     (Coverity ID 140).
      Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129)
      Remove dead code. (Coverity ID 2)
      Die earlier if we have no hash function.
      Reverse incorrect earlier fix.
      Die earlier if hash is NULL. (Coverity IDs 137 & 138).
      Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash.     (Coverity ID 135).
      If we're going to return errors (no matter how stupid), then we should     test for them!
      Apparently s->ctx could be NULL at this point (see earlier     test). (Coverity ID 148).
      Apparently s->ctx could be NULL. (Coverity ID 147).
      Document dead code.
      Calculate offset correctly. (Coverity ID 233)
      srvr_ecdh cannot be NULL at this point (Coverity ID 232).
      Add missing entry.
      Allow CC to be overridden.
      Use new common flags and fix resulting warnings.
      Fix memory leak.
      Use the right length (reported by Quanhong Wang).
      Don't ask for -iv for ciphers that need no IV.
      Print IPv6 all 0s correctly (Rob Austein).
      Autogeneration seems to have changed slightly.
      Fix warnings.
      Fix warnings (note that gcc 4.2 has a bug that makes one of its     warnings hard to fix without major surgery).
      Missing declarations, no assembler in PEDANTIC.
      Non-executable stack in asm.
      Fix warnings.
      Missing prototype.
      Sign mismatch.
      Add Next Protocol Negotiation.
      Fix warnings.
      NPN tests.
      Fixes to NPN from Adam Langley.
      Fix warning.
      Fix warning.
      Add SRP support.
      Note SRP support.
      Fix Tom Wu's email.
      Missing SRP files.
      Fix some warnings caused by __owur. Temporarily (I hope) remove the more     aspirational __owur annotations.
      Add DTLS-SRTP.
      Add TLS exporter.
      Make it possible to set a time for verification.
      Back out redundant verification time change.
      Fix warning.
      Padlock engine doesn't build (the asm parts are not built for some reason),     so remove for now.
      Remove redundant TLS exporter.
      Padlock doesn't build. I don't even know what it is.
      Fix warning.
      Build on FreeBSD with gcc 4.6.
      RFC 5878 support.
      Version skew reduction: trivia (I hope).
      Parse authz correctly.
      Fix memory leak.
      Rearrange and test authz extension.
      Fix memory leak.
      Call OCSP Stapling callback after ciphersuite has been chosen, so the     right response is stapled. Also change SSL_get_certificate() so it     returns the certificate actually sent.  See     http://rt.openssl.org/Ticket/Display.html?id=2836.
      Fix gcc 4.8 warning (strict aliasing violation).
      Remove unused static function.
      More strict aliasing fix.
      Fix OCSP checking.
      Tabification. Remove accidental duplication.
      Update ignores.
      Make openssl verify return errors.
      Improve my 64-bit debug target.
      Document -pubkey.
      Documentation improvements by Chris Palmer (Google).
      Fix warning.
      Add some missing files, make paths absolute.
      Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955).
      Fix some clang warnings.
      Make "make depend" work on MacOS out of the box.
      Can't check a size_t for < 0.
      Remove extraneous brackets (clang doesn't like them).
      Build/test cleanly on MacOS.
      Remove kludge to use RC4 asm.
      Merge branch 'master' of openssl.net:openssl
      Merge branch 'master' of openssl.net:openssl
      Fix warnings.
      Add and use a constant-time memcmp.
      Make CBC decoding constant time.
      Don't crash when processing a zero-length, TLS >= 1.1 record.
      Update DTLS code to match CBC decoding in TLS.
      Oops. Add missing file.     (cherry picked from commit 014265eb02e26f35c8db58e2ccbf100b0b2f0072)
      make depend.
      Fix ignored return value warnings.
      Missing files target.
      Ignore MINFO.
      Add reallyclean target.
      Add dependency on destination directory.
      Remove empty command.
      Include correctly.
      Inherit CFLAGS when plaform is "auto".
      Preserve the C compiler.
      Remove pointless diagnostic.
      Use "copy" instead of "auto".
      Take the first definition of a variable.
      Allow variables to be overridden on the command line.
      Override local vars for MINFO build.
      Missing MINFO generation.
      Handle assembler files.
      Don't make CPUID stuff twice.
      Only copy headers if they've changed.
      Merge branch 'master' of openssl.net:openssl
      Actually comment out the cpuid asm!
      Remove unused variable.
      Ignore mk1mf.pl output directories.
      Use CFLAG for LFLAGS instead of the nonexistent CFLAGS.
      Fix warnings.
      Get closer to a working single Makefile with test support.
      More progress towards working tests.
      Make OCSP test work.
      Make PKCS#7 test work.
      Make RSA test work.
      Make S/MIME test work.
      Make session ID test work.
      Avoid collisions.
      Show start/end of tests.
      Add new asm target.
      Fix test_ss.
      Merge, go back to copy-if-different.
      Helper scripts for one makefile build.
      Make executable.
      Missing file.
      Missing semicolon.
      Use original alltests target for definitive test list.
      Make sure all tests are actually run, plus some fixups for things that     turn out to be made somewhere by existing Makefiles.
      Ugly hack to avoid recompiling the same thing multiple times in parallel.
      Tests pass!
      Missing prototypes.
      Remove added ;.
      Add aesni-sha256-x86_64.
      Ignore one-makefile stuff.
      Support new rsaz asm stuff.
      Note non-export of CC.
      Clarify FIXME.
      Add a no-opt 64-bit target.
      Fix compile errors.
      Correctly test for no-ec.
      Clean up layout.
      Make it build.
      More cleanup.
      Const fix.
      More diagnostics for invalid OIDs.
      Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix
      Mix time into the pool to avoid repetition of the Android duplicated PID problem.
      Show useful errors.
      Produce PEM we would consume.
      Support new asm files.
      Add clang debug target.
      Remove unused variable.
      PBKDF2 should be efficient. Contributed by Christian Heimes     <christian at python.org>.
      Fix whitespace, new-style comments.
      Fix warnings.
      Build on MacOS.
      Fix warning.
      Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer
      Reverse export of o_time.h.
      Make i2r_sctlist static.
      Move gmtime functions to crypto.h.
      Fix warning.
      Fix double frees.
      Fix use after free.
      More warnings.
      Make it build/run.
      Fixup for ancient compilers.
      Merge branch 'mbland-heartbeat-test'
      Don't allocate more than is needed in BUF_strndup().
      Implement BUF_strnlen() and use it instead of strlen().
      Remove redundant test.
      Check length first in BUF_strnlen().
      Merge branch 'heartbeat-test' of git://github.com/mbland/openssl
      Only copy opensslconf.h at init time.
      Make it build.
      Add option to run all prime tests.
      Zero prime doits.
      Constify and reduce coprime random bits to allow for multiplier.
      Tidy up, don't exceed the number of requested bits.
      Credit to Felix.
      Merge branch 'erbridge-probable_primes'
      Constification - mostly originally from Chromium.
      More constification.
      Make depend.
      Fix possible buffer overrun.
      Reduce casting nastiness.
      Reduce casting nastiness.
      Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
      Fix single makefile.

Billy Brumley (1):
      "EC_POINT_invert" was checking "dbl" function pointer instead of "invert".

Bjoern Zeeb (1):
      RT671: export(i2s|s2i|i2v|v2i)_ASN1_(IA5|BIT)STRING

Bodo Moeller (15):
      Fix overly lenient comparisons:
      Sync CHANGES and NEWS files.
      Move the change note for partial chain verification: this is code from     the main branch (http://cvs.openssl.org/chngview?cn=19322) later added     to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and     thus not a change "between 1.0.2 and 1.1.0".
      Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG.     (This went into 1.0.2 too, so it's not actually a change     between 1.0.x and 1.1.0.)
      Simplify and fix ec_GFp_simple_points_make_affine     (which didn't always handle value 0 correctly).
      Sync with current 1.0.2 CHANGES file.
      Sync with clean-up 1.0.2 CHANGES file.     (If a change is already present in 1.0.1f or 1.0.1h,     don't list it again under changes between 1.0.1h and 1.0.2.)
      Update $default_depflags to match current defaults.
      Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and     group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).
      DTLS 1.2 support has been added to 1.0.2.
      Support TLS_FALLBACK_SCSV.
      Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv     handling out of #ifndef OPENSSL_NO_DTLS1 section.
      Fix SSL_R naming inconsistency.
      When processing ClientHello.cipher_suites, don't ignore cipher suites     listed after TLS_FALLBACK_SCSV.
      Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.

Bodo Möller (1699):
      Added comments to des_enc_{read,write} functions warning about their     cryptographic weakness (IV reuse).
      New option "-showcerts" for s_client
      Avoid EADDRINUSE for s_server.
      Be more optimistic about the availability of termios for ~ECHO,     because sgtty emulation tends to fail on various systems.     Submitted by:     Reviewed by:     PR:
      New "open issue" (ERR_...).
      Tiny comment to improve code comprehensibility.     Submitted by:     Reviewed by:     PR:
      Preprocessor file to allow testenc to test only those ciphers     that are available.     Submitted by:     Reviewed by:     PR:
      Bugfix: s_client occasionally would sleep in select() when it should     have checked SSL_pending() first.     Submitted by:     Reviewed by:     PR:
      Submitted by:     Reviewed by:     PR:
      Obsoleted by new openssl command "list-cipher-commands".     Submitted by:     Reviewed by:     PR:
      Don#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it.
      Submitted by:     Reviewed by:     PR:
      Some tiny fixes.
      Make Windows compilers happy.
      Cleaning up Ben's clean-ups :-)
      /* Just some comments. */
      Removed extra semicolons.
      New "Configure" entry (Solaris with debug info)
      Fixed some race conditions.
      Submitted by:     Reviewed by:     PR:
      Don't return 0 from ssl2_read when a packet with empty payload is received.
      CVS confusion?
      Submitted by:     Reviewed by:     PR:
      Change #include filenames from <foo.h> to <openssl.h>.
      Submitted by:     Reviewed by:     PR:
      Submitted by:     Reviewed by:     PR:
      Submitted by:     Reviewed by:     PR:
      "make depend"
      Submitted by:     Reviewed by:     PR:
      Submitted by:     Reviewed by:     PR:
      Submitted by:     Reviewed by:     PR:
      Submitted by:     Reviewed by:     PR:
      C indentation style definition for Emacs.
      Avoid "incomprehensible" errors when required definitions are missing.
      Restore ERRC definitions that are needed to compile the library.
      Removed superfluous reference to ERRC.
      "perl util/mkerr.pl -static -recurse -rebuild" because the previous     codebase apparently was inconsistent.  And crypto/Makefile.ssl     *does* need an ERRC ..     Submitted by:     Reviewed by:     PR:
      Some instructions for how to handle the <foo.h>  =>  <openssl/foo.h>     transition.
      Fix header files so that any one can be included first.
      cryptall.h is not needed for anything and cannot even be #include-d     without producing error messages.     Submitted by:     Reviewed by:     PR:
      Removed traces of cryptall.h, and did a "make depend".
      Comment changed.
      Fixed a typo.
      A new comment.
      Install various scripts to $(OPENSSLDIR)/misc instead of $(INSTALLTOP)/bin.
      A faster (and more general, and better documented) replacement for mklink.sh.
      Use util/mklink.pl instead of util/mklink.sh.
      Typo fixed.
      Fix make target "install".
      Obey $(PERL) when running util/mklink.pl.
      Pass PERL to sub-Makefiles during "make links".
      New Configure options "threads" and "no-threads".     For Solaris and Linux, "threads" (with proper compiler options)     is the default.     Submitted by:     Reviewed by:     PR:
      Submitted by:     Reviewed by:     PR:
      Support INSTALL_PREFIX for packagers.
      ignore Makefile.save
      Superseded by mklink.pl.
      Remove extra brace.
      Hopefully improved compatibility with earlier versions of Perl5.
      New function SSL_CTX_set_session_id_context.
      Broken line that was too long.
      Use correct error macro so that error messages make sense.
      Add "static" to function definition
      Point out the "rehashing skipped" is not a problem.
      Support verify_depth from the SSL API without need for user-defined     callbacks.
      New function SSL_CTX_use_certificate_chain_file.
      Entry for resolved error macro confusion.
      Annotate a bug.
      Some comments.
      Restored path names that were changed by a previous "Configure" run.     (Rather than changing the files in places, we really should use .in files.)     Submitted by:     Reviewed by:     PR:
      This was an unused derivate of an old version of s_client.c that had     been changed so that it almost could be used under Windows.     No one asked to keep it (and no one volunteered to bring it into useable     state), so away with it.     Submitted by:     Reviewed by:     PR:
      Use "const char *" instead of "char *" for filenames passed to functions.
      Move variable definitions into the blocks where they are really needed,     so that warnings about unused variables don't appear if those blocks     are removed by the C preprocessor.
      Some tiny changes to the source code to make future diffs smaller     when restructuring the cert_st handling (removed unnused parts,     and the like).     Submitted by:     Reviewed by:     PR:
      Makefile.save was missing here.     Submitted by:     Reviewed by:     PR:
      One comment was in the wrong line ... some others are new.     Submitted by:     Reviewed by:     PR:
      Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying     pointers.  The cert_st handling is changed by this in various ways.     Submitted by:     Reviewed by:     PR:
      No actual change, but the cert_st member of struct ssl_session_st is now     called sess_cert instead of just cert.  This is in preparation of further     changes: Probably often when s->session->sess_cert is used, we should     use s->cert instead; s->session->sess_cert should be a new structure     containing only the stuff that is for just one connection (e.g.     the peer's certificate, which the SSL client implementations currently     store in s->session->[sess_]cert, which is a very confusing thing to do).     Submitted by:     Reviewed by:     PR:
      New entry debug-solaris-usparc-gcc, as debug-solaris-sparc-gcc no longer     applies to usparc systems.     Submitted by:     Reviewed by:     PR:
      Moved some variable declarations inside blocks where they are needed     so that warnings about unused variables (for certain     -D... constellations) are avoided; this corresponds to the earlier     change for SHA1.     Submitted by:     Reviewed by:     PR:
      The various character predicates (isspace and the like) may not be     used with negative char values, so I've added casts to unsigned char.     Maybe what really should be done is change all those arrays and     pointers to type unsigned char [] or unsigned char *, respectively;     but using plain char with those predicates is just wrong, so something     had to be done.     Submitted by:     Reviewed by:     PR:
      Changed a comment.     Submitted by:     Reviewed by:     PR:
      Make SSL library a little more fool-proof by not requiring any longer     that SSL_set_{accept,connect}_state be called before     SSL_{accept,connect} may be used.     Submitted by:     Reviewed by:     PR:
      And I thought I could spell ... but in caps really everything looks the same.     Submitted by:     Reviewed by:     PR:
      Clarify comment.     Submitted by:     Reviewed by:     PR:
      argc counting bug fixed.     Submitted by: Tomas Hulek     Reviewed by:     PR:
      Comment.     Submitted by:     Reviewed by:     PR:
      First tiny changes in preparation of changing of "sess_cert" handling.     Also I've subsituted real tabs for 8-spaces sequences in some lines so that     things don't look that weird with a tab-width of 4.
      Spacing in comment corrected.
      For solaris-usparc configurations, avoid problems with GNU as, which     cannot handle all opcodes we need.
      New structure type SESS_CERT used instead of CERT inside SSL_SESSION.     While modifying the sources, I found some inconsistencies on the use of     s->cert vs. s->session->sess_cert; I don't know if those could     really have caused problems, but possibly this is a proper bug-fix     and not just a clean-up.
      Some tiny clean-ups related to the cert_st / sess_cert_st change.
      Don't use reserved name "_encrypt" for parameters;     instead I've picked "enc", because that's what's in the prototypes.     ("_encrypt" is reserved only as an external name, but still     using it in an application doesn't look like good style to me --     and it certainly isn't if the point is just avoiding shadowing,     which is apparently why the previous name "encrypt" was changed.)
      Add release dates to the "CHANGES" file, because that's an obvious     place to look for them.
      Change cast in function calls to that which is, I think, the right     one for those functions (is it?).
      Delete a wish.
      *** empty log message ***
      Introduce and use function typedef pem_password_cb so that we don't call     those functions without having a parameter list declaration.     (There are various similar cases left ...)
      Fix cryptlib.c.     Submitted by:     Reviewed by:     PR:
      Various bugfixes: Uses locking for some more of the stuff that is not     thread-safe (where thread-safe counterparts are not available on all     platforms), and don't memcpy to NULL-pointers     Submitted by: Anonymous     Reviewed by: Bodo Moeller
      Avoid compiler warnings for x86.
      A comment.
      Return 0 for an error, 1 for no error from read_options;     that's what the calling code seems to expect.
      Bugfix (set shutdown only when we should).     Submitted by: Oleg Girko
      e_os* corrections.
      e_os2.h is used for things that must be visible when external applications     use (certain parts of) OpenSSL.
      Use e_os2.h, not e_os.h in exported header file des.h.
      Get rid of another cast.
      Update dependencies.
      Don't run "make depend" automatically.
      Marked probable bug, pointed out by Anonymous.
      Added a comment pointing out the behaviour of "openssl x509 -conf ...",     which cost me some time to find out about.
      Change type of various DES function arguments from des_cblock     (meaning pointer to char) to des_cblock * (meaning pointer to     array with 8 char elements), which allows the compiler to     do more typechecking.  (The changed argument types were of type     des_cblock * back in SSLeay, and a lot of ugly casts were     used then to turn them into pointers to elements; but it can be     done without those casts.)
      DES changes.
      Keep text lines less than 80 characters wide.
      Rename "openssl x509" option "-config" to "-extfile", because it     doesn't have a default value like the "-config" options of other     openssl subprograms.
      gcc (in some versions) doesn't like the const_des_cblock typedef.     So omit it for now :-(
      Additional, more descriptive error message for rejection of a session ID     because of missing session ID context (so that application programmers     are directly pointed to what they should do differently).
      Make MD5 work on Alpha, and fix a bug.     Submitted by: Andy Polyakov
      Substitute spaces for tab.
      If we couldn't handle "-showcerts" (which happens with the current     SSL2 implementation), show at least the server certificate.
      Get rid of some unnecessary casts and add a necessary one.
      For Solaris with old gcc versions (that don't understand     -mcpu=ultrasparc), don't silently step to solaris-sparc-gcc, which     would unnecessarily use less efficient assembler code.     Instead, use new configuration variant solaris-usparc-oldgcc;     this also means that someone who reads the output of ./config will     notice that it may be advantegeous to upgrade gcc.
      Bugfix: GCCVAR contains two lines ("Reading specs ..." and the actual     version), so we need        echo $GCCVAR | sed ...     instead of        echo "$GCCVAR" | sed ...     to process it as intended.
      Convert gcc version detection (for solaris-usparc-gcc) into a form     better suited for finding what went wrong in case that some compiler     versions create an output we can't parse.
      Note that the numbering scheme used to be different.
      Add -mv8 to solaris-usparc-oldgcc.
      Change self-description (mklink.pl is not just faster than the last     released version of mklink.sh -- the latter couldn't even handle     the ../../include/openssl case).
      Some solaris-usparc MD5 fixes.
      Don't install e_os.h in include/openssl, use it only as a local     include file.
      Add a kludge :-(     There were problems with putting e_os.h just into the top directory,     because the test programs are compiled within test/ in the "standard"     case in in their original directories in the makefile.one case;     and in the latter symlinks may not be available.
      It was a very bad idea to use #include "../e_os.h" -- when this occurs     in cryptlib.h (which is often included as "../cryptlib.h"), then the     question remains relative to which directory this is to be interpreted.     gcc went one further directory up, as intended; but makedepend thinks     differently, and so probably do some C compilers.  So the ../ must go away;     thus e_os.h goes back into include/openssl (but I now use     #include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --     and we have another huge bunch of dependency changes.  Argh.
      Older versions of SINIX C development system inherited a bug from     SGI' cc; enable workaround.     Submitted by: Martin Kraemer
      Remove traces of bad idea :-)
      We need e_os.h here.
      Avoid memory hole when we don't like the session proposed by the client
      Let ssl_get_prev_session reliably work in multi-threaded settings.
      Comment about bug.
      Detect linux-mips.
      Don't use NULL-pointer :-/
      Final version for 0.9.3.
      Update for 0.9.3.
      Last minute VMS updates for 0.9.3.     Submitted by: Richard Levitte
      Temporary workaround for IRIX64 build.     Submitted by: Andy Polyakov <appro at fy.chalmers.se>
      Add closing parenthesis to usage output.
      Set #!... path to Perl in apps/der_chop automatically.
      Circument egcs bug.     Submitted by: Andy Polyakov <appro at fy.chalmers.se>
      I386_ONLY is defined in opensslconf.h, so we need to include it.     Submitted by: John Keith <jtkeith at kavi.com>
      der_chop is now generated from der_chop.in.
      Ignore directories created by "make -f makefile.one".
      Change function call according to current API.
      *** empty log message ***
      Updated some demos.     Submitted by: Sean O Riordain <Sean.ORiordain at cyrona.com>
      Updated C++ SSL demos.     Submitted (a month ago) by: Wade Scholine
      Include <stdio.h>.
      sco5-gcc configuration.
      Some assembler-related clean-ups.
      Pass INSTALL_PREFIX to subdirectories of crypto
      BSD/OS 4.x support (bsdi-elf-gcc)
      Adjust bsdi-elf-gcc to look more like FreeBSD-elf, linux-elf and the like.
      Complain about deficiency of internal_verify.
      "BTW, I no longer have a wish for this. This was solved in other ways."     Mats Nilsson <mats.nilsson at xware.se>,     <4.1.19990531095211.040bf2e0 at berit.xware.se> to <openssl-dev at openssl.org>
      More consistency.
      more typesafe stacks ...
      Labels longer than eight characters might cause problems.
      "linux-sparc64-gcc" configuration     Submitted by: Ray Miller <ray.miller at oucs.ox.ac.uk>
      remove conflict indicator ...
      More general definition for S_ISDIR (needed not only for VMS but     also for NeXT).
      "linux-sparc" configuration.
      Comments added.
      Use only -O, not -O3 for NeXTstep:
      mkdir -p is not fully portable (according to Marc Crispin,     NeXTstep creates a directory called -p); now mkdir-p.pl does its job.
      Mention mkdir-p.pl.
      Introduce "BIO pairs", which (when finished) will relay data     so that the SSL library can be used for applications that     have to handle all the actual I/O themselves.
      Don't mix real tabs with tabs expanded as 8 spaces -- that's     a pain to read when using 4-space tabs.
      treat init properly
      Use the same path to perl in all #! lines in util.
      Use locking in a way that makes more sense.
      Fix for BIO pairs.
      Don't make assumptions on what the path looks like.
      Use mkdir-p.pl more efficiently.
      "request" added.
      Some pre-POSIX systems don't have unistd.h (but e.g. lib.c).     Allow configuring the name of that header file.
      Mention unistd.h.
      DES CBC change looks dubious to me.
      "make update" (added to top Makefile, and applied).
      Unify DES library: ncbc_enc.c wasn't used, but its content was almost     duplicated in cbc_enc.c (without IV updating) and in des_enc.c
      Update dependencies.
      des_cbc_encrypt / des_ncbc_encrypt issue.
      Delete unnecessary newlines in TABLE
      Oops, I forgot to add the dependency "TABLE: Configure".
      Repair PEM_write_PrivateKey and PEM_write_bio_PrivateKey.
      tiny optical change
      Another <unistd.h> ...
      Avoid warnings.
      Avoid warning.
      Try to detect NeXT 3.3 (working Configure entry for this still missing)
      hpux-cc (HPUX 9.x) does not work with BN_LLONG (floating point exceptions).
      NeXT 3.3 can handle -O3 (3.0 can't).
      Don't use unquoted whitespace in "case" case.
      Changes for BSD/OS 4.
      BIO pairs.
      "make update"
      Avoid some warnings (on silly compilers).
      Provide fallback configurations for all hpux... configurations     (problems with BN_LLONG have been reported both for hpux-cc     and for hpux10-gcc).
      rc4_locl.h and bf_locl.h incorrectly defined _HEADER_...;     opensslconf.h always expects HEADER_... (no leading underscore).
      Comment adjusted to reality.
      long obsolete
      Don't try to use zero-byte buffers.
      Some people don't have /dev/fd/0 on Solaris, so use - instead.
      Don't access configuration files outside the source tree.
      Use same name in the definition as in the header file declaration :-/     (the extra "get" makes the name quite long, but otherwise it'd sound     as if you could request something rather than obtain information     about what the peer did).
      New function CRYPTO_num_locks.
      "make update"
      "make update"
      Perl variable names are case-sensitive ...
      Make some debug-... configurations more useful for debugging.
      Don't use inline assembler when configured for "no-asm".
      Avoid some memory holes, one of which was pointed out by     "Chad C. Mulligan" <mulligan at antipope.org>.
      Close another memory hole.
      Memory leak checks.
      Update TABLE.
      configuration change for debugging
      The Mingw32 configuration entry was missing one colon (found by     "Zot O'Connor" <zot at ZotConsulting.com>).     Also, Windows probably does not need the warning about multi-threading.
      Fix comments.     Submitted by: Anonymous
      With mingw32, use "long long" rather than "_int64" (the latter does     not work, at least the package mentioned in INSTALL.W32 does not know     about it).
      Don't use ...-oldgcc for egcs compiler.
      New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is     SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
      make debug-solaris-[u]sparc-gcc more useful
      Disable asserts for standard configurations.
      avoid confliction definitions of NDEBUG
      improve readability of #if conditions (ELF, if defined, supersedes BSDI     [which we don't really define if ELF is defined, but who knows])
      Updated to reflect recent "Configure" modification.
      Don't confuse mk1mf.pl by combining multiple options into one.
      Mention modification to Configure.
      remove editing artifacts
      Provide CFLAGS and PLATFORM information on Windows platforms.
      Fix memory checking.
      New function RSA_check_key,     openssl rsa -check
      New function RSA_check_key.
      correct error handling
      Looks like another memory leak ...
      typo in string
      fix memory leak in s3_clnt.c
      cosmetic changes
      Judging from various messages on the OpenSSL mailing lists, HP-UX 10     with cc (but not gcc) seems to work well with BN_LLONG; but -O4 is too     much.
      Fix option processing.     Submitted by: Sam Tetherow
      "make clean" has to delete date.h
      Add optional (compile-time configurable) time to CRYPTO_mem_leaks output.     This is much more helpful than the counter when doing tests with the library     interactively.
      Have CRYPTO_MDEBUG_TIME automatically set CRYPTO_MDEBUG,     and make it the default for some debugging configurations.
      New compile time option -DCRYPTO_MDEBUG_THREAD.
      "make TABLE" (to follow recent Configure change)
      Auto-generated file -- this should not be under version control     (and the other */asm/*.cpp files are not)
      slight clean-up
      avoid -DPLATFORM=\"...\" and -DCFLAGS=\"...\" command lines,     use new file buildinf.h instead.
      Additional user data argument to pem_password_cb function type     and to lots of PEM_... functions.     Submitted by: Damien Miller <dmiller at ilogic.com.au>
      additional argument for key_callback
      Torture weak compilers less by not automatically including x509.h where     it is not needed.
      date.h no longer to be deleted by "make clean"
      ignore r586unix.cpp
      Don't include x509.h when we just need asn1.h
      summary of Andy's changes to Configure
      -DPLATFORM and -DCFLAGS command line arguments are no longer used.
      change CFLAGS to those given in Configure
      Use correct CFLAG definition for makefile.one builds.
      close files.
      Always use buildinf.h, which now includes the mk1mfinf.h data.     Using different files caused problems because the dependencies     in the Makefiles produced by mk1mf.pl were for the standard case,     i.e. mentioned buildinf.h and not mk1mfinf.h.
      correct error signalling for opendir() failure
      by request: let BN_dup(NULL) just return NULL
      don't prematurely shut down socket -- use SSL_shutdown
      SSL_shutdown was done too early.
      The SSL_CTX's cert structure is not relevant for the SSL     (because now SSL_new makes a copy).
      avoid cast
      fix previous modification -- if ssl->cert is NULL, don't follow the pointer.
      generate error message
      avoid some NO_<cipher> problems
      Revert previous change -- it was an accident.
      automatically use no-mdc2 if no-des is requested.
      Revert erroneous change.
      0.9.4 won't be completed in July ...
      improve clarity of instructions
      Add a wish.
      New function DSA_dup_DH, and fixes for bugs that were found     while implementing and using it.
      Dont' assume that something starting with '-' is a filename --     "openssl gendsa -help" now prints the usage summary, not error     messages that now file -help was found.
      fix the bug
      change formatting a bit
      add some more entries for 0.9.4
      New option "-crlf" to s_client and s_server which tells them to convert     LFs into CRLFs when forwarding data from stdin to the TLS connection.     This is necessary for properly talking HTTP.     Because of the code freeze this change is by default disabled for now;     without -DAPPS_CRLF, the code is exactly as before.
      more consistent formatting
      add comments
      Provide fixed seed for parameter generation to speed up -dhe1024.
      -crlf option.
      BIO_write and BIO_read could, in theory, return -2.
      Updates.     Prototypes and constant declarations for non-copying reads and writes for     BIO pairs (which is totally untested as of now, so I don't yet commit     the actual source code, but reserve the numbers to avoid conflicts).
      Fix typo.
      Submitted by: Lidong Zhou <ldzhou at cs.cornell.edu>
      Remove -DWINDOWS in debug configuration.
      Disable the text about foo.h => openssl/foo.h.     Everyone should have got it by now.
      Return 0 for succesful exit when -noout is used.
      Really undo the base64 change so that make test survives
      Fix horrible (and hard to track down) bug in ssl23_get_client_hello:     In case of a restart, v[0] and v[1] were incorrectly initialised.     This was interpreted by ssl3_get_client_key_exchange as an RSA decryption     failure (don't ask me why) and caused it to create a _random_ master key     instead (even weirder), which obviously led to incorrect input to     ssl3_generate_master_secret and thus caused "block cipher pad is     wrong" error messages from ssl3_enc for the client's Finished message.     Arrgh.
      Handle "#if 0" correctly (I hope)
      Use closesocket macro consistently, not close directly, for easier     portability.     Submitted by: Lennart BÃ¥ng
      -no_dhe option for ssltest.c
      Fix server behaviour when facing backwards-compatible client hellos.
      Make previous bugfix actually work
      use explicit constant 11 just once
      Reinitialize global variables when necessary (for monolith application).
      Reinitialize conf to NULL whenver ca application is started.     Submitted by: Lennart Bang
      Non-copying interface to BIO pairs.     It's still totally untested ...
      some more patches for avoiding problems with non-automatic variables
      Re-enable message about transition <foo.h> => <openssl/foo.h>     because various programs are not updated that often     and hence still expect header files names without the openssl/ prefix.
      Truncate message about "new" include filenames
      Use non-copying BIO interface in ssltest.c.
      "make update"
      Repair another bug in s23_get_client_hello:     tls1 did not survive to restarts, so get rid of it.
      Fix yet another bug for client hello handling.
      Set s->version correctly for "natural" SSL 3.0 client hello
      Add some debug-solaris-...-cc configurations.
      typo in a comment
      Update dependencies.
      Document -startdate and -enddate in usage summary.
      Keep line lengths < 80 characters.
      Fix typo that I introduced when reformatting lines.
      Use a temporary file, not a pipe, for BN test because there are some     broken bc's around.
      Bugfix: avoid opening CAfile when it's NULL.
      Honor BUFSIZZ definition in s_server, don't use tiny 32 byte     buffer (which leads to truncation of client cipher list).
      Fix typo in error message.
      new control code BIO_C_RESET_READ_REQUEST
      "make update"
      Pass $(RANLIB) when doing "make install" in subdirectories;     rsaref needs ist.
      Use of DEVRANDOM must be #ifdef'ed (the #ifdef was commented out     between SSLeay 0.8.1b and 0.9.0b with no apparent reason).     If we *want* an error when DEVRANDOM is not defined (it always is with     the current e_os.h) we should use #error.
      Respect PEX_LIBS and EX_LIBS when building binaries     (needed for RSAREF builds)
      Improve support for running everything as a monolithic application.
      Update Borland C++ builder support.
      Report an error from X509_STORE_load_locations     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
      Various randomness handling bugfixes and improvements --     some utilities that should have used RANDFILE did not,     and -rand handling was broken except in genrsa.
      New file app_rand.c with some functionality used in various openssl     applications.
      Don't be overly paranoid.
      Warn about RANDFILE being overwritten.
      Make md_rand.c more robust.
      Always hash the pid in the first iteration in ssleay_rand_bytes,     don't try to detect fork()s by looking at getpid().     The reason is that threads sharing the same memory can have different     PIDs; it's inefficient to run RAND_seed each time a different thread     calls RAND_bytes.
      Avoid some warnings.
      Undo silly change.
      Avoid deadlock.
      Store verify_result with sessions to avoid potential security hole.
      Restore traditional SSL_get_session behaviour so that s_client and s_server     don't leak tons of memory.
      Add functions des_set_key_checked, des_set_key_unchecked.     Never use des_set_key (it depends on the global variable des_check_key),     but usually des_set_key_unchecked.     Only destest.c bothered to look at the return values of des_set_key,     but it did not set des_check_key -- if it had done so,     most checks would have failed because of wrong parity and     because of weak keys.
      Use des_set_key_unchecked, not des_set_key.
      Useless files deleted -- they were just copies of files of the same name     in the apps/ directory (which were recently changed).
      Add missing semicolon to make compiler happy, and switch back     from MemCheck_start() to CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)     because that is what applications should use     (MemCheck_start/stop never really worked for applications     unless CRYPTO_MDEBUG was defined both when compiling the library     and when compiling the application, so probably we should     get rid of it).
      Add a comment.
      Point out that openssl-bugs is public.
      Avoid shadowing p to make the compiler happy.
      - Don't assume that int and size_t have the same representation       (and that malloc can be called with an int argument).     - Use proper prototypes (with argument list) for various function pointers,       avoid casts  (however there are still many such cases left in these files).     - Avoid collissions in app_info_cmp if sizeof int != sizeof long.     - Use CRYPTO_LOCK_MALLOC in mem_dbg.c.
      fix typos and other little errors ...
      Rename        CRYPTO_add_info    => CRYPTO_push_info        CRYPTO_remove_info => CRYPTO_pop_info     in the hope that these names are more descriptive;     and "make update".
      Correct spelling, and don't abuse grave accent as left quote     (which was allowed by old ASCII definitions but is not compatible     with ISO 8859-1, ISO 10646 etc.).
      fix comment
      Delete NO_PROTO section (which apparently was just a typo for NOPROTO --     if anyone had actually ever needed that they should have fixed this typo)
      Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,     they can sometimes be different memory structures.
      Don't request client certificate in anonymous ciphersuites     except when following the specs is bound to fail.
      Rename CA.pl to CA.pl.in (no actual changes), and let Configure     set the #! line with the path to Perl.
      Slight code cleanup for handling finished labels.
      Use prototypes.
      Use separate arrays for certificate verify and for finished hashes.
      Use less complicated arrangement for data strutures related to Finished     messages.
      New functions SSL_get_finished, SSL_get_peer_finished.
      add "UnixWare", treated like "unixware"
      add V_CRYPTO_MDEBUG_ALL     Submitted by:     Reviewed by:     PR:
      make no-des and no-rc2 work.
      apps/openssl.cnf and the documentation say it's "nombstr",     but crypto/asn1/a_strnid.c had "nombchar".
      CA.pl is now generated automatically (using CA.pl.in as input)
      Use basename instead of complicated sed line.
      Unify doc/openssl.pod and doc/man/openssl.pod, which were almost the     same and now are identical.     The next step will be to delete doc/openssl.pod, this is just     to see the individual CVS deltas.
      superseded by doc/man/openssl.pod
      s_client and s_server now have their own man pages.
      Clean up some of the SSL server code.
      The buffer in ss3_read_n cannot actually occur because it is never     called with max > n when extend is set.
      add check for internal error
      add dependency and auto-generation rule for bn_prime.h     (created by bn_prime.pl, which now prints the copyright/license     note as found in bn_prime.h)
      Turn BN_prime_checks into a macro.
      Note about CRYPTO_malloc_init
      Use CRYPTO_push_info to find a memory leak in pkcs12.c.
      note about things still to do with RAND_bytes
      slightly change usage information
      Use CRYPTO_push_info to track down memory leak     (only the CRYPTO_push_info's in the apps/ directory     are included in the CVS commit, not all those I used     in crypto/)
      Avoid shadowing variables,     and re-enable seeding with more data than read from DEVRANDOM -- just     don't pretend it contains entropy.
      Avoid some warnings, and run "make update".
      - Pseudo-seed the PRNG in programs used for "make test"       because otherwise BN_rand will fail unless DEVRANDOM works,       which causes the programs to dump core because they       don't check the return value of BN_rand (and if they       did, we still couldn't test anything).
      In EVP_PKEY_assign[_...], return 0 for an error when they     "key" is NULL.
      Let "make test" survive without DEVRANDOM     (and rename a target in test/Makefile.ssl to make it     easier to guess the name of the file executed by it)
      Delete "random" file .rnd in "make clean".
      Enable memory checking earlier (we correctly free everything     except for the BIO through which we print the memory leak list,     and the leak printing function ignores this one block).
      RAND_bytes's return values is 0 for an error, not -1.
      add "randomness"
      In ssl3_read_n, set rwstate to SSL_NOTHING when the requested     number of bytes could be read.
      SSL_R_UNSUPPORTED_PROTOCOL (as in s23_clnt.c) for SSL 2 when     NO_SSL2 is defined, not SSL_R_UNKNOWN_PROTOCOL.
      Define WINDOWS.
      Define WINDOWS for Mingw32 and Cygwin.
      Rename lst1 to list1 to avoid name conflict on some platforms.
      Define WINDOWS in all Mingw32 cases.
      mention manual pages
      doc/man moved to doc/apps
      Don't "goto err" in client_master_key because no such label exists;     just return -1 as in other error cases.
      add ERR_print_errors after "end" label.
      In RAND_write_file, truncate the file to the no. of bytes written     (we're now using fopen(..., "rb+") instead of fopen(..., "wb"),     so the file is not truncated automatically).
      Avoid integer overflow in entropy counter.     Slightly clarify the RAND_... documentation.
      change comments
      update PRNG documentation/comments
      As ftruncate is not availabe on all platforms, switch back to     opening the output file with "wb" to truncate it except on VMS     (where the file now keeps its original length because it is opened     with "rb+" -- does VMS have ftruncate?)
      Under VMS, ftruncate should be available
      The des_xcbc_encrypt apparently always fails.     Workaround so that "make test" continues anyway.
      RAND_pseudo_bytes is good enough for encryption IVs,     we should not need RAND_bytes (and we cannot use the latter     unless we load a seed file)
      RAND_load_file(..., -1) now means "read the complete file";     this is what we now use to read $RANDFILE / $HOME/.rnd.     (Previously, after 'cat'ting lots of stuff into .rnd     only the first MB would be looked at.)
      Give the correct e-mail address even though the message is not quite serious
      Document RAND_load_file change.
      Improve clarity.
      Avoid a race condition.
      New manual page.
      Some comments added, and slight code clean-ups.
      Correct typos that ispell did not find.
      Small correction.
      Update references.
      enable Montgomery test
      Add a pointer to a paper (is the algorithm in section 4.2 the     word-based algorithm we are using?)
      Update comments to provide a better approximation of reality.
      typo in a comment
      A couple of things were reversed for BN_pseudo_rand ...
      more information on 0.9.5
      Make DSA_generate_parameters, and fix a couple of bug     (including another problem in the s3_srvr.c state machine).
      Tiny changes to previous patch (the log message was meant to be     "Make DSA_generate_parameters faster").
      Make output of "openssl dsaparam 1024" more interesting :-)
      Documentation for BN_is_prime_fasttest.
      Reference for SHA-1.
      Change log entry completed.
      Pointer to important manual page that should be written.
      Typo in preprocessor symbol.
      If n0 == d0, we must alway compute 'rem' "by hand"
      rndsort{Miller, Rabin} primality test.
      Tolerate negative numbers in BN_is_prime.
      Include OpenSSL license.
      Some 'const's for BNs.
      Correct spelling as it was done in the source.
      Use correct, not American spelling.
      Report progress as in dsatest.c when creating a DHE key.
      Generate just one error code if iterated SSL_CTX_get() fails.     Avoid enabled 'assert()' in production library.
      Commit patch to bn.h that CVS decided to throw away during 'cvs update',     and initialize too_many because memset(..., 0, ...) is not used here.
      Cosmetic changes.
      Correction: openssl.c must get the long version of the apps_startup()     macro
      Memory leak.
      Note about des_ncbc_encrypt.
      16 * 8 = 128.
      'passwd' tool.
      Implement MD5-based "apr1" password hash.
      Casts now unnecessary because of changed prototype.
      Make sure the return value of by_file_ctrl(..., X509_L_FILE_LOAD, ...)     aka X509_LOOKUP_load_file(...) is always 0 or 1, not the counter     returned from the recently introduced function X509_load_cert_crl_file.     X509_STORE_load_locations expects X509_LOOKUP_load_file to return 1 on     success, and possibly there's other software that relies on this too.
      add missing 'static'
      Avoid potential conflicts between #defines in opensslconf.h and     defines when compiling applications, and allow applications to     select what #defines to enable -- OPENSSL_EXLUCDE_DEFINES     enables the "#define NO_whatever" stuff only, which avoids     potential severe confusion caused by "#define _REENTRANT" when     opensslconf.h is not the first header file #included.
      Stay compatible to older Perl5 releases (see diff -r1.11 -r1.12).
      Change the example to show apr1 with an 8-character salt.
      Keep variable names consistent with corresponding pre-processor     symbols.
      Allow for higher granularity of entropy estimates by using 'double'     instead of 'unsigned' counters.     Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.
      Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.
      ignore Client Hellos when we're in handshake anyway
      Workaround for irrelevant problem.
      Move MAC computations for Finished from ssl3_read_bytes into     ssl3_get_message, which is more logical (and avoids a bug,     in addition to the one that I introduced yesterday :-)     and makes Microsoft "fast SGC" less special.     MS SGC should still work now without an extra state of its own     (it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state     for reading the body of a Client Hello message), however this should     be tested to make sure, and I don't have a MS SGC client.
      More news.
      Move ssl3_do_write from s3_pkt.c to s3_both.c.
      Fix some bugs and document others
      Workarounds to make broken programs happy (such as s_client and s_server).
      Avoid filename "test.c" because otherwise "make test"     will invoke a default rule built into make.
      Don't define platform-dependent preprocessor symbols for OPENSSL_THREAD_DEFINES.
      Do fflush(stdout) when there was an error.
      Don't use buffered fread() to read from DEVRANDOM,     because this will drain the entropy pool.
      Version 0.9.5beta2-dev (so that the next snapshot will not     claim to be 0.9.5beta1).
      handle entropy estimate correctly
      Use threads for linux-ppc.
      Ignore files that, well, should be ignored.
      Fix warnings by using unsigned int where appropriate.
      In "make clean", delete files created by "make report".
      Fix off-by-one error :-)
      Add OpenSSL licen[cs]e.
      The previous revision should have generated _more_ warnings, not less ...     The return value of handshake_func is signed, not unsigned.
      Use unsigned loop index to make compilers happy
      More get0 et al. changes.  Also provide fgrep targets in CHANGES     where the new functions are mentioned.
      Add a comment.
      Use standard header file string.h for memset prototype (where     "standard" refers to the C language, probably there's also some     standard that defines memory.h).
      Switch to 0.9.6, and finally remove the annoying message     about renamed header files.
      Point to INSTALL.MacOS for MacOS pre X.
      Check BN_rand return value.
      'rand' application for creating pseudo-random files.
      Document the 'rand' application.
      'rand'/'-rand' documentation.
      Change comment.
      Use RAND_METHOD for implementing RAND_status.
      Add missing dependencies.
      Update comment.
      Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts.
      Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts.
      Fix for previous patch: If RAND_pseudo_bytes returns 0, this is not an error.
      New '-dsaparam' option for 'openssl dhparam', and related fixes.
      Avoid potential memory leak in code generated by 'openssl dhparam -C'.
      Use signed type where -1 may be returned.
      Add an #include.
      Note about PRNG error message for openssl command line tool.
      Generate correct error reasons strings for SYSerr.
      Change output text (ar is not a linker).
      Read complete seed files given in -rand options.
      There is no reason to use downcase letters throughout in error reason     strings, it's just the default because it's usually ok.
      Preserve reason strings in automatically build tables.
      Add missing include (only MONOLITH builds were possible without it).     Submitted by: Andrew W. Gray
      Fix the indentation, and avoid a compiler warning.
      {NEXT,OPEN}STEP don't have pid_t.
      Manual page installation did not work if INSTALL_PREFIX was a relative path.
      another typo
      Change to code generated by 'dhparam -C':
      Always use fixed DH parameters created with 'dhparam -C',     don't dynamically create them.  This allows using ssltest     for approximate performance comparisons:        $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \          [-no_dhe|-dhe1024dsa|-dhe1024]     (server2.pem contains a 1024 bit RSA key, the default has only     512 bits.) Note that these timings contain both the server's and     the client's computations, they are not a good indicator for     server workload in different configurations.
      Mention -ign_eof.
      Use signed types where necessary, and add missing functionality     to make SSL_nread0 work.
      On NeXT, ssize_t is int, not long (see <sys/types.h> -- the definition     is activated only when _POSIX_SOURCE is defined).
      Workaround for Windoze weirdness.
      cleaning up a little
      Remove Win32 assembler files.  They are always rebuilt (with some     choice of parameters) when they are needed.
      Connection timings (using ISO C function clock()).
      Copy DH key (if available) in addition to the bare parameters     in SSL_new.     If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh     on computing a DH key that will be ignored anyway.
      Don't try to test the RSA command if it is not available.
      Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
      Update usage info
      Include a timing test that works without RSA.
      "openssl no-..." commands for avoiding the need to grep     "openssl list-standard-commands".
      Run test_ssl last -- it's the only test that really uses the SSL library     in addition to the crypto library.
      Clarifications for 'no-XXX'.
      another typo
      Remove "Makefile.uni" files and some related stuff.     This was meant for building individual ciphers separately;     but nothing of this is maintained, it does not work     because we rely on central configuration by the Configure     utility with <openssl/opensslconf.h> etc., so the files     are only wasting space and time.
      Use correct function names in SSLerr macros.
      Insert a comment: This is one of the few files in this directory     that is actually used (even though it may not appear so at first     sight).
      SSL_ALLOW_ADH no longer has a meaning.
      Avoid a warning.
      Remove CRYPTO_push/pop_info invocations to improve code readability --     I hope all memory leaks that may occur here have already been tracked down.
      Point out the PRNG usage bug affecting openssl rsa.     (Should we point to snapshots, or directly give the one-line patch?)
      Eliminate memory leaks in mem_dbg.c.
      Document pseudo-commands.
      "make update"
      Update for new hpux-parisc-cc-o4 entry.
      Explain configuration options more completely.
      List "no-..." option first because it's the most frequently needed one.
      NeXT workaround.
      Comments for SSL_get_peer_cert_chain inconsistency.
      Fix typo in -clrext option, but add a compatibility hack because     0.9.5a should not break anything that works in 0.9.5.
      'entropy >= ENTROPY_NEEDED' should be evaluated while the     variables are locked.
      Entry for ssleay_rand_status locking fix.
      Extend entry on ERR_print_errors.
      Avoid memory leak.
      In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites
      "make update" for DSO additions.
      Minor corrections.
      New function ERR_error_string_n.
      Ignore lib and Makefile.save.
      Warn about truncation also in the case when a single password is read using     the password prompt.
      Stylistic changes: Don't use a macro for the malloc'ed length since it     is not constant.
      Avoid leaking memory in thread_hash (and enable memory leak detection     for it).
      Add missing #include.
      Fix a memory leak, and don't generate inappropriate error message     when PEM_read_bio_X509_REQ fails.
      Note apps/x509.c bugfixes.
      When open()ing 'file' in RAND_write_file, don't use O_EXCL.     This is superfluous now that we don't have to avoid creating     multiple versions of the file on VMS (because older versions     are now deleted).
      Add "FIXME" comment, and adjust the indentation.
      Fix "FIXME" indentation :-)
      Add required cast.
      Avoid sprintf.
      Avoid sprintf, and harmonize indentation.
      Avoid sprintf.
      Avoid sprintf
      Implement SSL_OP_TLS_ROLLBACK_BUG for servers.
      Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.
      Improve PRNG robustness.
      Add "FIXME" comment.
      Move Windows seeding functions into a separate file.     They have nothing to do with the particular PRNG (md_rand.c).
      When compiling with /opt/SUNWspro/SC4.2/bin/cc on Solaris, __svr4__ is     not defined, but __SVR4 is.
      strtoul is not used anywhere.
      dh and gendh have been obsoleted by dhparam.
      int may be smaller than 32 bits.
      use consistent indentation
      No need to abort if c_rehash fails here (e.g. because Perl is not where     it is expected).
      Speed up DH with small generator.
      Use the equivalent of a sliding window (without precomputation     because we're only handling words anyway) in BN_mod_exp_mont_word     making it a little faster for very small exponents,     and adjust the performance gain estimate in CHANGES according     to slightly more thorough measurements.     (15% faster than BN_mod_exp_mont for "large" base,     20% faster than BN_mod_exp_mont for small base.)
      Add entry that Richard forgot.
      Slightly faster DSA verification (BN_mod_exp2_mont),     marginally faster BN_mod_exp for 1024 bit exponents.
      Accept -F4 option in lower case, which is what the usage information     says one should use.
      Harmonize indentation.
      Another attempt to allow compiling on SunOS 4.*.
      Comment for increased code clarity.
      Comment about bcopy on SunOS 4.x.
      BN_mod_exp_mont_word entry:     Don't give performance gain estimates that appear to be more precise     than they really are, especially when they are wrong     (2/(1/1.15 + 1) = ca. 1.0698).
      In longer tests with g=2, DH exchange does not become quite as fast     as expected -- maybe it's the different processor, maybe my     previous timings were too inaccurate.
      Use BN_CTX_end when exiting early from BN_mod_exp_mont_word because     BN_mod_exp_atalla could be used.
      This probably fixes a BN_rshift bug.
      Report "error" (usually just "File exists", which is harmless)     when symlink() fails.
      There are compilers that complain if a variable has the same name as a     label. (Reported by Alexei Bakharevski.)
      In EVP_BytesToKey, replace explicit "8" by "PKCS5_SALT_LEN".
      Using speaking "variable" names in macros so that e.g. grepping for     sk_whatever_insert and sk_whatever_set immediately reveals the subtle     difference in parameter order.
      Add OPENSSL_free at the end of CRYPTO_destroy_dynlockid.
      Avoid unnecessary links and incomplete program file in apps/.
      In BN_mod_exp_mont_word, avoid one application of BN_MOD_MUL_WORD,     and for small 'a' also a couple of calls to     BN_mod_mul_montgomery(r, r, r, ...).
      Actually comment out the parts of BN_MOD_MUL_WORD that I inteded to     comment out in the previous commit
      BSD-style MD5-based password algorithm in 'openssl passwd'.     (Still needs to be tested against the original using sample passwords     of different length.)
      Don't dereference NULL pointers.     Submitted by: bowe at chip.ma.certco.com
      Fix code structure (if ... else if ... where both parts     may be disabled by preprocessor symbols)
      Return bignum '0' when BN_rand is asked for a 0 bit random number.
      Add an early reference to BN_CTX_new so that the usage of BN_CTX_start     is easier to grasp.
      Document -purpose option in usage string.
      Bugfix: use write locks, not just read locks
      crypto/err.c bugfix
      Fix SSL 2.0 rollback checking: The previous implementation of the     test was never triggered due to an off-by-one error.
      Document rollback issues.
      Update 'openssl passwd' documentation on selection of algorithms.
      Include SKIP DH parameters with OpenSSL.     These have been created by a SHA.1 based procedure, see     http://www.skip-vpn.org/spec/numbers.html.     (These values are taken from that document, I have not     implemented the prime generator.)
      -N option to diff is not essential, and mentioning it is unnecessarily     confusing to people whose diff doesn't implement it.
      QNX 4 support.
      Use C syntax, not FORTRAN or whatever that was :-)
      Undo change from 1.7 to 1.8:
      Tell CVS to ignore 'lib'.
      Include MD4 in documentation.
      -Wall insists that main return an int.
      Fix for BN_mul_word(a, 0).
      Avoid abort() throughout the library, except when preprocessor     symbols for debugging are defined.
      Use consistent indentation,
      Remove silly test for b->references at the end of BIO_write:     If some other thread deletes the BIO that one thread needs for     BIO_write, then there's a lot of trouble anyway; there's     nothing special about calling the callback.
      Ignore Makefile.save
      Increase print buffer (10K instead of just 2K).
      Mention fix in bio_lib.c.
      Clarification for SSL_ERROR_ZERO_RETURN
      Add rsautl.
      Add OAEP. Seed the PRNG.
      Changes for QNX: there is no thread support, and the previous     configuration only worked with no-asm.
      'make update'
      Fix X509_STORE_CTX_init.  Make indentation more consistent.  Dump core less often.
      More indentation consistency: for (), while (), if (), return ()     usually get a space between keyword and opening paranthesis     so that they don't look like function calls, where no space is     used.
      Another round of indentation changes: Position braces consistently,     add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish     keywords from function names, and finally remove parens around return     values (why be stingy with whitespace but fill the source code     with an abundance of parentheses that are not needed to structure     expressions for readability?).
      Another superfluous pair of parentheses.
      See RSA Security's press release at     http://www.rsasecurity.com/news/pr/000906-1.html (September 6, 2000):     "RSA Security Releases RSA Encryption Algorithm into Public Domain"
      Get rid of ASN1_UTCTIME_get, which cannot work with time_t     return type (on platforms where time_t is a 32 bit value).
      Use name ...-whatever-solaris2 instead of ...-sun-solaris2     (the middle string describes the architecture).
      clarification (source/sink BIOs are usually *both* source and sink)
      New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default     behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
      'make update'
      Some small clarifications.
      Change spelling back to "behaviour" and "flavour" instead of the     American variants.
      TLS => TLS/SSL
      SSL => TLS/SSL
      Rename new BIO_set_shutdown_wr macro to just BIO_shutdown_wr     (it's similar to the shutdown(..., SHUT_WR) system call     for sockets).
      Disable buggy code variant in BN_mod_mul_montgomery that was enabled     in 0.9.6-beta1 and 0.9.6-beta2 and caused the BN_mont_exp_mont_word()     failure (bug report "openssh 2.2.0p1 fails with openssl 0.9.6-beta1").
      Document BN_mod_mul_montgomery bug;     make disabled code slightly more correct (this does not solve     the problem though).
      Clarification about Montgomery problem
      Totally remove the supposedly 'faster' variant in     BN_mod_mul_montgomery, which calls bn_sqr_recursive     without much preparation.
      Additions for 0.9.6.
      Avoid protocol rollback.
      Fix SSL_CTX_set_read_ahead macro.
      Don't modify s->read_ahead in SSL_clear, which is called from     accept/connect functions; those should not change the     read_ahead setting of the SSL structure.
      Set s->read_ahead in SSL_new because SSL_clear no longer modifies it.
      Note read_ahead-flag related fixes.
      Add BUGS section.
      Verbose output when installing manual pages so that you see that     something is going on (and what).
      BIO_sock_init() returns 1 for success and -1 for failure, not 0;     thus the condition '!BIO_sock_init()' doesn't make sense.
      Don't ever set 'seeded' if RAND_status() returned 0     (although maybe this static variable should be abolished totally,     it was introduced before RAND_status existed).
      internal_verify now does know about extensions
      Cert chain verification is useable by now.     Whether Steve is still working on 'proper' verification is up to     him to decide ...
      rsautl.c requires RSA.
      Never call load_dh_param(NULL) because this leads to an illegal     fopen(NULL).
      avoid memory leak
      handle the case when BN_new returns NULL
      Handle BN_copy failure after successful BN_new.
      BN_CTX-related fixes.
      tmp2 is not used in BN_mod_mul_montgomery.
      add missing word
      Point to SSL_set_bio(3) early because that manpage provides     information that is essential for using BIO pairs.
      Additional explanations for SSL_ERROR_WANT_READ/WRITE.
      Constify bn_dump1 implementation so that it matches the prototype     in bn.h
      Improve usability of 'openssl passwd' by including     password verification where it makes sense.
      Documentation on using the SSL library with non-blocking I/O.
      tag SSL_peek bugs
      include 'err' label only when it is actually used
      Increase permissible ClientKeyExchange message length.
      Elliptic curves over GF(p), new BIGNUM functions, Montgomery re-implementation.
      Remove CR at line ends.
      modular arithmetics
      Add bn_mod.c (should have happend in the previous commit ...).
      More BN_mod_... functions.
      Change submitted files so that they compile (in particular,     use BN_CTX_start/get/end instead of accessing ctx->tos).
      Change submitted files so that they compile (in particular,     use BN_CTX_start/get/end instead of accessing ctx->tos).
      Fix BN_is_... macros.     Fix BN_gcd.     Analyze BN_mod_inverse.     Add BN_kronecker.     "make update".
      Undo previous commit, which was an accident.
      Add bn_kron.c (BN_kronecker), which I forgot in the previous commit.
      Add test_kron function, which will contain a test for BN_kronecker.
      Disable SSL_peek until it is fixed.
      Comments on SSL_peek deficiencies
      Correct a bug in BN_kronecker.
      Note that SSL_peek has been disabled.
      Use BN_pseudo_rand instead of BN_rand
      Improve BN_mod_inverse performance.
      Make BN_mod_inverse a little faster
      avoid segmentation fault
      Implement BN_kronecker test.
      Expand expspeed.c to make BN_kronecker timings.     This caused a segmentation fault in calls to malloc, so I cleaned up     bn_lib.c a little so that it is easier to see what is going on.     The bug turned out to be an off-by-one error in BN_bin2bn.
      BN_bin2bn did *not* contain an off-by-one error;     I'm still investigating what caused the segementation fault     (maybe "make clean; make" will cure it ...).     But BN_bin2bn should always reset ret->neg.
      Fix warnings in expspeed.c (but the segmentation fault remains)
      add missing braces
      BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1,     so we have to reduce the random numbers used in test_mont.
      Fix BN_kronecker so that it works correctly if 'a' is negative     (we need the two's complement of BN_lsw then).
      mark a bug
      BN_legendre is no longer needed now that OpenSSL has BN_kronecker.
      Handle special cases correctly in exponentation functions.
      Fix bntest.c problem -- one of the primes got lost
      bn_modfs.c is no longer needed, a BN_sqrt implementation     exists in bn_sqrt.c now
      Move reduction step from BN_mod_exp to BN_mod_exp_mont_word.     Fix BN_mod_exp_simple for a==0 (mod m).     Skip useless round in BN_mod_sqrt (1 is always a square, no need     to test BN_kronecker for it).
      BN_mod_exp problems ...
      Corrections to the comments in BN_mod_inverse.
      Changes to Lenka's Montgomery implementation.
      It's "#elif", not "#elsif".
      BN_mod_exp(r,a,p,m,ctx) should not be called with r == p.     But even if this is avoided, there are still segmentation violations     (during one of the BN_free()s at the end of test_kron     in some cases, in other cases during BN_kronecker, or     later in BN_sqrt; choosing a different exponentiation     algorithm in bntest.c appears to influence when the SIGSEGV     takes place).
      Remove randomness from the test. These constants give me a segment     violation in test_kron on a 32 bit system.
      Fix BN_rshift, which caused lots of trouble.
      Fix the recently introduced test that checks if the result is 0
      COMP_zlib should always be declared, even if it is not functional.
      "make depend"
      functionality for BN_mod_sqrt timings
      Don't allow BIGNUMs to become so large that computations with dmax     might overflow.
      include <limits.h>
      Change error message to "bignum too long"
      Improve formatting.
      Discuss http://www.shoup.net/papers/oaep.ps.Z
      Workaround for broken (or missing) bc.
      Add a comment.
      Use bc's "print" feature whenever it is available,     not just on certain platforms.
      Printing "verify ..." should not be counted as a test for the     "xxx tests passed" message.
      Faster BN_mod_sqrt algorithm for p == 5 (8).
      BN_mod_sqrt documentation/comment
      Move 'q->neg = 0' to those places where it is needed     (just in cases someone uses a negative modulus)
      Sign-related fixes (and tests).
      TEST_MUL and TEST_SQR added.
      Fix some things that look like bugs.
      Placeholder for SCO bc bug detection
      Don't throw away bctest's error messages.
      Use continuation lines in test/bctest as far as it is possible     to dermine what the expression should look like.     Apparently CVS does not like lines longer than about 2^10 characters.
      Change/add comments
      First step towards SSL_peek fix.
      The BN_mul bug test apparently is no longer needed
      Very few in the "README" is up-to-date
      The C version of bn_sub_part_words is needed not only     in NO_ASM configurations
      Locking issues.
      If CONF_get_string returns NULL and we want to tolerate this     (e.g., use a default), we have to call ERR_clear_error().
      Simplify preprocessor statements.
      When mentioning features that don't exist in current releases of     OpenSSL (such as the new undocumented '-prexit' option to s_client),     the FAQ should point out that they don't: The FAQ is not just part     of the release, it's current version is also published on the web.
      undo previous change: '-prexit' is already available in current versions of s_client
      Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX     structures and setting rsa->_method_mod_{n,p,q}.
      Comment correction.
      Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch.
      Add a comment (intended change)
      Don't hold CRYPTO_LOCK_RSA during time-consuming operations.
      fix indentation
      Split a CHANGES entry so that one of the halves matches the     corresponding new entry in the OpenSSL_0_9_6-stable branch.
      Don't access non-existing element buf[256], use buf[255] instead.
      Fix SSL_peek and SSL_pending.
      Finish SSL_peek/SSL_pending fixes.
      Get rid of unused error code.
      Change prototypes for new CRYPTO_..._mem_ex_functions functions so     that they match the function definitions (namely, remove file/line     parameters from free_func).
      Fix C code generate by 'openssl dsaparam -C'.
      Add a pointer to digest options in the description of -fingerprint.
      'char' argument to islower must be converted to 'unsigned char'
      Add SSLEAY_DIR argument code for SSLeay_version.     Add '-d' option for 'openssl version' (included in '-a').
      make indentation consistent
      Last time I asked, no-one appeared to remember if these "NEEDS PATCH"     entries are still current or what they are about:
      Add new items:     - 0.9.6a is under development     - a couple of illegal includes of <openssl/e_os.h> should be purged     - ex_data sucks
      Use $(PERL) in place of hard-coded perl
      Pass ${PERL} down to the Makefile in sub-directory "test" in     "make tests"
      It's silly to use a different default for PERL than in the top     Makefile.  (The default is never actually used though because     the top Makefile passes its value of PERL down to sub-Makefiles.)
      After discussion with Richard, change the new API for extended memory     allocation callbacks so that it is no longer visible to applications     that these live at a different call level than conventional memory     allocation callbacks.
      No functional change, but slightly improved code clarity.
      New -newreq-nodes option to CA.pl.
      Remove "AVAILABLE PATCH" that has now been applied.
      When we are waiting for user action, we should say this explicitly.
      note strncpy problem
      isspace must be used only on *unsigned* chars
      New 'openssl ca -status <serial>' and 'openssl ca -updatedb'     commands.
      Disable RegQueryValueEx() call.     Problem reported by "Wolfgang Marczy" <WMarczy at topcall.co.at>     in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).
      New '-extfile' option for 'openssl ca'.     This allows keeping extensions in a separate configuration file.
      Fix openssl passwd -1
      More on the e_os.h mess ...
      Use OpenSSL_add_all_algorithms instead of the backwards compatibility     alias SSLeay_add_all_algorithms
      For improved compatibility with 'strange' certificates, add some     digest aliases (as found in OpenSSL_add_all_digests).
      EVP_add_digest_alias additions to SS_library_init
      Update "OAEP reconsidered" comment
      Comment and indentation
      Remove serial number file during 'make clean'.
      Include string.h (whis is in all relevant standards) instead of     memory.h (which is not).
      don't dump core
      Avoid coredumps for CONF_get_...(NULL, ...)
      platform specific CFLAGS don't belong into this Makefile
      Integrate my implementation of a countermeasure against     Bleichenbacher's DSA attack.  With this implementation, the expected     number of iterations never exceeds 2.
      oops -- remove observation code
      Change comments.  (The expected number of iterations in BN_rand_range     never exceeds 1.333...).
      Another comment change.  (Previous comment does not apply     for range = 11000000... or range = 100000...)
      add linux-s390 configuration (based on information submitted by     Denis Beauchemin <Denis.Beauchemin at Courrier.USherb.ca>)
      fix editing error
      Simplify BN_rand_range
      use case-insensitive comparison in set_table_opts     (similar to how arguments such as -inform/-outform specifications     are treated)
      disable stdin buffering in load_cert
      Add German SiG root certificates (extracted from the official cert registry     file http://www.nrca-ds.de/ftp/pkd.ttp, which contains a total of 288     certificates issued by the RegPT so far)
      Oops: It's RegTP, not RegPT ...
      Add uid.{c,o}
      Memory leak detection bugfixes for multi-threading.
      Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
      honour '-no_tmp_rsa'
      include e_os.h as "openssl/e_os.h" (as elsewhere)
      undo previous change: "e_os.h" is now the official name for the file     to include (but the OpenSSL_0_9_6-stable branche still has     inconsistencies)
      e_os.h problems have been solved in the main branch.
      EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary.     The computations for which h was used can be done more efficiently     by using BN_rshift1.
      increase emailAddress_max
      New option '-subj arg' for 'openssl req' and 'openssl ca'.  This     sets the subject name for a new request or supersedes the     subject name in a given request.
      Move ec.h to ec2.h because it is not compatible with what we will use.
      Add more EC vaporware (empty source code files I missed in my     previous commit).
      Add yet another (still empty) source code file that I forgot.
      Another file I had forgotten to add.
      Some declarations that outline what I intend to implement.
      Change comments.
      Add EC_GROUP_new_GFp prototype.
      Add BN_CTX arguments where appropriate.
      New function declarations.
      'is_at_infinity' tests don't need a BN_CTX.
      Change obj_... generation so that it does not generate rubbish or     abort with errors if no name is defined for some object, which was the     case for 'pilotAttributeType 27'.
      Add a few 'const's
      Implement dispatcher for EC_GROUP and EC_POINT method functions.
      Fix ERR_R_... problems.
      In clear_free, clear the complete structure just in case     the method misses something.
      Oops ...
      extra_data 'mixin'.     (This will be used for Lim/Lee precomputation data.)
      The next bunch of vaporware.
      Optimized EC_METHODs need specific 'set_curve' and 'free' functions.
      ..._init functions are method-specific too     (they can't do much useful, but they will have to set pointers     to NULL)
      Some actual method functions (not enough yet to use the EC library, though),     including EC arithmetics derived from Lenka Fibikova's code (with some     additional optimizations).
      More method functions.
      More method functions for EC_GFp_simple_method.
      More 'TODO' items.
      Let EC_POINT_copy do nothing if dest==src
      Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection.     (It cannot possibly help to avoid duplicate 'name of file' strings     in object files because the preprocessor does not work at object file     level.)
      Order ERR_load_... calls like the stuff in err.h.
      Integrate ectest.c (which does not yet do anything).
      Sort openssl.ec, the configuration file for mkerr.pl.
      Throw out *all* absolute pathnames, not matter what they look like.     The filenames we are interested in for Makefile dependencies     are always relative.
      Integrate ec_err.[co].
      Constify BN_value_one.
      avoid compiler warning
      Hide BN_CTX structure details.
      Bugfix: previously the serial number file could turn negative     because an incompletely initialized ASN1_INTEGER was used.
      More method functions for elliptic curves,     and an ectest.c that actually tests something.
      Fixes to make 'no-ec' work (it should not turn 'objects' into 'objts' for example)
      Implement EC_GFp_mont_method.
      Avoid problems with multi-line NAME sections.
      add ssl23_peek
      Fix ec_GFp_simple_cmp.
      Consistently use 'void *' for SSL read, peek and write functions.
      Workaround for solaris64 linking problem (explicit "ar rs" is needed     to create a symbol table).
      Instead of telling both 'make' and the user that ranlib     errors can be tolerated, hide the error from 'make'.     This gives shorter output both if ranlib fails and if     it works.
      More EC stuff, including EC_POINTs_mul() for simultaneous scalar     multiplication of an arbitrary number of points.
      Remove files from Lenka's EC implementation.
      comment and error code update
      Change timing output: We don't have "exponents" here, curves are     considered additive
      use fflush
      handle negative scalars correctly when doing point multiplication
      Add functions EC_POINT_mul and EC_GROUP_precompute.     The latter does nothing for now, but its existence means     that applications can request precomputation when appropriate.
      Timings are not supposed to be enabled by default ...
      Forcibly enable memory leak checking during "make test"
      EC_METHOD based on bn_mont2 (not used in the library)
      Add various X9.62 OIDs. (GF(2^n) mostly left out.)
      Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult,     which indicate its purpose more clearly.
      fix memory leak in err.c
      Use err_clear_data macro
      Fix: return 0 if no error occured.
      The former ULTRASPARC preprocessor symbol is now called     OPENSSL_SYSNAME_ULTRASPARC, so we'd better check for that one
      More error_data memory leaks
      error codes are longs, not ints
      avoid infinite loop
      Completely remove mont2 stuff.     It does not appear to be faster than the current Montgomery code     except for very small moduli (somewhere between 192 and 224 bits     in a 64-bit Sun environment, and even less than 192 bits     on 32 bit systems).
      Explicitly ignore the exit code of ./bctest.  Usually the shell     ignores it anyway in command substitution, but Ultrix reportedly     aborted the test when bctest returned 1.
      Table for window sizes.
      Increase boundaries in EC_window_bits_for_scalar_size table.
      Tag EC_GFp_{nist,recp}_method as "NOEXIST" because they have     not yet been implemented.
      Update docs.
      Harmonize CHANGES and STATUS files between the 0.9.6a branch and     the trunk to keep diffs small.
      Add missing '#ifndef OPENSSL_NO_DSA'.
      Fix bctest, and add a workaround that should solve the problem with     FreeBSD's /bin/sh.
      News for 0.9.6a.
      For -WWW, fix test for ".." directory references (and avoid warning for     index -1).
      this time *really* fix the /../ check ...
      avoid buffer overflow
      This change should be suitable as a workaround for the Solaris x86     compiler bug reported in <01032110293775.22278 at weba3.iname.net>     (the '++seq[i]' condition is evaluated as 256 rather than 0     when the previous value is 255).
      Make sure OPENSSL_SYS_... is defined when we need it.
      Fix warnings.
      don't use shell functions
      Don't use 'tt' uninitialized when reporting an error     (we don't have an ASN1_TEMPLATE to complain about at this stage,     so  errtt == NULL  should be OK)
      Avoid assert() in the library.
      '||', '&&' and 'test -x' apparently don't work on Ultrix;     also 'test' appears to be available as '[' only in 'if' conditions.
      avoid '||' since Ultrix apparently doesn't understand it
      binary algorithm for modular inversion
      code documentation
      update (0.9.6a)
      Adjust BN_mod_inverse algorithm selection according to experiments on     Ultra-Sparcs (both 32-bit and 64-bit compilations)
      Mention automatically queried EGD sockets (OpenSSL 0.9.7).
      Add information on 0.9.6a (in a form such that the list can be     verified by looking at 'diff -u ../openssl-0.9.6a/CHANGES CHANGES')
      update from 0.9.6a
      undo previous change ...
      update so that changes going into the 0.9.6 tree can be logged
      fix md_rand.c locking bugs
      bctest changes for Ultrix (don't return 1 from bctest, otherwise make aborts)
      .rnd issues
      fix an old entry
      restore change undone in 1.831 (apparently by accident)
      increase DEFAULT_BUFFER_SIZE (4K instead of just 1K)
      Fix Bleichenbacher PKCS #1 1.5 countermeasure.     (The attack against SSL 3.1 and TLS 1.0 is impractical anyway,     otherwise this would be a security relevant patch.)
      when checking OAEP, signal just a single kind of 'decoding error'
      OAEP fix
      Earlier OpenSSL versions printed prompts to stderr.     In the new crypto/ui/, this was changed into tty (which is usually     /dev/tty), i.e. the FILE * used for reading passwords from the user.     However stdio buffering for read/write streams is not without pitfalls     (passwords would be echoed on some systems).     To avoid problems, split tty into tty_in and tty_out (which are     opened separately).
      Add directory name to the entry on /crypto/ui/.
      even use of default engines leaks memory
      For MSDOS, the tty filename still is "con", not "/dev/tty" ...
      pay attention to blocksize before attempting decryption
      Translate into valid C (don't call functions with wrong prototypes).
      DSA verification should insist that r and s are in the allowed range.
      Entry for Andy's mips3.s fix.
      Call ENGINE_cleanup() to avoid memory leak.
      Engine memory leaks have been fixed by now.
      Align with 0.9.6-stable CHANGES file, and make some corrections.
      Precomputation will not necessarily be LIm-Lee precomputation.
      In version numbers, there is just one "M" nybble.
      Fix PRNG.
      comment change
      For consistency with the terminology used in my SAC2001 paper, avoid     the term "simultaneous multiplication" (which -- acording to the     paper, at least -- applies only to certain methods which we don't use     here)
      Avoid race condition.
      avoid warnings
      add a comment
      always reject data >= n
      md_rand.c thread safety
      Don't preserve existing keys in DH_generate_key.
      DH key generation should not use a do ... while loop,     or bogus DH parameters can be used for launching DOS attacks
      Undo DH_generate_key() change: s3_srvr.c was using it correctly
      length of secret exponent is needed only when we create one
      remove a comma
      Reinsert typedef'ed names for structs to help those trying to read the     sourcecode (including fgrep)
      More typedef'd struct names as search targets
      Bugfix: larger message size in ssl3_get_key_exchange() because     ServerKeyExchange message may be skipped.
      add missing link
      rearrange #includes because trying to include <crypto/cryptodev.h>     is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined
      Use uniformly chosen witnesses for Miller-Rabin test     (by using new BN_pseudo_rand_range function)
      Rename recently introduced functions for improved code clarity:           [DR]SA_up  =>  [DR]SA_up_ref
      delete redundant ERR_load_CRYPTO_strings() prototype
      OpenSSL copyright notices ...
      CHANGES should list all API changes relevant for applications     (here: X509_STORE_CTX_init())
      changing something requires a write lock, not a read lock
      Now that we have ERR_unload_strings(), ERR_load_ERR_strings() must     always load its strings because they might have been unloaded     since the 'init' flag was deleted.
      Solaris <string.h> does not declare 'strdup' if _XOPEN_SOURCE is     defined.
      -mcpu=i486 vs. -m486 ...
      Oops, wrong line
      Oops^2: It was the correct line, but an incorrect change.
      Renaming DH_up to DH_up_ref does not warrant a CHANGES entry of its own     as the functions were only introduced a couple of days ago.
      Mention DSO_up => DSO_up_ref renaming
      fix formatting so that the file can be view with any tab-width
      improve OAEP check
      Totally get rid of CRYPTO_LOCK_ERR_HASH.
      Avoid strdup.
      The various hash #includes in rand_lcl.h *are* needed despite     <openssl/evp.h> is now used (MD_DIGEST_LENGTH definitions!).     No need to include such headers directly in md_rand.c.
      Fix apps/openssl.c and ssl/ssltest.c so that they use     CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),     which is the default implementation of the former and should usually     not be directly used by applications (at least if we assume that the     options accepted by the default implementation will also be meaningful     to any other implementations).
      Delete pointless casts
      Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case     distinction (which does not work well because if CRYPTO_MDEBUG is     defined at library compile time, it is not necessarily defined at     application compile time; and memory debugging now can be reconfigured     at run-time anyway).  To get the intended semantics, we could just use     the EVP_DigestInit_dbg unconditionally (which uses the caller's     __FILE__ and __LINE__ for memory leak debugging), but this would make     memory debugging inconsistent.  Instead, callers can use     CRYPTO_push_info() to track down memory leaks.
      Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case     distinction (which does not work well because if CRYPTO_MDEBUG is     defined at library compile time, it is not necessarily defined at     application compile time; and memory debugging now can be reconfigured     at run-time anyway).  To get the intended semantics, we could just use     the EVP_DigestInit_dbg unconditionally (which uses the caller's     __FILE__ and __LINE__ for memory leak debugging), but this would make     memory debugging inconsistent.  Instead, callers can use     CRYPTO_push_info() to track down memory leaks.
      Update so that progs.h can indeed be automatically generated
      add AES ciphers
      exclude disabled message digests
      avoid warning ('const' discarded)
      fix memory leak
      restore previous revision -- memory leak should be fixed in mem.c
      remove an old comment
      fix memory leak (I think)
      While ispell may not like it, "cancelling" may be spelt with two "l"s
      ex_data situation is no longer that bad
      add 'release showstopper' entry
      avoid "statement not reached" warning
      add details
      Get rid of junk (deleted/renamed function) by rebuilding     based on 0.9.6 tree.
      add comment
      Another demo.
      Change Makefile so that it works without any additional changes     at least on Solaris
      Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't     reveal whether illegal block cipher padding was found or a MAC     verification error occured.
      fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case
      make update
      New function SSL_renegotiate_pending().     New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
      Bugfix: correct cleanup after sending a HelloRequest
      Disable session related stuff in SSL_ST_OK case of ssl3_accept if we     just sent a HelloRequest.
      bugfix: handle HelloRequest received during handshake correctly
      crypto/idea and crypto/rijndael were missing in the list of     directories that may have been deleted
      The 'no-rijndael' option must define OPENSSL_NO_AES because that is     what we look for in crypto/evp.
      avoid everything resembling a magic trigraph
      ignore binary
      'openssl speed' does not include AES support yet
      'openssl rsa' etc. should include AES support in addition to DES
      the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK     case of ssl3_accept
      Fix ssl3_get_message handle message fragmentation correctly.
      make sure .rnd exists
      Change ssl3_get_message and the functions using it so that complete     'Handshake' protocol structures are kept in memory, including     'msg_type' and 'length'.
      For consistency, set s->init_num in the 'reuse_message' case     (if s23_srvr.c faked the message, s->init_num is 0).
      The message header for fake SSL 3.0/TLS 1.0 client hellos created from     SSL 2.0 client hellos added with the previous commit was totally wrong --     it must start with the message type, not the protocol version.     (Not that this particular header is actually used anywhere ...)
      Add per-SSL 'msg_callback' with 'msg_callback_arg'.     Both have per-SSL_CTX defaults.     These new values can be set by calling SSL[_CTX]_[callback_]ctrl     with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.
      gcc complained about "write" being shadowed even though the "write"     variable name occured just in a function *prototype* -- so rename it
      New functions SSL[_CTX]_set_msg_callback().     New macros SSL[_CTX]_set_msg_callback_arg().
      Call msg_callback with correct length parameter if ssl3_write_bytes had to     be called multiple times
      Fix memory leak.
      Fix SSL handshake functions and SSL_clear() such that SSL_clear()     never resets s->method to s->ctx->method when called from within     one of the SSL handshake functions.
      Assume TLS 1.0 when ClientHello fragment is too short.
      Consistency with s2_... and s23_... variants (no real functional     change)
      filenames are des_old.[ch], not des.comp*
      Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion of     the e-mail address in the DN (i.e., it will go into a certificate     extension only).  The new configuration file option 'email_in_dn = no'     has the same effect.
      mention des_old.h
      remove redundant definitions that are also in des.h
      Like MD_Init, MD now must include a NULL engine pointer in its definition.
      disable caching in BIO_gethostbyname
      Consistency fix in BUF_MEM_grow: Initialise to zero when new memory     had to be allocated, not just when reusing the existing buffer.
      Note BUF_MEM_grow() consistency fix.
      Don't define _REENTRANT here in e_os.h.  On systems where we need     _REENTRANT if threads support is enabled, the ./Configure entry must     define it so that it ends up in CFLAG.
      cast to 'unsigned long' before using ~ if we need an unsigned long result
      adjust to OpenSSL_0_9_6-stable version
      2001, not 2000
      Implement msg_callback for SSL 2.0.
      more output for SSL 2.0 in our msg_callback
      msg_callback documentation
      remove incorrect 'callback' prototype
      make code a little more similar to what it looked like before the fixes,     call ssl2_part_read again to parse error message
      Order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes     (nearly) to the top.
      add changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c
      the PRNG race conditions were mostly a theoretical issue, remove from NEWS
      Add unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id'     field here, which is left empty).
      information on 0.9.6c-engine
      synchronise with 0.9.6 stable branch
      consistency between main branch and stable branch
      cast to unsigned int, not to int to avoid the warning -- all these     values really are unsigned
      remove obsolete entry
      Improve EC efficiency.
      comments etc.
      use a more interesting test case
      avoid stupid compiler warning
      wNAFs use does not bring that much performance on Sparcs (where     elliptic curves are are relatively faster than on PCs anyway)
      OS/390 support
      check OPENSSL_NO_... before including header files that might be     disabled
      fix submitted by Andy Schneider <andy.schneider at bjss.co.uk>     (in main branch, hn_ncipher.c is already correct)
      info on 0.9.6 engine branch
      For future portability reasons MIT is moving all macros to function     calls.  This patch allows compilation either way.
      discuss -name and default_ca more correctly (I hope)
      Fix: 2.5.29 is "id-ce", not "ld-ce" (sort of a typo in objects.h).
      crypto/objects stuff
      fix warnings (one of them was clearly justified)
      fix BN_rand_range
      consistency with 0.9.6 stable "CHANGES"
      remove redundant ERR_load_... declarations
      formatting consistency
      update FAQ and CHANGES file (0.9.6c has been released)
      fix EVP_CIPHER_mode macro
      add automatically generated ERR_load_... prototype
      Changes that break something should be included in CHANGES     to make it easier to fix things.
      fix 'Configure TABLE' output
      synchronize with engine-0.9.6 tree
      add documentation for SSLeay_version(SSLEAY_DIR) and     'openssl version -d'
      add a sentence previously deleted by accident
      Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if     the SSL_R_LENGTH_MISMATCH error is detected.
      Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'     to indicate that a real handshake is taking place (the value will be     lost during multiple invocations). Set s->new_session to 2 instead.
      run test_evp before test_ssl
      disable broken code
      Reword CHANGES entry for _old_des_..., as it was a little complicated     syntactically.
      New functions         ERR_peek_last_error         ERR_peek_last_error_line         ERR_peek_last_error_line_data     (supersedes ERR_peek_top_error).
      fix formatting of automatically generated error section
      sort functions ...
      Undo previous change,  X509_check_issued() was correct.     [See          Message-ID: <3BB07999.30432AD2 at celocom.com>          Date: Tue, 25 Sep 2001 13:33:29 +0100          From: Dr S N Henson <drh at celocom.com>          To: openssl-dev at openssl.org          Subject: Re: Error in v3_purp.c     ]
      add a wish
      We should implement a countermeasure against the predictable-IV CBC     weakness in SSL/TLS
      add support for named curves
      new locks
      some modifications to named curve support
      ECDSA support
      EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()
      don't call OPENSSL_config(), this does not make any sense during "make test"
      move ECDSA test right after EC test
      fix memory leak
      fix '-C'
      '-C' is still quite broken
      make it possible to disable memory checking for timings
      fix indentation
      bugfix: allocate sufficiently large buffer
      disable '#ifdef DEBUG' sections
      disable '#ifdef DEBUG' sections
      Add 'void *' argument to app_verify_callback.
      use ERR_peek_last_error() instead of ERR_peek_error() to ignore     any other errors that may be left in the error queue
      use ERR_peek_last_error() instead of ERR_peek_error()
      '#if OPENSSL_VERSION_NUMBER >= ...' to document the recent change
      disable '#ifdef DEBUG' code
      more X9.62 OIDs
      fix 'ecdsaparam -C' output
      fix printf call
      fix 'ecdsaparam -C'
      Rephrase statement on the security of two-key 3DES.
      reference counting for EC_GROUP structures is not needed (at the     moment at least), so remove it
      add SECG OIDs
      Add more curves.     Submitted by: Nils Larsch
      fix spacing
      EC curve stuff
      asm/mips3.o problems
      use BIO_nwrite() more properly to demonstrate the general idea of     BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not     in general)
      Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.     Fix dsaparam usage output.
      add OIDs for WAP/TLS curves
      fix ssl3_pending
      Rename 'cray-t90-cc' into 'cray-j90'.     Add to 'config'.
      fix #include position
      Fix bugs and typos.     Add some WTLS curves.     New function EC_GROUP_check() (this will probably     be implemented differently soon).
      Fix typo.
      New function EC_GROUP_check_discriminant().     Restructure implementation of EC_GROUP_check().
      fix DH_generate_parameters for general 'generator'
      fix conditational compilation for OPENSSL_NO_...
      add missing declaration
      fix memory leak
      fix warnings
      add usage examples
      fix ECDSA handling
      harmonize capitalization
      ECDSA representation bugfixes
      clean up and synchronize with 0.9.6-stable
      looks like a typo
      Implement known-IV countermeasure.
      fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format     (the bug was introduced with message callback support)
      remove disabled code
      get rid of some assignments that have become obsolete
      check return values
      'version' is not optional in the encoding
      'version' is not optional in the encoding
      fix usage (no 'key')
      AlgorithmIdentifier bugs
      new items for 0.9.7
      Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not     encoded as NULL) with id-dsa-with-sha1.
      undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere)
      fix casts
      disable AES ciphersuites unless explicitly requested
      improve wNAF generation
      fix warning
      refer to latest draft for AES ciphersuites
      ensure that, for each strength, RC4 ciphers have least preference     in the default ciphersuite list
      Fix ciphersuite list to enforce low priority for RC4.
      in SignerInfo, use ecdsa-with-SHA1 OID for ECDSA (not ecPublicKey)
      Change internals of the EC library so that the functions     EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are     implemented directly in crypto/ec/ec_lib.c and not dispatched to     methods.
      make b_print.c consistent with the rest of OpenSSL:     disable assert() except for debug builds
      fix EVP_dsa_sha macro
      accept NULL in 'free' functions
      fix Cygwin (remove extra colons)
      New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
      fix memory leak
      remove unnecessary calls to EC_POINT_copy()
      fix for 'make update'
      move ECC ASN1 that is not specific to ECDSA into crypto/ec/,     and make some appropriate changes to the EC library.
      move ECC ASN1 that is not specific to ECDSA into crypto/ec/,     and make some appropriate changes to the EC library.
      simplify asn1_flag
      New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC     vulnerability workaround (included in SSL_OP_ALL).
      Implement handling of EC parameter seeds (new functions     EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).
      always include <string.h> (we do this in various other header files,     so it can't be bad)
      always include <string.h> (we do this in various other header files,     so it can't be bad)
      update an entry on EVP changes
      Make sure buffers are large enough even for weird parameters
      AES cipher suites are now official (RFC3268)
      emtpy fragments are not necessary for SSL_eNULL     (but noone uses it anyway)
      fix synopsis
      remove obsolete comment
      Replace 'ecdsaparam' commandline utility by 'ecparam'     (the same keys can be used for ECC schemes other than ECDSA)     and add some new options.
      Fix bug introduced with revision 1.95 when this filed was modified to     use the new X509_CRL_set_issuer_name() function:     The CRL issuer should be X509_get_subject_name(x509), not     X509_get_issuer_name(x509).
      add an explanation and fix a typo
      fix a typo and clarify
      harmonize options with those for 'ecparam',     remove redudant option '-pub'
      more detailed instructions for export from US
      Move zeroing from bn_expand_internal() to bn_expand2() so that it     happens reliably, even if the BIGNUM is already sufficiently large.
      Use SEC1 format for EC private keys.     This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.
      mention SSL_do_handshake()
      get rid of OpenSSLDie
      New error code ERR_R_DISABLED
      Add more WAP/WTLS elliptic curve OIDs.
      Binary field arithmetic contributed by Sun Microsystems.     The 'OPENSSL_NO_SUN_DIV' default is still subject to change,     so I didn't bother to finish the CHANGES entry yet.
      extend curve list (additional curves over binary fields)
      add support for elliptic curves over binary fields
      there is no alternative EC_METHOD for curves over GF(2^m) (yet)
      ec2_smpt.c must be listed in LIBSRC
      Rename implementations of method functions so that they match     the new method names where _GF... suffixes have been removed.
      move GF2m tests to the end
      Change BN_mod_sqrt() so that it verifies that the input value is     really the square of the return value.
      Let BN_rand_range() abort with an error after 100 iterations     without success.
      remove obsoleted disabled code
      remove obsolete part of comment
      optical changes
      fix bn_expand2
      disable Sun divison algorithm by default
      use bn_wexpand instead of bn_expand2 (the latter is not needed here,     and it does not yet work correctly)
      fix bn_expand2
      oops, undo previous change (was just for testing)
      oops -- must use EVP_MD_size, not EVP_MD_block_size
      avoid SIGSEGV
      use a generic EC_KEY structure (EC keys are not ECDSA specific)
      Add ECDH support.
      ECC ciphersuite support
      ECDH engine support
      use 0, not NULL
      add field type to text output     don't print seed value as a number (leading zeros must not be removed)
      fix warnings
      make update
      .cvsignore for crypto/ecdh
      add 0.9.6g information
      get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
      fix comment
      remove debug messages
      remove comment
      fix previous commit (there's no SSLEAY_VERSION_TEXT)
      Scripts for testing ECC ciphersuites.
      add 'TODO' items
      move a TODO from CHANGES to STATUS
      change how pod2man is handled: explicitly invoke '$PERL' only when     needed, call 'pod2man' directly if this works
      Simplify handling of named curves: get rid of EC_GROUP_new_by_name(),     EC_GROUP_new_by_nid() should be enough.  This avoids a lot of     redundancy.
      add crypto/ecdh
      fix manpage
      fix warnings (CHARSET_EBCDIC)
      use correct function code in error message
      'EC' vs. 'ECDSA'
      ecdsa => ec
      fix offsets
      ASN1 for binary curves
      move EC_GROUP_get_basis_type() from ec_lib.c to ec_asn1.c
      fix spacing
      less specific interface for EC_GROUP_get_basis_type
      change 'usage' formatting
      don't write beyond buffer
      don't memset(data,0,...) if data is NULL
      change API for looking at the internal curve list
      mention EC_get_builtin_curves()
      -nameopt fix has been moved to 0.9.7
      Let 'openssl req' fail if an argument to '-newkey' is not     recognized instead of using RSA as a default.
      1. switch from "-newkey ecdsa:..." to "-newkey ec:..."     2. automatically create required sub-directories
      add URL for Internet Draft
      make sure 'neg' flag (which does not really matter for GF(2^m), but     could cause confusion for ECDSA) is set to zero
      fix race condition
      there is no minimum length for session IDs
      really fix race condition
      really fix race conditions
      fix more race conditions
      synchronize with 0.9.7-stable version of this file
      change Emacs indentation style to make it easier to insert     tabs manually
      I don't like c-tab-always-indent ...
      fix warnings, and harmonize indentation
      remove superfluous code
      fast reduction for NIST curves
      clean up new code for NIST primes
      'broken' PKCS #8 format does not apply to ECDSA
      increase permissible message length so that we can handle     CertificateVerify for 4096 bit RSA signatures
      'covenant HOWTO' (what to do about the Sun covenant if you modify the code)
      Sun has agreed to removing the covenant language from most files.
      avoid warnings ('index' shadows global declaration)
      implement and use new macros BN_get_sign(), BN_set_sign()
      fix typo
      avoid Purify warnings
      print less output (no details unless a test failed)
      corrections to built-in curves
      do tests with all built-in curves
      remove unused old directory crypto/rijndael (superseded by crypto/aes)
      disable weird assert()s
      use new BIO_indent() function here as well
      fix output
      harmonize with 0.9.7 tree
      this method does not need field_data1
      allocate bio_err before memory debugging is enabled to avoid memory leaks     (we can't release it before the CRYPTO_mem_leaks() call!)
      fix memory leak in memory debuggin code ...
      use consistent order of function definitions
      remove redundant functions
      allocate bio_err before memory debugging is enabled to avoid memory leaks     (we can't release it before the CRYPTO_mem_leaks() call!)
      Make ec_GFp_simple_point_get_affine_coordinates() faster     for Montgomery representations.
      avoid uninitialized memory read
      add a comment
      rename some functions to improve consistency
      Don't compute timings here, we can do this elsewhere.     Include X9.62 signature examples.
      In ECPKParameters_print, output the private key length correctly     (length of the order of the group, not length of the actual key, which     will be shorter in some cases).
      document BN_GENCB API by adding an example
      add something to the '$no_shared_warn' text
      undo part of a recent change: it's "surname", not "surName"     (see X.520 aka ISO/IEC 9594-6)
      "!Cname surname" has now become redundant ...
      update error library for EC... changes
      avoid potential confusion about curves (prime192v1 and prime256v1 are     also known as secp192r1 and secp256r1, respectively)
      fix warnings
      For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters'     in AlgorithmIdentifier
      cofactor is optional in parameter encodings
      Update PRNG entry:     - OpenSSL version differences     - Sun /dev/urandom patch information
      SSL_add_dir_cert_subjects_to_stack now exists for WIN32
      typo in WIN16 section
      implement fast point multiplication with precomputation
      remove debugging leftovers
      avoid coredump
      fix EC_GROUP_copy for EC_GFp_nist_method()
      first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8"
      Allow EC_GROUP objects to share precomputation for improved memory     efficiency (EC_PRE_COMP objects are now constant once completed).
      new lock for EC_PRE_COMP structures
      make update
      Remove "+Olibcalls" option from HPUX targets.
      ECPublicKey_set_octet_string and ECPublicKey_get_octet_string     behaviour was not quite consistent with the conventions     for d2i and i2d functions as far as handling of the 'out'     or 'in' pointer is concerned.
      treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c)
      include OpenSSL license (in addition to EAY license)
      year 2003
      add Certicom licensing e-mail address
      use tabs for indentation, not spaces
      memset problem has been handled
      - new ECDH_compute_key interface (KDF is no longer a fixed built-in)     - bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
      fix formatting
      countermeasure against new Klima-Pokorny-Rosa atack
      make sure RSA blinding works when the PRNG is not properly seeded;     enable it automatically for the built-in engine
      remove patch ID (which is supposed to appear in patched variants of     old OpenSSL releases, but not in new releases)
      make RSA blinding thread-safe
      include 'Changes between 0.9.6i and 0.9.6j'
      fix typo
      implement PKCS #8 / SEC1 private key format for ECC
      manpages for 'openssl ec' and 'openssl ecparam'
      new function EC_GROUP_cmp() (used by EVP_PKEY_cmp())
      fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k
      tolerate extra data at end of client hello for SSL 3.0
      add test for secp160r1     add code for kP+lQ timings
      updates for draft-ietf-tls-ecc-03.txt
      add OpenSSL license
      make sure no error is left in the queue that is intentionally ignored
      fix out-of-bounds check in lock_dbg_cb (was too lose to detect all     invalid cases)
      certain changes have to be listed twice in this file because OpenSSL     0.9.6h forked into 0.9.6i and 0.9.7 ...
      - update from current 0.9.6-stable CHANGES file     - update from current 0.9.7-stable CHANGES file:
      BIS correction/addition
      improve wording
      Change ./Configure so that certain algorithms can be disabled by default.     This is now the case for RC5.
      In addition to RC5, also exclude MDC2 from compilation unless     the algorithm is explicitly requested.
      Take MDC2 patent into account.
      Fix typo
      fix potential memory leak when allocation fails
      It seems that Configure revision 1.404 broke "make depend" by hiding     from it which algorithms were disabled.  With these new changes,     "make depend" will properly take into account algorithms that are skipped.
      "make depend".  This takes into account the algorithms that are now     disabled by default (MDC2 and RC5), which until now were skipped     by "make links" and yet supposedly required by some of the Makefiles,     meaning that the recent snapshots failed to compile.
      Harmonize with CHANGES as distributed in OpenSSL 0.9.7f.
      HISTORY section: point out change of default digest
      This is a collection of those CVS change log entries for the 0.9.7     branch (OpenSSL_0_9_7-stable) that do not appear similarly in     0.9.8-dev (CVS head).
      first step to melt down ChangeLog.0_9_7-stable_not-in-head :-)
      bring up-to-date
      add recent changes; now this file is up-to-date
      remove some false positives
      remove extra whitespace; fix link
      fix editing error, and remove a false positive
      remove some more changes that came from HEAD
      remove some more false positives
      remove some more false positives
      Sort out changes in FIPS and other changes, collected in separate files.     (Also remove another "make update".)
      Remove some more entries that are false positives, or have been     resolved by recent commits.
      Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
      move some more entries into FIPS file
      make update
      some more false positives to remove
      fix SSLerr stuff for DTLS1 code;     move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";     fix silly indentation (a TAB is *not* always 4 spaces)
      make update
      remove some functions from exported headers
      let mkdef.pl know about OPENSSL_NO_DGRAM     (which appears in the new file crypto/bio/bss_dgram.c)
      take OPENSSL_NO_DGRAM into account     (via make update)
      Fix various incorrect error function codes.
      "PS" to Steve's commit (Port prime utility across from stable branch).
      util/mk1mf.pl issues have been resolved
      there's no such thing as Makefile.ssl anymore
      give EC_GROUP_*_nid functions a more meaningful name         EC_GROUP_get_nid -> EC_GROUP_get_curve_name         EC_GROUP_set_nid -> EC_GROUP_set_curve_name
      improve comment readability
      rebuild (starting with state from 0.9.7-stable branch) to avoid clutter
      Update util/ck_errf.pl script, and have it run automatically     during "make errors" and thus during "make update".
      Fix more error codes.
      Move some entries from ChangeLog.0_9_7-stable_not-in-head     to ChangeLog.0_9_7-stable_not-in-head_FIPS.
      Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled     with the SSL_OP_NO_SSLv2 option.
      Move another item into ChangeLog.0_9_7-stable_not-in-head_FIPS
      fix msg_callback() arguments for SSL 2.0 compatible client hello     (previous revision got this wrong)
      make update
      rebuild to synchronize with additions to 0.9.7 branch
      Implement fixed-window exponentiation to mitigate hyper-threading     timing attacks.
      Change wording for BN_mod_exp_mont_consttime() entry
      fix memory leak (BIO_free_all needs pointer to first BIO)
      check BN_copy() return value
      make sure DSA signing exponentiations really are constant-time
      Use BN_with_flags() in a cleaner way.
      avoid potential spurious BN_free()
      recent DH change does not avoid *all* possible small-subgroup attacks;     let's be clear about that
      correct+extend publication info
      new option "openssl ciphers -V"
      harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES
      fix stupid typo
      Add fixes for CAN-2005-2969.     (This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
      deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
      disable some invalid ciphersuites
      deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
      update TLS-ECC code
      Rewrite timeout computation in a way that is less prone to overflow.
      Support TLS extensions (specifically, HostName)
      C style fix-up
      Make sure that after the change from revision 1.261,     it's still possible to do a partial build.
      Various changes in the new TLS extension code, including the following:      - fix indentation      - rename some functions and macros      - fix up confusion between SSL_ERROR_... and SSL_AD_... values
      Add names for people who provided the TLS extension patch.
      Fixes for TLS server_name extension
      complete and correct RFC3546 error codes
      make sure that the unrecognized_name alert actually gets sent
      prepare for additional RFC3546 alerts
      There's no such things as DTLS1_AD_MISSING_HANDSHAKE_MESSAGE.     For now, anyway.
      Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
      include max. codes in debug output
      Detect SSL error code mishandling.
      Detect more errors.     Change assignment strategy: rathern than using max+r for new codes,     find first hole in list of existing codes.
      Avoid contradictive error code assignments.     "make errors".
      Further TLS extension updates
      More TLS extension related changes.
      improvements for alert handling
      Further TLS extension improvements
      move new member of SSL_SESSION to the end     (minimize changes to binary format)
      Implement the Supported Point Formats Extension for ECC ciphersuites
      udpate Supported Point Formats Extension code
      fix sign problems
      Simplify ASN.1 for point format list
      Implement cipher-suite selection logic given Supported Point Formats Extension.
      Change default curve (for compatibility with a     soon-to-be-widely-deployed implementation that doesn't support the     previous default)
      Implement Supported Elliptic Curves Extension.
      fix for hostname extension
      fix memory leak
      Avoid hard-coded table length where we can use sizeof.
      simplify: use s2n macro
      check length properly
      Remove ECC extension information from external representation     of the session -- we don't really need it once the handshake     has completed.
      Camellia cipher, contributed by NTT
      Camellia cipher, contributed by NTT
      Camellia cipher, contributed by NTT
      Fix a bug recently introduced when updating this file to use the new     keygen API: make sure that 'pkey_type' is actually visible to MAIN().
      Thread-safety fixes
      Make sure that AES ciphersuites get priority over Camellia     ciphersuites in the default cipher string.
      Ciphersuite string bugfixes, and ECC-related (re-)definitions.
      Disable invalid ciphersuites
      Oops ... deleted too much in the previous commit when I deleted     the Fortezza stuff
      Fix another bug introduced yesterday when deleting Fortezza stuff:     make sure 'mask' is initialized in ssl_cipher_get_disabled().
      Fix another new bug in the cipherstring logic.
      Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,     and allow more general RSA OIDs for ECC certs with RSA CA sig.
      Call 'print_stuff' even if a handshake failed.
      Error messages for client ECC cert verification.
      another thread-safety fix
      Change array representation of binary polynomials to make GF2m part of     the BN library more generally useful.
      Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
      Change in 0.9.8 branch:     Put ECCdraft ciphersuites back into default build (but disabled     unless specifically requested)
      New functions CRYPTO_set_idptr_callback(),     CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type     thread ID, since the 'unsigned long' type of the existing thread ID     does not always work well.
      always read in RAND_poll() if we can't use select because of a too     large FD: it's non-blocking mode anyway
      use <poll.h> as by Single Unix Specification
      documentation for "HIGH" vs. "MEDIUM" was not up-to-date
      Camellia information
      New Camellia implementation (replacing previous version)
      Camellia IPR information
      Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
      Make consistent with 0.9.8-branch version of this file
      Remove non-functional part of recent patch, after discussion with     Colin Percival (this would have caused more problems than solved,     and isn't really necessary anyway)
      update information on "current version" ...
      Make sure the int_rsa_verify() prototype matches the implementation     (m_len currently is 'unsigned int', not 'size_t')
      ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0     ciphersuite as well
      Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
      include 0.9.8d and 0.9.7l information
      Introduce limits to prevent malicious keys being able to     cause a denial of service.  (CVE-2006-2940)     [Steve Henson, Bodo Moeller]
      All 0.9.8d patches have been applied to HEAD now, so we no longer need     the redundant entries under the 0.9.9 heading.
      ASN1_item_verify needs to initialize ctx before any "goto err" can     happen; the new code for the OID cross reference table failed to do so.
      fix support for receiving fragmented handshake messages
      Fix the BIT STRING encoding of EC points or parameter seeds     (need to prevent the removal of trailing zero bits).
      Reorganize the data used for SSL ciphersuite pattern matching.     This change resolves a number of problems and obviates multiple kludges.     A new feature is that you can now say "AES256" or "AES128" (not just     "AES", which enables both).
      fix incorrect strength bit values for certain Kerberos ciphersuites
      fix warnings/inconsistencies caused by the recent changes to the     ciphersuite selection code in HEAD
      fix warnings for CIPHER_DEBUG builds
      Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a     ciphersuite string such as "DEFAULT:RSA" cannot enable     authentication-only ciphersuites.
      fix a typo in the new ciphersuite ordering code
      Improve ciphersuite order stability when disabling ciphersuites.     Change ssl_create_cipher_list() to prefer ephemeral ECDH over     ephemeral DH.
      SSL_kKRB5 ciphersuites shouldn't be preferred by default
      delete obsolete comment
      prefer SHA1 over MD5 (this affects the Kerberos ciphersuites)
      Fix incorrect substitution that happened during the recent ciphersuite     selection remodeling
      use 2007 copyright for generated files
      include complete 0.9.7 history     include release date of 0.9.8e
      clarification regarding libdes files
      stricter session ID context matching
      Change to mitigate branch prediction attacks
      make BN_FLG_CONSTTIME semantics more fool-proof
      don't violate the bn_check_top assertion in BN_mod_inverse_no_branch()
      fix error codes
      Add SEED encryption algorithm.
      All ciphersuites should have a strength designator.
      remove leftover from editing ...
      fix function codes for error
      Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
      document -S and -nopad options in usage information
      Make sure that BN_from_montgomery keeps the BIGNUMS in proper format
      Clean up error codes a bit.     (engines/ccgost/ remains utter chaos, though; "make errors" is not happy.)
      fix warning
      Implement the Opaque PRF Input TLS extension     (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and     bugfixes on the way.  In particular, this fixes the buffer bounds     checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
      fix length parameter in SSL_set_tlsext_opaque_prf_input() calls
      properly handle length-zero opaque PRF input values     (which are pointless, but still might occur)
      The hash length check wasn't strict enough,     as pointed out by Ernst G Giessmann
      fix typos
      Should reject signatures that we can't properly verify     and couldn't generate     (as pointed out by Ernst G Giessmann)
      Make sure to set indent-tabs-mode so that we get tabs, not spaces.
      fix BIGNUM flag handling
      Montgomery-related minor cleanups/documentation
      Clarifying comment.
      Disable code that clearly doesn't currently serve any useful purpose.     (Buggy line reported by Matthias Koenig.)
      Change use of CRYPTO_THREADID so that we always use both the ulong and     ptr members.
      year 2008
      From HEAD:
      From HEAD:
      sync with 0.9.8 branch
      Everyone's had a few years to port their favorite additions to 0.9.7     to HEAD (and the 0.9.8 branch).  Remove the reminder.
      avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
      Make sure not to read beyond end of buffer
      We should check the eight bytes starting at p[-9] for rollback attack     detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK     will be larger than necessary.
      Fix error codes for memory-saving patch.
      Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL).
      fix error function codes
      sanity check
      Don't use assertions to check application-provided arguments;     and don't unnecessarily fail on input size 0.
      Some precautions to avoid potential security-relevant problems.
      Really get rid of unsafe double-checked locking.
      Note about CVS branch inconsistency.
      Fix SSL state transitions.
      update comment
      from 0.9.8 branch
      From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
      Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't     enable disabled ciphersuites.
      symbol deobnoxification
      warnings (mostly)
      Implement Configure option pattern "experimental-foo"     (specifically, "experimental-jpake").
      experimental-foo support for mk1mf.pl.
      Put back a variable deleted by the previous revision,     but used in the code.
      -hex option for openssl rand
      For -hex, print just one \n
      Make CHANGES in CVS head consistent with the CHANGES files in the     branches.
      Constify crypto/cast.
      Constify crypto/cast.
      Use properly local variables for thread-safety.
      Fix X509_STORE locking
      Always check bn_wexpend() return values for failure (CVE-2009-3245).
      Fix for "Record of death" vulnerability CVE-2010-0740.
      Harmonize with OpenSSL_1_0_1-stable version of CHANGES.
      ECC library bugfixes.
      New 64-bit optimized implementation EC_GFp_nistp224_method().     This will only be compiled in if explicitly requested     (#ifdef EC_NISTP224_64_GCC_128).
      (formatting error)
      Patch from PR #1833 was broken: there's no s->s3->new_session     (only s->new_session).
      For better forward-security support, add functions     SSL_[CTX_]set_not_resumable_session_callback.
      Update version numbers
      C conformity fixes:     - Move declarations before statements in all blocks.     - Where 64-bit type is required, use it explicitly (not 1l).
      C conformity fixes: Move declarations before statements in all blocks.
      More C language police work.
      Fix error codes.
      make update
      CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
      fix omissions
      Assorted bugfixes:     - safestack macro changes for C++ were incomplete     - RLE decompression boundary case     - SSL 2.0 key arg length check
      Synchronize with 1.0.0 branch
      OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
      Sync with 1.0.1 branch.     (CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
      Fix the version history: changes going into 1.1.0 that are also going     into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".
      Fix typo.
      Synchronize with 1.0.1 CHANGES file.
      Fix error codes.
      Fix expected DEFFLAG for default config.
      make update
      Fix memory leak on bad inputs.
      (EC)DH memory handling fixes.
      Fix d2i_SSL_SESSION.
      Fix session handling.
      Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test.
      In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
      Clarify warning
      Make CTR mode behaviour consistent with other modes:     - clear ctx->num in EVP_CipherInit_ex     - adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816       for eng_aesni.c
      Avoid failed assertion in BN_DEBUG builds
      Oops - ectest.c finds further problems beyond those exposed by bntext.c
      use -no_ecdhe when using -no_dhe
      Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and     NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;     -DEC_NISTP224_64_GCC_128 no longer works.)
      Fix warnings.     Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
      Fix indentation
      BN_BLINDING multi-threading fix.
      "make update" (partial)
      Fix NPN implementation for renegotiation.     (Problem pointed out by Ben Murphy.)
      Fix BIO_f_buffer().
      Update HEAD CHANGES file.
      Fix ecdsatest.c.
      Resolve a stack set-up race condition (if the list of compression     methods isn't presorted, it will be sorted on first read).
      Fix for builds without DTLS support.
      Fix usage indentation
      Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
      Disable SHA-2 ciphersuites in < TLS 1.2 connections.
      Enable message names for TLS 1.1, 1.2 with -msg.
      Oops - didn't mean to change Makefile on previous submit
      Fix warning.
      Fix Valgrind warning.
      Fix EC_KEY initialization race.

Carlos Alberto Lopez Perez (4):
      Fix XMPP code detection on s_client starttls xmpp
      Fix infinite loop on s_client starttls xmpp
      Add "xmpp" to the list of supported starttls protocols on s_client manpage
      Add an "-xmpphost" option to s_client

Chris Rorvick (1):
      doc: Add missing =back directive.

Christian Heimes (2):
      Implement tests for PKCS#5 PBKDF2 HMAC
      add test case to makefiles

Clang via Jeffrey Walton (1):
      RT3140: Possibly-unit variable in pem_lib.c

Claus Assmann (1):
      RT3268: Fix spelling errors in CHANGES file.

Cristian Rodríguez (1):
      constify tls 1.2 lookup tables.

Daniel Kahn Gillmor (10):
      Allow "ECDHE" as a synonym of "EECDH" when specifiying ciphers
      emit "ECDHE" instead of "EECDH" for kX packet trace output
      use SSL_kECDHE throughout instead of SSL_kEECDH
      Allow "DHE" and "kDHE" as synonyms of "EDH" and "kEDH" when specifiying ciphers
      emit "DHE" instead of "edh" for kX packet trace output
      use SSL_kDHE throughout instead of SSL_kEDH
      documentation should use "DHE" instead of "EDH"
      change SSL3_CK_EDH_* to SSL_CK_DHE_* (with backward-compatibility)
      Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA
      update remaining documentation to move from EDH to DHE

Dario B (1):
      RT3291: Add -crl and -revoke options to CA.pl

David Benjamin (3):
      Check there is enough room for extension.
      Fix protocol downgrade bug in case of fragmented packets
      Do not resume a session if the negotiated protocol version does not match     the session's version (server).

David Gatwood (2):
      RT1744: SSL_CTX_set_dump_dh() doc feedback
      RT1744: SSL_CTX_set_dump_dh() doc feedback

David Lloyd (1):
      Prevent infinite loop loading config files.

David Ramos (4):
      Double free in i2o_ECPublicKey
      Initialise alg.
      Allocate extra space when NETSCAPE_HANG_BUG defined.
      Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362

David Woodhouse (1):
      Check DTLS_BAD_VER for version number.

Dominik Neubauer (1):
      typo in s_client

Doug Goldstein (1):
      RT2163: Remove some unneeded #include's

Dr Stephen Henson (1):
      Fix d4a4370050f7d72239b92a60ab9d4a2dd5e9fd84

Dr. Stephen Henson (3719):
      Add extended key usage OID and update STATUS file.
      Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have     zero unused bits.
      Make sure applications free up pkey structures and add netscape extension     handling to x509.c
      Remove one EVP_PKEY_free() that shouldn't be there.
      More EVP_PKEY patches for new functionality.
      Fix things so DH_free() will be no-op when passed NULL, like RSA_free() and     DSA_free(): this was causing crashes when for example an attempt was made     to handle a (currently) unsupported DH public key. Also X509_PUBKEY_set()i     wasn't checking errors from d2i_PublicKey().
      Oops! update CHANGES file properly.
      Fix the gendsa program and add it to the app list. The progs.h file is     auto generated but not auto updated so it is included. Also remove the     encryption from the sample DSA keys.
      Fix OBJ_txt2nid(): old function was broken when input used the "dot" form, e.g. . Also added new function OBJ_txt2obj().
      Submitted by: Neil Costigan <neil.costigan at celocom.com>     PR:
      Fix parameters to dummy function BN_ref_mod_exp().
      Time to blow up the source tree :-) This is the beginning of support for     GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be     used but OpenSSL doesn't currently support it. This patch adds several files     and a bunch of functions.
      Update CHANGES for GeneralizedTime info.
      New err_code.pl script to retain old error codes. This should allow the use     of 'make errors' without causing huge re-organisations of files when a new     code is added.
      This is the result of a "make errors" with the new error building functionality     in place.
      Continued patches so certificates and CRLs now can support and use     GeneralizedTime.
      Initial addition of new X509 V3 files, tidy of old files.
      Continuing adding X509 V3 support. This starts to integrate the code with     the main library, but only with printing at present. To see this try:     openssl x509 -in cert.pem -text     on a certificate with some extensions in it.
      Add file x509v3.err.
      More X509 V3 stuff. Add support for extensions in the 'req' application     so that: openssl req -x509 -new -out cert.pem     will take extensions from openssl.cnf a sample for a CA is included.     Also change the directory order so pem is nearer the end. Otherwise 'make links'     wont work because pem.h can't be built.
      Still more X509 V3 stuff. Modify ca.c to work with the new code and modify     openssl.cnf for the new syntax.
      Add a few extended key usage OIDs.
      Add ASN1 code for netscape certificate sequences.
      Remember to add the new file this time :-)
      Allow the -certfile argument to be used multiple times in crl2pkcs7.     Also fix typos in the usage messages: "inout" instead of "input".
      New program 'nseq' added to apps to allow Netscape certificate sequences to     be pulled apart and built.
      Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and     add x509v3.h to mkdef.pl list of include files.
      Fix various stuff: that VC++ 5.0 chokes on:     1. Add *lots* of missing prototypes for static ssl functions.     2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org     3. Add a few missing prototypes in pem.org     Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95.     Fix mkdef.pl so it doesn't truncate longer names.
      More Win32 fixes. The Configure script used to give *lots* of warnings about     use of undefined variables: kludge so they all get initialised. Also avoid use     of POSIX module.
      Delete bogus V3 prototype and update the *.num files to include ordinals for     the new functions. Update MINFO.
      Oops! Restore ssleay.num: it got overwritten with libeay.num :-(
      Rename v3_bitstr.c to v3_bitst.c to fit in 8+3. Rebuild MINFO to reflect     change.
      Delete legacy file.
      Add support for GeneralName and GeneralNames extensions. Also preliminary     support for subject and issuer alt name. Add a new ASN1 macro and fix a     nasty bug that left an ASN1 buffer modified on an error condition with     IMPLICIT tagging.
      Fix filename in comment.
      Comment out def of currently unimplemented function to stop warning.
      Support for ASN1 ENUMERATED type. This copies and duplicates the ASN1_INTEGER     code and adds support to ASN1_TYPE and asn1parse.
      Oops... forgot to add new ENUMERATED file...
      More extension code. Incomplete support for subject and issuer alt     name, issuer and authority key id. Change the i2v function parameters     and add an extra 'crl' parameter in the X509V3_CTX structure: guess     what that's for :-) Fix to ASN1 macro which messed up     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
      Oops. Forgot to do a 'make errors'.
      Delete a few unused files in apps, restore CAST WIN32 ASM file to main     tree.
      Make the 'crypto' and 'ssl' options in the perl script mkdef.pl really work,     also add an 'update' option to automatically append any new functions to the     ssleay.num and libeay.num files.
      Fix typo in asn1.h (PRINTABLESTRING_STRING) and fix a bug in object creation     perl script. It failed if the OID had any zeros in it.
      Modify configure script to generate some files that Win32 needs and new     script that does the same as 'make files'.
      Oops... add other changes this time too.
      More Win32 fixes and upsdate INSTALL.W32 documentation.
      Convert ms/do_ms.bat to DOS EOL format of DOS chokes on it.
      Add support for raw extensions. This means that you can include the DER encoding     of an arbitrary extension: e.g.,RAW:12:34:56 Using this     technique currently unsupported extensions can be generated if you know their     DER encoding. Even if the extension is supported in future the raw extension     will still work: that is the raw version can always be used even if it is a     supported extension.
      Update error codes.
      Patch to Configure script. For some reason the BN_ASM part was truncated to     the first word which broke (at least) the Linux compile. Hopefully this wont     break other platforms.
      Fix various memory leaks in SSL, apps and DSA
      Added code to GENERAL_NAME with support for more options and preliminary     support for assignment in config files.
      Fuller authority key id support, partial support for private key usage extension     and really fix the ASN.1 IMPLICIT bug this time :-)
      Oops! Remeber to include the other patches this time...
      Overhaul 'crl' application, add a proper X509_CRL_print function and start     to support CRL extensions.
      Patch so the new crl stuff actually compiles this time :-) Also update the     Win32 ordinals.
      Preliminary support for reason code CRL extension.
      Add more functionality to issuer alt name and subject alt name. New options     to include email addresses from DN and copy details from issuer certificate.     Include examples in openssl.cnf, update Win32 ordinals.
      Make RSA_NO_PADDING really use no padding.
      Add preliminary user level config documentation for extension stuff. Programming     info will come later...
      Various changes to make this stuff compile under Win32 and VC++ with and     without -debug option to mk1mf.pl. Change _export to is_export (_export is     a reserved word under VC++). Add yucky function prototype function pointer     casts. Sanitise the included files in crypto/x509v3.
      Redo the way 'req' and 'ca' add objects: add support for oid_section.
      Remove debugging fprintf from req.c and fix the code so it properly skips over     the first leading XXX. in the DN.
      BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For     now change it to BN_RECURSION_MONT so it isn't compiled in.
      Fix the Win32 compile environment and add various changes so it will now compile     under Win32 (9X and NT) again. Note: some signed/unsigned changes recently     checked in were killing the Win32 compile.
      Deleted my str_dup() function from X509V3: the same functionality is provided     by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.
      Workaround for a Win95 console bug triggered by the password read stuff.
      Fix the PKCS#7 stuff: signature verify could fail if attributes reordered, the     detached data encoding was wrong and free up public keys.
      Add an extra 'raw' function r2i to the extension code. Nothing uses this yet and     it is just a place holder for functionality to be added later. Its been added     now so the X509V3_EXT_METHOD structure shouldn't (hopefully) have to change     after the release.
      Added support for adding extensions to CRLs, also fix a memory leak and     make 'req' check the config file syntax before it adds extensions. Added     info in the documentation as well.
      Delete obsolete old X509V3 files.
      Various fixes to Win32, update ssleay.num, libeay.num, shuffle various #ifdefs     around so more options appear in e_os.h
      Add missing funtions from non ANSI section of header files and add missing     ordinals to libeay.num.
      Comment out two unimplemented functions from bio.h. Attempt to get the     Win32 test batch file going again.
      Remove some hard coded paths from Win32 test stuff.
      Make CC,CFLAG etc get passed to make links and various Win32 fixes.
      Fix couple of ANSI declarations and prototypes
      Fix for RSA private key encryption if p < q. This took ***ages*** to track down.
      Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that     NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This     prevents cipher lists from inadvertantly having NULL ciphers at the top     of their list (e.g. the default ones) because they didn't have to be taken     into account before.
      Delete Win32 test with testreq.pem and req: there is already a test with     testreq2.pem.
      Remove some references which called malloc and free instead of Malloc and Free.
      Using int for the digest length in EVP_DigestFinal() broke some compilers.     Changed to unsigned int: also need an evil cast in pk7_doit.c because a     signed, unsigned comparison chokes VC++.
      Comment out the lines that generated by mk1mf.pl include three separate rules     that are equivalent to $(OUT_D). This was what was causing the 'too many rules'     warning under VC++.
      Add initial support for Thawte strong extranet certificate extensions and     include an 'indent' option to V3 stuff.
      extranet file added...
      This is the beginning of PKCS#12 integration. This just adds the PKCS#12     objects to objects.h
      Further PKCS#12 integration, PBE, PKCS#8 additions.
      Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add     them to the build environment.
      Various PKCS#12 related tidies and fixes: it might even compile now :-)
      Include pkcs12 program as part of openssl. This completes most of the PKCS#12     integration.
      Remove deleted PKCS#12 functions from pkcs12.h, get rid of object creation     kludge, remove CRs from ssl_ciph.c and update Win32 functions for PKCS#12     code. It might compile under Win32 now ...
      Delete some auto generated files and correct a typo in crypto/asn1/p5_pbe.c
      Did a 'make errors' to update asn1 error codes now typo is fixed
      Add PKCS#5 v2.0 ASN1 structures.
      Delete all the old X509V3 pack and unpack stuff and various structures and     files associated with them. This stuff is all obsoleted by the new X509V3 code.
      Add some utilities to support SXNet extension also add support in DEF files     generator to typesafe stacks.
      Fix a horrible BN bug in bn_expand2 which caused BN_add_word() et al to fail     when they cause the destination to expand.
      Add initial support for r2i RAW extensions which can access the config database     add various X509V3_CTX helper functions and support for LHASH as the config     database.
      Add support for VISIBLESTRING and UTF8String
      Allow asn1parse to print out VISIBLESTRING and some code needed for certificate     policies extension.
      Initial support for Certificate Policies extension: print out works but setting     isn't fully implemented (yet).
      Finish off support for Certificate Policies extension.
      Various fixes so Win32 compile may work. Convert GeneralNames to use safe stack.
      Suppport for CRL distribution points extension. Also document some of     this stuff.
      Oops! Fixup CHANGES.
      Complete rewrite of the error code generation script. It now runs as a single     script, translates function codes better and doesn't need the K&R function     prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are     still needed by the DEF generator...). I also ran the script with the -rewrite     option to update all the header and source files.
      Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality     to error code script: it can now find untranslatable function codes (usually     because the function is static and not defined in a header: occasionally because     of a typo...) and unreferenced function and reason codes. To see this try:     perl util/mkerr.pl -recurse -debug     Also fixed some typos in crypto/pkcs12 that this found :-)     Also tidy up some error calls that had to be all on one line: the old error     script couldn't find codes unless the call was all on one line.
      Change the command line options of mkerr.pl so -static is now default and     a -write option is needed to actually change anything. Second attempt at     getting rid of ERR, ERRC definitions: it might even work this time :-)
      Fix mkerr.pl to find functions returning function pointers (thanks Ulf!)     also add a few missing prototypes.
      Various header consistency fixes.
      Fixes so it will compile again under Win32.
      Extensively changed the DEF file generator mkdef.pl to use a modified version     of Ulf's prototype parser, also general tidying and fixing of several problems     with the original. Its still a bit of a hack but should work.
      Add PKCS#12 documentation and new option in x509 to add certificate extensions.
      Oops ... fix warning.
      Fix a couple of cases where an attempt is made to lock an already locked     mutex.
      GeneralizedTime setting fixes.
      Allows PKCS#12 password to be placed on command line and add allow config     file name for 'ca' to come from the environment.
      Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a     Win32 version of rename() ). There isn't a precise rename() equivalent under     Win95: the standard rename() complains if the destination already exists so     replaced with a combination of unlink() and MoveFile().
      Kill evil casts, fix PKCS#7 and add new X509V3 Function.
      Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data.     Containts elements of code by Sebastian Akerman <sak at parallelconsulting.com>     and made a bit less "naughty" by Steve.
      Various PKCS#7 related fixes,tidies and comments.
      Add new -out option to asn1parse to allow the parsed data to be output.     Fixed -strparse option: it didn't work if used more than once (this was due     to the d2i_ASN1_TYPE call parsing a freed buffer). On Win32 the file wincrypt.h     #define's X509_NAME and PKCS7_SIGNER_INFO causing clashes so these are #undef'ed
      Several of the EVP_CIPHER structures had the get and set asn1 parameter     functions transposed.
      The encoding of negative ASN1 INTEGERs and the conversion of BNs to negative     integers was completely broken. Also added a NEG_PUBKEY_BUG compilation option     to compensate for public keys improperly encoded as negative integers.
      Various Win32 fixes. Change args in do_ms.bat to put platform last. Fix     unsigned/signed cmp error in asn1parse. Change various pem_all.c args to     use pem_password_cb.
      Fix some obvious bugs in the PKCS#7 library handling. It didn't try to     find the right RecipientInfo based on the recipient certificate (so would     fail a lot of the time) and fixup cipher structures to correctly (maybe)     modify the AlgorithmIdentifiers.  Largely untested at present... this will be     fixed in due course. Well the stuff was broken to begin with so if its broken     now then you haven't lost anything :-)
      Fix various less obvious bugs in PKCS#7 handling: such as not zeroing     the secret key before we've encrypted it and using the right NID for RC2-64.     Add various arguments to the experimental programs 'dec' and 'enc' to make     testing less painful.
      Oops! Get the pmatch test the right way round.
      Various clarifications to extension docs: change the name of literal     extensions from RAW to DER to avoid confusion with raw extensions.
      Change default PKCS#12 iteration count to 2048, include rsa_oeap_test in the     test batch file.
      New functions sk_set, sk_value and sk_num to replace existing macros: this is     to minimise the effects on existing code.
      Include some notes on basic extension usage and change openssl.cnf to usually     do sensible things with extensions.
      The last argument in the d2i_XXX_fp and  d2i_XXX_bio functions should be     of type XXX ** not XXX *
      Move the Win32 #undefs of X509_NAME and PKCS7_ISSUER_AND_SERIAL so they will     always get included with the relevant files.
      Fixup do_nt.bat for new mk1mf arg order.
      Set ext_list to NULL after use.
      Fix URL for perl in INSTALL.W32
      Update md5 assembly source for Win32.
      Fix for memory leak.
      Free up 'out' before exiting pkcs12 application.     Submitted by: Wu Zhigang <zhigangwu at yahoo.com>
      Add PKCS#5 v1.5 compatible algorithms and initial PKCS#8 support. PKCS#8 needs     more work: need an application and make the private key routines automatically     handle PKCS#8.
      The rest of the PKCS#5, PKCS#8 patch I forgot before :-)
      Add a 'pkcs8' application for initial PKCS#8 support. Still needs lots more     options to handle encrypted and unencrypted forms and DER format input and     output.
      Add d2i,i2d bio and fp functions for PKCS#8 and add -inform and -outform     arguments to pkcs8 application.
      More PKCS#8 stuff. Support for unencrypted forms of private key.
      Change so PEM private key read routines can handle PKCS#8 transparently.
      Rewrite PBE handling read to support PKCS#5 v2.0 and update the function     list for Win32.
      Change PBE handling a bit more: now the key and iv generator does calls     EVP_CipherInit() this because the IV wont be easily available when doing     PKCS#5 v2.0
      More PKCS#5 v2.0 development. Add a function to setup a PKCS#5 v2.0     AlgorithmIdentifier and make various ASN1 fixes.
      This is the main PKCS#5 v2.0 key generation function, it parses the ASN1     structure and decides what key to generate (if any). Not currently added to     the PBE algorithm list because it is largely untested.
      Complete support for PKCS#5 v2.0. Still needs extensive testing.
      Change the PEM function implementation to use a common set of macros: this     should make modifying them easier.
      Reformat and "modernise" the sign.c demo.
      Two new functions to write out PKCS#8 private keys. Also fixes for some of     the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default     iteration count if it is passed as zero.
      Document the X509V3 code and change some of the extension function pointers     to use 'void *' rather than 'char *' for an "arbitrary extension".
      Fix to i2d_DSAPublicKey() to return the correct length.     Submitted by: Jeon KyoungHo <khjeon at sds.samsung.co.kr>
      New functions CONF_load_bio() and CONF_load_fp() to load a configuration     file from a bio or fp. Added some more constification to the BN library.
      Convert the CONF library to use a typesafe stack: a STACK_OF(CONF_VALUE). It     seemed like a good idea at the time... several hours later it was rather     obvious that these are used all over the place making the changes rather     extensive.
      Implement STACK_OF(ANS1_OBJECT) for extended key usage extension, change the     documentation to reflect the STACK_OF(CONF_VALUE) change to the CONF lib and     use ANSI typedefs for X509V3_EXT_I2D and X509V3_EXT_FREE.
      Change the PEM_* function prototypes to use DECLARE_PEM macros and change     util/mkdef.pl to handle this. Also do a 'make update'.
      New function PKCS7_signatureVerify to allow the signing certificate to     be explicitly stated with PKCS#7 verify.
      Fix d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() so it correctly works out     the length of negative integers.
      New functions to allow RSA_METHODs to be changed without poking round in     RSA structure internals.
      SXnet code was freeing up the extension data rather than the temporary     zone number.
      Fix a bug in x509.c that omitted DSA parameters when they didn't match the     signers parameters. Changed it to never omit parameters.
      Copy flags in ASN1_STRING_dup()
      Add a debugging option to PKCS#5 v2.0 key generation function.
      Various changes to stop VC++ choking under Win32.
      Beginnings of experimental support for NASM assembler. This is a free     assembler for various X86 platforms including Win32. It can output object files     that VC++ will tolerate so it could be used to provide assembly language support     to Win32 without the need for MASM.
      More NASM support code it still doesn't work but it doesn't work less than it     didn't work before :-)
      Continues NASM support. This might work now. Its still experimental but it     passes all the tests. Added documentation in INSTALL.W32.
      Eliminate a warning: BN_mod_inverse() returns a (BIGNUM *) and remove and     unnecessary cast.
      New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp.
      New function OBJ_obj2txt()
      Tidy up pkcs12 application.
      Allow the PKCS#7 (S/MIME encrypt) application to support more than one     recipient.
      Fix to PKCS#12 code to use the cipher block length when allocating a buffer     for encrypted data, rather than hard coding '8'.
      Configure fix for Windows: under Windows+perl "system" ends up going via the     command shell which means that redirecttion needs backslashes in the paths.
      Change all the -'s to _'s.
      Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file     with some 0.9.4 changes.
      *** empty log message ***
      Support for parsing of certificate extensions in PKCS#10 requests: these are     used by things like Xenroll. Also include documentation for extendedKeyUsage     extension.
      Add functions to allow extensions to be added to certificate requests.
      Fix PKCS7_ENC_CONTENT_new() to include a sensible default content type and add     support for encrypted content type in PKCS7_set_content().
      Allow memory bios to be read only and change PKCS#7 routines to use them.
      Initial support for DSA_METHOD...
      Initial support for DH_METHOD. Also added a DH lock. A few changes made to     DSA_METHOD to make it more consistent with RSA_METHOD.
      Fix for a bug which meant encrypting BIOs sometimes wouldn't read the final     block.
      Allow extensions to be added to certificate requests, update the sample     config file (change RAW to DER).
      Allow the 1.OU="my OU" syntax in 'ca' for SPKACs.
      Allow the extension section specified in config files to be overridden     on the command line for various utilities.
      Make DH_free() free up any ex_data and also call the finish method.
      Add new 'spkac' utility and several SPKAC utility functions.
      New UTF8 utility functions to parse/generate UTF8 strings.
      New function to convert ASN1 tag values to strings. Also fix typo in asn1.h
      This is preliminary support for an "RSA null" cipher. Unfortunately when     OpenSSL is compiled with NO_RSA, no RSA operations can be used: including     key generation storage and display of RSA keys. Since these operations are     not covered by the RSA patent (my understanding is it only covers encrypt,     decrypt, sign and verify) they can be included: this is an often requested     feature, attempts to use the patented operations return an error code.
      Oops... forgot the other RSA_NULL patches...
      Fix typo.
      Fix typo.
      Various CRL enhancements tidies and workaround for broken CRLs.
      Add new sign and verify members to RSA_METHOD and change SSL code to use sign     and verify rather than direct encrypt/decrypt.
      Lots of evil casts to stop VC++ choking with "possible loss of data"     warnings :-(
      Fix to make s_client and s_server work under Windows. A bit of a hack but     an improvement on not working at all.
      Modify the 'speed' application so it now uses RSA_sign and RSA_verify     instead of RSA_private_encrypt and RSA_public_decrypt
      Fix for base64 BIO decoding bug
      Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message     contains no certificates.
      Add support for public key input and output in rsa and dsa utilities with some     new DSA public key functions that were missing.
      New option -dhparam to s_server to allow the DH parameter file to be set     explicitly. Previously it couldn't be changed because it was hard coded as     "server.pem".
      Fix for bug in pkcs12 program and typo in ASN1_tag2str().
      Fix for bug in pkcs12 program and typo in ASN1_tag2str().
      Fix incorrect usage messages in some commands.
      New functions to parse and get extensions.
      Add EX_DATA support to X509.     Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
      Initial support for certificate purpose checking: this will     ultimately lead to certificate chain verification. It is     VERY EXPERIMENTAL at present though.
      Replace the macros in asn1.h with function equivalents. Also make UTF8Strings     tolerated in certificates.
      New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately     this will be used to clear up the horrible DN mess.
      More multibyte character support.
      Continued multibyte character support.
      Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling.
      Allow additional information to be attached to a     certificate: currently this includes trust settings     and a "friendly name".
      Fix to the -revoke option in ca. It was leaking memory, crashing and just     plain not working :-(
      Very preliminary POD format documentation for some     of the openssl utility commands...
      Oops. The pkcs8 man page wasn't finished: this is an updated version
      Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
      Add password command line options to some utils. Fix and update man     pages.
      More docs and corrections/updates
      Oops forgot the S/MIME v3 RFC.
      Merge some common functionality in the apps, delete     the encryption option in the pkcs7 utility (they never     did anything) and add a couple more options to pkcs7.
      Add an spkac manual page and fix the pkcs7 manpage.
      Correct x509 manpaghe and add a crl manpage
      Add info about the header and footer lines used in PEM formats     and add an nseq manpage.
      Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc'     add documentation for 'enc'.
      Add some examples to the enc man page.
      'req' fixes. Reinstate length check one request fields.     Fix to stop null being added to attributes.     Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
      New function X509_cmp().
      Add a salt to the key derivation using the 'enc' program.
      Clarify docs.
      Fix for a bug in PKCS#7 code and non-detached data.
      Modify verify code to handle self signed certificates.
      Support for otherName in GeneralName.
      Transparent support for PKCS#8 private keys in RSA/DSA.
      Support for authority information access extension.
      Initial chain verify code: not tested probably not working     at present. However nothing enables it yet so this doesn't     matter :-)
      New options to the -verify program which can be used for chain verification.     Extend the X509_PURPOSE structure to include shortnames for purposed and default     trust ids.
      Initial trust code: allow setting of trust checking functions     in a table. Doesn't do too much yet.
      Oops! Commit died on me :-(
      Add trust setting support to the verify code. It now checks the     trust settings of the root CA.
      Add part of chain verify SSL support code: not complete or doing anything     yet.
      Remainder of SSL purpose and trust code: trust and purpose setting in     SSL_CTX and SSL, functions to set them and defaults if no values set.
      Document all possible errors (and some impossible) from the verify program.
      Document the extension tests performed by the -purpose test     in the x509 utility.
      Modify the X509 V3 extension lookup code.
      Change the trust and purpose code so it doesn't need init     either and has a static and dynamic mix.
      Fix a bug in the modified purpose code: it wasn't updated to use the     new purpose getting function.
      New function PKC12_newpass()
      Merge in my S/MIME library and utility.
      Modify S/MIME application so the -signer option writes the signer(s)     to a file if we are verifying.
      Add i2d_ASN1_PRINTABLESTRING() function, and do 'make update'
      Make the PKCS#7 S/MIME functions check for passed NULL pointers.
      Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
      Various S/MIME fixes.
      Fix a typo in a_enum.c.
      Various S/MIME fixes. Fix for memory leak, recipient list bug     and not excluding parameters with DSA keys.
      Fix the S/MIME code to use canonical MIME format for     encrypted mail. Also update the smime docs.
      Delete an unused variable and make the PKCS#12 keygen debugging code work     again.
      Support for ASN1 NULL type.
      Add PKCS#8 utility functions and add PBE options.
      Fixes so NO_RSA works again.
      Allow passwords to be included on command line for a few     more utilities.
      New {i2d,d2i}_PrivateKey_{bio, fp} functions.
      Simplify the trust structure: basically zap the bit strings and     represent everything by OIDs.
      Add OIDs for idea and blowfish. Unfortunately these are in     the middle of the OID table so the diff is rather large :-(
      Fix some of the command line password stuff. New function     that can automatically determine the type of a DER encoded     "traditional" format private key and change some of the     d2i functions to use it instead of requiring the application     to work out the key type.
      Add support for MS "fast SGC".
      Initial automation changes to 'req' and X509_ATTRIBUTE functions.
      More X509_ATTRIBUTE changes.
      #undef PKCS7_SIGNER_INFO for Win32 to avoid clashes.
      Add PKCS#12 manpage and use MAC iteration counts by default.
      Manpages for the DH utils and fix for a memory leak in dh program
      Add -prexit command to s_client and patch some BIO     functions so it doesn't crash. Document s_client.
      Man page for s_server.
      New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.     Remove references to 'TXT' in -inform and -outform switches.
      Update docs.
      Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers.
      Finish off the X509_ATTRIBUTE string stuff.
      Oops... undo change to wrong prototype.
      Change the 'man' directory to 'apps'. Yes I wish cvs     could rename too :-(
      Make -CAcreateserial start from 1 instead of 0 for     serial numbers.
      Docs for sess_id utility.
      Apply Lutz Behnke's 56 bit cipher patch with a few     minor changes.
      Gets Lutz Jaenicke's name right this time :-)
      Add new program dhparam and update docs.
      Minor patch: check only match @STRENGTH and remove eNULL     comment.
      Make s_server, s_client check cipher list return codes.
      Tidy up CRYPTO_EX_DATA structures.
      Document how CRYPTO_EX_DATA stuff works for     RSA structures. Other structures behave in     a similar way.
      New -pkcs12 option to CA.pl.     Document CA.pl script.     Initialise and free up the extra DH fields     (nothing uses them yet though).
      Add CA.pl man page this time...
      Fix CRL encoding bug.
      Update docs.
      Update docs.
      Add new -notext option to 'ca', -pubkey option to spkac.
      Rename SSLeay_add_all_algorithms() et al to     OpenSSL_add_all_algorithms(). Move these into     separate files so they work properly.
      Add support for some broken PKCS#8 formats.
      Document EVP digest operations.
      Rename the X509V3_*_d2i functions to X509_get_ext_d2i() etc.     This better reflects their behaviour.
      Add command line password options to the reamining utilities,     amend docs.
      Update docs.
      Make pkcs12 and smime applications seed random number     generator (otherwise they don't work) and add -rand     option. Update docs.
      Modernise 'selfsign.c' to use new X509_NAME code     and add example of extension aliasing. Also fix     the extension aliasing because it didn't work :-)
      Fix for Netscape "hang" bug.
      Pass phrase reorganisation.
      Add -pass argument to 'enc'.     Fix to make Win32 compile work again.
      New functions and option to use NEW in certificate requests.
      Add -clrext option to 'x509'
      Change the 'other' structure in certificate aux info.
      Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for     the old functionality.
      Update docs.
      Make pkcs8 work again.
      Allow ADH to be used but not present in the default cipher     list.
      Add PBE algorithms with ciphers, not digests.
      Allow code which calls RSA temp key callback to cope     with a failure.
      Rename functions for new convention.
      Fix shadow warning.
      Make ASN1 types real typedefs.
      Fix so Win32 assembly language works with MASM.
      Fix so Win32 compiles again...
      Don't call BN_rand with zero bits in bntest.c
      Ouch! PKCS7_encrypt() was heading MIME text headers twice     because it added them manually and as part of SMIME_crlf_copy().     Removed the manual add.
      Fix bug which would free up a public key     twice if the verify callback tried to     continue after a signature failure.
      Move the 'file scope' argument in set_label to     the third argument: the second was being used     already.
      Make name_funcs_stack static.
      Fix the PKCS#8 DSA code so it works again. All the     broken formats worked but the valid didn't :-(
      New compatability trust and purpose settings.
      Manual pages for EVP signing and verifying.
      Manual pages for EVP_Open* and EVP_Seal*
      Fix typo and make ca get the CA and request fields correct.
      Don't Free() password if it was read from config file.
      Make V_ASN1_APP_CHOOSE work again.
      Fix a memory leak in PKCS12_parse.     Don't copy private key to X509 etc public key structures.     Fix for warning.
      Update docs and remove old PKCS#7 README file.
      Add a few more FAQs.
      Update docs.
      Fix for HMAC.
      Add a couple of FAQs.
      Make PKCS#12 code handle missing passwords.
      Fix for SSL server purpose checking
      Fix c_rehash script, add -fingerprint option to crl.
      Add DSA library string. Workaround for IIS .key file invalid     ASN1 encoding.
      Beginnings of EVP cipher overhaul. This should eventually     enhance and tidy up the EVP interface.
      Second phase of EVP cipher overhaul.
      Third phase of EVP cipher overhaul.
      Fourth phase EVP revision.
      Fourth phase EVP revision.
      More EVP cipher revision.
      Document EVP routines. Change EVP_SealInit() and EVP_OpenInit()     to support multiple calls.
      Make EVP_SealInit() and EVP_OpenInit() check EVP_EncryptInit() and     EVP_DecryptInit() return values.
      Fix evp_locl.h macros.
      Add support for the modified SGC key format used in IIS.
      Safe stack reorganisation in terms of function casts.
      Handle ASN1_SET_OF and PKCS12_STACK_OF using function     casts in the same way as STACK_OF.
      Fixes for Win32 build.
      Change mkstack.pl so it now sorts each group     into lexical order. Previously it depended on     the order of files in the directory.
      Update STATUS.
      New ASN1 functions that just deal with     content octets, not tag+length.
      Fix some typose in the i2d/d2i functions that     call the i2c/c2i (they were not using the     content length for the headers).
      Make req seed the PRNG if signing with     an already existing DSA key.
      Make NEG_PUBKEY_BUG on by default.
      Fix warnings.
      Fix a bug in the new i2d_{ENUMERATED,INTEGER} that     didn't recognise NULL to mean 'don't output anything'
      New ASN1_STRING_print_ex() and X509_NAME_print_ex()     functions. These are intended to be replacements     for the ancient ASN1_STRING_print() and X509_NAME_print()     functions.
      Document the new DN printing options.
      Changes needed for Tandem NSK, supplied by Scott Uroff (scott at xypro.com).
      Fix for bad sorting of object names.
      Various fixes...
      Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c
      Fix ASN1_INTEGER_to_BN properly this time...
      Add support for 'other' PKCS#7 content types.
      New option to CA.pl to sign request using CA extensions.     This allows intermediate CAs to be created more easily.
      Change PKCS#7 test data to take account of removal of     indefinite length encoding.
      Fix typo in i2d_ASN1_ENUMERATED
      Add 'rsautl' low level RSA utility.
      Keep a not of original encoding in certificate requests.
      *BIG* verify code reorganisation.
      Fix typo in rsautl.
      Some BIO docs, incomplete, more to follow.
      Add docs for BIO_find_type() and friends.
      Ugh, BIO_find_type() cannot be passed a NULL.
      Two new PKCS#12 demo programs.
      Update verify docs.
      Add BIO_read() (etc.) docs.
      Really add BIO_read this time...
      More preliminary BIO docs...
      More new BIO docs, correct some old ones.
      Docs for cipher and base64 BIOs.
      More BIO docs.
      Clarify some of the I/O issues.
      BIO_s_fd() manual page.
      Docs for socket BIO.
      Initial connect BIO docs.
      BIO_s_bio() manual page detailing BIO pair.
      Update BIO_s_connect().
      Accept BIO docs.
      BIO_f_ssl() docs.
      Remove redundant manpages and references to them.
      New macro BIO_set_shutdown_wr().
      Work around for Netscape PKCS#7 signedData bug.
      Clarify the BIO_seek() mess and related issues.
      Fix a typo in apps/pkcs12.c which was using the wrong part of     ASN1_TYPE (though they are both ASN1_STRING so it didn't cause     any problems).
      Add docs for X509_get_ext_d2i() function.
      Fix ASN1_TYPE bug.
      Only use the new informational verify codes if we     specifically ask for them.
      Global DirectoryString mask fix.
      More code for X509_print_ex() support.
      Make non blocking I/O work for accept BIOs.
      Fix for typo in certificate directory lookup code.
      Update test server certificate in apps/server.pem (it was expired).
      Move expired CA certificate.
      Fix for bug (?) in assembly language routines for SHA1. This     causes MASM to complain and not produce valid debug info.     Hopefully this wont break anything else...
      Merge from the ASN1 branch of new ASN1 code     to main trunk.
      Rewrite the extension code to use an ASN1_ITEM structure     for its ASN1 operations as well as the old style function     pointers (i2d, d2i, new, free). Change standard extensions     to support this.
      Stop extension creation code core dumping.
      Replace the old style OCSP ASN1 module.
      Change the PKCS7 structure to use SEQUENCE OF for the     authenticated attributes: this is used to retain the     original encoding and not break signatures.
      New function X509_signature_print() to remove some duplicate     code from certificate, CRL and request printing routines.
      New function X509V3_extensions_print() this removes extension duplication     from the print routines.
      Add OCSP nonce extension to supported extensions.
      Implement some standard OCSP extensions in the v3 code. These     are all raw print only extensions at present.
      Add a couple of FAQs.
      Make mkdef.pl parse some ASN1 IMPLEMENT macros.
      Add support for the noCheck OCSP extension. This is     just a NULL and appears in a certificate.
      Add OCSP service locator extension.
      Redo OCSP response printing. Remove duplicate or     obsolete code. Delete some redundant files.
      Fixes to OCSP print code.
      Various Win32 related fixes. Doesn't compile yet on     Win32 but it is getting there...
      New function X509V3_add_i2d() this is used for     encoding, replacing and deleting extensions.
      X509V3_add_i2d() needs to be able to allocate a     STACK_OF(X509_EXTENSION) so it should be passed     STACK_OF(X509_EXTENSION) ** in the first argument.
      Avoid compiler warnings in hw_ubsec.c: unused static     functions and signed/unsigned mismatch.
      New OCSP extension functions.
      ASN1_ITEM versions of sign, verify, pack and unpack.
      Add NO_ASN1_OLD to remove some old style functions:     currently OpenSSL itself wont compile with this set     because some old style stuff remains.
      ASN1_ITEM version of ASN1_dup(). Might want     something more efficient later...
      Replace the old ASN1_dup() with ASN1_item_dup() and     zap some evil function pointers casts along the way...
      ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of     most of the old wrappers. A few of the old versions remain     because they are non standard and the corresponding ASN1     code has not been reimplemented yet.
      Delete PKCS#12 redundant files.
      Rewrite PKCS#12 code and remove some of the old     horrible macros.
      Fix the S/MIME code so it now works again and     uses the new ASN1 code.
      Update OCSP API.
      Fix typo in OCSP nonce extension.
      Modify OCSP API to more closely reflect     application needs.
      Add set of OCSP client functions. All experimental     and subject to addition, modifcation or deletion.
      Add prototypes for new OCSP functions.
      Fix uni2asc() so it can properly convert zero length     unicode strings. Certain PKCS#12 files contain these     in BMPStrings and it used to crash on them.
      OCSP basic response verify. Very incomplete     but will verify the signatures on a response     and locate the signers certifcate.
      Fix typo in OCSP ASN1 module, this caused     invalid format in OCSP request signatures.
      New OCSP utility. This can generate, parse and print     OCSP requests. It can also query reponders and parse or     print out responses.
      Preliminary ocsp utility documentation.
      Fix warning in apps/ca.c
      Change PKCS#12 key derivation routines to cope with     non null terminated passwords.
      Initial OCSP certificate verify. Not complete,     it just supports a "trusted OCSP global root CA".
      Implement remaining OCSP verify checks in     accordance with RFC2560.
      Don't shadow.
      Additional functionality in ocsp utility: print summary     of status info. Check nonce values. Option to disable     verify. Update usage message.
      Fixes to various ASN1_INTEGER routines for negative case.
      Update ocsp utility documentation.
      Fix to stop X509_time_adj() using GeneralizedTime.
      Add debugging info to new ASN1 code to trace memory leaks.
      Zero the premaster secret after deriving the master secret in DH     ciphersuites.
      New OCSP response verify option OCSP_TRUSTOTHER
      Make sk_sort tolearate a NULL argument.
      Tolerate some "variations" used in some     certificates.
      Tidy up the mess in bss_sock.c and bss_fd.c     by placing them socket/fd code in separate     files rather than trying to have them both     share the same one.
      Various function for commmon operations.
      Various OCSP responder utility functions.
      Fix ASN1_TIME_to_generlizedtime().
      New function to copy nonce values from OCSP     request to response.
      Fix AES code.
      Allow various options to be included for signing and verify of     OCSP responses.
      Add missing \n's to ocsp usage message.
      Various updates to mkdef.pl to cope with new aes     and ASN1 code.
      Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
      Fix CRL printing to correctly show when there are no revoked certificates.
      Work around for libsafe "error".
      Modify OCSP nonce behaviour.
      New function OCSP_parse_url() and -url option for ocsp utility.
      Initial OCSP SSL support.
      Option to disable standard block padding with EVP API.
      New options to 'ca' utility to support CRL entry extensions.
      New -set_serial options to 'req' and 'x509'.
      Fix typo.
      Rebuild ASN1 error codes to remove unused function and reason codes.
      Initial support for ASN1_ITEM_FUNCTION option to     change the way ASN1 modules are exported.
      Get rid of ASN1_ITEM_FUNCTIONS dummy function     prototype hack. This unfortunately means that     every ASN1_*_END construct cannot have a     trailing ;
      Oops, forgot CHANGES entry for ASN1_ITEM_FUNCTIONS.
      Make OCSP cert id code tolerate a missing issuer certificate     or serial number.
      Stop PKCS7_verify() core dumping with unknown public     key algorithms and leaking if the signature verify     fails.
      Print out OID of unknown signature or public key     algorithms.
      New function and options to check OCSP response validity.
      Trap an invalid ASN1_ITEM construction and print out     the errant field for more ASN1 error conditions.
      Enhance OCSP_request_verify() so it finds the signers certificate     properly and supports several flags.
      Typo in comment.
      Fix a bug which caused BN_div to produce the     wrong result if rm==num and num < 0.
      Fix bug in copy_email() which would not     find emailAddress at start of subject name.
      Make EVP_Digest*() routines return a value.
      Change the EVP_somecipher() and EVP_somedigest()     functions to return constant EVP_MD and EVP_CIPHER     pointers.
      Update docs.
      Add the 'ec' directory to mkdef.pl and mkfiles.pl     so the Windows build can see it.
      In crypto/ec #if 0 out structures which reference (currently)     non existent functions because this breaks shared libraries.
      Initial docs for PEM routines.
      Document the -certopt option to the x509 utility.
      Overhaul the display of certificate details in     the 'ca' utility. This can now be extensively     customised in the configuration file and handles     multibyte strings and extensions properly.
      Add 'align' option to nameopt.
      Add copy_extensions option to 'ca' utility.
      Fix PKCS#12 key generation bug.
      Rewrite CHOICE field setting code to properly handle     combine in CHOICE options.
      Fix ASN1 bug when decoding OTHER type.
      Win32 fixes:
      Initial CRL based revocation checking.
      Allow various X509_STORE_CTX properties to be     inherited from X509_STORE.
      Fix to allow multiple NONE libraries in mkerr.pl .
      Fix warning with DEBUG_SAFESTACK
      Purpose and trust setting functions for X509_STORE.
      Under VC++ _DLL is set to indicate that the application     will be linked against the DLL runtime library. It is     automatically set when /MD is used.
      Change Win32 to use EXPORT_VAR_AS_FN.
      #if 0 out deleted (?) functions to stop Win32 DLL     build falling over.
      Fix for new UI functions under Win32.
      Add examples to EVP_EncryptInit manual page.
      Add missing variable length cipher flag for Blowfish.
      Add support for MS CSP Name PKCS#12 attribute.
      Initialize UI ex_data.
      Make update
      Don't set pointer if add_lock_callback used.
      make apps compile again
      Fix memory leaks.
      Change all calls to low level digest routines in the library and     applications to use EVP. Add missing calls to HMAC_cleanup() and     don't assume HMAC_CTX can be copied using memcpy().
      Fix memory leak when RAND is used: need to cleanup     RANDs ENGINE reference in ENGINE_cleanup().
      Update my config entry to allow use of DSOs.
      In UI_dup_*() function, use the duped string, not the original.
      Fix UI leak in apps.
      Fix hwcrhk_insert_card.
      In {RSA,DSA,DH}_new_method(x) need to increase the reference     count of the ENGINE is x is not NULL since it will be freed     in {RSA,DSA,DH}_free().
      Handle empty X509_NAME in printing routines.
      Another empty X509_NAME fix.
      Modify apps to use NCONF code instead of old CONF code.
      In ocsp_match_issuerid() we are passed the CA that signed the responder     certificate so need to match its subject with the certificate IDs in the     response.
      Delete extra ;
      Initial OCSP server support, using index.txt format.
      Allow OCSP server to handle multiple requests.
      First of several reorganisations to     reduce linker bloat. For example the     single line:
      More linker bloat reorganisation:
      Make sure *outl is always initialized in EVP_EncryptUpdate().
      Add CRL utility functions to allow CRLs to be     built up without accessing structures directly.
      Make -passin -passout etc work again.
      Add #ifdefs to some devcrypto code
      Load OCSP responder key before waiting for an incoming     connection so it can prompt for pass phrase on startup     instead of after the first connection.
      Replace old (and invalid) copyright notice.
      Add certificate and request demos.
      Fix AES CBC mode EVP_CIPHER structures: the IV length is always     16.
      Support fractional seconds in GeneralizedTime
      Make (ancient) sign.c demo compile again.
      Constify EVP_SealInit, EVP_OpenInit
      Modernise and fix (ancient) "maurice" demos.
      Make EVP_DecryptUpdate work again.
      Use the maximum block length for the extra size in the encrypt     BIO buffer instead of hard coding it as 8.
      Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()     with existing code.
      Update docs.
      Modify EVP cipher behaviour in a similar way     to digests to retain compatibility.
      Update docs.
      Add missing EVP_CIPHER_CTX_{init,cleanup}
      Stop spurious "unable to load config info" errors in req
      Reject certificates with unhandled critical extensions.
      Sanitize CHANGES entry.
      New options to allow req to accept UTF8 strings as input.
      Add support for Subject Info Acess extension.
      Stop compiler warnings.
      Bugfixes for noemailDN option. Make it use the     correct name (instead of NULL) if nomailDN is     not set, fix memory leaks and retain DN structure     when deleting emailAddress.
      Allow ca to certify requests containing BMPStrings and UTF8Strings.
      Another noemailDN fix.
      Fix email address delete code.
      Win32 fixes.
      PKCS#12 code fixes: initialize and cleanup digests and ciphers     properly.
      Add an FAQ.
      NO_DSA, NO_RSA patches.
      Add -pubkey option to req command.
      Make EVP_SealInit() return the correct value.
      EVP_BytesToKey documentation.
      Don't overwrite signing time.
      Update PEM docs
      Experimental configuration code.
      Initial ENGINE config module, docs to follow.
      default_algorithms option in ENGINE config.
      #undef some things that cause a conflict under Win32 when     wincrypt.h is included.
      Config file updates from stable branch
      Config code updates.
      Update from stable branch.
      make errors
      non-Monolith fixes.
      Fix for AIX.
      New OPENSSL_LOAD_CONF define to load openssl.cnf     when OpenSSL_add_all_algorithms() is called.
      Updates from stable branch.
      Make the engine config module always add dynamic ENGINEs     to the list using dynamic_path. This stops ENGINEs which     don't supply any default algorithms being automatically     freed (because they have no references) and allows them     to be accessed by id.
      Fix new -aes command argument handling
      Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up.
      Fix warnings about signed/unsigned mismatch and global     shadowing (random, index) in hw_4758_cca.c
      Make sure the type accessed by the LONG and ZLONG ASN1 type     is really a long, to avoid problems on platforms where     sizeof(int) != sizeof(long).
      ENGINE module additions.
      Fix the Win32_rename() function so it correctly     returns an error code. Use the same code in Win9X     and NT.
      Make {RSA,DSA,DH}_new_method obtain and release an ENGINE     functional reference in all cases.
      Make ciphers and digests obtain an ENGINE functional reference     if impl is explicitly supplied.
      Fix various warnings when compiling with KRB5 code.
      Fix ASN1 additions for KRB5
      Fix Kerberos warnings with VC++.
      Undo previous patch: avoid warnings by #undef'ing     duplicate definitions.
      Initialize cipher context in KRB5     ("D. Russell" <russelld at aol.net>)
      Ensure EVP_CipherInit() uses the correct encode/decode parameter if     enc == -1
      Initialize ciph_ctx in kssl.c
      Add apps_startup and bio_err init code to smime.c
      Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned.
      Fallback to normal multiply if n2 == 8 and dna or dnb is not zero     in bn_mul_recursive.
      Add config entry debug-steve-linux-pseudo64.  This sets the     SIXTY_FOUR bignum library option to use 64 bit operations     on the 32 bit linux platform.
      EVP_SealFinal should return a value.
      Zero cipher_data in EVP_CIPHER_CTX_cleanup
      Add missing EVP_CIPHER_CTX_init call.
      Fix Mingw32 asm build: use the Unix     bignum assembly method of bn-586.pl     and co-586.pl which (for some reason)     VC++ doesn't use.
      Reorganise -subj option code, fix buffer overrun.
      Make i2c_ASN1_BIT_STRING return the correct length.
      The new ASN1 code automatically allocates     structures for fields that are not OPTIONAL.
      Fix ext_dat.h extension ordering.
      Fix the ASN1 sanity check: correct header length     calculation and check overflow against LONG_MAX.
      Fix typo
      Fix typo in OBJ_txt2obj which incorrectly passed the content     length, instead of the encoding length to d2i_ASN1_OBJECT.
      Fix block_size field for CFB and OFB modes: it should be 1.
      Fix crahses and leaks in pkcs12 utility -chain option
      #if out unused function to shut the compiler up.
      Change C++ style comments
      Make -nameopt work in req and add support for -reqopt
      Reinstate the check for invalid length BIT STRINGS,     which was effectively bypassed in the ASN1 changed.
      Fix ASN1_STRING_to_UTF8: remove non sensical !*out test.
      Fix typos in PKCS#12 ASN1 code.
      Really fix PKCS7_set_detached this time...
      Preliminary streaming ASN1 encode support.
      Various enhancements to PKCS#12 code, new     medium level API, improved PKCS12_create     and additional functionality in pkcs12     utility.
      Update mkdef.pl to handle new ASN1 macro
      Add declaration got PKCS#7 NDEF.
      make update
      Add version info to Win32 DLLs.
      Some docs relating to X509 ASN1 functions.
      Update RSAPublicKey manual page...
      Oops, remove old comment out debugging printf...
      Various Win32 fixes.
      Update DH parameter docs.
      Update docs.
      Update docs.
      Document "0" and "1" naming convention.
      More d2i/i2d manual pages.
      More docs.
      PKCS7_verify() docs.
      More man pages.
      PKCS12_create manual page
      PKCS12_parse manual page.
      Update docs.
      More docs.
      New docs.
      Typo: v3 is represented by 2.
      Check for NULL ASN1_ITEM when initializeing     boolean option in ASN1_TYPE.
      CRL reason code docs.
      Typo in OCSP ASN1 module
      Initial ASN1 generation code. This can construct     arbitrary encodings from strings and config files.
      Initial ASN1 generation documentation.
      Update docs
      Fix memory leak in s2i_ASN_INTEGER and return an error     if any invalid characters are present.
      Add header ctype.h
      Only accept exact match for modifier or tag name
      Put NAME in right place, fix typo
      Update docs
      Fix get_email: 0 is a valid return value
      Fix documentation of i2d_X509_fp and i2d_X509_bio.
      Add SETWRAP modifier to ASN1 generate.
      In asn1_d2i_read_bio, don't assume BIO_read will     return the requested number of bytes when reading     content.
      Typo in X509v3_get_ext_by_critical
      Make ASN1_TYPE_get() work for V_ASN1_NULL type.
      Fix leak.
      NULL tofree when it is freed to avoid double free.
      Set EXPORT_VAR_AS_FN for BC-32 to work around a compiler bug,
      EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex().
      Check return value of gmtime() and add error codes     where it fails in ASN1_TIME_set().
      Correct EVP_SealInit() documentation, iv is an output     parameter.
      IPv6 display and input support for extensions usingh GeneralName.
      GeneralString support in mini-ASN1 compiler
      Option to disable SSL auto chain build
      Single pass processing to cleartext S/MIME signing.
      Update docs.
      Update debub-steve* entries.
      Fix bug in base64 bios during write an non blocking I/O:     if the write fails when flushing the buffer return the     value to the application so it can retry.
      Re enable the read side non blocking test BIO code.
      Ooops forgot to recognise V_ASN1_GENERALSTRING.
      Base64 bio fixes. The base64 bio was seriously broken     when reading from a non blocking BIO.
      Fix indefinite length encoding so EOC correctly updates     the buffer pointer.
      Support for dirName from config files in GeneralName extensions.
      Encryption BIOs misbehave when used with non blocking I/O.
      Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.
      Avoid warnings for no-engine and PEDANTIC
      Return an error if gmtime returns NULL.
      Fix PEDANTIC stuff...
      Add some OIDs.
      Add entry for domainComponent so it is treated correctly.
      Don't give an error if response reason absent in OCSP HTTP.
      Fix for no-ec on Windows.
      Fix Certificate and CRL adding in X509_load_cert_crl_file:     an X509_INFO structure can contain more than one object,     for example a certififcate and a CRL.
      make update
      Avoid warning.
      Typo: OID should be policyMappings
      Support for policyMappings
      New ASN1 macros to just implement and declare the new and free functions     and changes to mkdef.pl so it recognises them.
      make update
      Support for policy constraints.
      make update
      Name Constraints OID.
      Support for name constraints.
      make update
      Update ocsp usage message and docs.
      Multi valued AVA support.
      Update from stable branch.
      Make DER option work again.
      Add correct DN entry for serialNumber.
      Fix docs.
      The square brackets in BIO_s_bio.pod for some     reason cause wml to bomb out with the error     message:
      PR: 631     Submitted by: Doug Sauder <dws+001 at hunnysoft.com>
      PR: 627
      Various S/MIME bug and compatibility fixes.
      Stop checking for CRLF when start of buffer is reached.
      Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect     results if CR+LF straddles the line buffer.
      Update CHANGES to reflect base64 fix added to 0.9.7
      Really get X509_CRL_CHECK_ALL right this time...
      Return EOF when an S/MIME part have been read.
      Avoid clashes with Win32 names in WinCrypt.h
      outlen should be int * in out_utf8.
      Only accept a client certificate if the server requests     one, as required by SSL/TLS specs.
      New -ignore_err option in ocsp application to stop the server     exiting on the first error in a request.
      In order to get the expected self signed error when     calling X509_verify_cert() in x509.c the cert should     not be added to the trusted store.
      Add -passin support to rsautl
      ASN1 parse fix and release file changes.
      Avoid warnings: add missing prototype, don't shadow.
      Retrieve correct content to sign when the     type is "other".
      Initialize digested data type in PKCS7_set_type().
      New function to initialize a PKCS7 structure of type other.
      Simplify cipher and digest lookup in PKCS#7 code.
      Add support for digested data PKCS#7 type.
      Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
      Give CRLDP its standard name.
      Replace expired certificate.
      Add flag to avoid continuous     memory allocate when calling EVP_MD_CTX_copy_ex().
      Fix handling of -offset and -length in asn1parse tool.
      Use an OCTET STRING for the encoding of an OCSP nonce value.
      Initial docs for the OpenSSL library configuration via openssl.cnf
      More autoconfig docs.
      Documentation of the KISS autoconfig functions.
      Config docs.
      Indent some of the code examples.
      Various X509 fixes. Disable broken certificate workarounds     when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in     CRL issuer certificates. Reject CRLs with unhandled (any)     critical extensions.
      Memory leak fix.
      Call autoconfig code in pkcs7 utility.
      Cleanup ASN1 OID module when it exits.
      Support for inhibitAnyPolicy extension.
      Fix policy constraints syntax.
      Avoid warnings.
      Initial support for certificate policy checking and evaluation.
      Fix ASN1 warnings.
      Fix loads of warnings in policy code.
      Remove BN_CTX debug from debug-steve
      Free up BIO properly when using streaming S/MIME sign.
      Extend OID config module format.
      Allow CRLs to be passed into X509_STORE_CTX. This is useful when the     verified structure can contain its own CRLs (such as PKCS#7 signedData).
      Remove obsolete files.
      Make {i2v,v2i}_ASN1_BIT_STRING global.
      Enhance EVP code to generate random symmetric keys of the     appropriate form, for example correct DES parity.
      New function X509_POLICY_NODE_print()
      Oops forgot CHANGES entry.
      Don't use C++ reserved word.
      Add some root CAs.
      Clear error if unique_subject lookup fails.
      Reduce chances of issuer and serial number duplication by use of random     initial serial numbers.
      Use X509_get_serialNumber() instead of accessing internals in x509.c
      New option to 'x509' -next_serial. This outputs the certificate     serial number plus 1 to the output file. Its purpose is to allow     serial number files to be initialized when random serial numbers     are used.
      Fix leak.
      Reformat/tidy some of the ASN1 code.
      More ASN1 reformat/tidy.
      Make ASN1 code work again...
      Make self signing option of 'x509' use random serial numbers too.
      Fixes so alerts are sent properly in s3_pkt.c
      Add SHA256 and SHA512 algorithms to mkdef.pl.
      Delete obsolete and unimplemented function.
      Delete unused function from libeay.num, replace with one     that does exist.
      Reformat pkcs8 source.
      Stop compiler warnings with debug-steve
      Don't try to parse non string types.
      PKCS#8 fixes from stable branch.
      Delete non-POSIX header file.
      Delta CRL support in extension code.
      Add FIPS library name to error routines.
      Oops, wrong version...
      Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility.
      Call setup_engine after autoconfig.
      Make ASN1_INTEGER_cmp() work as expected with negative integers.
      Update FAQ.
      Stop compiler warnings.
      New X509_VERIFY_PARAM structure and associated functionality.
      Reformat smime.c
      Don't use 'explicit' for variable name.
      Reformat smime utility.
      When looking for request extensions in a certificate look first     for the PKCS#9 OID then the non standard MS OID.
      Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed     in ASN1_STRING_to_UTF8().
      Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
      Don't use C++ reserved work "explicit".
      Update debug-steve
      Fix race condition when CRL checking is enabled.
      Fix race condition when SSL ciphers are initialized.
      Update FAQ.
      Update NEWS
      Don't return an error with crl -noout.
      Use the default_md config file value when signing CRLs.
      Fix x509.c so it creates serial number file again if no     serial number is supplied on command line.
      PR: 969     Submitted by: David Holmes <davidh at 3blackdogs.com>
      Zap obsolete der_chop script.
      PR: 938
      PR: 923
      PR: 940
      Initial pod documentation of X509V3 config file format.
      PR: 910
      Update X509v3 docs.
      Update X509v3 doc.
      In "req" exit immediately if configuration file is needed and it can't     be loaded instead of giving the misleading:
      Fix memory leak.
      Check return code of EVP_CipherInit() in PKCS#12 code.
      Update docs.
      Update docs
      Allow alternative manual sections to be embedded in .pod file comments.
      Add errstr manual page
      Perform partial comparison of different character types in X509_NAME_cmp().
      Add couple of OIDs. Resync NIDs for consistency with 0.9.7.
      V1 certificates that aren't self signed can't be accepted as CAs.
      Add -passin argument to dgst command.
      In by_file.c check last error for no start line, not first error.
      Update year.
      Add lots of checks for memory allocation failure, error codes to indicate     failure and freeing up memory if a failure occurs.
      Remaing bits of PR:620 relevant to 0.9.8.
      Use X509_cmp_time() in -checkend option, to support GeneralizedTime.
      Update 'certs' directory. Move expired certificates to expired directory     and zero assurance demontrations CAs to 'demo'.
      Automatically mark the CRL cached encoding as invalid when some operations     are performed.
      Remove duplicate lines.
      Fix s_client so it works without a certificate again.
      Don't use multiple storage types.
      Remove unused buffer 'buf'.
      Prompt for passphrases for PKCS12 input format
      PKCS7_verify() performance optimization. When the content is large and a     memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots     of slow memory copies from the memory BIO by saving the content in a     temporary read only memory BIO.
      In mkdef.pl ignore trailing whitespace in #ifdef lines
      Fix possible memory leak.
      Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and     client random values.
      Doc fixes.
      Update FAQ
      Make kerberos ciphersuite code work with newer header files
      Move allow_proxy_certs declaration to start of function.
      Include error library value in C error source files instead of fixing up     at runtime.
      Rebuild error codes.
      Replace overwritten lines before error codes.
      More overwritten stuff...
      Update FAQ.
      Check return values of <Digest>_Init functions in low level digest calls.
      Fix from stable branch.
      Various Win32 and other fixes for warnings and compilation errors.
      Update year.
      Ignore TYPEDEF_OF in mkdef.pl
      New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script     to use it.
      Stop perl warning.
      Fix logic in mkdef.pl function is_valid.
      Handle similar mk1mf.pl options with a hash table.
      Process MINFO file earlier in mk1mf.pl so it can modify variables like CFLAGS.
      Stop bogus shadowing warning.
      Stop compiler warnings about deprecated lvalue casts.
      Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
      Make kerberos ciphersuite code compile again.
      Don't use standard kerberos library locations in MK1MF builds.
      Recognize zlib and krb5 options in mk1mf.pl
      False positive removed.
      Fixes for signed/unsigned warnings and shadows.
      Remove more false positives.
      Port from stable branch.
      Remove more false positives.
      Port prime utility across from stable branch.
      More false positives and cases covered by port of prime.c
      Port from stable branch.
      Remove more false positives.
      Stop unused variable warning.
      Port BN_MONT_CTX_set_locked() from stable branch.
      Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several     casts.
      Lots of Win32 fixes for DTLS.
      Update default dependency flags.
      Increase offset for BIO_f_enc() to avoid problems with overlapping buffers     when decrypting data.
      Use more efficient way to locate end of an ASN1 structure.
      Don't attempt to parse nested ASN1 strings by default.
      Support for smime-type MIME parameter.
      Fix from stable branch.
      Avoid warnings.
      Some C compilers produce warnings or compilation errors if an attempt     is made to directly cast a function of one type to what it considers and     incompatible type. In particular gcc 3.4.2.
      openssl_fcast should always be defined, not just with DEBUG_SAFESTACK
      Make -CSP option work again in pkcs12 utility by checking for     attribute in EVP_PKEY structure.
      Make update.
      Assing check_{cert,crl}_time to 'ok' variable so it returns errors on     expiry.
      Update from 0.9.7-stable. Also repatch and rebuild error codes.
      Add pss/x931 files.
      Update from stable branch.
      Update from 0.9.7-stable.
      Update CHANGES.
      Use correct name for config file env variable.
      Fix for padding X9.31 padding check and zero padding bytes.
      Fix extension ordering.
      Add Argen root CAs.
      Sync libeay.num
      Check PKCS7 structures in PKCS#12 files are of type data.
      Update from stable branch.
      Initial print only support for IDP CRL extension.
      Print out previously unsupported fields in CRLDP by i2r instead of i2v.
      Typo which prevents mult valued RDNs being created.
      Allow setting of all fields in CRLDP. Few cosmetic changes to output.
      Don't use @syntax for extended CRLDP format.
      Add support for setting IDP too.
      Add declaration for IDP ASN1 functions.
      Update ASN1 printing code. Highly experimental, not working properly (neither     did the old code) and not compiled in yet...
      Handle case where it==NULL
      Allow PKCS7_decrypt() to work if no cert supplied.
      Initialize SSL_METHOD structures at compile time. This removes the need     for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
      New version of ASN1 print code, still not compiled in though.
      Remove ASN1_METHOD code replace with new ASN1 alternative.
      Update from stable branch.
      Add file which includes new ASN1 NETSCAPE format for certificates.
      Delete old ASN1_METHOD files.
      Command line support for RSAPublicKey format.
      Use correct date and filename.
      Integrated support for PVK files.
      Initial support for ASN1 print code.
      Update ASN1 printing code and add a -print option to 'pkcs7' utility for     initial testing.
      Return 2 from X509_NAME printing routine to add newline.
      Extend callback function to support print customization.
      Two new verify flags functions.
      Update to ASN1 printing code.
      Update asn1t.h too for ASN1 print.
      Update ASN1 print implement macro.
      Update print macro properly this time...
      Fix for Win32.
      Change openssl.cnf to use UTF8Strings by default and not always include issuer     and serial versions of AKID.
      128 bit AES ciphersuites should be classified as HIGH.
      Update from stable branch.
      Make OPENSSL_NO_COMP compile again.
      Fix compilation without OPENSSL_NO_COMP :-)
      Make OPENSSL_NO_COMP work under Win32.
      Oops :-)
      Initialize bignum constants using BN_bin2bn() instead of BN_hex2bn(). This     saves a bit of space and avoids a compiler warning about string length.
      New option SSL_OP_NO_COMP to disable compression. New ctrls to set     maximum send fragment size. Allocate I/O buffers accordingly.
      Avoid warning on Win32.
      Add PVK support to dsa utility.
      Include kerberos libraries (if used) when linking test apps: some need it.
      Update from stable branch.
      Add symbols for ASN1 print functions, update ordinal file.
      Make DLL engines the default in 0.9.9 and VC++.
      Update from stable branch.
      Update docs.
      Update from stable branch.
      Extensive OID code enhancement and fixes.
      Make CA.pl script use CA extensions when creating a root CA.
      Include EVP_whirlpool() prototype in evp.h
      Add error checking to avoid crashing when zlib cannot be loaded.
      New functions to support opaque EVP_CIPHER_CTX handling.
      Update ordinals and include changes from 0.9.8.
      Make ZLIB without ZLIB_SHARED compiled again.
      Make mk1mf.pl and friends recognize Whirlpool.
      Update from stable branch.
      Update from 0.9.8-stable.
      Avoid warnings on VC++ 2005.
      Initial attempt at Whirlpool assembler support on VC++.
      Don't include zlib header dir if it is not defined.
      Add cpuid code to VC++ build.
      In ASN1_parse() show tag value for ASN1 tags > 30.
      Update from stable branch.
      Fix from stable branch.
      Fixes for BOOL handling: produce errors for invalid string for mini-compiler,     correctly encode FALSE for BOOL in ASN1_TYPE.
      Ignore zero length constructed segments.
      Recognize mingw in perlasm.
      Update filenames in makefiles.
      Update from 0.9.7-stable.
      Avoid warnings about shadowed definitions.
      Fix warnings about "sin" conflicting with sin(3) definition.
      Add FAQ about AKID.
      Minor clarification.
      Fix warnings.
      Fix from stable branch.
      Tolerate a SEQUENCE in DN components.
      Print out <INVALID> if an OID value is invalid.
      Check EVP_DigestInit_ex() return value in EVP_BytesToKey().
      Stop compiler warnings.
      Initial support for pluggable public key ASN1 support. Process most public     key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move     the spaghetti algorithm specific code to a single ASN1 module for each     algorithm.
      Transfer parameter handling and key comparison to algorithm methods.
      DH EVP_PKEY_ASN1_METHOD, doesn't do much (yet?).
      Gather printing routines into EVP_PKEY_ASN1_METHOD.
      Move algorithm specific print code from crypto/asn1/t_pkey.c to separate     *_prn.c files in each algorithm directory.
      Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to     initialize it. Initial support for application added public key ASN1.
      Add information and pem strings. Update dependencies.
      Fix bug in DSA, EC methods.
      Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.
      Initial support for generalized public key parameters.
      New general public key utility 'pkey'.
      New utility pkeyparam. Enhance and bugfix algorithm specific parameter     functions to support it.
      Fix bug where freed OIDs could be accessed in EVP_cleanup() by     defering freeing in OBJ_cleanup().
      Add missing function declaration.
      Add some GOST OIDs.
      Fix typo.
      Fix gost OIDs.
      Initialize pval.
      Don't free up key in priv_decode.
      Add GOST parameter set OIDs.
      More GOST OIDs
      Update and add last (?) set of GOST OIDs.
      Stop warning.
      New function to retrieve ASN1 info on public key algorithms. New command     line option to print out info.
      Fix dynamic public key method lookup.
      Add an explicit load_config() call so any added algorithms are     visible.
      Minor object name edit.
      Typos in a few OID names.
      Rebuild mac table to avoid duplicates.
      Last arg to EVP_PKEY_assign() should be void *.
      New function to add dynamic alias.
      Initial definitions and a few functions for EVP_PKEY_METHOD: an extension     of the EVP routines to public key algorithms.
      Updated to EVP_PKEY_METHOD code... still doesn't do much.
      Initial functions for main EVP_PKEY_METHOD operations.     No method implementations yet.
      Include EVP_PKEY argument in EVP_PKEY_CTX_new(). This avoids the     need for a separate EVP_PKEY parameter in the other operation     initialization routines.
      New utility 'pkeyutl' a general purpose version of 'rsautl'.
      If <operatio>_init function is zero interpret as noop.
      Initial functions for RSA EVP_PKEY_METHOD.
      Implement encrypt/decrypt using RSA.
      Update dependencies.
      Reformat pkeyutl.c, add support for verify operation but nothing actually     supports it (yet).
      Fix typo. Add EVP_PKEY_CTX control function for later use by command line     utilities.
      Add RSA ctrl for padding mode, add ctrl support in pkeyutl.
      Add checking to padding ctrl.
      Support for digest signing and X931 in rsa_pkey_meth.
      Bugfix X9.31 padding.
      Store digests as EVP_MD instead of a NID.
      New utility function to reverse a buffer, either by copying or in-place.
      Implementation of pkey_rsa_verify. Some constification.
      Change operation values so they can be used as a mask.
      Beginnings of PSS support.
      Preliminary PSS support.
      ctrls to set PSS salt length.
      Initial keygen support.
      Add support for setting keybits and public exponent value for pkey RSA keygen.
      Add parameter generation option to genpkey.
      Write parameters if -genparam option include.
      Fix parameter error messages.
      Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
      Support for DSA keygen, fix for genpkey.
      Add file dso_beos.c missing from original commit.
      Compare parameters when comparing public keys.
      Extend DH ASN1 method to support public key encode/decode and parameter     utilities.
      PKCS#3 DH PKCS#8 ASN1 support.
      Fix leak.
      Extend DH ASN1 method, add DH EVP_PKEY_METHOD.
      Change the option setting command line switch to "-pkeyopt" to avoid confusion     with algorithm parameters.
      Add key derivation support.
      Update dependencies.
      Complete key derivation support.
      Add functions to allow setting and adding external EVP_PKEY_METHOD.
      Print out zero length string properly.
      Update copyright notices on a few files where all original SSLeay code has     been deleted.
      If cipher list contains a match for an explicit ciphersuite only match that     one suite.
      Revert to original...
      Fix from 0.9.7-stable branch.
      Use more flexible method of determining output length, by setting &outlen     value of the passed output buffer is NULL.
      Provisional support for EC pkey method, supporting ECDH and ECDSA.
      Fix (most) WIN32 warnings and errors.
      If we include winsock2.h then FD_SET wants an unsigned type for an fd.
      Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
      Add OID cross reference table.
      Remove comment from SSLeay days about EVP_PKEY_METHOD.
      Remove link between digests and signature algorithms.
      Remove dss1 hack from S/MIME code.
      Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags.
      Correct copyright notice... this doesn't contain any SSLeay code.
      Add prototypes and pkey accessor function for EVP_PKEY_CTX.
      Fix usage message for pkeyutl.
      Don't free up parameter. The public key ASN1 method can do that if it needs     to.
      New function to extract AlgorithmIdentifier for PKCS7_RECIP_INFO.
      Code tidy.
      Replace RSA specific PKCS7_RECIP_INFO set up with an public key algorithm     ctrl.
      Fix from stable branch.
      Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and     handle unsupported key types.
      Update from stable branch.
      Update FAQ.
      Update from stable branch.
      Fix from stable branch.
      Add support for default public key digest type ctrl.
      Update S/MIME code to use default digest.
      Update PKCS#7 enveloped data to new API.
      Update PKCS#7 decrypt routines to use new API.
      New functions to get key types without dereferncing EVP_PKEY.
      Update 'req' command to use new keygen API.
      Stop warnings about deprecated -mcpu option.
      In interactive mode only config OpenSSL once.
      Check for deprecated private key types before PKCS#8 types.
      Extend PBE code to support non default PKCS#5 v2.0 PRFs.
      Add feature to PKCS12_create() if the encryption NID corresponds to a     supported encryption algorithm instead of a PBE NID then use that     algorithm with PBES2.
      Correctly handle missing DSA parameters.
      Bugfix: the NONE string for PBE algorithms wasn't working.
      Update old **EVIL** PEM_X509_INFO_read_bio() function to correctly assign     private keys.
      Change builting PBE to use static table. Add entries for HMAC and MD5, GOST.
      Add PRF preference ctrl to ciphers.
      Gather keygen options in req and only use them after all other options have     been processed. This allows any ENGINE changing operations to be processed     first (for example a config file).
      HMAC OIDs from RFC4231.
      Extended PBES2 function supporting application supplied IV and PRF NID.
      Tidy up of S/MIME code and add new functions which will make is easier     to create S/MIME signed data with multiple signers.
      PKCS#12 mac key length should equal digest length.
      Don't try to print PBE information if it can't be decoded.
      New option to pkcs12 utility to set alternative MAC digest algorithm.
      Reformat smime.c utility.
      Multiple signer support in smime application.
      Remove old digest type hacks for non RSA keys.
      More S/MIME tidy. Place some common attribute operations in utility     functions.
      make update
      Code tidy.
      Add -resign and -md options to smime command to support resigning an     existing structure and using alternative digest for signing.
      Add ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used     for enhanced sign/verify operations.
      Fix smime -pk7out.
      Use size_t for new crypto size parameters.
      Fix warnings.
      New functions for enchanced digest sign/verify.
      New function to dup EVP_PKEY_CTX. This will be needed to make new signing     functions and EVP_MD_CTX_copy work properly.
      Update EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup().
      Add prototypes, update Win32 ordinals.
      Allow any supported cipher to be used with smime -encrypt.
      Update pkeyutl to use size_t for pkey functions.
      Fix warnings.
      Flush p7bio when all data has been copied.
      Install openssl.cnf to OPENSSLDIR in mk1mf.pl
      New pkey functions for keygen callbacks and retrieving operation type.
      Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.
      Add missing prototype. Extend engine utility to print public key algorithms.
      Fix error code. make update
      Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE     implementations and functional reference counting when a context     is allocated, free or copied.
      Extend default method string to include public key methods.
      Automatically free up dynamically allocated public key methods when     and ENGINE is destroyed.
      Initial public key ASN1 method engine support. Not integrated yet.
      Make update.
      Complete EVP_PKEY_ASN1_METHOD ENGINE support.
      Clarify comment and add #ifdef.
      Add AES and GOST S/MIME capabilities if algorithms are supported.
      Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard     coding it to "sha1".
      Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in     the source.
      Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.
      dsa_pub_cmp() doesn't need to check parameters because that is done in     EVP_PKEY_cmp().
      Add documentation for new smime options.
      Docs for new utilities.
      Initial docs for pkeyutl.
      Update docs with algorithm options.
      Add some EVP_PKEY_METHOD docs.
      Update docs.
      New docs.
      EVP_PKEY_verify() docs.
      Add some examples.
      EVP_PKEY_derive() docs.
      Keygen docs.
      New functions to enumerate digests and ciphers.
      Update docs.
      EVP_PKEY_CTX_ctrl() docs.
      EVP_PKEY_get_default_digest() manual page.
      Public key comparison and printing routine functions.
      Set detached flag in PKCS7 structure earlier to avoid eating up memory.
      New functions to add and free up application defined signature OIDs.
      Allow digests to supply S/MIME micalg values from a ctrl.
      make update
      Update some usage messages.
      Add docs for pkeyparam. Update some existing docs.
      New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.
      Bugfix: don't look in internal table for signature if found in application     supplied list.
      In genpkey, also look for algorithm string name in any supplied ENGINE.
      There is should be no need to rewind the input stream any more.
      New non-blocking OCSP functionality.
      Add -timeout option to ocsp utility.
      Fix various error codes to match functions.
      Update .cvsignore
      Update .cvsignore again.
      WIN32 fixes signed/unsigned issues and slightly socket semantics.
      Store canonical encodings of Name structures. Update X509_NAME_cmp() to use     them.
      Use correct pointer types for various functions.
      Avoid warnings.
      Avoid WIN32 warning.
      Avoid warning.
      Cache some CRL related extensions.
      Support for multiple CRLs with same issuer name in X509_STORE. Modify     verify logic to try to use an unexpired CRL if possible.
      Fix leak
      Fix C++ style comments, change assert to OPENSSL_assert, stop warning with     pedantic mode.
      Kill more C++ comments.
      Add an FAQ.
      Additional detail.
      Add verify callback functions to lookup a STACK of matching certs or CRLs     based on subject name.
      Fixes for new CRL/cert callbacks. Update CRL processing code to use new     callbacks.
      Update docs.
      Support for AKID in CRLs and partial support for IDP. Overhaul of CRL     handling to support this.
      GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
      Overhaul of by_dir code to handle dynamic loading of CRLs.
      Tidy up CRL handling by checking for critical extensions when it is     loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked     entry to avoid the need to access the structure directly.
      Do CRL method init after other operations.
      Updated version of gost engine.
      Compile in gost engine.
      Make int_rsa_sign function match prototype.
      Add missing prototype. Fix various warnings (C++ comments, ; outside function).
      Updated file.
      Update length if copying MSB set in asn1_string_canon().
      Using correct lock for X509_REQ.
      Buffer size handling fix for enc.
      Submitted by: Brad Spencer <spencer at jacknife.org>     Reviewed by: steve
      Initialize new callbacks and make sure hent is always initialized.
      Place standard CRL behaviour in default X509_CRL_METHOD new functions to     create, free and set default CRL method.
      Initialize old_priv_encode, old_priv_decode.
      Add documentetion for noCheck extension and add a few cross references to     the extension documentation.
      Add v3 ref to see also sections.
      Fix link for ASN1_generate_nconf
      Don't add the TS EKU by default in openssl.cnf because it then     makes certificates genereated by ca, CA.pl etc useless for anything else.
      Avoid shadow warning.
      Make TSA tests use the noprompt mode of utilities rather than piping     the result into interative utilities.
      OCSP library tidy. Use extension to encode OCSP extensions instead of doing     it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
      Don't assume requestorName is present for signed requests. ASN1 OCSP module     fix: certs field is OPTIONAL.
      Initial, incomplete support for typesafe macros without using function     casts.
      Remove redundant PREDECLARE statement.
      Remove illegal IMPLEMENT macros from header file.
      Update ordinals.
      Update from 0.9.8 stable. Eliminate duplicate error codes.
      Add .cvsignore
      Win32 fixes from stable branch.
      Update dependencies.
      Import ordinals from 0.9.8 and update.
      Fix default dependency flags.
      Fix change to OPENSSL_NO_RFC3779
      Sync OID NIDs with OpenSSL 0.9.8.
      Update from 0.9.7-stable branch.
      Experimental streaming PKCS#7 support.
      Add bit I missed from PKCS#7 streaming encoder.
      Add AOL an AOLTW root CAs to bundle.
      Constify version strings and some structures.
      Constify version strings is ssl lib.
      Update from 0.9.7-stable.
      Update from fips2 branch.
      Add -hmac option to dgst from 0.9.7 stable branch.
      PR: 1483
      Updates from 0.9.8-stable branch.
      Update from 0.9.7-stable.
      Update FAQ,NEWS in HEAD.
      Update from stable branch.
      Fix from stable branch.
      Win32 fixes. Add GOST algorithm to mkdef, update ordinals. Signed/unsigned fixes.
      Stage 1 GOST ciphersuite support.
      New -sigopt option for dgst utility.
      Preliminary support for signctx/verifyctx callbacks.
      Fix digest signing so digest type is set after init.
      Fix from stable branch.
      Don't ignore config_name parameter passed to OPENSSL_config(). Use     "openssl_conf" in config file if config_name variable is missing.
      Experimental HMAC support via EVP_PKEY_METHOD.
      Update CHANGES.
      New -mac and -macopt options to dgst utility. Reimplement -hmac option in     terms of new API.
      Copy update callback across when copying EVP_MD_CTX.
      Update smime utility to support streaming for -encrypt and -sign -nodetach     options. Add new streaming i2d (though strictly speaking it is BER format     when streaming) and PEM functions.
      Update docs.
      Update docs.
      d2i_PKCS7_bio_stream() docs.
      More docs for streaming functions.
      PKCS7_sign_add_signer() docs.
      Don't finalize signerinfo if reuse and partial both set.
      Flush b64 BIO.
      Add a bunch of S/MIME sample programs and data.
      Sample text files for S/MIME test programs.
      New function ASN1_STRING_copy() to copy to an already     alloacted ASN1_STRING structure.
      More useful ASN1 macros for static allocation functions.
      Tidy up docs, remove warning.
      Improve error detection when streaming S/MIME.
      Document streaming options.
      Change C++ style comments.
      New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL.
      Fix error code name.
      PR: 1516
      Use EVP_DigestVerify() in dgst.c if verifying.
      Use default md if none specified in dgst utility.
      Prepend signature name in dgst output.
      Set len to buffer size.
      Add .cvsignore to seed dir.
      Initial GOST MAC support. Not fully working yet...
      Updated GOST MAC support.
      Fix warning and back out bad modification.
      Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code     on failure. Keep output format consistent with previous versions.
      Revert broken change to ccgost.
      Fix X509_REQ_print_ex() to process extension options.
      Update ordinals.
      Fix for GOST engine on platforms where sizeof(size_t) != sizeof(int).
      Handle NULL parameter in some EVP utility functions.
      Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
      Avoid use of function pointer casts in pem library. Modify safestack to     always use inline functions.
      Back out safestack.h change for now: seems to break some things.
      Finish gcc 4.2 changes.
      Remove unnecessary casts and avoid some warnings with gcc 4.2.
      WIN32 fixes.
      Make ordinals consistent with OpenSSL 0.9.8
      Update .cvsignore
      Update from stable branch.
      WIN32 VC++ build fixes.
      Update debug-steve
      RFC4507 (including RFC4507bis) TLS stateless session resumption support     for OpenSSL.
      Remove debugging fprintfs, fix typo.
      Fix warnings.
      Fix warning and make no-tlsext work.
      OPENSSL_NO_TLS1 WIN32 build support. Fix so normal build works again.
      Fix for asm/no-asm on WIN32.
      Use SHA256 for ticket HMAC if possible.
      Docs and usage messages for RFC4507bis support.
      Add usage message for -sess_out, -sess_in
      Document ticket disabling option.
      Update from stable branch.
      Add Google sponsorship note.
      Add ctrls to set and get RFC4507bis keys to enable several contexts to     reuse the same tickets.
      Check return code when attempting to receive new session ticket message.
      Update ssl code to support digests other than MD5+SHA1 in handshake.
      Fix warnings: computed value not use, incompatible pointer initialization     and cast from pointer to int of different size (linux-x86_64 and align).
      Change safestack reimplementation to match 0.9.8.
      Fix another warning.
      Fix warning: print format option not compatible with size_t.
      Handle empty case in X509_NAME canonical encoding.
      Update from stable branch.
      Update from stable branch.
      Use accept flag for new session ticket write.
      Support for certificate status TLS extension.
      Move no status notification to ssl_check_serverhello_tlsext() to ensure     no status is notified even if no server extensions are present.
      Off by one fix from stable branch.
      Fix from fips branch.
      Update CHANGES. Keep ordinals consistent.
      Fix from stable branch.
      Don't lookup zero length session ID.     PR: 1591
      Fix from stable branch.
      1. Changes for s_client.c to make it return non-zero exit code in case     of handshake failure
      GOST ENGINE information.
      Fix duplicate error codes.
      Fix from stable branch.
      Rebuild object cross reference table.
      Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru>
      Update debug-steve targets.
      Avoid warning.
      Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru>
      Lookup public key ASN1 methods by string by iterating through all     implementations instead of all added ENGINEs to cover case where an     ENGINE is not added.
      Add caRepository OID and sync object NIDs with OpenSSL 0.9.8.
      Fix from stable branch.
      Rebuild OID database: duplicates got in there somehow??
      Submitted by: Victor B. Wagner <vitus at cryptocom.ru>, steve
      Handle non-SHA1 digests for certids in OCSP test responder.
      Initialize sigsize.
      Update ordinals
      Avoid aliasing warning.
      Add quotes to Win32 install directories.     Submitted by:  Mladen Turk <mturk at apache.org>
      Netware support.     Submitted by: Guenter Knauf <eflash at gmx.net>
      Move CHANGES entry. Revert include file install line.
      Avoid WIN32 signed/unsigned warnings.
      Update WIN32 nasm build to use new asm files.
      Update netware to use new SHA2 assembly language modules.
      Add sha2 defines.
      Add extra SHA2 defines.
      Include Mont asm files in WIN32 build.
      Update perl asm scripts include paths for perlasm.
      Experimental support for import of more options from Configure     (via top level Makefile) into mk1mf builds. This avoids the need     to duplicate the CFLAG handling and can auto build assembly language     source files from perl scripts.
      <strings.h> does not exist under WIN32.
      Clarify BITLIST format and include an example.
      Clarify FAQ.
      Add Global Sign root CA.
      Support custom primitive type printing routines and add one to LONG type.
      Extend attribute setting routines to support non-string types.
      Utility attribute function to retrieve attribute data from an expected     type. Useful for many attributes which are single valued and can only     have one type.
      Add OIDs for compressedData content type and zlib compression.
      Use default value for $dir if it is empty.
      Clarification and fix typo.
      Fix typo and avoid warning.
      Fix error code function name mismatches in GOST engine, rebuild errors.
      Avoid warnings.
      We already have an object for "zlib compression" but it was a place     holder and its actual encoding never used.
      #undef X509_EXTENSIONS to avoid conflict with CryptoAPI.
      Update year.
      And so it begins...
      Free up additional data in RecipientInfo structure
      .cvignore file for cms
      RFC4134 S/MIME examples test script.
      Only call free once in CHOICE type.
      New utility functions for encryptedData content type which will also be used     by envelopedData.
      Encrypted Data type processing. Add options to cms utility and run section 7     tests in RFC4134.
      Reorganise encrypted content info code to avoid duplication and be more     consistent with other content types.
      Delete temp files.
      Initial support for Encrypted Data type generation.
      Return error if no cipher set for encrypted data type.
      Check for cipher BIO errors and set key length after parameter decode.
      Initial support for enveloped data decrypt. Extent runex.pl to cover these     examples. All RFC4134 examples can not be processed.
      Initial support for enveloped data decrypt. Extent runex.pl to cover these     examples. All RFC4134 examples can now be processed.
      Add support for random key generation: this will be needed by enveloped data.
      Extend runex.pl to extract examples directly from RFC text.
      Don't need to check for examples directory any more.
      Remove deleted function from header file, update mkfiles.pl
      Adapt to diffrent OpenSSL utility locations.
      Fix some warnings.
      Preliminary support for enveloped data content type creation.
      Partial support for KEKRecipientInfo type.
      More support for KEK RecipientInfo.
      Various tidies/fixes:
      Add extensive PCKS7 and CMS consistency test script.
      Fixes for S/MIME consistency checker and flexibility enhancements.
      Uninitialized variable bug fix.
      Add enveloped data keyid test.
      Delete tmp files, silence openssl commands, compare extracted content.
      Delete standard out and err temp files too.
      Make 3DES default cipher in cms utility.
      Add support for KEKRecipientInfo in cms application.
      Additional sanity check.
      Produce meaningful error if sanity check fails.
      Add support for KEK decrypt in cms utility.
      Rebuild CMS error codes.
      Allow alternate eContentType oids to be set in cms utility.
      Preliminary documentation for CMS utility.
      Update dependencies.
      Fix duplicate asn1 ctrl values.
      Add support for CMS structure printing in cms utility.
      Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions.
      Signed Receipt Request utility functions and option on CMS utility to     print out receipt requests.
      Add support for signed receipt request printout and generation.
      Support for verification of signed receipts.
      Signed receipt generation code.
      Update docs.
      Remove unnecessary header.
      Update dependencies.
      Use correct headers for signed receipts. Use consistent naming.
      Fix macro.
      Fix it properly this time....
      Add signed receipt tests.
      Avoid warnings.
      Since OID NIDs with 0.9.8.
      Update CHANGES.
      Update CHANGES.
      Rename runex.pl to cms-examples.pl
      Make mk1mf.pl recognize no-cms.
      Delete nonexistant function from pkcs7.h header file. WIN32 build fix from     stable branch. Sync and update ordinals.
      Give consistent return value and add error code for duplicate certificates.
      Fix typo and add header files to err library.
      Set contentType attribute just before signing to allow encapsulated content     type to be set at any time in applications.
      Implement CMS_NOCRL.
      Initial CMS API documentation.
      Correct d2i/i2d typos.
      Fix various typos, update SMIMECapabilities description.
      More CMS API documentation.
      Add CMS_compress() docs.
      Add CMS_uncompress manual page.
      Update docs.
      Correct references to smime in cms app.
      Signed receipt request function documentation.
      Spellcheck CMS docs.
      Add CMS signed receipt genration and verification docs.
      Ignore nonsensical flags for signed receipts.
      Add additional parameter to CMS_final() to handle detached content.
      Add docs for CMS_final() and BIO_new_CMS().
      Correct HISTORY reference.
      Reformat, fix typos and clarify CMS API docs.
      PKCS#7 examples converted to CMS.
      Fix for compression and updated CMS_final().
      CMS compressed data examples.
      Make CMS_uncompress() argument order consistent with other functions.
      Fix comments.
      Revert argument swap change... oops CMS_uncompress() was consistent...
      Fix prototype for CMS_decrypt(), don't free up detached content.
      Correct argument order for CMS_decrypt() in docs.
      Detached encrypt/decrypt example, fix decrypt sample.
      Make certs argument work in CMS_sign() add test case.     PR:1664
      Disable debugging fprintf.
      Don't send zero length session ID if stateless session resupmtion is     successful. Check be seeing if there is a cache hit.
      Update from stable branch.
      Update from stable branch.
      Update from stable branch.
      Update from stable branch.
      Use "cont" consistently in cms-examples.pl
      Indicate support for digest init ctrl.
      New function CMS_add1_crl().
      Add missing cast.
      Fix from stable branch.
      Fix two invalid memory reads in RSA OAEP mode.     Submitted by: Ivan Nestlerode <inestlerode at us.ibm.com>     Reviewed by: steve
      Fix from stable branch.
      Update from stable branch.
      Update ordinals.
      C++ style comments fixed.
      Avoid warning about empty structures and always define CHECKED_PTR_OF
      Avoid "duplicate const" warnings.
      Fix from stable branch.
      Stop const mismatch warning in VC++.
      Stop warning about extra ';' outside of function.
      Stop const mismatch warning.
      Recognize LHASH_OF().
      Add CryptoAPI ENGINE from stable branch.
      Add CryptoAPI error file too.
      More CryptoAPI engine code from stable branch.
      Update VC-32.pl and load CryptoAPI engine in the right place.
      Update from stable branch.
      Update from stable branch.
      Add support for ENGINE supplied SSL client auth.
      Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
      Add client cert engine to SSL routines.
      Update error codes.
      Allow ENGINE client cert callback to specify a set of other certs, for     the rest of the certificate chain. Currently unused.
      Release engine reference when calling SSL_CTX_free().
      Get and note keyspec when signing.
      Use keyspec for DSA too.
      Add ctrl for alternative certificate store names.
      Free old store name (if any).
      Avoid cast with wrapper function.
      Revert, doesn't fix warning :-(
      Avoid case in ca.c fix.
      Fix indentation.
      #undef OCSP_RESPONSE: CryptoAPI uses this too.
      Windows batch file to rebuild error codes for CryptoAPI ENGINE.
      Update year.
      Prevent signed/unsigned warning on VC++
      Add preliminary SSL client auth callback to CryptoAPI ENGINE.
      Add support for client cert engine setting in s_client app.     Add appropriate #ifdefs round client cert functions in headers.
      Match empty CA list to anything for ssl client auth in CryptoAPI engine.
      Add initial support for multiple SSL client certifcate selection in     CryptoAPI ENGINE.
      Avoid name clash.
      Remove store from Windows build.
      Update ordinals.
      Make DSO WIN32 compile again.
      Tidy up and add comments to selection code.
      Remove old non-safestack code.
      Add support for Windoes dialog box based certificate selection.
      Use an appropriate Window for selection dialog.
      Compilation option to use a specific ssl client auth engine automatically.
      Remove test fprintf.
      Update from stable branch.
      Link in extra CryptoAPI related libraries if needed.
      Sync ordinals with stable branch.
      Update from stable branch.
      Update from stable branch.
      Update CHANGES.
      Update from stable branch.
      Don't change _WIN32_WINNT and detect GetConsoleWindow() and     CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function     for selection mechanism.
      Remove uidlg library from VC-32.pl, it is now bound at runtime.
      Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather     than referencing existing X509_NAME_ENTRY structures so needs to be     completely freed.
      Sync ordinals.
      Add acknowledgement.
      Update from stable branch.
      Update from stable branch.
      Update from stable branch.
      Fix from stable branch.
      Update ordinals.
      Update from stable branch.
      Update from stable branch.
      Avoid warnings with -pedantic, specifically:
      X509 verification fixes.
      We support inhibit any policy extension, add to table.
      Zero is a valid value for any_skip and map_skip
      Policy validation fixes.
      Initial support for alternative CRL issuing certificates.
      Make explicit_policy handling match expected RFC3280 behaviour.
      Add support for nameRelativeToCRLIssuer field in distribution point name     fields.
      Correctly handle errors in CMS I/O code.
      Initial support for name constraints certificate extension.
      Support for policy mappings extension.
      Initial code to support distinct certificate and CRL signing keys where the     CRL issuer is not part of the main path.
      Initial support for CRL path validation. This supports distinct certificate     and CRL signing keys.
      Support for certificateIssuer CRL entry extension.
      Initial indirect CRL support.
      Add support for freshest CRL extension.
      Add support for CRLs partitioned by reason code.
      Initial support for delta CRLs. If "use deltas" flag is set attempt to find     a delta CRL in addition to a full CRL. Check and search delta in addition to     the base.
      Perl script to run and verify OpenSSL against PKITS RFC3280 compliance     test suite.
      Make no-tlsext compile.
      Do not discard cached handshake records during resumed sessions:     they are used for mac computation.
      Fix from stable branch.
      Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new     strength "FIPS" to represent all FIPS approved ciphersuites without NULL     encryption.
      Update FAQ.
      Add missing CHANGES entry.
      Experimental new date handling routines. These fix issues with X509_time_adj()     and should avoid any OS date limitations such as the year 2038 bug.
      Add missing lock definitions.
      Add missing lock definitions...
      Ooops... remove code accidentally commited from FIPS version.
      Fix multiple ; warning.
      Fix Warning...
      Fix a shed load or warnings:
      Reinstate obj_xref.h as it is not auto generated on all platforms.
      Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros     with the appropriate parameters which calls OBJ_bsearch(). A compiler will     typically inline this.
      Add permanentIdentifier OID.
      Add support for -crlnumber option in crl utility.
      Fix warnings and various issues.
      Win32 fixes... add new directory to build system. Fix warnings.
      Add install target to crypto/jpake/Makefile
      Fix warnings about mismatched prototypes, undefined size_t and value computed     not used.
      Fix warnings: printf format mismatches on 64 bit platforms.     Change assert to OPENSSL_assert().     Fix e_padlock prototype.
      Update HMAC functions to return an error where relevant.
      Fix prototypes.
      Use stddef.h to pick up size_t def.
      Fix prototypes.
      Not sure about this one... seems to be needed to make 64 bit release     builds work properly...
      Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.
      Update obsolete email address...
      PR: 1777     Submitted by: "Alon Bar-Lev" <alon.barlev at gmail.com>     Approved by: steve at openssl.org
      Make -DKSSL_DEBUG work again.
      Update from stable branch.
      Update from stable branch.
      Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by some     implementations.
      Reinstate camellia header fix patch.
      Update from stable branch.
      Revert another size_t change.
      mk1mf.pl update from stable branch.
      PR: 1574     Submitted by: Jouni Malinen <j at w1.fi>     Approved by: steve at openssl.org
      Don't disable JPAKE by default in head...
      Set memory BIOs up properly when stripping text headers from S/MIME messages.
      Update from stable-branch.
      Stop warning about different const qualifiers.
      Update libeay.num
      Update from stable branch.
      Don't stop -cipher from working.
      Handle case where v6stat.zero_pos == 0 correctly.
      Oops should check zero_pos >= 0.
      Fix from stable branch.
      Make no-engine work again.
      Update steve-debug* options.
      Add standard .cvsignore file.
      Update FAQ.
      Updatde from stable branch.
      Add a set of standard gcc warning options which are designed to be the     minimum requirement for committed code. Added to debug-steve* config targets     for now.
      Fix sign-compare warnings.
      Fix missing prototype warnings then fix different prototype warnings ;-)
      Fix warnings properly this time ;-)
      Add CRYPTO_MDEBUG_ABORT to abort() is there are any memory leaks. This will     cause "make test" failures and make resource leaks more obvious.
      Make PKCS#8 the standard write format for private keys, replacing the     ancient SSLeay format.
      Update certificate hash line format to handle canonical format     and avoid MD5 dependency.
      Typo: just copy across an unknown type.
      Update from stable branch.
      Print out UTF8 and NumericString types in ASN1 parsing utility.
      Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
      Submitted by: Peter Sylvester <Peter.Sylvester at edelweb.fr>     Reviewed by: steve
      Add error checking to obj_xref.pl and add command line support for data     file locations.
      Avoid leaks in pkcs8 app, tidy code up.
      Return correct exit code.
      PR: 1835     Submitted by: Damien Miller <djm at mindrot.org>     Approved by: steve at openssl.org
      Make no-engine work again.
      Stop warning about use of *printf() without a format.
      PR: 1843     Use correct array size for SHA1 hash.
      Submitted by:  "Victor B. Wagner" <vitus at cryptocom.ru>     Reviewed by: steve at openssl.org
      PR: 1778
      Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru>     Approved by: steve
      Update from stable branch.
      Update from stable branch.
      Update from stable branch.
      Update from stable branch.
      PR: 1854     Submitted by: Oliver Martin <oliver at volatilevoid.net>     Reviewed by: steve at openssl.org
      Update from stable branch.
      PR: 1862
      Submitted by: Victor Duchovni <Victor.Duchovni at morganstanley.com>     Reviewed by: steve at openssl.org
      Update from stable branch.
      PR: 1864     Submitted by: Ger Hobbelt <ger at hobbelt.com>     Reviewed by: steve at openssl.org
      Update from stable branch.
      Fix from stable branch.
      Use correct ctx name.
      Use OPENSSL_assert() instead of assert.
      Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru>     Reviewed by: steve at openssl.org
      Submitted by: Victor B. Wagner <vitus at cryptocom.ru>     Reviewed by: steve at openssl.org
      Typo in usage message.
      Update from stable branch.
      Update from stable branch.
      Update from stable branch.
      Update FAQ.
      Update CHANGES.
      Update from stable branch.
      Fix typo in CHANGES.
      Update NEWS file.
      Nothing to see here... move along....
      Allow use of algorithm and cipher names for dgsts and enc utilities instead     of having to manually include each one.
      Update STATUS and NEWS.
      HEAD is now 1.1.0     The 1.0.0 branch is now OpenSSL_1_0_0-stable
      Stop warnings.
      Update from 0.9.8-stable
      Ooops reverse previous patch.
      Fix from 1.0.0-stable
      Update from 1.0.0-stable
      Update from 1.0.0-stable.
      Merge from 1.0.0-stable branch.
      Update version info.
      Updates from 1.0.0-stable
      Updates from 1.0.0-stable
      Update from 1.0.0-stable
      Update from 0.9.8-stable.
      Changes from 1.0.0-stable.
      Update from 1.0.0-stable
      Updates from 1.0.0-stable.
      Updates from 1.0.0-stable branch.
      Merge from 1.0.0-stable branch.
      Update from 1.0.0-stable.
      Update from 1.0.0-stable.
      Updates from 1.0.0 stable branch.
      Fix from 1.0.0-stable.
      Update from 1.0.0-stable branch.
      Update from stable branch.
      Update from 1.0.0-stable.
      Update from stable branch.
      Update from 1.0.0-stable.
      Update from 1.0.0-stable.
      PR: 1929     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      Update from 1.0.0 stable branch.
      Update from 1.0.0-stable.
      Update from 1.0.0-stable
      Fix from 1.0.0-stable.
      Update from 1.0.0-stable.
      Update from 1.0.0-stable.
      Update from 1.0.0-stable.
      Add CHANGES entries from 0.9.8-stable.
      Update from 1.0.0-stable.
      Sync ordinals from 1.0.0-stable
      Update from 1.0.0-stable
      Update from 0.9.8-stable.
      Add ignored FIPS options to evp.h change clashing flag value.
      Update from 1.0.0-stable.
      Update from 1.0.0-stable.
      Oops, update CHANGES entry.
      PR: 1945     Submitted by: Guenter <lists at gknw.net>     Approved by: steve at openssl.org
      PR: 1938     Submitted by: Mark Phalan <Mark.Phalan at Sun.COM>     Reviewed by: steve at openssl.org
      PR: 1946     Submitted by: Guenter <lists at gknw.net>     Reviewed by: steve at openssl.org
      Update from 1.0.0-stable.
      Updates from 1.0.0-stable
      PR: 1952     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve at openssl.org
      Update from 1.0.0-stable.
      Fix error codes.
      Update from 0.9.8-stable.
      Submitted by: Artem Chuprina <ran at cryptocom.ru>     Reviewed by: steve at openssl.org
      PR: 1946     Submitted by: Guenter <lists at gknw.net>     Approved by: steve at openssl.org
      Submitted by: Peter Gutmann <pgut001 at cs.auckland.ac.nz>     Approved by: steve at openssl.org
      PR: 1956     Submitted by: Guenter <lists at gknw.net>     Approved by: steve at openssl.org
      PR: 1958     Submitted by: Sean Boudreau <seanb at qnx.com>     Approved by: steve at openssl.org
      Update from 1.0.0-stable.
      Rename asc2uni and uni2asc functions to avoid clashes.
      Add beos as a supported DSO scheme.
      Initialize outlen.
      Update FAQ with note about online docs.
      Update from 1.0.0-stable
      Stop warnings in gcc where "a" is const passed as a non-const argument.
      Update from 1.0.0-stable.
      Update from 0.9.8-stable.
      Fix from 0.9.8-stable.
      Update from 0.9.8-stable.
      Allow setting of verify depth in verify parameters (as opposed to the depth     implemented using the verify callback).
      Update from 1.0.0-stable
      Update from 1.0.0-stable.
      Update from 1.0.0-stable.
      Updates from 1.0.0-stable
      Use common verify parameters instead of the small ad-hoc subset in     s_client, s_server.
      Update from 0.9.8-stable
      Update from 1.0.0-stable
      Update from 1.0.0-stable
      Update from 1.0.0-stable
      Update from 1.0.0-stable
      Update from 1.0.0-stable
      Update from 1.0.0-stable.
      Upadte from 1.0.0-stable
      PR: 1981     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      Fix warnings.
      Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is     a new branch we can also disable it by default.
      Make update.
      Update from 1.0.0-stable.
      PR: 1624     Submitted by: "Simon L. Nielsen" <simon at FreeBSD.org>     Obtained from: steve at openssl.org
      Update from 0.9.8-stable
      Use new time routines to avoid possible overflow.
      Update from 1.0.0-stable.
      Document MD2 deprecation.
      Updates from 1.0.0-stable.
      Updates from 1.0.0-stable
      Update from 1.0.0-stable.
      Updates from 1.0.0-stable
      Use correct extension and OSX detection.
      Update from 0.9.8-stable
      Update from 0.9.8-stable
      Update from 0.9.8-stable.
      Fix from 0.9.8-stable
      PR: 1993
      Document removal of digest+signature algorithm link.
      PR: 1990
      New debug targets from 1.0.0-stable
      Fix typos.
      Remove MD2 test from WIN32 as we don't compile it in by default any more.
      Update from 0.9.8-stable.
      Update from 1.0.0-stable
      Update from 1.0.0-stable.
      PR: 2001     Submitted by: Tomas Mraz <tmraz at redhat.com>     Approved by: steve at openssl.org
      Update from 1.0.0-stable.
      PR: 2002     Submitted by: Tomas Mraz <tmraz at redhat.com>     Obtained from: steve at openssl.org
      Reject leading 0x80 in OID subidentifiers.
      Fix error code.
      Add COMP error strings.
      PR: 2003     Make it possible to install OpenSSL in directories with name other     than "lib" for example "lib64". Based on patch from Jeremy Utley.
      PR: 2004     Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>     Approved by: steve at openssl.org
      PR: 1999     Submitted by: "Bayram Kurumahmut" <kbayram at ubicom.com>     Approved by: steve at openssl.org
      PR: 1997     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      Update README with bug report and contribution details.
      Enable mdc2 support by default as the patent has now expired.
      Update default dependency flags.     Make error name discrepancies a fatal error.     Fix error codes.     make update
      Use SHA1 and not deprecated MD5 in demos.
      Stop unused variable warning on WIN32 et al.
      PR: 2015     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      PR: 2006     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      PR: 2005     Submitted by: steve at openssl.org
      Missing break.
      Tidy up and fix verify callbacks to avoid structure dereference, use of     obsolete functions and enhance to handle new conditions such as policy printing.
      PR: 2022     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      PR: 2009     Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov at opera.com>     Approved by: steve at openssl.org
      PR: 2013     Submitted by: steve at openssl.org
      PR: 2029     Submitted by: Tomas Mraz <tmraz at redhat.com>     Checked by: steve at openssl.org
      PR: 2020     Submitted by: Keith Beckman <kbeckman at mcg.edu>,  Tomas Mraz <tmraz at redhat.com>     Checked by: steve at openssl.org
      Oops, s can be NULL
      Correction: salt is now default
      PR: 2028     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      PR: 1644     Submitted by: steve at openssl.org
      Make update, deleting bogus DTLS error code
      Typo presumably....
      PR: 2031     Submitted by: steve at openssl.org
      Seed PRNG with DSA and ECDSA digests for additional protection against     possible PRNG state duplication.
      Add new option --strict-warnings to Configure script. This is used to add     in devteam warnings into other configurations.
      PR: 2033     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      PR: 2038     Submitted by: Artem Chuprina <ran at cryptocom.ru>     Approved by: steve at openssl.org
      PR: 1411     Submitted by: steve at openssl.org
      PR: 2025     Submitted by: Tomas Mraz <tmraz at redhat.com>     Approved by: steve at openssl.org
      PR: 2023     Submitted by: James Beckett <jmb.openssl at nospam.hackery.net>, steve     Approved by: steve at openssl.org
      Submitted by:  Julia Lawall <julia at diku.dk>
      PR: 2039     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      PR: 2048     Submitted by: john blair <mailtome200420032002 at yahoo.com>     Approved by: steve at openssl.org
      add version info for VC-WIN64I too
      Don't use __try+__except unless on VC++
      Ooops, missing close quote
      PR: 2047     Submitted by: David Lee <live4thee at gmail.com>, steve at openssl.org     Approved by: steve at openssl.org
      PR: 2050     Submitted by: Michael Tuexen <tuexen at fh-muenster.de>     Approved by: steve at openssl.org
      Add attribute to check if return value of certain functions is incorrectly     ignored.
      Add DEBUG_UNUSED to debug-steve* entries
      Add more return value checking attributes to evp.h and hmac.h
      Audit libcrypto for unchecked return values: fix all cases enountered
      Fixup sureware ENGINE to handle new RAND_METHOD
      Free SSL_CTX after BIO
      PR: 2064, 728     Submitted by: steve at openssl.org
      Change version from 0.9.9 to 1.0.0 in docs
      PR: 2058     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2057     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2063     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2054     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2055     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2056     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2059     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2062     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      PR: 2061     Submitted by: Julia Lawall <julia at diku.dk>     Approved by: steve at openssl.org
      Yes it is a typo ;-)
      Prevent aliasing warning
      Prevent ignored return value warning
      Fix warnings about ignoring fgets return value
      Fix unitialized warnings
      Allow cross compilation prefix to come from CROSS_COMPILE environment variable
      Allow uname values to be overridden by the environment
      PR: 2066     Submitted by: Guenter <lists at gknw.net>     Approved by: steve at openssl.org
      Revert extra changes from previous commit.
      PR: 1847     Submitted by: Tomas Mraz <tmraz at redhat.com>     Approved by: steve at openssl.org
      PR: 2069     Submitted by: Michael Tuexen <tuexen at fh-muenster.de>     Approved by: steve at openssl.org
      Update ordinals.
      Fix for WIN32 and possibly other platforms which don't define in_port_t.
      Fixes to CROSS_COMPILE, don't override command line option from environment
      PR: 2073     Submitted by: Tomas Mraz <tmraz at redhat.com>     Approved by: steve at openssl.org
      PR: 2072     Submitted by: Tomas Mraz <tmraz at redhat.com>     Approved by: steve at openssl.org
      PR: 2074     Submitted by: Bram Neijt <bneijt at gmail.com>     Approved by: steve at openssl.org
      Manual page for X509_verify_cert()
      More X509 verification docs.
      Add docs for X509_STORE_CTX_new() and related functions.
      Preliminary documentation for X509_VERIFY_PARAM.
      Add "missing" function X509_STORE_set_verify_cb().
      Verification callback functions.
      Document more error codes.
      take install prefix from the environment
      Use new X509_STORE_set_verify_cb function instead of old macro.
      make update
      PR: 2070     Submitted by: Alexander Nikitovskiy <Nikitovski at ya.ru>     Approved by: steve at openssl.org
      Need to check <= 0 here.
      If not checking all certificates don't attempt to find a CRL     for the leaf certificate of a CRL path.
      Add an FAQ.
      PR: 2078     Submitted by: Dale Anderson <dra at redevised.net>     Approved by: steve at openssl.org
      PR: 2080     Submitted by: Mike Frysinger <vapier at gentoo.org>     Approved by: steve at openssl.org
      PR: 2081     Submitted by: Mike Frysinger <vapier at gentoo.org>     Approved by: steve at openssl.org
      Don't replace whole AR line
      Add -no_cache option to s_server
      PR: 2085     Submitted by: Mike Frysinger <vapier at gentoo.org>     Approved by: steve at openssl.org
      Don't attempt session resumption if no ticket is present and session     ID length is zero.
      Fix statless session resumption so it can coexist with SNI
      Move CHANGES entry to 0.9.8l section
      Generate stateless session ID just after the ticket is received instead     of when a session is loaded. This will mean that applications that     just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()     will still work.
      Add option to allow in-band CRL loading in verify utility. Add function     load_crls and tidy up load_certs. Remove useless purpose variable from     verify utility: now done with args_verify.
      Add missing functions to allow access to newer X509_STORE_CTX status     information. Add more informative message to verify callback to indicate     when CRL path validation is taking place.
      PR: 2089     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      Ooops, revert committed conflict.
      If it is a new session don't send the old TLS ticket: send a zero length     ticket to request a new session.
      Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range
      make udpate
      update CHANGES
      First cut of renegotiation extension. (port to HEAD)
      PR: 2090     Submitted by: Martin Kaiser <lists at kaiser.cx>, Stephen Henson     Approved by: steve at openssl.org
      PR: 2091     Submitted by: Martin Kaiser <lists at kaiser.cx>, Stephen Henson     Approved by: steve at openssl.org
      PR: 1686     Submitted by: Hanno Böck <hanno at hboeck.de>     Approved by: steve at openssl.org
      commit missing apps code for reneg fix
      add missing parts of reneg port, fix apps patch
      PR: 2098     Submitted by: Corinna Vinschen <vinschen at redhat.com>     Approved by: steve at openssl.org
      set engine to NULL after releasing it
      PR: 2088     Submitted by: Aleksey Samsonov <s4ms0n0v at gmail.com>     Approved by: steve at openssl.org
      PR: 2101     Submitted by: Doug Kaufman <dkaufman at rahul.net>     Approved by: steve at openssl.org
      PR: 2101 (additional)     Submitted by: Roumen Petrov <openssl at roumenpetrov.info>     Approved by: steve at openssl.org
      PR: 2103     Submitted by: Rob Austein <sra at hactrn.net>     Approved by: steve at openssl.org
      Include a more meaningful error message when rejecting legacy renegotiation
      Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
      Servers can't end up talking SSLv2 with legacy renegotiation disabled
      Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat     and is a pre-requisite to adding password based CMS support.
      Add PBKFD2 prototype.
      Add OID for PWRI KEK algorithm.
      Experimental CMS password based recipient Info support.
      PR: 2118     Submitted by: Mounir IDRASSI <mounir.idrassi at idrix.net>     Approved by: steve at openssl.org
      PR: 1432     Submitted by: "Andrzej Chmielowiec" <achmielowiec at enigma.com.pl>, steve at openssl.org     Approved by: steve at openssl.org
      PR: 2115     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Approved by: steve at openssl.org
      check DSA_sign() return value properly
      PR: 2120     Submitted by: steve at openssl.org
      Check it actually compiles this time ;-)
      Replace the broken SPKAC certification with the correct version.
      Update CHANGES.
      PR: 2111     Submitted by: Martin Olsson <molsson at opera.com>
      Initial experimental TLSv1.1 support
      PR: 2121     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      Add support for magic cipher suite value (MCSV). Make secure renegotiation     work in SSLv3: initial handshake has no extensions but includes MCSV, if     server indicates RI support then renegotiation handshakes include RI.
      Add ctrl and macro so we can determine if peer support secure renegotiation.
      Send no_renegotiation alert as required by spec.
      Add ctrls to clear options and mode.
      PR: 2124     Submitted by: Jan Pechanec <Jan.Pechanec at Sun.COM>
      Revert lhash patch for PR#2124
      Add patch to crypto/evp which didn't apply from PR#2124
      Check s3 is not NULL
      remove DEBUG_UNUSED from config for now
      Document option clearning functions.
      clarify docs
      Allow initial connection (but no renegoriation) to servers which don't support     RI.
      New option to enable/disable connection to unpatched servers
      PR: 2127     Submitted by: Tomas Mraz <tmraz at redhat.com>
      Alert to use is now defined in spec: update code
      Traditional Yuletide commit ;-)
      Update RI to match latest spec.
      Add simple external session cache to s_server. This serialises sessions     just like a "real" server making it easier to trace any problems.
      return v1.1 methods for client/server
      Include CHANGES entry for external cache
      Compression handling on session resume was badly broken: it always     used compression algorithms in client hello (a legacy from when     the compression algorithm wasn't serialized with SSL_SESSION).
      Client side compression algorithm sanity checks: ensure old compression     algorithm matches current and give error if compression is disabled and     server requests it (shouldn't happen unless server is broken).
      Remove tabs on blank lines: they produce warnings in pod2man
      PR: 2132     Submitted by: steve
      PR: 2102     Submitted by: John Fitzgibbon <john_fitzgibbon at yahoo.com>
      ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32)
      compress_meth should be unsigned
      Missing commit from change ofr compress_meth to unsigned
      Updates to conform with draft-ietf-tls-renegotiation-03.txt:
      Simplify RI+SCSV logic:
      PR: 2136     Submitted by: Willy Weisz <weisz at vcpc.univie.ac.at>
      update and sync ordinals
      Modify compression code so it avoids using ex_data free functions. This     stops applications that call CRYPTO_free_all_ex_data() prematurely leaking     memory.
      Fix version handling so it can cope with a major version >3.
      PR: 2125     Submitted by: "Alon Bar-Lev" <alon.barlev at gmail.com>
      make update
      convert to Unix EOL form
      PR: 2133     Submitted by: steve at openssl.org
      PR: 2144     Submitted by: steve at openssl.org
      PR: 2135     Submitted by: Mike Frysinger <vapier at gentoo.org>
      PR: 2144     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2141     Submitted by: "NARUSE, Yui" <naruse at airemix.jp>
      The use of NIDs in the password based encryption table can result in     algorithms not found when an application uses PKCS#12 and only calls     SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple     work around is to add the missing algorithm (40 bit RC2) in     SSL_library_init().
      Support -L options in VC++ link.
      Update demo
      update NEWS file
      fix comments
      If legacy renegotiation is not permitted then send a fatal alert if a patched     server attempts to renegotiate with an unpatched client.
      Tolerate PKCS#8 DSA format with negative private key.
      The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING     ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround     call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should     both address the original bug and retain compatibility with the old behaviour.
      PR: 2153, 2125     Submitted by: steve at openssl.org
      PR: 2149     Submitted by: Douglas Stebila <douglas at stebila.ca>
      export OPENSSL_isservice and make update
      OPENSSL_isservice is now defined on all platforms not just WIN32
      Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and     later.
      PR: 2138     Submitted by: Kevin Regan <k.regan at f5.com>
      PR: 1949     Submitted by: steve at openssl.org
      PR: 2157     Submitted by: "Green, Paul" <Paul.Green at stratus.com>
      Some shells print out the directory name if CDPATH is set breaking the     pod2man test. Use ./util instead to avoid this.
      update documentation to reflect new renegotiation options
      revert wrongly committed test code
      reword RI description
      revert previous change
      oops revert test code accidentally committed
      In engine_table_select() don't clear out entire error queue: just clear     out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise     errors from other sources (e.g. SSL library) can be wiped.
      Experimental renegotiation support in s_server test -www server.
      PR: 2159     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2160     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2161     Submitted by: Doug Goldstein <cardoe at gentoo.org>, Steve.
      tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
      don't assume 0x is at start of string
      Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy     an EVP_CIPHER_CTX structure which may have problems with external ENGINEs     who need to duplicate internal handles etc.
      oops, use new value for new flag
      make update
      Initial experimental CMAC implementation.
      Make CMAC API similar to HMAC API. Add methods for CMAC.
      Make update.
      add cvsignore
      Use supplied ENGINE when initialising CMAC. Restore pctx setting.
      update year
      Fix memory leak in ENGINE autoconfig code. Improve error logging.
      PR: 2170     Submitted by: Magnus Lilja <lilja.magnus at gmail.com>
      update references to new RI RFC
      PR: 2164     Submitted by: "Noszticzius, Istvan" <inoszticzius at rightnow.com>
      add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
      Correct ECB mode EVP_CIPHER definition: IV length is 0
      The "block length" for CFB mode was incorrectly coded as 1 all the time. It     should be the number of feedback bits expressed in bytes. For CFB1 mode set     this to 1 by rounding up to the nearest multiple of 8.
      PR: 2171     Submitted by: Tomas Mraz <tmraz at redhat.com>
      Submitted by:  Dmitry Ivanov <vonami at gmail.com>
      PR: 2100     Submitted by: James Baker <jbaker at tableausoftware.com> et al.
      Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as     initial connection to unpatched servers. There are no additional security     concerns in doing this as clients don't see renegotiation during an     attack anyway.
      OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
      clarify documentation
      The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and     X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in     the verify application documentation.
      prevent warning
      add anyExtendedKeyUsage OID
      Include self-signed flag in certificates by checking SKID/AKID as well     as issuer and subject names. Although this is an incompatible change     it should have little impact in pratice because self-issued certificates     that are not self-signed are rarely encountered.
      verify parameter enumeration functions
      allow setting of verify names in command line utilities and print out verify names in verify utility
      Experimental support for partial chain verification: if an intermediate     certificate is explicitly trusted (using -addtrust option to x509 utility     for example) the verification is sucessful even if the chain is not complete.
      tidy verify code. xn not used any more and check for self signed more efficiently
      add -trusted_first option and verify flag
      update FAQ
      update NEWS
      oops, use correct date
      Revert CFB block length change. Despite what SP800-38a says the input to     CFB mode does *not* have to be a multiple of the block length and several     other specifications (e.g. PKCS#11) do not require this.
      include TVS 1.1 version string
      Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and     1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos     ciphersuite bugs introduced with PR:1336."
      oops, revert verify.c change
      algorithms field has changed in 1.0.0 and later: update
      update cryptodev to match 1.0.0 stable branch version
      load cryptodev if HAVE_CRYPTODEV is set too
      oops, reinstate correct prototype
      use supplied ENGINE in genrsa
      PR: 2178     Submitted by: "Kennedy, Brendan" <brendan.kennedy at intel.com>
      don't mix definitions and code
      Submitted by: Tomas Hoger <thoger at redhat.com>
      PR: 2183
      option to replace extensions with new ones: mainly for creating cross-certificates
      Add -engine_impl option to dgst which will use an implementation of     an algorithm from the supplied engine instead of just the default one.
      Fix memory leak: free up ENGINE functional reference if digest is not     found in an ENGINE.
      Add algorithm specific signature printing. An individual ASN1 method can     now print out signatures instead of the standard hex dump.
      fix indent, newline
      Add PSS algorithm printing. This is an initial step towards full PSS support.
      don't add digest alias if signature algorithm is undefined
      update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify
      add MGF1 digest ctrl
      add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS
      oops, make EVP ctr mode work again
      although AES is a variable length cipher, AES EVP methods have a fixed key length
      The OID sanity check was incorrect. It should only disallow *leading* 0x80     values.
      print outermost signature algorithm parameters too
      correct error code
      RSA PSS verification support including certificates and certificate     requests. Add new ASN1 signature initialisation function to handle this     case.
      reserve a few more bits for future cipher modes
      PR: 2186     Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch at tecsys.com>
      PR: 2188     Submitted By: Jaroslav Imrich <jaroslav.imrich at disig.sk>
      don't leave bogus errors in the queue
      New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)     from a digest algorithm.
      update cms code to use X509_ALGOR_set_md instead of internal function
      Algorithm specific ASN1 signing functions.
      Extend PSS padding code to support different digests for MGF1 and message.
      Add support for new PSS functions in RSA EVP_PKEY_METHOD
      ctrl operations to retrieve RSA algorithm settings
      RSA PSS ASN1 signing method
      alg2 can be NULL
      Submitted by: Martin Kaiser
      missing goto meant signature was never printed out
      PR: 2192     Submitted By: Jaroslav Imrich <jaroslav.imrich at disig.sk>
      new sigopt and PSS support for req and x509 utilities
      add X509_CRL_sign_ctx function
      add -sigopt option to ca utility
      update CHANGES
      clear bogus errors in ca utility
      free up sigopts STACK
      print signature parameters with CRLs too
      workaround for missing definition in some headers
      PR: 1731 and maybe 2197
      initialise buf if wrong_info not used
      update FAQ
      PR: 1813     Submitted by: Torsten Hilbrich <torsten.hilbrich at secunet.com>
      PR: 1904     Submitted by: David Woodhouse <dwmw2 at infradead.org>
      sync ordinals with 1.0.0
      PR: 1763
      PR: 1696
      update HEAD FAQ
      update FAQ
      update FAQ
      fix FAQ
      update FAQ
      fix FAQ (again)
      PR: 2220
      PR: 2223     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2219     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2218     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2209     Submitted Daniel Mentz <danielml at sent.com>
      Remove obsolete PRNG note. Add comment about use of SHA256 et al.
      Add SHA2 algorithms to SSL_library_init(). Although these aren't used     directly by SSL/TLS SHA2 certificates are becoming more common and     applications that only call SSL_library_init() and not     OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
      make GOST MAC work again
      PR: 2228     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2229     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2230     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      check ASN1 type before using it
      fix bug in ccgost CFB mode code
      fix signed/unsigned comparison warnings
      update FAQ
      PR: 2235     Submitted By: Bruce Stephens <bruce.stephens at isode.com>
      PR: 2234     Submitted By: Matthias Andree <matthias.andree at gmx.de>
      oops, commit Configure part of PR#2234
      oops revert patch not part of Configure diff
      new function to diff tm structures
      PR: 2241     Submitted By: Artemy Lebedev <vagran.ast at gmail.com>
      experimental function to convert ASN1_TIME to tm, not used or even compiled in yet
      PR: 2250     Submitted By: Ger Hobbelt <ger at hobbelt.com>
      PR: 2244     Submitted By: "PMHager" <hager at dortmund.net>
      PR: 2230     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2252     Submitted By: Ger Hobbelt <ger at hobbelt.com>
      PR: 2255     Submitted By: Ger Hobbelt <ger at hobbelt.com>
      PR: 2253     Submitted By: Ger Hobbelt <ger at hobbelt.com>
      oops, revert test patch
      PR: 2259     Submitted By: Artem Chuprina <ran at cryptocom.ru>
      Update cms-test.pl to handle some Unix like Windows environments where     calling shlib_wrap.sh doesn't work.
      oops, typo
      Stop compiler complaining in pedantic mode: may be a better way to do this...
      PR: 2251     Submitted by: Ger Hobbelt <ger at hobbelt.com>     Approved by: steve at openssl.org
      PR: 2254     Submitted by: Ger Hobbelt <ger at hobbelt.com>     Approved by: steve at openssl.org
      Avoid use of ex_data free function in Chil ENGINE so it can be safely     reloaded.
      PR: 2266     Submitted By: Jonathan Gray <jsg at goblin.cx>
      PR: 2258     Submitted By: Ger Hobbelt <ger at hobbelt.com>
      PR: 2261     Submitted By: De Rudder, Stephen L." <s_derudder at tditx.com>
      PR: 2262     Submitted By: Victor Wagner <vitus at cryptocom.ru>
      update NEWS
      PR: 2278     Submitted By: Mattias Ellert <mattias.ellert at fysast.uu.se>
      fix PR#2261 in a different way
      add CVE-2010-0742 and CVS-2010-1633 fixes
      update FAQ
      clarify comment
      no need for empty fragments with TLS 1.1 and later due to explicit IV
      i variable is used on some platforms
      PR: 2297     Submitted by: Antony, Benoy <bantony at ebay.com>     Approved by: steve at openssl.org
      Fix warnings (From HEAD, original patch by Ben).
      oops, revert wrong patch..
      PR: 1830     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>, Steve Henson
      Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),     this means that some implementations will be used automatically, e.g. aesni,     we do this for cryptodev anyway.
      Fix WIN32 build system to correctly link ENGINE DLLs contained in a     directory: currently the GOST ENGINE is the only case.
      Add modes.h and cmac to WIN32 build system.
      Update symhacks.
      Sync ordinals and update.
      WIN32 build fix.
      #if out deleted function from headers so it isn't picked up by WIN32 build     system.
      Add new type ossl_ssize_t instead of ssize_t and move definitions to     e_os2.h, this should fix WIN32 compilation issues and hopefully avoid     conflicts with other headers which may workaround ssize_t in different ways.
      Make ctr mode behaviour consistent with other modes.
      Fix ctr mode properly this time....
      PR: 2315
      PR: 1833     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      sync and update ordinals
      PR: 1833     Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
      fix bug in AES_unwrap()
      make no-gost work on Windows
      Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),     this means that some implementations will be used automatically, e.g. aesni,     we do this for cryptodev anyway.
      Typo, PR#2346
      Minor documentation fixes, PR#2344
      Minor documentation fixes, PR#2345
      fix warnings
      fix signature printing routines
      We can't always read 6 bytes in an OCSP response: fix so error statuses     are read correctly for non-blocking I/O.
      PR: 2314     Submitted by: Mounir IDRASSI <mounir.idrassi at idrix.net>     Reviewed by: steve
      move CHANGES entry to correct place
      PR: 2295     Submitted by: Alexei Khlebnikov <alexei.khlebnikov at opera.com>     Reviewed by: steve
      Submitted by: Jonathan Dixon <joth at chromium.org>     Reviewed by: steve
      PR: 2366     Submitted by: Damien Miller <djm at mindrot.org>     Reviewed by: steve
      Submitted By: Bogdan Harjoc <harjoc at gmail.com>     Add missing debug WIN64 targets.
      preliminary acknowledgments file
      Get correct GOST private key instead of just assuming the last one is     correct: this isn't always true if we have more than one certificate.
      Only use explicit IV if cipher is in CBC mode.
      If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and     we should use its method instead of any generic one.
      add TLS v1.1 options to s_server
      bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files
      Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.
      oops, reinstate TLSv1 string
      PR: 2372     Submitted by: "W.C.A. Wijngaards" <wouter at nlnetlabs.nl>     Reviewed by: steve
      fix no SIGALRM case in speed.c
      compile cts128.c on VMS
      remove duplicate statement
      PR: 2374     Submitted by: Guenter <lists at gknw.net>     Reviewed by: steve
      PR: 2375     Submitted by: Guenter <lists at gknw.net>     Reviewed by: steve
      PR: 2376     Submitted by: Guenter <lists at gknw.net>     Reviewed by: steve
      add pice of PR#2295 not committed to HEAD
      constify EVP_PKEY_new_mac_key()
      use generalise mac API for SSL key generation
      oops, revert invalid change
      add "missing" functions to copy EVP_PKEY_METHOD and examine info
      VERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this     stage and probably wont work properly.
      fix typo in HMAC redirection, add HMAC INIT tracing
      using_ecc doesn't just apply to TLSv1
      PR: 2240     Submitted by: Jack Lloyd <lloyd at randombit.net>, "Mounir IDRASSI" <mounir.idrassi at idrix.net>, steve     Reviewed by: steve
      Some of the MS_STATIC use in crypto/evp is a legacy from the days when     EVP_MD_CTX was much larger: it isn't needed anymore.
      apply J-PKAKE fix to HEAD (original by Ben)
      PR: 2385     Submitted by: Stefan Birrer <stefan.birrer at adnovum.ch>     Reviewed by: steve
      update FAQ
      use right version this time in FAQ
      fix doc typos
      PR: 2386     Submitted by: Stefan Birrer <stefan.birrer at adnovum.ch>     Reviewed by: steve
      update FAQ
      ignore leading null fields
      Support routines for ASN1 scanning function, doesn't do much yet.
      avoid verification loops in trusted store when path building
      PR: 2413     Submitted by: Michael Bergandi <mbergandi at gmail.com>     Reviewed by: steve
      PR: 2410     Submitted by: Rob Austein <sra at hactrn.net>     Reviewed by: steve
      Fix escaping code for string printing. If *any* escaping is enabled we     must escape the escape character itself (backslash).
      PR: 2411     Submitted by: Rob Austein <sra at hactrn.net>     Reviewed by: steve
      oops missed an assert
      Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed     alert.
      Don't use decryption_failed alert for TLS v1.1 or later.
      add X9.31 prime generation routines from 0.9.8 branch
      move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
      missed change in ACKNOWLEDGEMENTS file
      stop warning with no-engine
      add va_list version of ERR_add_error_data
      Add additional parameter to dsa_builtin_paramgen to output the generated     seed to: this doesn't introduce any binary compatibility issues as the     function is only used internally.
      oops, revert mistakenly committed EC changes
      PR: 1612     Submitted by: Robert Jackson <robert at rjsweb.net>     Reviewed by: steve
      check EC public key isn't point at infinity
      New function EC_KEY_set_affine_coordinates() this performs all the     NIST PKV tests.
      PR: 2433     Submitted by: Chris Wilson <chris at qwirx.com>     Reviewed by: steve
      revert Makefile change
      recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
      Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of     DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()     and DSA_do_verify().
      Move BN_options function to bn_print.c to remove dependency for BIO printf     routines from bn_lib.c
      Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate     crypto and ENGINE dependencies in RSA library.
      And so it begins... again.
      add some missing fips files
      add fips/Makefile
      add fips/des/Makefile
      add fips/aes/Makefile
      add fips/sha files
      add fips_sha1_selftest.c
      add fips_premain.c.sha1
      update mkerr.pl for use fips directory, add arx.pl script
      FIPS_allow_md5() no longer exists and is no longer required
      Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet
      FIPS mode changes to make RNG compile (this will need updating later as we     need a whole new PRNG for FIPS).
      FIPS mode EVP changes:
      add new RAND errors
      FIPS mode RSA changes:
      FIPS mode DSA changes:
      FIPS DH changes: selftest checks and key range checks.
      FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR     library dependencies.
      Change AR to ARX to allow exclusion of fips object modules
      FIPS HMAC changes:
      Use ARX in crypto/Makefile
      FIPS changes to test/Makefile: rules to build FIPS test applications.
      Internal version of BN_mod_inverse allowing checking of no-inverse without     need to inspect error queue.
      update .cvsignore
      use FIPSEVP in some bn and rsa files
      Move locking and thread ID functions into new files lock.c and thr_id.c,     redirect locking to minimal FIPS_lock() function where required.
      New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies     on OpenSSL locking code. Use API in some internal FIPS files.
      Include thread ID code in fips module.
      Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer     to EVP any more.
      Update source files to handle new FIPS_lock() location. Add FIPS_lock()     definition. Remove stale function references from fips.h
      add fips_dsatest.c file
      Redirect FIPS memory allocation to FIPS_malloc() routine, remove     OpenSSL malloc dependencies.
      add FIPS API malloc/free
      add .cvsignore
      Move all FIPSAPI renames into fips.h header file, include early in     crypto.h if needed.
      Add preliminary FIPS information.
      don't descend fips directory if not in fips mode
      update version to 2.0
      use different default fips install directory
      add fiplibdir and basedir options to Configure
      Add fips option into Configure, disable endian code for no-asm and FIPS.     Make shared library default for fips.
      Fix shared build for fips
      stop warnings about no previous prototype when compiling shared engines
      Provisional, experimental support for DSA2 parameter generation algorithm.     Not properly integrated or tested yet.
      Since FIPS 186-3 specifies we use the leftmost bits of the digest     we shouldn't reject digest lengths larger than SHA256: the FIPS     algorithm tests include SHA384 and SHA512 tests.
      update README.FIPS
      fixes for DSA2 parameter generation
      Tolerate mixed case and leading zeroes when comparing.
      Support more DSA2 tests.
      Add DSA2 support to final algorithm tests: keypair and keyver.
      Don't try to set pmd if it is NULL.
      Remove DSA parameter generation from DSA selftest. It is unnecessary and     can be very slow on embedded platforms. Hard code DSA parameters instead.
      Add sign/verify digest API to handle an explicit digest instead of finalising     a context.
      Make no-asm work in fips mode. Add android platform.
      Fix target config errors.
      Cope with new DSA2 file format where some p/q only tests are made.
      Use single X931 key generation source file for FIPS and non-FIPS builds.
      Add FIPS support to mkdef.pl script, update ordinals.
      For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build     completes without linker errors.
      Add Windows FIPS build utilities.
      add -stripcr option to copy.pl from 0.9.8
      Add FIPS error codes.
      Include fips header file in err_all.c if needed.
      Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c
      Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files     that use it.
      Add FIPS support to the WIN32 build system.
      Remove unneeded functions, make some functions and variables static.
      Fix duplicate code and typo.
      Use default ASN1 if flag set.
      Fix memory leak.
      New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying     cipher handles all cipher symantics itself.
      Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:     the NULL value for the input buffer is sufficient to notice this case.
      Add CRYPTO_gcm128_tag() function to retrieve the tag.
      Initial *very* experimental EVP support for AES-GCM. Note: probably very     broken and subject to change.
      Link GCM into FIPS module. Check return value in EVP gcm.
      Experimental incomplete AES GCM algorithm test program.
      Set values to NULL after freeing them.
      Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs     in the request file need to update it to generate IVs once we have an IV     generator in place.
      Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
      Disable FIPS restrictions when doing GCM testing.
      Free keys if DSA pairwise error.
      Return security strength for supported DSA parameters: will be used     later.
      In FIPS mode only use "Generation by Testing Candidates" equivalent.
      Make Windows build work with GCM.
      New "fispcanisteronly" build option: only build fipscanister.o and     associated utilities. This functionality will be used by the validated     tarball.
      Add Makefile.fips.
      New option to disable characteristic two fields in EC code.
      Disable some functions in headers with no-ec2m
      Make no-ec2m work on Win32 build. Add nexprotoneg support too.
      Change FIPS source and utilities to use the "FIPS_" names directly     instead of using regular OpenSSL API names.
      Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new     and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1     library.
      New function BN_nist_mod_func which returns an appropriate function     if the passed prime is a NIST prime.
      Use BN_nist_mod_func to avoid need to peek error queue.
      Reorganise ECC code for inclusion in FIPS module.
      Don't use FIPS api for ec2_oct.c
      Include support for an add_lock callback to tiny FIPS locking API.
      Add ECDSA functionality to fips module. Initial very incomplete version     of algorithm test program.
      Add .cvsignore.
      Update ECDSA test program to handle ECDSA2 format files.     Correctly handle hex strings with an odd number of digits.
      Add support for SigGen and KeyPair tests.
      Ignore final '\n' when checking if hex line length is odd.
      Add FIPS flags to AES ciphers and SHA* digests.
      Add non-FIPS algorithm blocking and selftest checking.
      Update pairwise consistency checks to use SHA-256.
      Use SHA-256 in fips_test_suite.
      Add pairwise consistency test to EC.
      Experimental symbol renaming to avoid clashes with regular OpenSSL.
      Experimental FIPS symbol renaming.
      Include openssl/crypto.h first in several other files so FIPS renaming     is picked up.
      Don't need err library for Makefile.fips
      Remove debugging command.
      Update auto generated comment.
      Correct fipssyms.h for more assembly language symbols.
      Experimental perl script to edit assembly language source files,     call the assembler, then restore original file.
      Make -DOPENSSL_FIPSSYMS work for assembly language builds.
      AES GCM selftests.
      add ECDSA POST
      Move gcm128_context definition to modes_lcl.h (along with some related     definitions) so we can use it in EVP GCM code avoiding need to allocate     it.
      Make fipscanisteronly build only required files.
      *** empty log message ***
      tools and rehash not needed for fips build.
      x509v3.h header file not needed in fips algorithm test utilities.
      Need to link additional directories for fipscanisteronly build.
      Remove unnecessary dependencies.
      Create fips links even if not compiling in fips mode.
      Update dependencies.
      Remove unnecessary link directories.
      *** empty log message ***
      Remove debugging option.
      Call Makefile.fips when making a fips tarball.
      Initial perl script to filter out unneeded files for a fips tarball.
      Make "make links" work in fipscanisteronly builds.
      Don't try and update c_rehash for fipscanisteronly builds.
      Removing debugging print.
      Add modes_lcl.h to header list.
      Remove duplicate test rule.
      Add fips/ecdsa directory to mkfiles.pl
      Make fipscanisteronly work with WIN32 build system.
      Include ms directory for fips distribution.
      Make mkfiles.pl work with fipscanisteronly.
      Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when     WIN32 assembly language files are created, add norunasm option     to just translate and not run the assembler.
      Add new symbols to fipssyms.h
      Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.
      Use more portable options when making links in Makefile.fips
      Stop warnings.
      Update status information.
      Initial, provisional, subject to wholesale change, untested, probably     not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.
      Updates to DRBG: fix bugs in infrastructure. Add initial experimental     algorithm test generator.
      Fix couple of bugs in CTR DRBG implementation.
      Uninstantiate and free functions for DRBG.
      Remove need for redirection on RNG and DSS algorithm test programs: some     platforms don't support it.
      Remove redirection from fipsalgtest.pl script.
      Support I/O with files in new fips_gcmtest program.
      Add file I/O to fips_drbgvs program.
      Add meaningful error codes to DRBG.
      New SP 800-56A compliant version of DH_compute_key().
      New initial DH algorithm test driver.
      Update .cvsignore
      Update fips_dhvs to handle functional test by generating keys.
      Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.
      Add ECDH to validated module.
      Add a few more symbol renames.
      Make no-ec2m work again.
      Update status.
      make no-dsa work again
      Check requested security strength in DRBG. Add function to retrieve the     security strength.
      Remove redundant check to stop compiler warning.
      Fix warnings: signed/unisgned comparison, shadowing (in some cases global     functions such as rand() ).
      PR: 2469     Submitted by: Jim Studt <jim at studt.net>     Reviewed by: steve
      Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.
      Fix broken SRP error/function code assignment.
      Fix warnings about ignored return values.
      Implement health checks needed by SP800-90.
      Implement continuous RNG test for SP800-90 DRBGs.
      Free DRBG context in self tests.
      Use a signed value to check return value of do_cipher().
      Make some Unix builds work again.
      Fix compiler warnings.
      Remove unused function.
      Add .cvsignore
      Allow setting of get_entropy and get_nonce callbacks outside test mode.     Test mode is now set when a DRBG context is initialised.
      Disable cmac tests by default so the old algorithm test vectors work.
      Have all algorithm test programs call fips_algtest_init() at startup:     this will perform all standalone operations such as setting error     callbacks, entering FIPS mode etc.
      Add .cvsignore
      Update .cvsignore
      fix warnings
      Reorganise DRBG API so the entropy and nonce callbacks can return a     pointer to a buffer instead of copying to a fixed length buffer. This     removes the entropy and nonce length restrictions.
      Remove redundant definitions. Give error code if DRBG sefltest fails.
      Unused, untested, provisional RAND interface for DRBG.
      Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for     test applications.
      Provisional support for auto called OPENSSL_init() function. This can be     used to set up any appropriate functions such as FIPS callbacks without     requiring an explicit application call.
      Add additional OPENSSL_init() handling add dummy call to (hopefully)     ensure OPENSSL_init() is always linked into an application.
      Allow FIPS malloc callback setting. Automatically set some callbacks     in OPENSSL_init().
      Only zeroise sensitive parts of DRBG context, so the type and flags     are undisturbed.
      temporarily update .cvsignore
      delete lib file
      restore .cvsignore
      restore .cvsignore
      Make WIN32 static builds work again.
      PR: 2457     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2458     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2462     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      check RAND_pseudo_bytes return value
      Change RNG test to block oriented instead of request oriented, add option     to test a "stuck" DRBG.
      Disable test fprintf.
      Change FIPS locking functions to macros so we get useful line information.
      Use environment when builds libcrypto shared library so CC value is picked up     in FIPS builds.
      Set error code is additional data callback fails.
      Updated error codes for FIPS library.
      FIPS mode support for openssl utility: doesn't work properly yet due     to missing DRBG support in libcrypto.
      Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be     used by applications directly and the X9.31 PRNG is deprecated by new     FIPS140-2 rules anyway.
      Extensive reorganisation of PRNG handling in FIPS module: all calls     now use an internal RAND_METHOD. All dependencies to OpenSSL standard     PRNG are now removed: it is the applications resposibility to setup     the FIPS PRNG and initalise it.
      Update fipssyms.h to keep all symbols in FIPS,fips namespace.
      updated FIPS status
      check buffer is larger enough before overwriting
      Remove rand files from fipscanister.o
      Add missing error code strings.
      Update OpenSSL DRBG support code. Use date time vector as additional data.     Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
      Add fips hmac key to dgst utility.
      Update CHANGES.
      Only use fake rand once per operation. This stops the EC     pairwise consistency test interfering with the test.
      DH keys have an (until now) unused 'q' parameter. When creating     from DSA copy q across and if q present generate DH key in the     correct range.
      New function to return security strength of PRNG.
      Before initalising a live DRBG (i.e. not in test mode) run a complete health     check on a DRBG of the same type.
      Add error for health check failure.
      remove ENGINE dependency from ecdh
      Remove unused build targets from Makefile.fips, add cmac to dist list.
      Auto configure for fips is from restricted tarball.
      Clarify README.FIPS.
      set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m
      Auto detect no-ec2m add option to make no-ec2m tarball.
      fix fipscanisteronly autodetect
      Typo: fix duplicate call.
      Don't give dependency warning for fips builds.
      Reorder headers to get definitions before they are used.
      Set length to 41 (40 hex characters + null).
      Fix warning.
      Add mem_clr.c explicity for no-asm builds.
      Use correct version number.
      Update copyright year.
      Update fips_premain.c fingerprint.
      Update ECDSA selftest to use hard coded private keys. Include tests for     prime and binary fields.
      No need to disable leak checking for FIPS builds now we use internal     memory callbacks.
      Stop warning and fix memory leaks.
      Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx     when performing ECDSA selftest.
      Update RSA selftest code to use a 2048 bit RSA and only a single KAT     for PSS+SHA256
      Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key     and SHA384. Use fips_pkey_signature_test().
      Update fips_pkey_signature_test: use fixed string if supplies tbs is     NULL. Always allocate signature buffer.
      Provisional AES XTS support.
      Use consistent FIPS tarball name.
      Remove duplicate flag.
      Initial incomplete POST overhaul: add support for POST callback to     allow status of POST to be monitored and/or failures induced.
      Remove several of the old obsolete FIPS_corrupt_*() functions.
      Update CMAC, HMAC, GCM to use new POST system.
      Revise fips_test_suite to use table of IDs for human readable strings.
      Report each cipher used with CMAC tests.
      Add new POST support to X9.31 PRNG.
      Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
      Add XTS selftest, include in fips_test_suite.
      Add length limitation from SP800-38E.
      Add "post" option to fips_test_suite to run the POST only and exit.
      Remove PSS salt length detection hack from fipslagtest.pl by allowing a regexp     search of the file to determine its type. This will be needed for other tests     later...
      Remove shlib_wrap.sh as it is not needed (all algorithm tests are     staticly linked to fipscanister.o). Add option to generate a shell     script to run all tests: this is useful for platforms that don't have     perl.
      Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf     field which is not unused for custom ciphers.
      Compile ccm128.c, move some structures to modes_lcl.h add prototypes.
      Initial untested CCM support via EVP.
      CCM encrypt algorithm test support.
      Override flag for XTS length limit.
      Fix EVP CCM decrypt. Add decrypt support to algorithm test program.
      Add fips/cmac directory to WIN32 build.
      Use 0 for tbslen to perform strlen.
      Add AES CCM selftest.
      Warn if lines are truncated in algorithm test utilities.
      Add partial DH and ECDH primitives only testing to fipsalgtest.pl
      Add partial GCM tests to fipsalgtest.pl
      Add periodic DRBG health checks as required by SP800-90.
      Update DRBG to use new POST scheme.
      Add continuous RNG test to entropy source. Entropy callbacks now need     to specify a "block length".
      Update ordinals.
      Fix WIN32 warning.
      Make fipscanisteronly auto detect work on WIN32.
      Reconise no-ec-nistp224-64-gcc-128 option.
      Initial do_fips.bat build script for WIN32 fipscanister.
      Rewrite OutputValue to avoid use of buffer when printing out hex values.
      Add XTS test vector support to fipsalgtest.pl
      Return errors instead of aborting when selftest fails.
      Add PRNG security strength checking.
      Always return multiple of block length bytes from default DRBG seed     callback.
      Oops, work out expanded buffer length before allocating it...
      Make sure overrides work for RSA/DSA.
      More fixes for DSA FIPS overrides.
      Recognise invalid enable/disable options.
      Fix warning.
      Stop warnings about undefined _exit on Android.
      Don't assume version of rm supports -rf: use RM instead.
      Initial "opaque SSL" framework. If an application defines     OPENSSL_NO_SSL_INTERN all ssl related structures are opaque     and internals cannot be directly accessed. Many applications     will need some modification to support this and most likely some     additional functions added to OpenSSL.
      Initial incomplete TLS v1.2 support. New ciphersuites added, new version     checking added, SHA256 PRF support added.
      no need to include memory.h
      Update symbol translation table.
      Disable SHA256 if not supported.
      Some changes to support VxWorks in the validted module.
      For FIPS algorithm test utilities use our own version of strcasecmp and     strncasecmp to cover cases where platforms don't support them.
      Add ppc_cap.c to restricted tarball.
      Include crypto.h in ppccap.c
      Rename some more symbols.
      Handle multiple CPUID_OBJ correctly.
      Two more symbol renames.
      Quick hack to time POST.
      Stop warning in VxWorks.
      Use more portable clock_gettime() for fips_test_suite timing.
      Use faster curves for ECDSA self test.
      Fix do_fips script.
      PR: 2499     Submitted by: "James 'J.C.' Jones" <james.jc.jones at gmail.com>
      Remove useless setting.
      Include fipssyms.h for ARM builds to translate symbols.
      Fix warning.
      Remove debugging print.
      Update status.
      Remove superfluous PRNG self tests.
      Fix warning of signed/unsigned comparison.
      Hide more symbols.
      Continuing TLS v1.2 support: add support for server parsing of     signature algorithms extension and correct signature format for     server key exchange.
      Return error codes for selftest failure instead of hard assertion errors.
      Don't fail WIN32 builds on warnings.
      Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S     files in fipsdist.
      Fixes for WIN64 FIPS build.
      Don't include GF2m source files is NOEC2M set.
      Omit GF2m properly this time ;-)
      Remove FIXME comments.
      Remove gf2m modules from bn_asm if no-ec2m set.
      allow SHA384, SHA512 wit DSA
      Call fipsas.pl directly for pa-risc targets.
      Initial TLS v1.2 client support. Include a default supported signature     algorithms extension (including everything we support). Swicth to new     signature format where needed and relax ECC restrictions.
      Initialise rc.
      Update instructions.
      Add NSA sublicense info.
      Inlcude README.ECC in FIPS restricted tarball.
      Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in     the FIPS capable OpenSSL.
      Set FIPS mode for values other than 1. The only current effect     is to return a consistent value. So calling FIPS_module_mode_set(n)     for n != 0 will result in FIPS_module_mode() returning n. This     will support future expansion of more FIPS modes e.g. a Suite B mode.
      Reorder signature algorithms in strongest hash first order.
      make kerberos work with OPENSSL_NO_SSL_INTERN
      Sync ordinals.
      Add SSL_INTERN definition.
      Fix error discrepancy.
      Process signature algorithms during TLS v1.2 client authentication.
      Provisional support for TLS v1.2 client authentication: client side only.
      Enter FIPS mode by calling FIPS_module_mode_set in openssl.c until     FIPS_mode_set is implemented.
      Recognise NO_NISTP224-64-GCC-128
      NULL is a valid cspname
      new flag to stop ENGINE methods being registered
      set encodedPoint to NULL after freeing it
      inherit HMAC flags from MD_CTX
      update date
      Implement FIPS_mode and FIPS_mode_set
      Add CHANGES entry: add FIPS support to ssl
      PR: 2295     Submitted by: Alexei Khlebnikov <alexei.khlebnikov at opera.com>     Reviewed by: steve
      PR: 2522     Submitted by: Henrik Grindal Bakken <henribak at cisco.com>
      use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS
      PR: 2505     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2506     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2512     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      Oops use up to date patch for PR#2506
      Some nextproto patches broke DTLS: fix
      Fix the ECDSA timing attack mentioned in the paper at:
      Fix the ECDSA timing attack mentioned in the paper at:
      PR: 2527     Submitted by: Marcus Meissner <meissner at suse.de>     Reviewed by: steve
      PR: 2529     Submitted by: Marcus Meissner <meissner at suse.de>     Reviewed by: steve
      PR: 2533     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      Don't advertise or use MD5 for TLS v1.2 in FIPS mode
      More symbol renaming.
      Only install FIPS related files for fipscanisteronly build.
      Install fips_standalone_sha1 and make use of it in fipsld script.
      In fipsld use FIPSLIBCRYPTO environment variable to specify an alternative     location for libcrypto.a, support shared library builds in different     source tree.
      Use FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld.     Use current directory for fips_premain_dso
      Rename many internal only module functions from FIPS_* to fips_*.
      Add prototypes for FIPS EVP implementations: for use in FIPS capable     OpenSSL.
      Add FIPS_digestinit prototype for FIPS capable OpenSSL.
      Prototypes for more FIPS functions for use in FIPS capable OpenSSL.
      Add more cipher prototypes.
      Output supported curves in preference order instead of numerically.
      Don't round up partitioned premaster secret length if there is only one     digest in use: this caused the PRF to fail for an odd premaster secret     length.
      Fake CPU caps so fips_standalone_sha1 compiles.
      set FIPS permitted flag before initalising digest
      Add DSA and ECDSA "clone digests" to module for compatibility with old     applications.
      Clone digest prototypes.
      Simple automated certificate creation demo.
      Move FIPS RSA function definitions to fips.h
      Remove FIPS RSA functions from crypto/rsa.
      Constify RSA signature buffer.
      Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is     FIPS capable: i.e. FIPS module is supplied externally.
      license correction, no EAY code included in this file
      fix error discrepancy
      Move function prototype to fips.h
      Set SSL_FIPS flag in ECC ciphersuites.
      Add prototypes for some FIPS EC functions.
      Set flags in ECDH and ECDSA methods for FIPS.
      Add flags for DH FIPS method.
      fix memory leak
      Add more prototypes.
      more prototypes in fips.h
      Install FIPS module in FIPSDIR if set.
      Remove x509.h from SHA1 clone digests, update dependencies.
      Update dependencies for m_dss.c too.
      #undef bn_div_words as it is defined for FIPS builds.
      CMAC FIPS prototypes.
      HMAC fips prototypes
      Use FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL.
      Don't export functions marked as FIPSCAPABLE.
      sync and update ordinals
      Allow applications to specify alternative FIPS RAND methods if they     are sure they are OK.
      make sure custom cipher flag doesn't use any mode bits
      set FIPS allow before initialising ctx
      Update to mk1mf.pl and ms\do_fips.bat to install relevant files for     WIN32 FIPS builds.
      Don't include des.h any more: it is not needed.
      Option "fipscheck" which checks to see if FIPS is autodetected in     a build. Use this for WIN32 builds.
      Give parameters names in prototypes.
      Initial FIPS capable OpenSSL information
      Strip CRs when installing fips_premain.c Correct compat library rule     in FIPS mode.
      add null cipher to FIPS module
      make EVP_dss() work for DSA signing
      Add prototype for null cipher.
      Don't set FIPS rand method at same time as RAND method as this can cause the     FIPS library to fail. Applications that want to set the FIPS rand method can do     so explicitly and presumably they know what they are doing...
      allow MD5 use for computing old format hash links
      add symbol rename
      Now the FIPS capable OpenSSL is available simplify the various FIPS test     build options.
      stop complaints about no CVS version
      correctly encode OIDs near 2^32
      PR: 2540     Submitted by: emmanuel.azencot at bull.net     Reviewed by: steve
      PR: 2543     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2470     Submitted by: Corinna Vinschen <vinschen at redhat.com>     Reviewed by: steve
      Add sparcv9cap.c to restricted tarball.
      get the filename right
      allow KERNEL_BITS to be specified in the environment
      Add stub for HMAC DRBG.
      Fix CPRNG test for Hash DRBG.
      auto detect configuration using KERNEL_BITS and CC
      Recognise fipscheck option and call fipsas for WIN64 builds.
      Add no-asm argument to Configure if needed.
      Delete any EXARG value first.
      Additional error checking.
      If make clean fails it is not a fatal error.
      Add functions to return FIPS module version.
      Rename symbol.
      PR: 2556 (partial)     Reported by: Daniel Marschall <daniel-marschall at viathinksoft.de>     Reviewed by: steve
      Add support for ECCCDH test format.
      PR: 2550     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2555     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2559     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      Rename another symbol.
      stop warnings
      Make sure OPENSSL_FIPSCANISTER is visible to ARM assembly language files.
      More symbol renaming.
      Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and     prohibit use of these ciphersuites for TLS < 1.2
      oops, remove debug option
      Update CHANGES.
      Fix warnings.
      recognise ecdsaWithSHA1 OID
      Expand range of ctrls for AES GCM to support retrieval and setting of     invocation field.
      fix memory leak
      Initial support for tests for 2.0 module. Not complete and not all working     yet.
      Fix DSA to skip EOL test when parsing mod line.
      Use "resp" for default directory name for .rsp files.
      Add HMAC DRBG from SP800-90
      Remove redundant assignment.
      Include armcap.c in fips tarball.
      prevent compilation errors and warnings
      aesni TLS GCM support
      Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA     using OBJ xref utilities instead of string comparison with OID name.
      Enable rsa-pss0 for non-v2 tests.
      quote LIBS to copy with empty string
      Delete library install from Makefile.fips: it isn't used.
      Update instructions to recommend use of included incore script.
      Fix fipsalgtest.pl to still work with old test vectors.
      Correct maximum request length. SP800-90 quotes maximum bits, not bytes.
      Rename sparc symbols.
      Don't use some object files in FIPS build.
      Fix warning.
      Add support for canonical generation of DSA parameter g.     Modify fips_dssvs to support appropriate file format.
      Add support for DSA2 PQG generation of g parameter.
      Fix ecdh primitives test command line.
      Print private key component is -exout parameter is given.
      PR: 2586     Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com>     Reviewed by: steve
      PR: 2586     Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com>     Reviewed by: steve
      PR: 2588     Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com>     Reviewed by: steve
      PR: 2589     Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com>     Reviewed by: steve
      PR: 2573     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      Stop warnings.
      make timing attack protection unconditional
      PR: 2340     Submitted by: "Mauro H. Leggieri" <mxmauro at caiman.com.ar>     Reviewed by: steve
      Sync ordinals with 1.0.1-stable.
      PR: 2576     Submitted by: Doug Goldstein <cardoe at gentoo.org>     Reviewed by: steve
      Don't use *from++ in tolower as this is implemented as a macro on some     platforms. Thanks to Shayne Murray <Shayne.Murray at Polycom.com> for     reporting this issue.
      Rename some more symbols for fips module.
      Extension of DRBG selftests using new data.
      Add header to Makefile.
      Update dependencies.
      Don't perform full DRBG health check on all DRBG types on power up, just     one shorter KAT per mechanism.
      Place DRBG in error state if health check fails.
      Check reseed interval before generating output.
      Update FAQ.
      Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past     produce an error (CVE-2011-3207)
      Add error codes for DRBG KAT failures.
      Put quick DRBG selftest return after first generate operation.
      Add /fixed option to linker with fips builds.
      Add support for Dual EC DRBG from SP800-90. Include updates to algorithm     tests and POST code.
      Fix 3DES Monte Carlo test file output which previously outputted     extra bogus lines. Update fipsalgtest.pl to tolerate the old format.
      Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we     don't set type in FIPS_drbg_new().
      Delete strength parameter from FIPS_drbg_generate. It isn't very useful     (strength can be queried using FIPS_drbg_get_strength ) and adds a     substantial extra overhead to health check (need to check every combination     of parameters).
      Check length of additional input in DRBG generate function.
      More extensive DRBG health check. New function to call health check     for all DRBG combinations.
      new function to lookup FIPS supported ciphers by NID
      Remove fipsdso target: it isn't supported in the 2.0 module.
      Update CMAC/HMAC sefltests to use NIDs instead of function pointers.
      Fix warning.
      Make HMAC kat symbols static.
      Don't use vpaes in fips builds and exclude from restricted tarball.
      Minor code tidy and bug fix: need to set t = s after first pass and     t and s do not need to have independent values after the first pass     so set t = s.
      clarify comment
      Sync error codes with 1.0.1-stable.
      Allow reseed interval to be set.
      Update error codes.
      Revise DRBG to split between internal and external flags.
      Perform health check on all reseed operations not associated with     prediction resistance requests. Although SP 800-90 is arguably unclear     on whether this is necessary adding an additional check has minimal     penalty (very few applications will make an explicit reseed request).
      Remove unused variable.
      Don't print out errors in cases where errors are expected: testing     DSA parameter validity and EC public key validity.
      Use function name FIPS_drbg_health_check() for health check function.
      Run PQGVer test before DSA2 tests.
      PR: 2347     Submitted by: Tomas Mraz <tmraz at redhat.com>     Reviewed by: steve
      PR: 2602     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2606     Submitted by: Christoph Viethen <cv at kawo2.rwth-aachen.de>     Reviewed by: steve
      use keyformat for -x509toreq, don't hard code PEM
      make sure eivlen is initialised
      Handle provable prime parameters for canonical g generation which are     sometimes erroneously included.
      Add a --disable-all option to disable all tests.
      fix signed/unsigned warning
      Fix output format for DSA2 parameter generation.
      Check return codes properly.
      Remove s = s * P deferral.
      Add FIPS selftests for ECDH algorithm.
      make depend
      Never echo Num lines for PQGGen DSA2 test.
      Make fips algorithm test utilities use RESP_EOL for end of line character(s).     This should be CRLF even under *nix.
      ? crypto/aes/aes-armv4.S     ? crypto/aes/aesni-sha1-x86_64.s     ? crypto/aes/aesni-x86_64.s     ? crypto/aes/foo.pl     ? crypto/aes/vpaes-x86_64.s     ? crypto/bn/.bn_lib.c.swp     ? crypto/bn/armv4-gf2m.S     ? crypto/bn/diffs     ? crypto/bn/modexp512-x86_64.s     ? crypto/bn/x86_64-gf2m.s     ? crypto/bn/x86_64-mont5.s     ? crypto/ec/bc.txt     ? crypto/ec/diffs     ? crypto/modes/a.out     ? crypto/modes/diffs     ? crypto/modes/ghash-armv4.S     ? crypto/modes/ghash-x86_64.s     ? crypto/modes/op.h     ? crypto/modes/tst.c     ? crypto/modes/x.h     ? crypto/objects/.obj_xref.txt.swp     ? crypto/rand/diffs     ? crypto/sha/sha-512     ? crypto/sha/sha1-armv4-large.S     ? crypto/sha/sha256-armv4.S     ? crypto/sha/sha512-armv4.S     Index: crypto/objects/obj_xref.c     ===================================================================     RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v     retrieving revision 1.9     diff -u -r1.9 obj_xref.c     --- cryp
 to/objects/obj_xref.c	5 Nov 2008 18:38:58 -0000	1.9     +++ crypto/objects/obj_xref.c	6 Oct 2011 20:30:21 -0000     @@ -110,8 +110,10 @@      #endif      	if (rv == NULL)      		return 0;     -	*pdig_nid = rv->hash_id;     -	*ppkey_nid = rv->pkey_id;     +	if (pdig_nid)     +		*pdig_nid = rv->hash_id;     +	if (ppkey_nid)     +		*ppkey_nid = rv->pkey_id;      	return 1;      	}
      use client version when eliminating TLS v1.2 ciphersuites in client hello
      New -force_pubkey option to x509 utility to supply a different public     key to the one in a request. This is useful for cases where the public     key cannot be used for signing e.g. DH.
      Add fips/ecdh directory.
      PR: 2482     Submitted by: Rob Austein <sra at hactrn.net>     Reviewed by: steve
      Sync ordinals with 1.0.1-stable.
      fix memory leaks
      fix CHANGES entry
      Synv ordinals with 1.0.1-stable.
      Don't disable TLS v1.2 by default now.
      disable GCM if not available
      add GCM ciphers in SSL_library_init
      fix leak properly this time...
      remove some debugging code
      def_rsa_finish not used any more.
      print out subgroup order if present
      update pkey method initialisation and copy
      Only include one ECDH selftest.
      Fix warnings.
      ECDH POST selftest failure inducing support.
      Handle broken test on verify too.
      Updates to handle some verification of v2 tests.
      Update instructions.
      Handle partial test where H is absent: needed to check g generation.
      Skip ECDH sanity check. Add --compare-all to run comparison tests on     all files instead of sanity checks.
      Remove o_init.o special case from Makefile: this doesn't work.
      Update README.FIPS for new FIPS 2.0 testvectors.
      increase test RSA key size to 1024 bits
      Print curve type for signature tests.
      Add usage messages.
      Don't use TPREFIX shell variable for minimal script.
      Allow override of GCCVER and noexecstack checking from environment.
      more vxworks patches
      Clarify usage message.
      L=3072, N=256 provides 128 bits of security not 112.
      Do global replace to remove assembly language object files.
      Update premain fingerprint.
      Recognise new option.
      Build fipscanister.o only by default. Utility build now needs     make build_tests
      Typo (?)
      add authentication parameter to FIPS_module_mode_set
      Add "nopass" for empty password too.
      Fix error codes.
      Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX.
      fix (?) AVX clearing
      Update error codes.
      Check for selftest failure in various places.
      No need for custom flag in XTS mode: block length is 1.
      Use correct tag for SRP username.
      PR: 2632     Submitted by: emmanuel.azencot at bull.net     Reviewed by: steve
      PR: 2628     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2628     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      Add fips_algvs utility (from FIPS 2.0 stable branch).
      Print out an error for "make test" in FIPS builds. (from FIPS stable)
      Remove duplicate test from health check.     Fix memory leaks by uninstantiating DRBG before reinitialising it.
      Add support for memory leak checking in fips_algvs.
      Add single call public key sign and verify functions.
      fix set but unused warnings
      typo: use key for POST callback
      make post failure simulation reversible in all cases
      Update fips_test_suite to take multiple command line options and     an induced error checking function.
      check for unset entropy and nonce callbacks
      portability fix for some perl versions
      PR: 1794     Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>     Reviewed by: steve
      Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
      In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order
      bcmp doesn't exist on all platforms, replace with memcmp
      move internal functions to ssl_locl.h
      add strp.h to mkdef.pl headers
      sync and update ordinals
      add cryptlib.h to mkdef.pl
      sync and update ordinals
      PR: 1794     Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>     Reviewed by: steve
      check counter value against 4 * L, not 4096
      return error if counter exceeds limit and seed value supplied
      Correct some parameter values.
      Update DH_check() to peform sensible checks when q parameter is present.
      The default CN prompt message can be confusing when often the CN needs to      be the server FQDN: change it.     [Reported by PSW Group]
      Initial experimental support for X9.42 DH parameter format to handle     RFC5114 parameters and X9.42 DH public and private keys.
      Document RFC5114 "generation" options.
      fix error discrepancy
      transparently handle X9.42 DH parameters
      Replace expired test server and client certificates with new ones.
      implement -attime option as a verify parameter then it works with all relevant applications
      update CHANGES
      add commented out option to allow use of older PKITS data
      use different names for asm temp files to avoid problems on some platforms
      add cofactor ECDH support from fips branch
      Updates from fips2 branch: close streams in test utilities, use cofactor ECDH     add new key and signature generation tests to fips_test_suite.
      detect and use older PKITS data
      Add private keys and generation scripts for test certificates in apps     directory.
      PR: 1794     Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>     Reviewed by: steve
      update CHANGES
      PR: 2563     Submitted by: Paul Green <Paul.Green at stratus.com>     Reviewed by: steve
      New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.     New function to retrieve compression method from SSL_SESSION structure.
      remove prototype for deleted SRP function
      sync and update ordinals
      delete unimplemented function from header file, update ordinals
      recognise DECLARE_PEM_write_const, update ordinals
      PR: 2535     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      recognise SCTP in mkdef.pl script
      recognise no-sctp
      PR: 2326     Submitted by: Tianjie Mao <tjmao at tjmao.net>     Reviewed by: steve
      PR: 1794     Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>     Reviewed by: steve
      fix deprecated statement
      fix error code
      update default depflags
      make update
      PR: 2658     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      update CHANGES
      recognise HEARTBEATS in mkdef.pl script
      incomplete provisional OAEP CMS decrypt support
      only send heartbeat extension from server if client sent one
      oops, revert wrong patch
      Submitted by: Adam Langley <agl at chromium.org>     Reviewed by: steve
      fix warnings
      update FAQ
      Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
      Check GOST parameters are not NULL (CVE-2012-0027)
      fix CHANGES
      Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
      Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
      Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>, Michael Tuexen <tuexen at fh-muenster.de>     Reviewed by: steve
      update CHANGES
      disable heartbeats if tlsext disabled
      Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>     Reviewed by: steve
      PR: 2671     Submitted by: steve
      fix warning (revert original patch)
      fix warning
      Support for fixed DH ciphersuites.
      fix CHANGES entry
      Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.     Thanks to Antonio Martin, Enterprise Secure Access Research and     Development, Cisco Systems, Inc. for discovering this bug and     preparing a fix. (CVE-2012-0050)
      return error if md is NULL
      oops revert debug change
      add support for use of fixed DH client certificates
      add example for DH certificate generation
      initialise dh_clnt
      allow key agreement for SSL/TLS certificates
      Tidy/enhance certificate chain output code.
      Revise ssl code to use a CERT_PKEY structure when outputting a     certificate chain instead of an X509 structure.
      code tidy
      Add support for distinct certificate chains per key type and per SSL     structure.
      Modify client hello version when renegotiating to enhance interop with     some servers.
      oops, revert unrelated changes
      Submitted by: Eric Rescorla <ekr at rtfm.com>
      add fips blocking overrides to command line utilities
      only cleanup ctx if we need to, save ctx flags when we do
      PR: 2714     Submitted by: Tomas Mraz <tmraz at redhat.com>
      PR: 2710     Submitted by: Tomas Mraz <tmraz at redhat.com>
      PR: 2704     Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>
      Submitted by: Eric Rescorla <ekr at rtfm.com>
      PR: 2705     Submitted by: Alexey Melnikov <alexey.melnikov at isode.com>
      PR: 2703     Submitted by: Alexey Melnikov <alexey.melnikov at isode.com>
      PR: 2716     Submitted by: Adam Langley <agl at google.com>
      PR: 2717     Submitted by: Tim Rice <tim at multitalents.net>
      PR: 2713     Submitted by: Tomas Mraz <tmraz at redhat.com>
      An incompatibility has always existed between the format used for RSA     signatures and MDC2 using EVP or RSA_sign. This has become more apparent     when the dgst utility in OpenSSL 1.0.0 and later switched to using the     EVP_DigestSign functions which call RSA_sign.
      Additional compatibility fix for MDC2 signature format.
      Fix bug in CVE-2011-4619: check we have really received a client hello     before rejecting multiple SGC restarts.
      Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert     between NIDs and the more common NIST names such as "P-256". Enhance     ecparam utility and ECC method to recognise the NIST names for curves.
      initialise i if n == 0
      SSL export fixes (from Adam Langley) [original from 1.0.1]
      ABI compliance fixes.
      PR: 2727     Submitted by: Bruce Stephens <bruce.stephens at isode.com>
      PR: 2696     Submitted by: Rob Austein <sra at hactrn.net>
      PR: 2711     Submitted by: Tomas Mraz <tmraz at redhat.com>
      ABI fixes from 1.0.1-stable
      PR: 2730     Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy at scientificgames.se>
      Detect symmetric crypto errors in PKCS7_decrypt.
      free headers after use in error message
      PR: 2735
      PR: 2739     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2737     Submitted by: Remi Gacogne <rgacogne-bugs at coredump.fr>
      PR: 2736     Reported by: Remi Gacogne <rgacogne-bugs at coredump.fr>
      Fix memory leak cause by race condition when creating public keys.
      PR: 2742     Reported by: Dmitry Belyavsky <beldmit at gmail.com>
      PR: 2743     Reported by: Dmitry Belyavsky <beldmit at gmail.com>
      don't do loop check for single self signed certificate
      PR: 2748     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      PR: 2755     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      New ctrls to retrieve supported signature algorithms and curves and     extensions to s_client and s_server to print out retrieved valued.
      check return value of BIO_write in PKCS7_decrypt
      PR: 2756     Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
      Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>
      PR: 2744     Submitted by: Dmitry Belyavsky <beldmit at gmail.com>
      update NEWS
      Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and     continue with symmetric decryption process to avoid leaking timing     information to an attacker.
      corrected fix to PR#2711 and also cover mime_param_cmp
      update FAQ, NEWS
      oops, revert unrelated patches
      Always use SSLv23_{client,server}_method in s_client.c and s_server.c,     the old code came from SSLeay days before TLS was even supported.
      use client version when deciding whether to send supported signature algorithms extension
      Submitted by: Markus Friedl <mfriedl at gmail.com>
      fix leak
      Initial revision of ECC extension handling.
      don't shadow
      PR: 2778(part)     Submitted by: John Fitzgibbon <john_fitzgibbon at yahoo.com>
      Update ordinals.
      Tidy up EC parameter check code: instead of accessing internal structures     add utility functions to t1_lib.c to check if EC certificates and parameters     are consistent with peer.
      add FAQ about version numbers
      Add support for automatic ECDH temporary key parameter selection. When     enabled instead of requiring an application to hard code a (possibly     inappropriate) parameter set and delve into EC internals we just     automatically use the preferred curve.
      Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>
      update rather ancient EVP digest documentation
      make reinitialisation work for CMAC
      fix reset fix
      use different variable for chain iteration
      Add options to set additional type specific certificate chains to     s_server.
      Partial workaround for PR#2771.
      Additional workaround for PR#2771
      correct error codes
      recognise X9.42 DH certificates on servers
      update FAQ
      Check for potentially exploitable overflows in asn1_d2i_read_bio     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer     in CRYPTO_realloc_clean.
      PR: 2239     Submitted by: Dominik Oepen <oepen at informatik.hu-berlin.de>
      correct old FAQ answers
      check correctness of errors before updating them so we don't get bogus errors added
      correct error code
      update NEWS
      oops, not yet ;-)
      Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>     Reviewed by: steve     Improved localisation of TLS extension handling and code tidy.
      Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and     OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
      update FAQ
      update NEWS
      Don't try to use unvalidated composite ciphers in FIPS mode
      Reported by: Solar Designer of Openwall
      update FAQ
      Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and     DTLS to fix DoS attack.
      PR: 2806     Submitted by: PK <runningdoglackey at yahoo.com>
      PR: 2811     Reported by: Phil Pennock <openssl-dev at spodhuis.org>
      PR: 2813     Reported by: Constantine Sapuntzakis <csapuntz at gmail.com>
      print out issuer and subject unique identifier fields in certificates
      New functions to retrieve certificate signatures and signature OID NID.
      Initial record tracing code. Print out all fields in SSL/TLS records     for debugging purposes. Needs "enable-ssl-trace" configuration option.
      Make it possible to delete all certificates from an SSL structure.
      fix clashing error code
      oops, add -debug_decrypt option which was accidenatally left out
      Add support for application defined signature algorithms for use with     TLS v1.2. These are sent as an extension for clients and during a certificate     request for servers.
      Reorganise supported signature algorithm extension processing.
      don't use pseudo digests for default values of keys
      Add new "valid_flags" field to CERT_PKEY structure which determines what     the certificate can be used for (if anything). Set valid_flags field     in new tls1_check_chain function. Simplify ssl_set_cert_masks which used     to have similar checks in it.
      Function tls1_check_ec_server_key is now redundant as we make     appropriate checks in tls1_check_chain.
      Add certificate callback. If set this is called whenever a certificate     is required by client or server. An application can decide which     certificate chain to present based on arbitrary criteria: for example     supported signature algorithms. Add very simple example to s_server.     This fixes many of the problems and restrictions of the existing client     certificate callback: for example you can now clear existing certificates     and specify the whole chain.
      recognise OPENSSL_NO_SSL_TRACE
      Fix Win32 build.
      remove unnecessary attempt to automatically call OPENSSL_init
      Separate client and server permitted signature algorithm support: by default     the permitted signature algorithms for server and client authentication     are the same but it is now possible to set different algorithms for client     authentication only.
      no need to check s->server as default_nid is never used for TLS 1.2 client authentication
      new function SSL_is_server to which returns 1 is the corresponding SSL context is for a server
      add support for client certificate callbak, fix memory leak
      cert_flags is unsigned
      Fix memory leak.
      PR: 2840     Reported by: David McCullough <david_mccullough at mcafee.com>
      add missing evp_cnf.c file
      Add new ctrl to retrieve client certificate types, print out     details in s_client.
      update trace messages
      reinclude crypto.h: this is needed in HEAD only to get the __fips_constseg definition
      New function ssl_set_client_disabled to set masks for any ciphersuites     that are disabled for this session (as opposed to always disabled by     configuration).
      Don't ignore (\!) reference count in X509_STORE_free
      add ssl_locl.h to err header files, rebuild ssl error strings
      stop warning
      set ciphers to NULL before calling cert_cb
      update NEWS
      Add support for certificate stores in CERT structure. This makes it     possible to have different stores per SSL structure or one store in     the parent SSL_CTX. Include distint stores for certificate chain     verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN     to build and store a certificate chain in CERT structure: returing     an error if the chain cannot be built: this will allow applications     to test if a chain is correctly configured.
      check EC tmp key matches preferences
      Abort handshake if signature algorithm used not supported by peer.
      Make tls1_check_chain return a set of flags indicating checks passed     by a certificate chain. Add additional tests to handle client     certificates: checks for matching certificate type and issuer name     comparison.
      add suite B chain validation flags and associated verify errors
      Rename Suite B functions for consistency.
      update ordinals
      Add three Suite B modes to TLS code, supporting RFC6460.
      PR: 2786     Reported by: Tomas Mraz <tmraz at redhat.com>
      update debug-steve* configurations
      New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes     all derived keys to the message callback.
      oops, typo
      Add compilation flag to disable certain protocol checks and allow use of     some invalid operations for testing purposes. Currently this can be used     to sign using digests the peer doesn't support, EC curves the peer     doesn't support and use certificates which don't match the type associated     with a ciphersuite.
      give more meaningful error if presented with wrong certificate type by server
      make EC test certificates usable for ECDH
      perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
      Don't load GOST ENGINE if it is already loaded.
      store and print out message digest peer signed with in TLS 1.2
      new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client
      New -valid option to add a certificate to the ca index.txt that is valid and not revoked
      Extend certificate creation examples to include CRL generation and sample     scripts running the test OCSP responder.
      update README
      fix memory leak
      Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate     change the current certificate (in s->cert->key) to the one used and then     SSL_get_certificate and SSL_get_privatekey will automatically work.
      fix memory leak
      enhance EC method to support setting curve type when generating keys and add parameter encoding option
      Add ctrl and utility functions to retrieve raw cipher list sent by client in     client hello message. Previously this could only be retrieved on an initial     connection and it was impossible to determine the cipher IDs of any uknown     ciphersuites.
      Add -brief option to s_client and s_server to summarise connection details.
      Add -rev test option to s_server to just reverse order of characters received     by client and send back to server. Also prints an abbreviated summary of     the connection parameters.
      If OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set allow the use of "SCSV" as     a ciphersuite to position the SCSV value in different places for testing     purposes.
      New functions to check a hostname email or IP address against a     certificate. Add options to s_client, s_server and x509 utilities     to print results of checks.
      oops, fix compilation errors in s_server
      Don't require tag before ciphertext in AESGCM mode
      add simple AES GCM code example
      fix error code
      fix ASN1_STRING_TABLE_add so it can override existing string table values
      use correct year automatically
      New config module for string tables. This can be used to add new     multi string components (as used in DN fields or request attributes)     or change the values of existing ones.
      oops, add missing asn_mstbl.c
      correct error function code
      new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms)
      add "missing" TLSv1.2 cipher alias
      new command line option -stdname to ciphers utility
      initial update of ciphers doc
      update ciphers documentation to indicate implemented fixed DH ciphersuites
      add SSL_CONF functions and documentation
      fix typos in SSL_CONF documentation
      initial decription of GCM/CCM usage via EVP
      Delegate command line handling for many common options in s_client/s_server     to the SSL_CONF APIs.
      fix error messages
      remove redundant code from demo
      PR: 2909     Contributed by: Florian Weimer <fweimer at redhat.com>
      PR: 2880     Submitted by: "Florian Rüchel" <florian.ruechel at ruhr-uni-bochum.de>
      add -naccept <n> option to s_server to automatically exit after <n> connections
      document -naccept option
      fix manual page file name
      clarify docs
      fix typo and warning
      remove obsolete code
      don't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set
      make depend
      new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
      make depend
      update docs for s_server/s_client
      document -trace and -msgfile options
      correct docs
      update usage messages
      with -rev close connection if client sends "CLOSE"
      fix leaks
      reorganise SSL_CONF_cmd manual page and update some links
      first parameter is difference in days, not years
      don't use psec or pdays if NULL
      fix printout of expiry days if -enddate is used in ca
      PR: 2908     Submitted by: Dmitry Belyavsky <beldmit at gmail.com>
      Submitted by: Florian Weimer <fweimer at redhat.com>     PR: 2909
      Reorganise parameters for OPENSSL_gmtime_diff.
      only use a default curve if not already set
      use correct return values when callin cmd
      curves can be set in both client and server
      support -quiet with -msg or -trace
      reject zero length point format list or supported curves extensions
      Add support for printing out and retrieving EC point formats extension.
      Don't display messages about verify depth in s_server if -quiet it set.
      add Suite B 128 bit mode offering only combination 2
      option to output corrupted signature in certificates for testing purposes
      set cmdline flag in s_server
      set auto ecdh parameter selction for Suite B
      change inaccurate error message
      Use default point formats extension for server side as well as client     side, if possible.
      Print out point format list for clients too.
      New functions to set lookup_crls callback and to retrieve internal X509_STORE     from X509_STORE_CTX.
      Generalise OCSP I/O functions to support dowloading of other ASN1     structures using HTTP. Add wrapper function to handle CRL download.
      add wrapper function for certificate download
      PR: 2803     Submitted by: jean-etienne.schwartz at bull.net
      Add new test option set the version in generated certificates: this     is needed to test some profiles/protocols which reject certificates     with unsupported versions.
      return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
      add option to get a certificate or CRL from a URL
      New option to add CRLs for s_client and s_server.
      add -badsig option to corrupt CRL signatures for testing too
      if no error code and -brief selected print out connection closed instead of read error
      don't check errno is zero, just print out message
      oops, really check brief mode only ;-)
      fix leak
      check mval for NULL too
      make -subj always override config file
      initial support for delta CRL generations by diffing two full CRLs
      don't print verbose policy check messages when -quiet is selected even on error
      Integrate host, email and IP address checks into X509_verify.
      Fix two bugs which affect delta CRL handling:
      remove print_ssl_cert_checks() from openssl application: it is no longer used
      Add code to download CRLs based on CRLDP extension.
      fix handling of "automatic" in file mode
      documentation fixes
      really fix automatic ;-)
      send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace
      allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode
      add -badsig option to ocsp utility too.
      revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead
      add -cert_chain option to s_client
      add -crl_download option to s_server
      New verify flag to return success if we have any certificate in the     trusted store instead of the default which is to return an error if     we can't build the complete chain.
      Use new partial chain flag instead of modifying input parameters.
      oops, revert, committed in error
      Add support for '-' as input and output filenames in ocsp utility.
      Return success when the responder is active.
      Check chain is not NULL before assuming we have a validated chain.
      add -rmd option to set OCSP response signing digest
      Use client version when deciding which cipher suites to disable.
      correct CHANGES
      Update test OCSP script "tocsp" to use shell functions and to use     December 17th as check date to avoid certificate expiry errors.
      revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
      add missing newline
      Make partial chain checking work if we only have the EE certificate in     the trust store.
      Fix tocsp: we don't need -trust_other any more.
      missing tab
      Portability fix: use BIO_snprintf and pick up strcasecmp alternative     definitions from e_os.h
      stop warning when compiling with no-comp
      make JPAKE work again, fix memory leaks
      make no-comp compile
      Initial .gitignore
      Change default bits to 1024
      Typo (PR2959).
      Don't include comp.h if no-comp set.
      fix domd
      Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
      Fix warning: lenmax isn't used any more.
      Don't use C++ style comments.
      Fix for trace code: SSL3 doesn't include a length value for     encrypted premaster secret value.
      Timing fix mitigation for FIPS mode.     We have to use EVP in FIPS mode so we can only partially mitigate     timing differences.
      Add ordinal for CRYPTO_memcmp: since this will affect multiple     branches it needs to be in a "gap".     (cherry picked from commit 81ce0e14e72e8e255ad1bd9c7cfaa47a6291919c)
      typo.     (cherry picked from commit 34ab3c8c711ff79c2b768f0b17e4b2a78fd1df5d)
      Don't access EVP_MD_CTX internals directly.     (cherry picked from commit 04e45b52ee3be81121359cc1198fd01e38096e9f)
      update FAQ
      Fix in ssltest is no-ssl2 configured     (cherry picked from commit cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4)
      Upate FAQ.
      Update SSL_CONF docs.
      Demo code for SSL_CONF API
      Fix error codes.
      Add function CMS_RecipientInfo_encrypt
      Fix WIN32 build.
      Initial CCM code.
      Add CCM ciphers to tables.
      GCM and CCM test support
      DTLS trace support.
      Typo.     (cherry picked from commit 1546fb780bc11556a18d70c5fb29af4a9d5beaff)
      Encode INTEGER correctly.
      DTLS revision.
      Use appropriate versions of SSL3_ENC_METHOD
      Use enc_flags when deciding protocol variations.
      Disable compression for DTLS.
      Enable various DTLS extensions.
      Extend DTLS method macros.
      Remove versions test from dtls1_buffer_message
      Provisional DTLS 1.2 support.
      DTLS 1.2 cached record support.
      Update fixed DH requirements.
      Enable TLS 1.2 ciphers in DTLS 1.2.
      Call RAND_cleanup in openssl application.     (cherry picked from commit 944bc29f9004cf8851427ebfa83ee70b8399da57)
      Use $(PERL) when calling scripts in mk1mf.pl
      Make TLS 1.2 ciphers work again.
      Fix non-copy builds.
      Asm build portability.
      Set s->d1 to NULL after freeing it.
      Dual DTLS version methods.
      Always return errors in ssl3_get_client_hello
      Suite B support for DTLS 1.2
      Reencode certificates in X509_sign_ctx.
      Reencode with X509_CRL_ctx_sign too.
      Fix PSS signature printing.
      Exetended OAEP support.
      Add new OID to pSpecified from PKCS#1
      Add control to retrieve signature MD.
      Update to OAEP support.
      CMS public key parameter support.
      CMS RSA-OAEP and RSA-PSS support.
      Add -keyopt option to cms utility.
      Add new CMS tests.
      Update cms docs.
      Update CHANGES
      Fix duplicate error code.
      Initialise CMS signature buffer length properly.
      Fix verify loop with CRL checking.
      Avoid need to change function code.
      EVP support for wrapping algorithms.
      Set CMS EnvelopedData version correctly.
      CMS support for key agreeement recipient info.
      Add new OIDs from RFC5753
      Add support for X9.62 KDF.
      Add support for ECDH KARI.
      Return correct enveloped data type in ASN1 methods.
      Custom key wrap option for cms utility.
      Scripts to recreate S/MIME test certificates.
      New CMS tests.
      Temporarily disable ECDSA test.
      Make ecdsatest work with nonces.
      Algorithm parameter support.
      Minor optimisation to KDF algorithm.
      If present print j, seed and counter values for DH
      Enhance DH dup functions.
      Extend DH parameter generation support.
      Add KDF for DH.
      CMS RFC2631 X9.42 DH enveloped data support.
      Add X9.42 DH certificate to S/MIME test
      Add X9.42 DH test.
      Update cms docs.
      Add the server 'hang' issue to the FAQ
      Return 1 when setting ECDH auto mode.
      Make no-ec compilation work.
      Don't run ECDH CMS tests if EC disabled.
      Add documentation.
      Typo: don't call RAND_cleanup during app startup.     (cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
      Correct ECDSA example.
      Document -force_pubkey option.
      Document supported curve functions.
      Set TLS v1.2 disabled mask properly.
      Experimental encrypt-then-mac support.
      Document extension clash.
      Partial path fix.
      Remove ancient PATENTS section and FAQ reference.
      DTLS version usage fixes.
      Fix error code clashes.
      Add functions to set ECDSA_METHOD structure.
      Sync OID numbers with 1.0.2 branch.
      RFC7027 (Brainpool for TLS) support.
      Add test vectors from RFC7027
      Fix warning.
      Add brainpool curves to NID table too.
      Prevent use of RSA+MD5 in TLS 1.2 by default.
      Time value for various platforms.
      Extend SSL_CONF
      Add demo for SSL server using SSL_CONF.
      Modify sample accept.cnf
      Fix various typos.
      Update demos/bio/README
      Fix argument processing.
      Add SSL_CONF command to set DH Parameters.
      Update test server details.
      Fix warning.
      Fix warning.
      Add -ecdh_single option.
      Add brainpool curves to trace output.     (cherry picked from commit bd80d0229c9a154f569b046365bc85d76b59cfc5)
      Initialise context before using it.     (cherry picked from commit a4947e4e064d2d5bb622ac64cf13edc4a46ed196)
      Sync error codes with 1.0.2-stable
      Enable PSK in FIPS mode.
      Experimental workaround TLS filler (WTF) extension.
      Check for missing components in RSA_check.
      Add CMS_SignerInfo_get0_signature function.
      Document RSAPublicKey_{in,out} options.
      Fix for some platforms where "char" is unsigned.
      Update FAQ with PGP note.
      Update FAQ
      Support setting of "no purpose" for trust.
      Fix memory leak.
      Allow match selecting of current certificate.
      Flag to disable automatic copying of contexts.
      Constify.     (cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7)
      Use correct header length in ssl3_send_certifcate_request
      Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set
      New functions to retrieve certificate from SSL_CTX
      Simplify and update openssl.spec
      Add release dates to NEWS
      remove obsolete STATUS file
      Don't use rdrand engine as default unless explicitly requested.     (cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
      Verify parameter retrieval functions.
      Fix for partial chain notification.
      Update to pad extension.
      Add opaque ID structure.
      Update demo.
      Check EVP errors for handshake digests.
      Ignore NULL parameter in EVP_MD_CTX_destroy.     (cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986)
      Fix DTLS retransmission from previous session.
      Canonicalise input in CMS_verify.
      Update curve list size.     (cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
      Don't change version number if session established
      Use algorithm specific chains for certificates.
      Add ServerInfoFile to SSL_CONF, update docs.
      Sync NEWS.
      Add fix for CVE-2013-4353     (cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
      update NEWS
      update FAQ
      Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
      Use rdrand as additional entropy source.
      Add new function SSL_CTX_get_ssl_method().
      Support retries in certificate callback
      Certificate callback doc.
      Add cert callback retry test.
      Compare encodings in X509_cmp as well as hash.
      New function to set compression methods so they can be safely freed.
      Add loaded dynamic ENGINEs to list.
      Fix demo comment: 0.9.9 never released.
      Check i before r[i].
      Clarify docs.
      Demo of use of errors in applications.
      New ctrl to set current certificate.
      Add quotes as CC can contain spaces.
      Return per-certificate chain if extra chain is NULL.
      Oops, get selection logic right.
      Return previous compression methods when setting them.
      fix error discrepancy     (cherry picked from commit a2317c3ffde3f1f73bd7fa3f08e420fb09043905)
      Add suppot for ASCII with CRLF canonicalisation.
      Don't do loop detection for self signed check.
      Include TA in checks/callback with partial chains.
      Remove duplicate statement.
      Don't use getcwd in non-copy builds.
      Don't use CRYPTO_AES_CTR if it isn't defined.
      Remove references to o_time.h
      make depend
      Move CT viewer extension code to crypto/x509v3
      make depend
      fix WIN32 warnings     (cherry picked from commit b709f8ef54b1c9ad513878ba0213aa651a9acef8)
      Option to set current cert to server certificate.
      New chain building flags.
      Only set current certificate to valid values.
      Avoid Windows 8 Getversion deprecated errors.
      Add -show_chain option to print out verified chain.
      Fix for v3_scts.c
      Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP.     (cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00)
      Fix for WIN32 builds with KRB5     (cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
      Add function to free compression methods.
      Fix memory leak.     (cherry picked from commit 124d218889dfca33d277404612f1319afe04107e)
      PKCS#8 support for alternative PRFs.
      For self signed root only indicate one error.     (cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
      Remove -WX option from debug-VC-WIN32     (cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
      Simplify ssl_add_cert_chain logic.
      Fix for CVE-2014-0076
      Update ordinals.
      Workaround for some CMS signature formats.
      Update chain building function.
      Add -no_resumption_on_reneg to SSL_CONF.     (cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
      Fix memory leak with client auth.     (cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70)
      Add functions returning security bits.
      Auto DH support.
      Allow return of supported ciphers.
      Check return value of ssl3_output_cert_chain
      Security framework.
      Security callback debug print out.
      Set security level to zero is ssltest
      Set security level in cipher string.
      Add initial security framework docs.
      Don't try and verify signatures if key is NULL (CVE-2013-0166)     Add additional check to catch this in ASN1_item_verify too.     (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
      Document new crl option.
      Use correct length when prompting for password.
      Update FAQ.
      Update security framework docs.
      For more than 160 bits of security disable SHA1 HMAC
      Set TLS padding extension value.
      Document -verify_return_error option.
      Add heartbeat extension bounds check.
      Return if ssleay_rand_add called with zero num.
      Update NEWS
      ssleay_rand_add returns a value in 1.1.0
      Fix free errors in ocsp utility.
      Add new key fingerprint.
      Clarify CMS_decrypt behaviour.
      Extension checking fixes.
      Document -debug_decrypt option.
      Set Enveloped data version to 2 if ktri version not zero.
      Initialize num properly.
      Return an error if no recipient type matches.
      Correct example.
      Enc doesn't support AEAD ciphers.     (cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)
      Fix bug in signature algorithm copy.
      Adding padding extension to trace code.
      For portability use BUF_strndup instead of strndup.
      Change default cipher in smime app to des3.
      Fix for PKCS12_create if no-rc2 specified.
      Rename vpm_int.h to x509_lcl.h
      Don't use expired certificates if possible.
      Set version number correctly.
      Don't compile heartbeat test code on Windows (for now).
      Use correct digest when exporting keying material.
      Set default global mask to UTF8 only.
      Option to disable padding extension.
      Recognise padding extension.
      Allow reordering of certificates when signing.
      Fix CVE-2014-3470
      Fix CVE-2014-0221
      Additional CVE-2014-0224 protection.
      Fix for CVE-2014-0224
      Fix for CVE-2014-0195
      Update value to use a free bit.
      Update NEWS.
      Add official extension value.
      Make tls_session_secret_cb work with CVE-2014-0224 fix.
      Update strength_bits for 3DES.
      SRP ciphersuite correction.
      Fix null pointer errors.
      Fix compilation with no-comp
      Fix Windows build.     (cherry picked from commit 5f4c5a902b0508eab235adecb34b236cdc0048a5)
      Accept CCS after sending finished.
      Remove ancient obsolete files under pkcs7.
      Memory leak and NULL dereference fixes.
      Fix OID encoding for one component.
      Rebuild OID table.
      Tolerate critical AKID in CRLs.
      Fix for EVP_PBE_alg_add().
      Don't disable state strings with no-ssl2
      Handle BER length encoding.
      Clarify protocols supported.
      Make no-ssl3 no-ssl2 do more sensible things.
      Show errors on CSR verification failure.
      Fix memory leak.
      Don't core dump when using CMAC with dgst.
      Fix copy for CCM, GCM and XTS.
      Test copying of contexts in evp_test.
      Accessor functions for app_data in ECDSA_METHOD
      Make NO_SYS_UN_H compile.
      Fix warning.     (cherry picked from commit c97ec5631bb08a2171a125008d2f0d2a75687aaa)
      Windows build fixes.
      ASN1 sanity check.
      Update ticket callback docs.
      Remove all RFC5878 code.
      typo     (cherry picked from commit 2cfbec1caea8f9567bdff85d33d22481f2afb40a)
      Add license info.
      Don't limit message sizes in ssl3_get_cert_verify.
      Sanity check keylength in PVK files.
      s_server usage for certificate status requests
      Document certificate status request options.
      Usage for -hack and -prexit -verify_return_error
      Fix typo.
      Use more common name for GOST key exchange.
      Use case insensitive compare for servername.
      Don't allow -www etc options with DTLS.
      Fix DTLS certificate requesting code.
      Clarify -Verify and PSK.
      Sanity check lengths for AES wrap algorithm.
      Make *Final work for key wrap again.
      RFC 5649 support.
      Fix documentation for RSA_set_method(3)
      Windows build fixes.
      Add test header, sync ordinals with 1.0.2
      Don't call setenv in gost2814789t.c
      Add conditional unit testing interface.
      Fix SRP ciphersuite DoS vulnerability.
      Fix SRP buffer overrun vulnerability.
      Check SRP parameters early.
      Test SRP authentication ciphersuites.
      Fix SRP authentication ciphersuites.
      Include error messages on extension check failure.
      Revision of custom extension code.
      fix warning
      Custom extension revision.
      Add custom extension sanity checks.
      Remove serverinfo checks.
      Callback revision.
      New extension callback features.
      New function SSL_extension_supported().
      Use consistent function naming.
      Rename some callbacks, fix alignment.
      Custom extension documentation.
      Fix comments, add new test.
      sync ordinals with 1.0.2
      Add CHANGES entry for SCT viewer code.
      Fix warning.
      Use correct function name: CMS_add1_signer()
      Add additional DigestInfo checks.
      Add additional explanation to CHANGES entry.
      Parse custom extensions after internal extensions.
      Disable encrypt them mac for SSL 3.0 and stream ciphers (RC4 only).
      Remove reference to deleted md4.c
      Fix for session tickets memory leak.
      Process signature algorithms in ClientHello late.
      Copy negotiated parameters in SSL_set_SSL_CTX.
      Fix WIN32 build by disabling bn* calls.
      Fix cross reference table generator.
      Add SSL_CONF support to ssltest.
      Additional output for ssltest.
      Prevent use of binary curves when OPENSSL_NO_EC2M is defined
      Process signature algorithms before deciding on certificate.
      Only handle RI extension for SSLv3
      New option no-ssl3-method which removes SSLv3_*method
      Fix excert logic.
      Fix SuiteB chain checking logic.
      Print out Suite B status.
      Remove some unnecessary OPENSSL_FIPS references
      Remove fipscanister from Configure, delete fips directory
      Remove fipscanister build functionality from makefiles.
      Remove fips utility build rules from test/Makefile
      Remove FIPSCANISTERINTERNAL reference.
      remove unnecessary OPENSSL_FIPS reference
      remove another FIPSCANISTER reference
      Remove fips_constseg references.
      Remove fips.h reference.
      make depend
      Remove FIPS error library from openssl.ec mkerr.pl
      remove FIPS module code from crypto/rsa
      remove FIPS module code from crypto/dsa
      Remove FIPS module code from crypto/dh
      remove FIPS module code from crypto/ecdsa
      remove FIPS module code from crypto/ecdh
      remove FIPS module code from crypto/bn
      remove FIPS module code from crypto/evp
      remove FIPS_*_SIZE_T
      remove OPENSSL_FIPSAPI
      Remove references to deleted fips directory from Makefile.org
      Remove fips directories from mkfiles.pl
      Reject invalid constructed encodings.
      Clear existing extension state.
      Remove MS SGC
      Remove SGC restart flag.
      Fix various certificate fingerprint issues.
      Constify ASN1_TYPE_cmp add X509_ALGOR_cmp.
      update ordinals
      ECDH downgrade bug fix.
      Only allow ephemeral RSA keys in export ciphersuites.
      fix compilation error
      RT3662: Allow leading . in nameConstraints
      use correct function name
      use correct credit in CHANGES
      fix error discrepancy
      Fix crash in dtls1_get_record whilst in the listen state where you get two     separate reads performed - one for the header and one for the body of the     handshake record.
      Unauthenticated DH client certificate fix.
      For master windows build dsa.h is now needed.
      Remove use of BN_init, BN_RECP_CTX_init from bntest

Emilia Kasper (40):
      Allow duplicate certs in ssl_build_cert_chain
      Fix OID handling:
      make depend
      Fix build when BSAES_ASM is defined but VPAES_ASM is not
      define inline for Visual Studio
      Improve EVP_PKEY_sign documentation
      RT3061: slightly amend patch
      RT 3060: amend patch
      Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
      Constant-time utilities
      Make the inline const-time functions static.
      Add i2d_re_X509_tbs
      make update
      Note i2d_re_X509_tbs and related changes in CHANGES
      make update
      RT3066: rewrite RSA padding checks to be slightly more constant time.
      RT3067: simplify patch
      RT3425: constant-time evp_enc
      Add missing tests
      Fix ssltest logic when some protocols are compiled out.
      Sync CHANGES
      Add missing CHANGES interval [1.0.1h, 1.0.1i]
      Tighten session ticket handling
      Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext.     This ensures that it's zeroed even if the SSL object is reused     (as in ssltest.c). It also ensures that it applies to DTLS, too.
      Set s->hit when resuming from external pre-shared secret.
      Remove ssl3_check_finished.
      Always require an advertised NewSessionTicket message.
      Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset     once the ChangeCipherSpec message is received. Previously, the server would     set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.     This would allow a second CCS to arrive and would corrupt the server state.
      Clean up CHANGES
      Fix broken build
      Reject elliptic curve lists of odd lengths.
      Add extra checks for odd-length EC curve lists.
      Clarify the return values for SSL_get_shared_curve.
      Fix unused variable warning
      Check for invalid divisors in BN_div.
      Build fixes
      Revert "RT3425: constant-time evp_enc"
      Add a comment noting the padding oracle.
      Add a clang build target for linux-x86_64
      Only inherit the session ID context in SSL_set_SSL_CTX if the existing     context was also inherited (matches that of the existing SSL_CTX).

Emilia Käsper (1):
      Fix DTLS anonymous EC(DH) denial of service

Eric Young (1):
      Fix base64 decoding bug.

Erik Auerswald (1):
      RT3301: Discard too-long heartbeat requests

Felix Laurie von Massenbach (18):
      Add a new target to Configure for me.
      Strip trailing whitespace from Configure.
      Remove indentation from the goto targets.
      Remove static from probable_prime_dh.
      Add speed test for prime trial division.
      Tidy up speed.c a little.
      Run the prime speed tests for 10 seconds.
      Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5.
      Generate safe primes not divisible by 3, 5 or 7.
      Add python script to generate the bits needed for the prime generator.
      Remove editor barf on updating copyright.
      Try skipping over the adding and just picking a new random number.
      Refactor the first prime index.
      Only count successful generations.
      Remove unused BIGNUMs.
      Add a test to check we're really generating probable primes.
      Fix shadow declaration.
      Fix signed/unsigned comparisons.

František Bořánek (1):
      Fix memory leak.

Frédéric Giudicelli (1):
      RT783: Minor optimization to ASN1_INTEGER_set

Gabor Tyukasz (1):
      Fix race condition in ssl_parse_serverhello_tlsext

Geoff Keating (1):
      RT1909: Omit version for v1 certificates

Geoff Thorpe (421):
      Gets around VC++ compiler pickiness. (long != double)
      More VC++ pickiness. (destest.c doesn't have a "return" and the usual     signed/unsigned stuff in s3_pkt.c)
      another one done.
      This is a set of startup code for the DSO support, it's not yet linked into     the build process (an upcoming commit no doubt), and is very much *new*     code - what that means is that it compiles ok - usually. It certainly     doesn't mean it runs well or even properly yet. Please don't muck round     with this unless you're looking to help out and hunt bugs. :-)
      This commit ties the new DSO code (crypto/dso/) into the build for a     variety of platforms. A few are missing, and they will be added in     eventually, but as this is new stuff, it was better to not break lots of     platforms in one go that we can't easily test. The changes to "Configure"     should illustrate how to add support to other systems if you feel like     having a go.
      Better make a note of what's going on ... :-)
      This helps make the DSO stuff more portable;     * "no-dso" option available in Configure so that all DSO methods will       return NULL, overriding any support the platform might otherwise       have built.     * dlfcn_no_h config string now available rather than just dlfcn. This       is for platforms that have dlfcn.h functions but do not have (or       need) the dlfcn.h header file.
      I forgot about $openssl_other_defines ... should probably do this     for consistency. Not sure though whether HAVE_DLFCN_H should be     included too? If we go the autoconf route then this probably wouldn't     be included.
      Constification, and a silly mistake in the comments.
      This change facilitates name translation for shared libraries. The     technique used is far from perfect and alternatives are welcome.     Basically if the translation flag is set, the string is not too     long, and there appears to be no path information in the string,     then it is converted to whatever the standard should be for the     DSO_METHOD in question, eg;         blah --> libblah.so   on *nix, and         blah --> blah.dll     on win32.
      Thanks to "make update" ...
      Previously, the default RSA_METHOD was NULL until the first RSA structure was     initialised, at which point an appropriate default was chosen. This meant a     call to RSA_get_default_method might have returned FALSE.
      The handling of DSA_METHOD and DH_METHOD wasn't quite as problematic as     with RSA_METHOD (the **_get_default_methods do set the default value if     it's not set). However, the code had some duplication and was a bit     conter-intuitive.
      This case in the "dso_unload" handlers should not be reported as an error -     if a DSO_load(NULL,...) operation fails, it will have to call DSO_free() on     the DSO structure it created and that will filter through to this "unload"     call.
      cvs update
      This declaration seems to have been added into the header file accidently.     There's no trace of it being implemented and it doesn't seem to have been     intended given that it is prototyped with a BIO yet there was a BIO-     specific version added in at the same time.
      It seems that mktime does what is required here. Certainly timegm() can     not be used because it is not available on all systems (most notably,     win32).
      another warning.
      Minor corrections to documentation.
      "make update"
      All the little functions created by the IMPLEMENT_STACK_OF() macro will     cast their type-specific STACK into a real STACK and call the underlying     sk_*** function. The problem is that if the STACK_OF(..) parameter being     passed in has a "const *" qualifier, it is discarded by the cast.
      sk_value was also suffering from de-const-ification.     Also, add in a couple of missing declarations in pkcs7 code.
      sk_***_new_null() seems to be there to avoid exactly this sort of thing     which is a cast between NULL and a function pointer.
      This is the first of two commits (didn't want to dump them all into the     same one). However, the first will temporarily break things until the     second comes through. :-)
      The previous commit to crypto/stack/*.[ch] pulled the type-safety strings     yet tighter, and also put some heat on the rest of the library by     insisting (correctly) that compare callbacks used in stacks are prototyped     with "const" parameters. This has led to a depth-first explosion of     compiler warnings in the code where 1 constification has led to 3 or 4     more. Fortunately these have all been resolved to completion and the code     seems cleaner as a result - in particular many of the _cmp() functions     should have been prototyped with "const"s, and now are. There was one     little problem however;
      This change will cause builds (by default) to not use different STACK     structures and functions for each stack type. The previous behaviour     can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.     This will also cause "make update" (mkdef.pl in particular) to     update the libeay.num and ssleay.num symbol tables with the number of     extra functions DEBUG_SAFESTACK creates.
      "make update" + stripping the type-specific stack functions out of     libeay.num and ssleay.num.
      Enable DSO support on alpha (OSF1), cc and gcc.
      The atalla functionality doesn't work with the "word" version of     BN_mod_exp. Call the regular atalla mod_exp operation instead.
      Currently the DSO_METHOD interface has one entry point to bind all     "symbols" including functions (of all prototypes( and variables. Whilst     casting any function type to another violates ANSI C (I believe), it is     a necessary evil in shared-library APIs. However, it is quite     conceivable that functions in general and data symbols could very well     be represented differently to each other on some systems, as Bodo said;
      'make update'
      * This adds some checking to the 'dlfcn' DSO_METHOD that at least lets       it cope with OpenBSD which doesn't understand "RTLD_NOW".     * Added the dso_scheme config string entry for OpenBSD-x86 to give it       DSO support.     * 'make update' that has also absorbed some of Steve's mkstack changes       for the ASN-related macros.
      Steve fixed up some strange errors introduced into dso_win32.c, and I'm     just converting some spaces to tabs from his fix. :-)
      Time to get rid of some rather silly code duplication - some DSO_ctrl()     commands are common to all DSO_METHODs, hence handle them at the top.
      None of the DSO_METHOD's were handling anything except generic messages.     These are now processed inside DSO_ctrl() itself.
      DSO_ctrl() changes have removed a couple of DSO_METHOD-specific functions     so I've regenerated the error numbers and strings for the DSO functions.
      This changes the behaviour of the DSO mechanism for determining an     appropriate filename translation on the host system. Apart from this point,     users should also note that there's a slight change in the API functions     too. The DSO now contains its own to-be-converted filename     ("dso->filename"), and at the time the DSO loads the "dso->loaded_filename"     value is set to the translated form. As such, this also provides an impicit     way of determining if the DSO is currently loaded or not. Except, perhaps,     VMS .... :-)
      Add a note about the recent DSO changes in CHANGES.
      DSO_load() should also work when it is passed a NULL - a new DSO is created     automatically, however some code was still referring to the original     pointer rather than the internal one (and thus to NULL instead of the     created pointer).
      This is a demo that performs SSL tunneling (client and/or server) and is     built using an abstracted state machine with a non-blocking IP wrapper     around it. README will follow in the next commit.
      Explanation, tips, etc.
      oops, remove comments that are no longer true.
      Richard moved hw_nuron.c over to DSO-land recently, so this include isn't     needed now.
      Many applications that use OpenSSL with ENGINE support might face a     situation where they've initialised the ENGINE, loaded keys (which are then     linked to that ENGINE), and performed other checks (such as verifying     certificate chains etc). At that point, if the application goes     multi-threaded or multi-process it creates problems for any ENGINE     implementations that are either not thread/process safe or that perform     optimally when they do not have to perform locking and other contention     management tasks at "run-time".
      I have no idea how this comment got there, but it's certainly not     applicable to ENGINE_ctrl()
      Ensure that the "ex_data" member of an RSA structure is initialised before     the RSA_METHOD's "init()" handler is called, and is cleaned up after the     RSA_METHOD's "finish()" handler is called. Custom RSA_METHODs may wish to     initialise contexts and other specifics in the RSA structure upon creation     and that was previously not possible - "ex_data" is where that stuff     should go and it was being initialised too late for it to be used.
      It was a small change, but it *could* conceivably affect people - so I'm     making a note in the CHANGES file.
      A typo and a couple of logic errors fixed. I think there may still be one     or two kinks lurking around, but it now appears to deal with the basic     test cases ok.
      Minor tweaks and improvements to the tunala demo.
      Make s_client/s_server-style cert verification output configurable by     command line, and make the peer-authentication similarly configurable.
      More little changes to the tunala demo;
      Do to DH and DSA what has already been done to RSA. This involves moving     the initialisation and cleanup of "ex_data" elements to before an init()     handler and after a finish() handler respectively.
      Amend the original CHANGES log entry. The ex_data handling has been     similarly modified now on DH and DSA.
      * Fix a slight bug in the state-machine. This caused the client end of a       tunnel to not pro-actively close down when failing an SSL handshake.
      First step in tidying up the LHASH code. The callback prototypes (and     casts) used in the lhash code are about as horrible and evil as they can     be. For starters, the callback prototypes contain empty parameter lists.     Yuck.
      Next step in tidying up the LHASH code. This commit defines DECLARE and     IMPLEMENT macros for defining wrapper functions for "hash" and "cmp" callbacks     that are specific to the underlying item type in a hash-table. This prevents     function pointer casting altogether, and also provides some type-safety     because the macro does per-variable casting from the (void *) type used in     LHASH itself to the type declared in the macro - and if that doesn't match the     prototype expected by the "hash" or "cmp" function then a compiler error will     result.
      Use the new LHASH macros to declare type-safe wrapper functions that can     be used as the hash/compare callbacks without function pointer casting.
      Make the remaining LHASH macro changes. This should leave no remaining     cases of function pointer casting in lh_new() calls - and leave only the     lh_doall and lh_doall_arg cases to be finished.
      Make a note of the LHASH changes.
      Update the documentation to the current state of the LHASH changes. There     will probably be more when the lh_doall[_arg] callbacks are similarly     tidied up, but this 'pod' should now be current.
      ANSI C doesn't allow trailing semi-colons after a function's closing brace     so these macros probably shouldn't be used like that at all. So, this     change removes the misleading comment and also adds an implicit trailing     semi-colon to the DECLARE macros so they too don't require one.
      Sync up with a minor change in lhash.h
      Next step in tidying up the LHASH code.
      This is an engine contributed by Broadcom - it is meant to support the     BCM5805 and BCM5820 units. So far I've merely taken a skim over the code     and changed a few things from their original contributed source     (de-shadowing variables, removing variables from the header, and     re-constifying some functions to remove warnings). If this gives     compilation problems on any system, please let me know. We will hopefully     know for sure whether this actually functions on a system with the relevant     hardware in a day or two.  :-)
      Make a note of the new engine.
      Some minor changes to the "tunala" demo.
      This adds support to 'tunala' for supplying DH parameters (without which it     will not support EDH cipher suites). The parameters can either be loaded     from a file (via "-dh_file"), generated by the application on start-up     ("-dh_special generate"), or be standard DH parameters (as used in     s_server, etc).
      Re-order the options in tunala and add command switches like s_server for     disabling different SSL/TLS protocol versions.
      Whilst in the process of fixing outstanding function-pointer casts in the     LHASH code, this evil was uncovered. The cast was obscuring the fact that     the function was prototyped to take 2 parameters when in fact it is being     used as a callback that should take only one. Anyway, the function itself     ignores the second parameter (thankfully). A proper cure is on the way but     for now this corrects the inconsistency.
      This adds macros to implement (and/or declare) type-safe wrapper functions     around the callbacks required in the LHASH code for the "doall" functions.
      Get rid of the function pointer casting in the debugging memory code due     to LHASH usage. NB: The callback type used as been suctioned off into     crypto.h as CRYPTO_MEM_LEAK_CB to improve clarity.
      Move all the existing function pointer casts associated with LHASH's two     "doall" functions to using type-safe wrappers. As and where required, this     can be replaced by redeclaring the underlying callbacks to use the     underlying "void"-based prototypes (eg. if performance suffers from an     extra level of function invocation).
      It was correctly pointed out to me that my CHANGES entry was a little thin     on details. :-)
      oops, void functions shouldn't try and return a value. Strangely, gcc     didn't even give a warning for this yet HPUX cc considered it an error.     Reported by Lutz(@openssl.org).
      Update the LHASH man page.
      Insert a missing space to stop pod2man giving stroppy "malformed" warnings.
      This change was a quick experiment that I'd wanted to try that works quite     well (and is a good demonstration of how encapsulating the SSL in a     memory-based state machine can make it easier to apply to different     situations).
      Re-order a couple of static functions and "#if 0" out unused ones - this     gets rid of gcc warnings.
      The callbacks in the NAME_FUNCS structure are not used directly as LHASH     callbacks, and their prototypes were consistent as they were. These casts     need reversing.
      'make update'
      This change allows a callback to be used to override the generation of     SSL/TLS session IDs in a server. According to RFC2246, the session ID is an     arbitrary value chosen by the server. It can be useful to have some control     over this "arbitrary value" so as to choose it in ways that can aid in     things like external session caching and balancing (eg. clustering). The     default session ID generation is to fill the ID with random data.
      This adds command-line support to s_server for controlling the generation     of session IDs. Namely, passing "-id_prefix <text>" will set a     generate_session_id() callback that generates session IDs as random data     with <text> block-copied over the top of the start of the ID. This can be     viewed by watching the session ID s_client's output when it connects.
      Note changes re: session ID generation callbacks, etc.
      If a callback is generating a new session ID for SSLv2, then upon exiting,     the ID will be padded out to 16 bytes if the callback attempted to generate     a shorter one. The problem is that the uniqueness checking function used in     callbacks may mistakenly think a 9-byte ID is unique when in fact its     padded 16-byte version is not. This makes the checking function detect     SSLv2 cases, and ensures the padded form is checked rather than the shorter     one passed by the callback.
      Fix an oversight - when checking a potential session ID for conflicts with     an SSL_CTX's session cache, it is necessary to compare the ssl_version at     the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a     matching id/id_length pair and a matching ssl_version). However, the     SSL_SESSION that will result from the current negotiation does not     necessarily have the same ssl version as the "SSL_METHOD" in use by the     SSL_CTX - part of the work in a handshake is to agree on an ssl version!
      I missed one.
      Don't return an error until the global lock is released.
      Actually there were two error cases that could return without releasing the     lock - stupidly, my last change addressed only one of them.
      ENGINE_load_[private|public]_key had error handling that could return     without releasing a lock. This is the same fix as applied to     OpenSSL-engine-0_9_6-stable, minus the ENGINE_ctrl() change - the HEAD     already had that fixed.
      'make update'
      This moves string constants out of vendor headers and into C files.
      Structural references should never be decremented directly - so leave that     to ENGINE_free(). Also, remove "#if 0" code that has no useful future.
      Some more tweaks to ENGINE code.
      Some more tweaks to ENGINE code.
      Some more tweaks to ENGINE code.
      Some more tweaks from ENGINE code.
      Make the shared library name and function symbol for the "nuron" ENGINE     static data where they could be parameterised by ctrl() commands.
      Make a note of the recent ENGINE developments.
      Some more tweaks to ENGINE code.
      Some BIG tweaks to ENGINE code.
      Some more tweaks to ENGINE code.
      Changes to "openssl engine" to support the new control command code in     ENGINE.
      Add notes about the new ENGINE functionality.
      Make update.
      This change to the "dl", "dlfcn", and "win32" DSO_METHODs adds the filename     or symbol name to the error stack in the event a load or bind operation     failed.
      This adds 2 things to the ENGINE code.
      Make notes about ENGINE changes.
      "make update"
      Some fixes to the reference-counting in ENGINE code. First, there were a     few statements equivalent to "ENGINE_add(ENGINE_openssl())" etc. The inner     call to ENGINE_openssl() (as with other functions like it) orphans a     structural reference count. Second, the ENGINE_cleanup() function also     needs to clean up the functional reference counts held internally as the     list of "defaults" (ie. as used when RSA_new() requires an appropriate     ENGINE reference). So ENGINE_clear_defaults() was created and is called     from within ENGINE_cleanup(). Third, some of the existing code was     logically broken in its treatment of reference counts and locking (my     fault), so the necessary bits have been restructured and tidied up.
      For some inexplicable reason, I'd (a) left the debugging irreversibly     turned on, and (b) left a somewhat curious debugging string in the output.
      In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the     ENGINE code does not return a default, set an error.
      Fix a memory leak in 'sk_dup' in the case a realloc() fails. Also, tidy up     a bit of weird code in sk_new.
      openssl speed is quite useful for testing hardware support (among other     things), especially as the RSA keys are fixed. However, DSA only fixes the     DSA parameters and then generates the public and private components on the     fly each time - this commit hard-codes some sampled key values so that this     is no longer the case.
      Currently, RSA code, when using no padding scheme, simply checks that input     does not contain more bytes than the RSA modulus 'n' - it does not check     that the input is strictly *less* than 'n'. Whether this should be the     case or not is open to debate - however, due to security problems with     returning miscalculated CRT results, the 'rsa_mod_exp' implementation in     rsa_eay.c now performs a public-key exponentiation to verify the CRT result     and in the event of an error will instead recalculate and return a non-CRT     (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent     to the mod_exp of 'I mod n', and the verify result is automatically between     0 and n-1 inclusive, the verify only matches the input if 'I' was less than     'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.     they differ by a multiple of 'n'). Rather than rejecting correct     calculations and doing redundant and slower ones instead, this
  changes the     equality check in the verification code to a congruence check.
      Tidy up "cvs update" output a bit.
      - New INSTALL document describing different ways to build "tunala" and       possible problems.     - New file breakage.c handles (so far) missing functions.     - Get rid of some signed/unsigned/const warnings thanks to solaris-cc     - Add autoconf/automake input files, and helper scripts to populate missing       (but auto-generated) files.
      The indexes returned by ***_get_ex_new_index() functions are used when     setting stack (actually, array) values in ex_data. So only increment the     global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.     This change doesn't make "ex_data" right (see the comment at the head of     ex_data.c to know why), but at least makes the source code marginally less     frustrating.
      The indexes returned by ***_get_ex_new_index() functions are used when     setting stack (actually, array) values in ex_data. So only increment the     global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.     This change doesn't make "ex_data" right (see the comment at the head of     ex_data.c to know why), but at least makes the source code marginally less     frustrating.
      Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise,     dependant code has to directly increment the "references" value of each     such structure using the corresponding lock. Apart from code duplication,     this provided no "REF_CHECK/REF_PRINT" checking and violated     encapsulation.
      Changes crypto/evp/ and ssl/ code from directly incrementing reference     counts in DH, DSA, and RSA structures. Instead they use the new "***_up()"     functions that handle this.
      Make a note of the "up" functions.
      This changes the "ERR" code to have all access to state (a hash table of     error strings and a hash table storing per-thread error state) go via an     ERR_FNS function table. The first time an ERR operation occurs, the     implementation that will be used (from then on) is set to the internal     "defaults" implementation if it has not already been set. The actual LHASH     tables are only accessed by this implementation.
      Note the "ERR" changes.
      Tidy up some code formatting.
      gcc can't spot that 'derlst' is not used uninitialised, so appease it.
      "make update"
      Make sure "CRYPTO_mem_leaks_fp" doesn't itself create a reportable memory     leak.
      Ensure that failure to create the BIO in 'CRYPTO_mem_leaks_fp' doesn't     leave memory debugging turned off.     [Spotted by Götz Babin-Ebell]
      (A version of) gcc had been giving somewhat odd "trigraph" warnings about     this construct, and Ulf provided the following insight as to why;
      Only OPENSSL_free() non-NULL pointers.
      First step in fixing "ex_data" support. Warning: big commit log ...
      Make the necessary changes to work with the recent "ex_data" overhaul.     See the commit log message for that for more information.
      Note the "ex_data" changes.
      Convert "max" to "mx" for variable names (brought to my attention by Steve     Henson). Also, reverse a previous change that used an implicit function     pointer cast rather than an explicit data pointer cast in the STACK cleanup     code.
      Correct a typo.
      Add a new ERR function, "ERR_unload_strings", to complement the existing     "ERR_load_strings" function.
      Note the "ERR_unload_strings" function.
      This change adds a new ENGINE called "dynamic" that allows new ENGINE     implementations to be loaded from self-contained shared-libraries. It also     provides (in engine.h) definitions and macros to help implement a     self-contained ENGINE. Version control is handled in a way whereby the     loader or loadee can veto the load depending on any objections it has with     each other's declared interface level. The way this is currently     implemented assumes a veto will only take place when one side notices the     other's interface level is too *old*. If the other side is newer, it should     be assumed the newer version knows better whether to veto the load or not.     Version checking (like other "dynamic" settings) can be controlled using     the "dynamic" ENGINE's control commands. Also, the semantics for the     loading allow a shared-library ENGINE implementation to handle differing     interface levels on the fly (eg. loading secondary shared-libraries     depending 
 on the versions required).
      This changes the existing hardware ENGINE implementations to dynamically     declare their own error strings so that they can be more easily compiled as     external shared-libraries if desired. Also, each implementation has been     given canonical "dynamic" support at the base of each file and is only     built if the ENGINE_DYNAMIC_SUPPORT symbol is defined.
      Add a "_up" -> "_up_ref" change to libeay.num that was missing from the     recent changes. Also, do the same change to the DSO_up() function.
      Make the 'dynamic' ENGINE bundle up the loading application/library's     locking callbacks to pass to the loaded library (in addition to the     existing mem, ex_data, and err callbacks). Also change the default     implementation of the "bind_engine" function to apply those callbacks, ie.     the IMPLEMENT_DYNAMIC_BIND_FN macro.
      Update the ENGINE README, and stock it up with extra verbeage for good     measure (including info and instructions on "dynamic" ENGINEs).
      "DH_up" had been changed to "DH_up_ref" in libeay.num but the function     declaration and implementation had not. So a recent update recreated the     original definition in libeay.num ... this corrects it and changes the "dh"     code to the "up_ref" variant.
      Change DH_up() -> DH_up_ref()
      Add some missing CHANGES items.
      ENGINE's init() and finish() handler functions are used when the ENGINE is     being enabled or disabled (respectively) for operation. Additionally, each     ENGINE has a constructor function where it can do more 'structural' level     intialisations such as loading error strings, creating "ex_data" indices,     etc. This change introduces a handler function that gives an ENGINE a     corresponding opportunity to cleanup when the ENGINE is being destroyed. It     also adds the "get/set" API functions that control this "destroy" handler     function in an ENGINE.
      This adds "destroy" handlers to the existing ENGINEs that load their own     error strings - the destroy handler functions unload the error strings so     any pending error state referring to them will not attempt to reference     them after the ENGINE has been destroyed.
      ENGINEs can now perform structural cleanup.
      enginetest needs 'memset' defined.
      Put all "common" initialisation in the apps_startup() and apps_shutdown()     macros in apps.h.
      make update
      ENGINE files were renamed, and error strings are now in eng_err.c
      ENGINE uses a very opaque design, so we can predeclare the structure type     in "types.h" so that very few headers will need to include engine.h,     generally only C files using API functions will need it (reducing     the header dependencies quite a lot).
      Reduce the header dependencies on engine.h in apps/.
      Updated dependencies from "make update"
      'evp_test' needs to initialise and cleanup EVP_CIPHER_CTX structures. Also,     fix a typo and add cleanup operations. This also switches on memory leak     checking (which is how the rest was found).
      Add a SHA1 test to evptests.txt - only the MD5 hash algorithm was being     tested previously.
      Fix a typo in the preprocessor logic in eng_list.c that had left RSA, DSA,     and DH all conditional upon OPENSSL_NO_RSA.
      Some of the ENGINE file names were changed for 8.3 filename uniqueness     recently. So comments including file names have been fixed, and copyright     notices brought up to "2001" at the same time.
      "make update"
      Some major restructuring changes to ENGINE, including integrated cipher and     digest support, are on their way. Rather than having gigantic commit log     messages and/or CHANGES entries, this change to the README will serve as an     outline of what it all is and how it all works.
      This change replaces the ENGINE's underlying mechanics with the new     ENGINE_TABLE-based stuff - as described in crypto/engine/README.
      This commits the changes to STACK macros forced by recent ENGINE surgery.
      This commits changes to various parts of libcrypto required by the recent     ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE     pointers to manage their hooking with ENGINE. Previously their use of     "method" pointers was replaced by use of ENGINE references. See     crypto/engine/README for details.
      Make necessary tweaks to apps/ files due to recent ENGINE surgery. See     crypto/engine/README for details.
      "make update".
      This change adds cipher and digest support into ENGINE using the     ENGING_TABLE mechanism. The necessary hooks from crypto/evp/ to use this     will be committed shortly.
      This changes EVP's cipher and digest code to hook via the ENGINE support.     See crypto/engine/README for details.
      This change adds dummy RC4 and SHA1 support to the "openssl" ENGINE for     testing. Because of the recent changes (see crypto/engine/README), the     "openssl" ENGINE is no longer needed nor is it loaded automatically or by     ENGINE_load_builtin_engines(). So a explicit ENGINE_load_openssl() call is     required by applications or a modification to eng_all.c before this ENGINE     will be used. This change will send output to stderr as/when its     implementations are used.
      This change puts the original OpenBSD /dev/crypto support that was in     crypto/evp/ into the corresponding ENGINE. This code is currently untested.
      Put the cipher info back into the "openssl engine" command.
      Make update to bring in all the cipher/digest-related ENGINE changes.     NB: It looks like mkdef.pl is causing certain cvs wars by continually     flipping the order of some definitions ...
      "FALLBACK" handling was a hack that was thrown out long ago in the     ENGINE redevelopment. The idea had been that "-1" could be used as a     special "ask me later" 'nid' rather than specifying supported cipher and     digest 'nid's up front. However the idea turned out to be pretty broken.
      ENGINE_register_all_complete() will register all implementations of all     algorithms present in all loaded ENGINEs. The result is that if any of     those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT     flag isn't set, then they will always be used (and cached as defaults) in     preference to software implementations. Ie. accidental auto-detection of     acceleration hardware :-)
      Make "openssl engine -c" list any supported digests as well as supported     ciphers.
      Make an (overdue) note about the recent ENGINE restructuring. Apart from     a few items however, most of the details are deferred to the     crypto/engine/README file.
      The STACK macros take care of casting to and from the designated item type     of the stack, and the (void *) type used in the underlying sk_***     functions.  However, declaring a STACK_OF(type) where type is a *function*     type implicitly involves casts between function pointers and data pointers.     That's a no-no. This changes the ENGINE_CLEANUP handling to use a regular     data type in the stack.
      The cleanup stack in ENGINE changed slightly, so this "make update" is     needed.
      Missing pointer in the eng_table_register function. Reported by     Martin Szotkowski.
      Make sure the "ENGINE_TABLE" cleanup callbacks have correct prototypes.
      As ENGINE_load_openbsd_dev_crypto() is an API function, it makes sense for     it to be defined on all platforms whether or not it is of any practical     use on them. This also resolves linker problems on "special" platforms,     such as win32.
      EVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but     not implemented. (Bug reported by Martin Szotkowski)
      Change some EVP prototypes to use "cipher" rather than "type" as a variable     name. The implementations already use this anyway.
      evp_test.c and evptests.txt both need to be linked in the test/ directory     however for different reasons. This separation should prevent the win32     build from interpreting evptests.txt as source code.
      'flags' should only be set inside DSO_load() if constructing a new DSO     object - otherwise we overwrite any flags that had been previously set in     the DSO before calling DSO_load().
      The "openssl" ENGINE is no longer used except as a testing/debugging     device. This change enables it for building as a self-contained "dynamic"     ENGINE, to help testing such mechanisms.
      When the "dynamic" ENGINE loads another ENGINE from a shared-library, it     essentially overwrites itself with the new ENGINE, with the exception of     reference counts, ex_data structures, and other 'admin' elements. However     if the new ENGINE doesn't populate certain elements, there's the risk of     the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just     one of the possibilities. This implements a more comprehensive cleanup.
      In this particular error condition, the structural reference wasn't being     released.
      Cut "ENGINE_ID" to the more concise "ID".
      This looks to have been a typo.
      - Add the same header stuff to aes_locl.h as is in des_locl.h to avoid       undefined functions (memset, etc).     - Put a .cvsignore in the aes directory too.
      - libtool finally annoyed me too much, so I'm nuking it,     - tidy up some output,     - print a warning when running an SSL server with no cert,     - only log each connect/disconnect if the new "-out_conns" switch is used.
      - Network errors could pollute the buffers because -1 isn't noticed in an       "unsigned int".     - Remove redundant processing with machine->ssl is NULL.     - Remove compiler warnings about uninitialised 'ctx' (it's not used       uninitialised, but gcc can't see that).
      The sample certs had expired, so these are newer ones that should last     quite a bit longer.
      Produce less confusing statistics when "-out_totals" is used.
      Correct for the recent prototype changes.
      The 'type' parameter, an EVP_MD pointer, represents the type of digest     required as well as a default implementation (when no ENGINE provides a     replacement implementation). This change makes sure the correct     implementation's "init()" handler is used rather than assuming 'type'.
      - Add support for cipher suites that require a temporary RSA key for       key-agreement.     - Tolerate signal interruptions of select().
      Make the "ungunk" logic a little more robust.
      A rough little self-test for tunala. This runs through all cipher-suite /     SSL/TLS version combinations looking for mishaps.
      make update
      This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice     Gittens.
      This apparently fixes compilation on OSX that was failing in 0.9.7 betas.
      Make sure any ENGINE control commands make local copies of string     pointers passed to them whenever necessary. Otherwise it is possible the     caller may have overwritten (or deallocated) the original string data     when a later ENGINE operation tries to use the stored values.
      Correct an error in the README.ENGINE file.
      oops, there were other cases of "ENGINE_ID" to change too.
      This documentation change was being written at the same time as Richard's     changes. So I'm committing this version to overwrite his changes for now,     and he can always take his turn to overwrite my words if he wants :-)
      Fix "make install_docs" (and thus "make install").
      A single monolithic man page for the ENGINE stuff. This is a rough     first-cut but provides better documentation than having nothing on the     ENGINE API.
      Various parts of the RSA documentation were inaccurate and out of date and     this fixes those that I'm currently aware of. In particular, the ENGINE     interference in the RSA API has hopefully been clarified. This still needs     to be done for other areas of the API ...
      typo fix
      These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA     docs. There were a couple of other places (including RSA) where the docs     were not quite synchronised with the API that are now fixed. One or two     still remain to be fixed though ...
      Fix a bug to allow the 4758 ENGINE to build as a DSO.
      - Remo Inverardi noticed that ENGINEs don't have an "up_ref" function in the     normal 'structural' case (ENGINE_init() satisfies this in the less normal     'functional' case). This change provides such a function.
      The ENGINE implementations in ./engines/ should be role models on how to     write external engines (and thus should require only installed openssl     headers and libs to compile without warnings). So this gets rid of recently     introduced compilation warnings (no longer including internal headers) by     including string.h directly.
      The loop variable is 'l', not 'i'.
      We need to propogate SHARED_LIBS to sub-directories for "install" targets     now.
      Another ENGINE implementation dependant on string.h.
      If dynamically-loadable ENGINEs are linked against a shared-library version     of libcrypto, then it is possible that when they are loaded they will share     the same static data as the loading application/library. This means it will     be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely     unnecessary to try. This change puts a static variable in the core ENGINE     code (contained in libcrypto) and a function returning a pointer to it. If     the loaded ENGINE's return value from this function matches the loading     application/library's return value - they share static data. If they don't     match, the loaded ENGINE has its own copy of libcrypto's static data and so     the callbacks need to be set.
      Make pod2man happier.
      Correct and enhance the behaviour of "internal" session caching as it     relates to SSL_CTX flags and the use of "external" session caching. The     existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is     supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".     The bitwise OR of the two flags is also defined as     "SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most     applications wanting to implement session caching *entirely* by its own     provided callbacks. As the documented behaviour contradicted actual     behaviour up until recently, and since that point behaviour has itself been     inconsistent anyway, this change should not introduce any compatibility     problems. I've adjusted the relevant documentation to elaborate about how     this works.
      The last character of inconsistency in my recent commits is hereby     squashed.
      The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the     other branches.
      Add a HISTORY section to the man page to mention the new flags.
      Fix a warning, and do some constification as a lucky side-effect :-)
      This is a first-cut at improving the callback mechanisms used in     key-generation and prime-checking functions. Rather than explicitly passing     callback functions and caller-defined context data for the callbacks, a new     structure BN_GENCB is defined that encapsulates this; a pointer to the     structure is passed to all such functions instead.
      Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are     being built with it defined - it is not a symbol to affect how openssl     itself builds, but to alter the way openssl headers can be used from an API     point of view. The "deprecated" function wrappers will always remain inside     OpenSSL at least as long as they're still being used internally. :-)
      Nils Larsch submitted;       - a patch to fix a memory leak in rsa_gen.c       - a note about compiler warnings with unions       - a note about improving structure element names
      This stops a compiler warning from -Wmissing-prototypes.     (Noticed by Nils Larsch)
      Make 'tunala' link with zlib if possible (so it works if openssl was     configured with zlib support).
      The ampersand is not required in these constructs, and was giving AIX     warnings.
      This is the first step in allowing RSA_METHODs to implement their own key     generation. This prototype matches the new API function     RSA_generate_key_ex(), though both may be subject to change during     development before 0.9.8.
      RSA_METHOD now supports key-generation, but (for now) none of these     ENGINEs implement it.
      As with RSA, which was modified recently, this change makes it possible to     override key-generation implementations by placing handlers in the methods     for DSA and DH. Also, parameter generation for DSA and DH is possible by     another new handler for each method.
      "openssl engine" will not display ENGINE/DSO load failure errors when     testing availability of engines with "-t" - the old behaviour of is     produced by increasing the feature's verbosity with "-tt".
      Commit a slightly modified version of an old experiment to do RSA private     key operations using the GMP library. The default is not to build (or use)     this code unless OPENSSL_USE_GMP is defined (because it will impose header     and linker dependencies that might need specifying too).
      This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if     the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing     of other builtin ENGINEs to be alphabetical (though "dynamic" will still     come first).
      Summarise the last couple of commits.
      David Brumley <dbrumley at stanford.edu> noted and corrected a case in the     verification step of CRT private key operations in the RSA code -     previously no montgomery form was checked or used for 'n', and so it would     be generated on the fly each time. As a result, private key operations are     now a percent or two faster.
      We cache a montgomery form for 'n' if the PUBLIC flag is set, not PRIVATE.
      Declare prototypes for function pointer types, even if they are likely to     be cast later on.
      Session cache implementations shouldn't have to access SSL_SESSION     elements directly, so this missing functionality is required.
      The default implementation of DSA_METHOD has an interdependence on the     dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and     dsa_sign_setup(). When another DSA_METHOD implementation does not define     these lower-level handlers, it becomes impossible to do a fallback to     software on errors using a simple DSA_OpenSSL()->fn(key).
      Fix a bone-head bug. This warrants a CHANGES entry because it could affect     applications if they were passing a bogus 'flags' parameter yet having     things work as they wanted anyway.
      This memset() in the ubsec ENGINE is a bug. Zeroing out the result array     should not be necessary in any case, but more importantly the result and     input BIGNUMs could be the same, in which case this is clearly a problem.
      These should be write-locks, not read-locks.
      Remove duplicate prototypes have already been (correctly) added to rsa.h,     as this is already included by x509.h anyway.
      crypto/evp/evptests.txt is copied to tests/ rather than symlinked because     of windows (see checkin 1.75 of crypto/evp/Makefile.ssl), so quiet cvs     noise for the copied version.
      Ignore derived file.
      make update
      Add my own debug config target.
      The "cryptodev" engine preprocessor logic used undefined symbols in     comparisons. It's better not to allow this, because it gives false     positives when using compiler warnings that detect mistyped symbols.
      When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should     be) precompiled out in the API headers. This change is to ensure that if     it is defined when compiling openssl, the deprecated functions aren't     implemented either.
      Update any code that was using deprecated functions so that everything builds     and links with OPENSSL_NO_DEPRECATED defined.
      For whatever reason (compiler or header bugs), at least one commonly-used     linux system (namely mine) chokes on our definitions and uses of the "HZ"     symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"     (when in fact there is no function casting involved at all). In both cases,     it is easily worked around by not defining a cast into the macro and     jiggling the expressions slightly.
      Avoid "empty source file" warnings.
      Comments out some unimplemented functions instead of redeclaring them.
      Relax some over-zealous constification that gave some lhash-based code no     choice but to have to cast away "const" qualifiers from their prototypes.     This does not remove constification restrictions from hash/compare     callbacks, but allows destructor commands to be run over a tables' elements     without bad casts.
      Remove redundant declaration.
      Remove an unnecessary cast that causes certain compilers (eg. mine) some     confusion. Also silence a couple of signed/unsigned warnings.
      remove accidentally committed debugging cruft.
      BN_CTX is opaque and the static initialiser BN_CTX_init() is not used     except internally to the allocator BN_CTX_new(), as such this deprecates     the use of BN_CTX_init() in the API. Moreover, the structure definition of     BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.
      A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.     I have tried to convert 'len' type variable declarations to unsigned as a     means to address these warnings when appropriate, but when in doubt I have     used casts in the comparisons instead. The better solution (that would get     us all lynched by API users) would be to go through and convert all the     function prototypes and structure definitions to use unsigned variables     except when signed is necessary. The proliferation of (signed) "int" for     strictly non-negative uses is unfortunate.
      Some provisional bignum debugging has begun to detect inconsistent BIGNUM     structures being passed in to or out of API functions, and this corrects a     couple of cases found so far.
      Make md32_common.h friendlier to compiler warnings.     Obtained from: Andy Polyakov <appro at openssl.org>
      Oops, this file already had the "empty source file" workaround but it     requires -DPEDANTIC and was hidden at the bottom of the file. This moves it     to the top and removes the redundant declaration.
      Copy-n-paste bug (don't mix variable declarations and code). This sets the     callback structure just before it is needed.
      Remove a line that was causing redundant declarations.     Obtained from: Stephen Henson <steve at openssl.org>
      Tighten up my compiler settings.
      make update
      This fixes a couple of cases where an inconsistent BIGNUM could be passed as     input to a function.
      When a BN_CTX is used for temporary workspace, the variables are sometimes     left in an inconsistent state when they are released for later reuse. This     change resets the BIGNUMs when they are released back to the context.
      bn_div() does some pretty nasty things with temporary variables,     constructing BIGNUM structures with pointers offset into other bignums     (among other things). This corrects some of it that is too plainly insane,     and tries to ensure that bignums are normalised when passed to other     functions.
      This is the least unacceptable way I've found for declaring the bignum data     and structures as constant without having to cast away const at any point.     There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,     but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
      Avoid some shadowed variable names.     Submitted by: Nils Larsch
      Put the first stage of my bignum debugging adventures into CVS. This code     is itself experimental, and in addition may cause execution to break on     existing openssl "bugs" that previously were harmless or at least     invisible.
      This is a revert of my previous commit to "improve" the declaration of     constant BIGNUMs. It turns out that this trips up different but equally     useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness     it created. (Thanks to Ulf for the forehead-slap.)
      Put more debug screening in BN_div() and correct a comment.
      Add debug-screening of input parameters to some functions I'd missed     before.
      This extends the debugging macros to use "pollution" during     bn_correct_top(), previously only bn_check_top() did this.
      Avoid possible memory leaks in error-handling.
      General improvements to the ec_asn1.c code. This squashes at least one bug     (where it was impossible to create an EC certificate with a compressed     public key), and has some style improvements based on some comments from     Steve Henson about use of the ASN1 macros.
      This rewrites two "for" loops in BN_rshift() - equality with zero is     generally a more efficient comparison than comparing two integers, and the     first of these two loops was off-by-one (copying one too many values). This     change also removes a superfluous assignment that would set an unused word     to zero (and potentially allow an overrun in some cases).
      Fix a small bug in str_copy: if more than one variable is replaced, make     sure the current length is used to calculate the new buffer length instead     of using the old length (prior to any variable substitution).
      BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words     and bn_add_words to avoid using fake bignums to window other bignums that     can lead to corruption. This change allows all bignum tests to pass with     BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be     tested on a few different architectures and configuration targets, as the     bignum code this deals with is quite preprocessor (and assembly) sensitive.
      Some changes for bn_gf2m.c: better error checking plus some minor     optimizations.
      Fix some handling in bn_word. This also resolves the issues observed in     ticket 697 (though uses a different solution than the proposed one). This     problem was initially raised by Otto Moerbeek.
      Due to recent debugging bursts, openssl should be more or less solid     against inconsistent BIGNUMs coming out of any of its API functions. So     this change no longer "fixes" the bn_print.c functions, but it makes for     cleaner code. This patch was a part of ticket 697.
      Get rid of some signed/unsigned comparison warnings.
      This improves the placement of check_top() macros in a couple of bn_lib     functions.
      Make BN_DEBUG_RAND less painfully slow by only consuming one byte of     pseudo-random data for each bn_pollute().
      Improve a couple of the bignum macros. Note, this doesn't eliminate     tolerance of ambiguous zero-representation, it just improves     BN_abs_is_word() and simplifies other macros that depend on it.
      If BN_STRICT is defined, don't accept an ambiguous representation of zero     (ie. where top may be zero, or it may be one if the corresponding word is     set to zero). Note, this only affects the macros in bn.h, there are probably     similar corrections required in some c files.
      Add more debugging to my Configure target, and "make update" to incorporate     this and a few other changes.
      bn_fix_top() exists for compatibility's sake and is mapped to     bn_correct_top() or bn_check_top() depending on debug settings. For     internal source, all bn_fix_top()s should be converted one way or the other     depending on whether the use of bn_correct_top() is justified.
      The bn_set_max() macro is only "used" by the bn_set_[low|high]() macros     which, in turn, are used nowhere at all. This is a good thing because     bn_set_max() would currently generate code that wouldn't compile (BIGNUM     has no 'max' element).
      Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous     white-space.
      Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous     white-space, and include extra headers to satisfy debugging builds.
      Declare the static BIGNUM "BN_value_one()" more carefully.
      BN_FLG_FREE is of extremely dubious usefulness, and is only referred to     once in the source (where it is set for the benefit of no other code     whatsoever). I've deprecated the declaration in the header and likewise     made the use of the flag conditional in bn_lib.c. Note, this change also     NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
      Use the BN_is_odd() macro in place of code that (inconsistently) does much     the same thing.
      Incremental cleanups to bn_lib.c.     - Add missing bn_check_top() calls and relocate some others     - Use BN_is_zero() where appropriate     - Remove assert()s that bn_check_top() is already covering     - Simplify the code in places (esp. bn_expand2())     - Only keep ambiguous zero handling if BN_STRICT isn't defined     - Remove some white-space and make some other aesthetic tweaks
      minor signed/unsigned warning fixes
      When adding positive elements, we can use BN_uadd() instead of BN_add().
      A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h
      Add ECDSA documentation.
      More changes coming out of the bignum auditing. BN_CTX_get() should ideally     return a "zero" bignum as BN_new() does - so reset 'top'. During     BN_CTX_end(), released bignums should be consistent so enforce this in     debug builds. Also, reduce the number of wasted BN_clear_free() calls from     BN_CTX_end() (typically by 75% or so).
      Minimise the amount of code dependent on BN_DEBUG_RAND. In particular,     redefine bn_clear_top2max() to be a NOP in the non-debugging case, and     remove some unnecessary usages in bn_nist.c.
      Document a change I'd already made, and at the same time, correct the     change to work properly; BN_zero() should set 'neg' to zero as well as     'top' to match the behaviour of BN_new().
      The efforts to eliminate the dual-representation of zero and to ensure     bignums are passed in and out of functions and APIs in a consistent form     has highlighted that zero-valued bignums don't need any allocated word     data. The use of BN_set_word() to initialise a bignum to zero causes     needless allocation and gives it a return value that must be checked. This     change converts BN_zero() to a self-contained macro that has no     return/expression value and does not cause any expansion of bignum data.
      Convert openssl code not to assume the deprecated form of BN_zero().
      Variety of belt-tightenings in the bignum code. (Please help test this!)
      Note my bignum hijinx in case app maintainers are using CHANGES for their     porting efforts. Also, add Richard's name to the prior change.
      Protect against gcc's "warning: cast does not match function type".
      Remove some warnings.
      Damn, I was a bit hasty with my fix and hadn't spotted the linker     dependency from asn1.
      By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key     operations no longer require two distinct BN_CTX structures. This may put     more "strain" on the current BN_CTX implementation (which has a fixed limit     to the number of variables it will hold), but so far this limit is not     triggered by any of the tests pass and I will be changing BN_CTX in the     near future to avoid this problem anyway.
      ... and this should likewise fix up those RSA implementations that weren't     already built and tested.
      Adds warnings about two curves and fixes the "seed" value for two other     curves.
      Replace the BN_CTX implementation with my current work. I'm leaving the     little TODO list in there as well as the debugging code (only enabled if     BN_CTX_DEBUG is defined).
      Adjust various bignum functions to use BN_CTX for variables instead of     locally initialising their own.
      Avoid undefined results when the parameter is out of range.
      Reduce header interdependencies, initially in engine.h (the rest of the     changes are the fallout). As this could break source code that doesn't     directly include headers for interfaces it uses, changes to recursive     includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to     define this when building and using openssl, and then adapt code where     necessary - this is how to stay current. However the mechanism exists for     the lethargic.
      (oops) Apologies all, that last header-cleanup commit was from the wrong     tree. This further reduces header interdependencies, and makes some     associated cleanups.
      header cleanup in apps/
      When generating dependencies in the makefiles, generate the reduced     dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies     being reproduced for "deprecated" header behaviour when a developer doesn't     define the symbol (with the subsequent CVS wars that can ensue).
      More updates for the header cleanups (and apologies, again, for not having     consolidated these prior to committing).
      "make update" noticed a new function.
      make update
      Extend the index parameter checking from sk_value to sk_set(). Also tidy up     some similar code elsewhere.
      As far as I can tell, the bugfix this comment refers to was committed to     0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine     variant).
      Allow RSA key-generation to specify an arbitrary public exponent. Jelte     proposed the change and submitted the patch, I jiggled it slightly and     adjusted the other parts of openssl that were affected.
      The problem of rsa key-generation getting stuck in a loop for (pointlessly)     small key sizes seems to result from the code continually regenerating the     same prime value once the range is small enough. From my tests, this change     fixes the problem by setting an escape velocity of 3 repeats for the second     of the two primes.
      With the new dynamic BN_CTX implementation, there should be no need for     additional contexts.
      The new BN_CTX code makes this sort of abuse unnecessary.
      Fix realloc usage in ec_curve.c
      This file implements various functions that have since been redefined as     macros. I'm removing this from the NO_DEPRECATED build.
      Make some more API types opaquely available from ossl_typ.h, meaning the     corresponding headers are only required for API functions or structure     details. This now includes the bignum types and BUF_MEM. Subsequent commits     will remove various dependencies on bn.h and buffer.h and update the     makefile dependencies.
      Moving opaque definitions to ossl_typ.h lets us reduce header dependencies.     Deprecate inclusion of crypto.h from ui.h.
      Reduce dependencies on crypto.h by moving the opaque definition of     CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.
      Deprecate some recursive includes from the store.h API header, and put back     required includes back via the internal header and str_lib.c.
      Deprecate quite a few recursive includes from the ssl.h API header and     remove some unnecessary includes from the internal header ssl_locl.h. This     then requires adding includes for bn.h in four C files.
      The inclusion of bn.h from the engine.h API header has been deprecated, so     the engine implementations need to include bn.h to manipulate bignums.
      I can't verify this directly, but recent changes will probably require that     the cryptodev implementation include bn.h directly (when building with     OPENSSL_NO_DEPRECATED that is).
      Because of recent reductions in header interdependencies, these files need     to include crypto.h directly.
      Remove some unnecessary recursive includes from the internal apps.h header,     and include bn.h in those C files that need bignum functionality.
      Deprecate the recursive includes of bn.h from various API headers (asn1.h,     dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are     already declared in ossl_typ.h. Add explicit includes for bn.h in those C     files that need access to structure internals or API functions+macros.
      After the latest round of header-hacking, regenerate the dependencies in     the Makefiles. NB: this commit is probably going to generate a huge posting     and it is highly uninteresting to read.
      This fixes the installation target for dynamic engines, which was trying to     install to a different location than it had created. (BTW, VMS will need a     matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm     putting "engines/" into the libs directory rather than at the "--prefix"     level or inside "ssl/".
      "no-engine" was being ignored, so remove it from the advertised syntax.     Also remove some commented-out lines of code that deny CVS its purpose.
      Correct the return codes for ecdsatest.
      BN_div_word() was breaking when called from BN_bn2dec() (actually, this is     the only function that uses it) because it would trip up an assertion in     bn_div_words() when first invoked. This also adds BN_div_word() testing to     bntest.
      As Nils put it;
      Tweak my debug target flags.
      Get rid of signed/unsigned warnings, and teach CVS about new things to     ignore.
      Actually, that last change to BN_get_word() was a little too simple.
      Minor change to group like functions together.
      Attempt to bring the 'engine' documentation up to date w.r.t missing     prototypes, etc. Also, some fairly significant edits were made to the text     (who wrote this crap anyway? oh wait ...), removing stuff which is     overkill, rewriting stuff that was opaque, correcting things that were just     downright false, etc.
      Deprecate unused cruft, and "make update".
      Incomplete initial sweep over the engine code. Mainly reducing some     comment-noise to managable levels and inverting the sense of the "uptodate"     boolean (which was counter-intuitive the way I'd left it).
      Tidy up, including;     - Remove unused and unuseful debug cruft.     - Remove unnecessary 'top' fudging from BN_copy().     - Fix a potential memory leak and simplify the expansion logic in       BN_bin2bn().
      Improve error handling if decompression of an ec point fails, and cleanup     ec_curve.c (unify comments, etc).
      Using Horner's algorithm to evaluate the ec polynomial     (suggested by Adam Young <ayoung at cigital.com>)
      Quick fix.
      Make a note of the new engine.
      Make -Werror happy again.
      Two TODO comments taken care of. Nils pointed out that one of them had already     been done, and took care of the other one (which hadn't).
      Remove distracting comments and code. Thanks to Nils for picking up on the     outstanding ticket.
      Nils Larsch reported that this include is required. Strange that this had     gone unnoticed ...
      Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
      Fix typos in the ecparam doc.
      Handle differences between engine IDs and their dynamic library names (and     source files, for that matter) by tolerating the alternatives. It would be     preferable to also change the generated shared library names, but that will     be taken up separately.
      Change the source and output paths for 'chil' and '4758cca' engines so that     dynamic loading is consistent with respect to engine ids.
      Fix some signed/unsigned warnings.
      Fix 64-bit compilation when PQ_64BIT_IS_INTEGER isn't defined.
      Fix PEDANTIC compilation, using the same trick as elsewhere.
      Fix signed/unsigned warnings.
      Fix compilation when HAVE_LONG_LONG isn't defined.
      Change my debug build for amd64.
      "make update"
      add a .cvsignore
      Silence two more generated files.
      Fix my debug-geoff configuration.
      Fix a nasty cast issue that my compiler was choking on.
      Fix a variety of warnings generated by some elevated compiler-fascism,     OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
      Fork my debug configuration into 32-bit and 64-bit versions.
      Comment out a (currently) unused CMS function. (Sorry Steve, but I need     -Werror right now to help me code-by-domino :-)
      Update tunala so it builds ok with OPENSSL_NO_DEPRECATED, and improve the     autoungunk.sh logic (autobits have grown since I last tried this...).
      There was a need to support thread ID types that couldn't be reliably cast     to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed     version was added but it required portable code to check *both* modes to     determine equality. This commit maintains the availability of both thread     ID types, but deprecates the type-specific accessor APIs that invoke the     callbacks - instead a single type-independent API is used.  This simplifies     software that calls into this interface, and should also make it less     error-prone - as forgetting to call and compare *both* thread ID accessors     could have led to hard-to-debug/infrequent bugs (that might only affect     certain platforms or thread implementations). As the CHANGES note says,     there were corresponding deprecations and replacements in the     thread-related functions for BN_BLINDING and ERR too.
      Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case     where they both use the same limb size. I've tweaked his patch slightly, so     blame me if it breaks.
      Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or     ticket #1668).
      Revert my earlier CRYPTO_THREADID commit, I will commit a reworked     version some time soon.
      If --prefix="C:\foo\bar" is supplied to Configure for a windows target,     then the backslashes need escaping to avoid being treated as switches in     the auto-generated strings in opensslconf.h. Perl users are welcome to     suggest a less hokey way of doing this ...
      Fix signed/unsigned warning.
      Remove the dual-callback scheme for numeric and pointer thread IDs,     deprecate the original (numeric-only) scheme, and replace with the     CRYPTO_THREADID object. This hides the platform-specifics and should reduce     the possibility for programming errors (where failing to explicitly check     both thread ID forms could create subtle, platform-specific bugs).
      Correct the FAQ and the threads man page re: CRYPTO_THREADID changes.
      Fix build warnings.
      Use of a 'top' var creates "shadow variable" warnings.
      Apparently '__top' is also risky, obfuscate further. (All this to     avoid inlines...)
      Revert the size_t modifications from HEAD that had led to more     knock-on work than expected - they've been extracted into a patch     series that can be completed elsewhere, or in a different branch,     before merging back to HEAD.
      Allow the CHIL engine to load even if dynamic locks aren't registered.
      Clarify a 'chil' engine param that is a little unintuitive.
      Fix compilation with -DOPENSSL_NO_DEPRECATED.
      util/mkdef.pl: o_time.h doesn't exist any more
      util/mkerr.pl: fix perl warning
      apps: constify some string parameters
      make depend
      bignum: fix boundary condition in montgomery logic
      dso: eliminate VMS code on non-VMS systems
      apps/s_server: document '-naccept' cmd-line argument
      bignum: allow concurrent BN_MONT_CTX_set_locked()
      evp: prevent underflow in base64 decoding
      s_client/s_server: support unix domain sockets
      Remove demos/tunala
      Fix no-ssl3 configuration option
      Include <openssl/foo.h> instead of "foo.h"

Guenter (1):
      NetWare compilation fix.

Günther Noack (1):
      Avoid out-of-bounds write in SSL_get_shared_ciphers

Hans Wennborg (1):
      RT3023: Redundant logical expressions

Hubert Kario (10):
      add description of -no_ecdhe option to s_server man page
      add description of -attime to man page
      add ECC strings to ciphers(1), point out difference between DH and ECDH
      Document -trusted_first option in man pages and help.
      smime man page: add missing options in SYNOPSIS
      add description of missing options to verify man page
      sort the options in verify man page alphabetically
      add references to verify(1) man page for args_verify() options
      document -nextprotoneg option in man pages
      Add support for Camellia HMAC-Based cipher suites from RFC6367

Huzaifa Sidhpurwala (1):
      Make sure BN_sqr can never return a negative value.

Ingo Schwarze (1):
      RT3239: Extra comma in NAME lines of two manpages

Istvan Noszticzius (1):
      Fix use after free bug.

Jake Goulding (1):
      RT2301: GetDIBits, not GetBitmapBits in rand_win

Jakub Wilk (1):
      Create ~/.rnd with mode 0600 instead of 0666

James Westby (1):
      RT1941: c_rehash.pod is missing

Jan Hykel (1):
      Don't use msg on error.

Jan Schaumann (1):
      RT1804: fix EXAMPLE in EVP_EncryptInit.pod

Janpopan (1):
      Fix a wrong parameter count ERR_add_error_data

Jean-Paul Calderone (1):
      Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file.

Jeff Trawick (3):
      typo in SSL_get_peer_cert_chain docs

Jeff Walton (1):
      Fix multiple cosmetic typos.

Jeffrey Walton (9):
      Add information to BUGS section of enc documentation. PR#3354
      Fix grammar error in verify pod. PR#3355
      Clarify docs.
      Clarified that the signature's buffer size, `s`, is not used as an     IN parameter.
      Added reference to platform specific cryptographic acceleration such as AES-NI
      Fix typo, add reference.
      PR2401: Typos in FAQ
      PR2401: Typos in FAQ
      RT3142: Extra initialization in state_machine

Jim Reid (2):
      RT 2820: Case-insensitive filenames on Darwin
      RT2880: HFS is case-insensitive filenames

John Fitzgibbon (1):
      RT2724: Remove extra declaration

John Gardiner Myers (1):
      RT2942: CRYPTO_set_dynlock_create_callback doc fix

Jonas Maebe (42):
      SetBlob: free rgSetBlob on error path
      ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path
      mime_hdr_new: free mhdr, tmpname, tmpval on error path
      mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds
      BIO_new_dgram_sctp, dgram_sctp_read: zero entire authchunks
      multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push()
      rtcp_new: return failure if allocation of bi->ptr failed
      cms_SignerInfo_content_sign: free sig on failure path
      cryptodev_digest_update: don't leak original state->mac_data if realloc fails
      cryptodev_digest_copy: return error if allocating dstate->mac_data fails
      dev_crypto_init_key: return error if allocating CDATA(ctx)->key failed
      dev_crypto_cipher: return immediately if allocating cin/cout failed
      dev_crypto_md5_update: check result of realloc(md_data->data) and don't leak memory if it fails
      dev_crypto_md5_copy: return error if allocating to_md->data fails
      old_hmac_encode: check for NULL result when allocating *pder
      JPAKE_CTX_new: check for NULL result when allocating ctx
      hashbn: check for NULL result when allocating bin and return an error if it fails all (in)direct callers of hashbn: propagate potential error in hashbn
      UI_construct_prompt: check for NULL when allocating prompt
      get_cert_by_subject: check for NULL when allocating hent
      NETSCAPE_SPKI_b64_encode: free der_spki and b64_str on error path
      do_othername: check for NULL after allocating objtmp
      do_ext_i2d: free ext_der or ext_oct on error path
      process_pci_value: free (*policy)->data before setting to NULL after failed realloc
      engine_md_copy: check for NULL after allocating to_md->HashBuffer
      pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet
      pkey_gost_ctrl: check for NULL after allocating pctx->shared_ukm
      pkey_gost_mac_keygen: check for NULL after allocating keydata
      capi_get_provname: free name on error if it was malloc'ed
      capi_cert_get_fname: check for NULL after allocating wfname
      capi_get_key: check for NULL after allocating key
      dtls1_process_heartbeat: check for NULL after allocating buffer
      dtls1_heartbeat: check for NULL after allocating s->cert->ctypes
      ssl_cert_dup: Fix memory leak
      ssl_create_cipher_list: check whether push onto cipherstack succeeds
      SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails
      ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes
      ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst
      serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
      SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ
      tls1_process_heartbeat: check for NULL after allocating buffer
      tls1_heartbeat: check for NULL after allocating buf
      tree_print: check for NULL after allocating err

Juli Mallett (1):
      Fix cast of boolean where cast of LHS intended.

Justin Blanchard (1):
      RT1815: More const'ness improvements

Kaspar Brand (3):
      Fix for PEM_X509_INFO_read_bio.
      Omit initial status request callback check.
      Fix SSL_CTX_get{first,next}_certificate.

Ken Ballou (2):
      Remove redundant check.

Klaus-Peter Junghanns (1):
      Add support for aes-128/192/256-ctr to the cryptodev engine.     This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.

Krzysztof Kwiatkowski (1):
      Delete duplicate entry.

Kurt Cancemi (4):
      Fix off-by-one errors in ssl_cipher_get_evp()
      RT3508: Remove unused variable introduced by b09eb24
      RT3506: typo's in ssltest
      RT3547: Add missing static qualifier

Kurt Roeckx (23):
      Fix additional pod errors with numbered items.
      Use defaults bits in req when not given
      Set authkey to NULL and check malloc return value.
      Check sk_SSL_CIPHER_num() after assigning sk.
      Link heartbeat_test with the static version of the libraries
      RT2626: Change default_bits from 1K to 2K
      Keep old method in case of an unsupported protocol
      Fix spelling of EECDH
      Fix warning about negative unsigned intergers
      Use the SSLv23 method by default
      Remove SSLv2 support
      Update changes to indicate that SSLv2 support has been removed
      dtls1_new: free s on error path
      capi_get_provname: Check return values
      capi_ctrl, capi_vtrace: check for NULL after allocating and free it
      Allow using -SSLv2 again when setting Protocol in the config.
      Return error when a bit string indicates an invalid amount of bits left
      Fix memory leak in the apps
      dlfcn: always define _GNU_SOURCE
      Make "run" volatile
      Add missing include of sys/time.h
      Make build reproducible

Laszlo Papp (3):
      RT2489: Remove extra "sig" local variable.
      RT2492: Remove extra NULL check.
      PR2490: Remove unused local variable bn ecp_nist.c

Libor Krystek (2):
      Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370
      Add support for SHA2 in CAPI ENGINE.

Lubomir Rintel (2):
      POD: Fix item numbering
      POD: Fix list termination

Luiz Angelo Daros de Luca (1):
      OpenSSL is able to generate a certificate with name constraints with any possible     subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP     as an example:

Lutz Jaenicke (1):
      FAQ/README: we are now using Git instead of CVS     (cherry picked from commit f88dbb8385c199a2a28e9525c6bba3a64bda96af)

Lutz Jänicke (300):
      HP-UX shared libraries do not build any longer, as EX_LIBS contains     "-Wl,+s" instead of +s:     * Hardcoded necessary references to -ldld/-ldl into the build rules and       removed EX_LIBS.
      Some platforms (namely HP-UX) require the 'x' bit set for shared libraries.     For performance reasons, it is also recommended to make the (mmap'ed)     shared library 'read-only'.     -> New permissions for installed shared libraries = 555
      Fill in missing information about the string returned from     SSL_CIPHER_description(), as there is no other API function to find     out details about the cipher used besides the number of bits or protocol used.
      Store verify_result with sessions to avoid potential security hole.     For the server side this was already done one year ago :-(
      Log security relevant change.
      Add EXAMPLES for SSL_CIPHER_description() output.
      Typo and additional information about cert-chain building.
      Add manual pages for certficate/key loading and friends.
      Add description of SSL_[CTX_]_check_private_key().
      Don't cheat: when only getting several bytes from each source, n is incremented     correctly, but RAND_add(..,n) counts the increasing n several times.     Only RAND_add(..,n) once entropy collection is finished.
      Add automatic query of EGD sockets to RAND_poll(). The EGD sockets are     only queried when the /dev/[u]random devices did not return enough     entropy. Only the amount of entropy missing to reach the required minimum     is queried, as EGD may be drained.     Queried locations are: /etc/entropy, /var/run/egd-pool
      Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and     SSL_get_ex_new_index() functionality. Extended verify_callback()     example to show the usage.
      Add entries for new manpages...
      Copy over just written manpage to the ones still missing.
      New manual page for a hardly known but important item :-)
      Document session caching, first step.
      If the source has already been succesfully queried, do not try to open it     again as file.
      Typo: on my screen it nicely wrapped around at 80 :-)
      Clarify why SSL_CTX_use_certificate_chain_file() should be preferred.
      Documenting session caching, 2nd step.
      Fix typo preventing correct usage of -out option.
      Change preferences for sockets of EGD-style entropy daemons to a more     reasonable selection.
      Modify access to EGD socket to deal with EINTR etc that can appear     during connect() and other calls. First seen on Unixware-7.
      Update documentation to match the state at 0.9.6 _and_ the recent changes.
      Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai <asmodai at wxs.nl>.
      New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override     the clients choice; in SSLv2 the client uses the server's preferences.
      Manual page for SSL_CTX_set_options(). Unfortunately for some of the     options someone much longer working with OpenSSL/SSLeay is needed.
      Update for 0.9.7 with SSL_OP_CIPHER_SERVER_PREFERENCE.
      Include information that automatic query is a new feature.
      More about session caching.
      New manual page: SSL_CTX_set_mode.
      Finish first round of session cache documentation.
      Add "-rand" option to s_client and s_server.
      Don't forget to mention minor change.
      Move entry to match chronologic orderering.
      SSL_get_version() was an easy one :-)
      Describe new callback for session id generation.
      Typo, spotted by "Greg Stark" <gstark at ethentica.com>.
      Add newly learned knowledge from yesterday's discussion.
      Forgot "cvs add", so only the surrounding changes made it... sigh.
      Add forgotten "-passin" option to smime.c usage help.
      OpenSSH 1.2.2p1 is dead and gone. Errors detecting the OpenSSL library     are however still common and are solved by checking config.log.
      Some clarifications about $RANDFILE usage.
      Typo (Jun-ichiro itojun Hagino <itojun at iijlab.net>)
      Fix wrong information with respect to CAs listed to the client     (follows from technical discussion with Amit Chopra <amitc at pspl.co.in>).
      Missing link ("Greg Stark" <gstark at ethentica.com>)
      Constify (Jason Molenda <jason at molenda.com>)
      Clarify request of client certificates. This is a FAQ.
      Typo (reported by Petr Lancaric <Petr.Lancaric at ips-ag.cz>)
      Update changelog to reflect additional changes made to the egd-locations.
      Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE     flag as discussed on the mailing list.
      Clarify behaviour with respect to SSL/TLS records.
      One more point to clarify, pointed out by "Greg Stark" <ghstark at pobox.com>
      Increase ENTROPY_NEEDED to support Rijndael's larger key size.
      Don't forget responsible person so that its clear who is to blame.
      ERR_peek_error() returns "unsigned long".
      When only the key is given to "enc", the IV is undefined     (found by Andy Brown <logic at warthog.com>).
      Clarify! (based on recent mailing-list discussions)
      What is an '-engine' version?
      Clarify actual state.
      Some more documentation bits.
      Updated explanation.
      Documentation about ephemeral key exchange
      Add missing reference.
      Additional inline reference.
      Fix wrong information about SSL_set_connect_state()...
      Fix problem occuring when used from OpenSSH on Solaris 8.
      Another uninitialized static that may lead to problems on Solaris under some     circumstances.
      Forgot to mention second fix.
      Fix inconsistent behaviour with respect to verify_callback handling.
      Don't miss files...
      Reworked manual pages with a lot of input from Bodo Moeller.
      Remove SSL_OP_NON_EXPORT_FIRST:     It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have     the working SSL_OP_CIPHER_SERVER_PREFERENCE.
      Mention removed option.
      Don't disable rollback attack detection as a recommended bug workaround.
      Oops, one SSL_OP_NON_EXPORT_FIRST was left.
      Fix typos (shinagawa at star.zko.dec.com)
      Better description of the behaviour of SSL_shutdown() as it is now, broken     or not.
      Bugfixes provided by "Stephen Hinton" <shinton at netopia.com>.
      Unidirectional shutdown is allowed according to the RFC.
      One more step on the way for complete documentation...
      SSL_shutdown() has even more properties...
      One more function documented.
      More details about session timeout settings.
      Alert description strings for TLSv1 and documentation.
      More interdependencies with respect to shutdown behaviour.
      Checked in from the wrong !@#$%&*() copy...
      Documentation on how to handle compression methods.     Hopefully it is clear enough, that it is currently not recommended.
      One more manual page...
      Make clear, that using the compression layer is currently not recommended.
      As discussed recently on openssl-users.
      More manual pages. Constify.
      -passin argument not used when actually loading the key     (found by Massimiliano Pala <madwolf at hackmasters.net>).
      More docs.
      Needed for build on SunOS 4.1.x with gcc (Jeffrey Hutzelman <jhutz at cmu.edu>).
      Wording of comment...
      Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert at anl.gov>.)
      Build shared libaries for Unixware-7 and OpenUNIX-8 in old (pre 0.9.7)     style (Boyd Lynn Gerber <gerberb at zenez.com>).
      Support for shared libraries on Unixware-7 and OpenUNIX-8     (Boyd Lynn Gerber <gerberb at zenez.com>).
      Sort out mess of colons...
      Even more corrections for OpenUNIX 8
      Completely reworked SVR5 shared library support.
      Recognize OpenUNIX-8 with compiler
      Make maximum certifcate chain size accepted from the peer application     settable (proposed by "Douglas E. Engert" <deengert at anl.gov>).
      Rework section about return values another time (based on hints from     Bodo Moeller).
      One more manual page.
      Typos (Chris Pepper <pepper at mail.reppep.com>)
      Small documentation fixes (Howard Lum <howard at pumpkin.canada.sun.com>)
      Update information as a partial response to the post       From: "Chris D. Peterson" <cpeterson at aventail.com>       Subject: Implementation Issues with OpenSSL       To: openssl-users at openssl.org       Date: Wed, 22 Aug 2001 16:13:17 -0700     The patch included in the original post may improve the internal session     list handling (and is therefore worth a seperate investigation).     No change to the list handling will however solve the problems of incorrect     SSL_SESSION_free() calls. The session list is only one possible point of     failure, dangling pointers would also occur for SSL object currently     using the session. The correct solution is to only use SSL_SESSION_free()     when applicable!
      Flush buffers to prevent mixed output (Adam Back <adam at cypherspace.org>).
      Clarify reference count handling/removal of session     (shinagawa at star.zko.dec.com).
      Support for QNX (wrat at jump.net (the wharf rat)).
      HPUX 9.X on m68k with gcc     ("Anton J. Gamel" <gamel at anna.anatomie.uni-freiburg.de>)
      Add information as provided by Richard Levitte on openssl-users :-)
      Tsss, SSLeay_version() was already documented, it just was not linked in.
      Fix incorrect BIO_*_ctrl() macros (Shay Harding <sharding at ccbill.com>).
      Typos (jsyn <jsyn at openbsd.org>).
      Document the current behaviour of the DES interface.
      Remove blanks at begin of empty lines irritating epv_test.c
      Superflous '\' messes up with HP-UX make.
      Make SHLIB_TARGET available in subdirs (here: apps/)
      HP-UX 32bit:     * When linking against shared libraries, the absolute path is remembered.       - When linking against -L.., '..' is remembered inside the executable,         so it will fail after "make install" or when not called from inside the         "apps/" subdirectory of the build tree.       - When using the "+cdp" option of "ld", the ".." information can be         exchanged against $(INSTALL_TOP)/lib. In this case the executable         will however refuse to work before "make install" has been called.         This makes testing the 'openssl' executable a problem.     * Solution 1:       Relink the "openssl" executable, when "make install" is called.       This would however require significant changes to the toplevel Makefile       and the apps/ Makefile.     * Solution 2:       Statically link against libssl and libcrypto, so that the "openssl"       executable is no longer dependant on the openssl shared libraries.
      Shut up compiler warnings for inconsistent declarations.
      Do not store unneeded data.
      Make removal from session cache more robust.
      Even though it is not really practical people should know about it.
      Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
      SSL_clear != SSL_free/SSL_new
      Fix the fix (Yoram Zahavi)...
      Add missing strength entries.
      Map new X509 verification errors to alert codes (Tom Wu <tom at arcot.com>).
      Remove superflous (and buggy) statement <justin.fletcher at ntlworld.com>.
      Fix buggy if-condition (thomas poindessous <poinde_t at epita.fr>).
      Fix typo (Craig Davison <cd at securityfocus.com>).
      Make short names of objects RFC2256-compliant.
      Fix buggy object definitions (Svenning Sorensen <sss at sss.dnsalias.net>).
      Apply OID fixes for elliptic curves as supplied by     Nils Larsch <nlarsch at compuserve.de>.
      Keep my own specially optimized HP-UX shared library building up to date.
      Synchronize with 0.9.7-stable branch
      Synchronize with 0.9.7-stable.
      Fix CRLF problem in BASE64 decode.
      Some more OID enhancements.
      Use the "mail" short name according to RFC2798 (Michael Bell     <michael.bell at rz.hu-berlin.de>).
      Document OID changes.
      Handle headings uniformly to allow automatic processing.
      Optimize: better shortcut evaluation ("Howard Chu" <hyc at highlandsun.com>).
      Missing "Configure" entry (Jean-Marc Desperrier <jean-marc.desperrier at certplus.com>).
      Add cygwin build script (Corinna Vinschen <vinschen at redhat.com>).
      ERR_file_name is no longer being used.
      Add generationQualifier OID (proposed by Fiel Cabral).
      Add information about -nameopt option for x509.
      Fix escaping when using the -subj option of "openssl req", document     'hidden' -nameopt support. (Robert Joop <joop at fokus.gmd.de>)
      Add missing ";" after fi     Submitted by: bryanh at giraffe-data.com     Reviewed by:     PR: [openssl.org #18]
      Recognize PPC64 target.     Submitted by:     Reviewed by:     PR: 26
      Add missing '"'     Submitted by: Boyd Gerber <gerberb at zenez.com>
      Use the indirect way to the actual request tracker, so that people     also are informed about the credentials required for guest access     and the operation instructions.
      Fix incorrect =over 4 location.     Submitted by: David Waitzman <djw at bbn.com>     Reviewed by: Lutz Jaenicke     PR: [openssl.org #38]
      Remove item listed twice <kromJx at crosswinds.net>.
      0.9.7-beta1 is just being released.
      Typo.     PR: 72
      The correct PERL interpreter is passed via commandline.
      On some systems the default "perl" may still be perl4, use the correct     version determined by "config" instead.
      There is no continuation at this point.
      New OID for X509 usage: pseudonym     Submitted by: Michael Bell <michael.bell at rz.hu-berlin.de>     Reviewed by: Lutz Jaenicke     PR: 83
      Make sure that settings are passed back and forth when walking around     in the tree during build.     Reinstall default PERL settings in Makefiles, as the real reason for the     failure was that the settings were not passed.
      For the main directory, Makefile.org is significant :-)
      Make sure that flags are passed to "make" subprocesses.
      Support building the distribution .tar file on platforms with limited     argument list length. This requires Gnu-tar. As we use the non-standard     "tardy" software anyway, it doesn't hurt too much to require Gnu-tar.     "make dist" will probably only be used by team-members anyway.
      Correct wrong usage information.     PR: 95
      Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible.     Submitted by:     Reviewed by:     PR: 82
      Clarify formulation (proposed by Bodo Moeller).
      Add OIDs for Secure Electronic Transactions (SET)     Submitted by: Vadim Fedukovich <vf at unity.net>     Reviewed by: Lutz Jaenicke     PR: 80
      Add missing prototypes.     Submitted by: Goetz Babin-Ebell <babinebell at trustcenter.de>     PR: 89
      Some more prototype fixes.     Use DECLARE macros in asn1* instead of direct declaration.     Submitted by: Goetz Babin-Ebell <babinebell at trustcenter.de>     Reviewed by:     PR: 89
      Initial support for hpux64-parisc-gcc     Submitted by: ross.alexander at uk.neceur.com     Reviewed by:     PR: 96
      OpenSSL_add_all_algorithms has been replaced by configuration dependent     functions and is redirected by macros. Switch it off now, possible removal     later.
      Use -dumpversion to obtain gcc's version.     Submitted by: ross.alexander at uk.neceur.com, allenh at eecs.berkeley.edu     Reviewed by:     PR: 96
      Roll out OpenSSL-0.9.7-beta2
      beta2, not beta1
      load_netscape_key is static.
      AIX (V3) requires <sys/select.h> (included via e_os.h) for fd_set.     Submitted by: Bernhard Simon <bs at bsws.zid.tuwien.ac.at>     Reviewed by:     PR:
      Fix path to find util/pod2man.pl from the execution directory.     Make sure to use the predefined PERL.     Submitted by: Bernhard Simon <bs at bsws.zid.tuwien.ac.at>     Reviewed by:     PR:
      HP-UX: shared libraries MUST be +x and SHOULD be -w.
      <sys/select.h> is included for AIX, when USE_SOCKETS is defined.     Submitted by: Bernhard Simon <bs at bsws.zid.tuwien.ac.at>     Reviewed by:     PR:
      README and INSTALL should contain information about the request tracker     (noted by Jonathan Louie <jlouie at recourse.com>).
      Ciphers with NULL encryption were not properly handled because they were     not covered by the strength bit mask.     Submitted by:     Reviewed by:     PR: 130
      Reorder inclusion of header files:
      Minor typos     Submitted by: jufi at nerdnet.de     Reviewed by:     PR: 138
      Sun's official statement with respect to /dev/random support.     Submitted by: Garrett Anderson garrett at dirsec.com     Reviewed by:     PR: 120
      Typos in links between manual pages     Submitted by: Richard.Koenning at fujitsu-siemens.com     Reviewed by:     PR: 129
      Discussion about Redhat's specialties for the FAQ.     Submitted by: John.Airey at rnib.org.uk     Reviewed by:     PR: 128
      Rewording: some algorithms are also patented in Europe, so choose more     defensive phrases...
      Manual page for SSL_do_handshake().     Submitted by: Martin Sjögren <martin at strakt.com>     PR: 137
      The behaviour is undefined when calling SSL_write() with num=0.     Submitted by:     Reviewed by:     PR: 141
      HP-UX shared libraries must be +x and should be -w. It doesn't hurt on     other platforms.     Submitted by:     Reviewed by:     PR: 134
      New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.     Submitted by:     Reviewed by:     PR: 127
      Only use DSA-functions if available.     Submitted by: "Hellan,Kim KHE" <KHE at kmd.dk>     Reviewed by:     PR: 167
      0.9.6e and 0.9.7-beta3 are out.
      "make update"
      OpenSSL Security Advisory [30 July 2002]
      Typo.     Submitted by: Jeffrey Altman <jaltman at columbia.edu>     Reviewed by:     PR: 169
      Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().     Submitted by:     Reviewed by:     PR: 212
      Consequently use term URI instead of URL     Submitted by: TJ Saunders <tj at castaglia.org>     Reviewed by:     PR: 268
      Add missing brackets.     Submitted by: "Chris Brook" <cbrook at v-one.com>
      Corrected exchanged parameters in example for EVP_EncryptInit_ex()     Submitted by: "Marcus Carey" <marcus.carey at verizon.net>     Reviewed by:     PR: 265
      More information to the important issue of seeding the PRNG     Submitted by:     Reviewed by:     PR: 285
      Make sure permissions are friendly when building release tar file.     Submitted by:     Reviewed by:     PR: 171
      Typo.     Submitted by: assar <assar at kth.se>     Reviewed by:     PR:
      Missing =back     Submitted by:     Reviewed by:     PR:
      Correct reference to section name.     Submitted by:     Reviewed by:     PR:
      Opportunistic change to work around pod2latex bug: rename NAME OPTIONS     section to SUBJECT AND ISSUER NAME OPTIONS     Submitted by:     Reviewed by:     PR: 333
      Don't declare 2 WARNINGS sections     Submitted by:     Reviewed by:     PR:
      No such reference to link to (found running pod2latex).     Submitted by:     Reviewed by:     PR:
      Use =back to finish =over (found using pod2latex).     Submitted by:     Reviewed by:     PR:
      The pointer to the cipher object is not yet set, when session was reloaded     from external cache (using d2i_SSL_SESSION). Perform comparison based on     the cipher's id instead.     Submitted by: Steve Haslam <araqnid at innocent.com>     Reviewed by:     PR: 288
      Fix buggy #! magic and update ssleay->openssl     Submitted by:     Reviewed by:     PR: 305
      Better workaround to the "=head1 NAME OPTIONS" pod2latex problem:     NAME OPTIONS are a subset of OPTIONS, so just make it =head2!     Submitted by:     Reviewed by:     PR: 333
      Fix bug introduced by the attempt to fix client side external session     caching (#288): now internal caching failed (#351):     Make sure, that cipher_id is set before comparing.     Submitted by:     Reviewed by:     PR: 288 (and 351)
      Missing ")"     Submitted by: Christian Hohnstaedt <chohnstaedt at innominate.com>     Reviewed by:     PR:
      Fix wrong URI.     Submitted by: assar at kth.se     Reviewed by:     PR: 390
      Update -Olimit setting.     Submitted by: Bernhard Simon <simon at zid.tuwien.ac.at>     Reviewed by:     PR:
      Fix Kerberos5/SSL interaction     Submitted by: "Kenneth R. Robinette" <support at securenetterm.com>     Reviewed by:     PR:
      Some more adjustments     Submitted by: Jeffrey Altman <jaltman at columbia.edu>, "Kenneth R. Robinette" <support at securenetterm.com>
      Fix wrong handling of session ID in SSLv2 client code.
      Add information about AES cipher suites to ciphers manual page.
      Third argument to shl_load() is "long address", not a pointer.     (Didn't influence functionality, as on HP-UX 32bit the NULL pointer     is a 32bit 0-value and thus is identical to the required 0L.)
      Document hpux-parisc2-cc problems, probably due to optimizer bug.
      Really fix SSLv2 session ID handling
      Fix initialization sequence to prevent freeing of unitialized objects.     Submitted by: Nils Larsch <nla at trustcenter.de>
      ncr-scde target needs -lc89 for strcasecmp() and ftime() (Tim Rice, Martin     Megele).
      Armor against systems without ranlib...     Submitted by: Thierry Lelegard <thierry.lelegard at canal-plus.fr>
      Add SCO5 shared library scripts.     Upate SVR5 scripts for the upcoming 0.9.7b.     Submitted by: Boyd Lynn Gerber <gerberb at zenez.com>
      Add warning about unwanted side effect when calling SSL_CTX_free():     sessions in the external session cache might be removed.     Submitted by: "Nadav Har'El" <nyh at math.technion.ac.il>
      Fix ordering of compare functions: strncmp() must be used first, a     the cipher name in the list is not guaranteed to be at least "buflen"     long.     PR: 567     Submitted by: "Matt Harren" <matth at cs.berkeley.edu>
      Move header file inclusion to prevent irritation of users forgetting to     call "make depend" after enabling or disabling ciphers...     Submitted by: Tal Mozes <talm at cyber-ark.com>
      Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)     Submitted by: dg at sunet.ru (Daniel Ginsburg)
      Clarify ordering of certificates when using certificate chains
      Clarify return value of SSL_connect() and SSL_accept() in case of the     WANT_READ and WANT_WRITE conditions.
      Clarify wording of verify_callback() behaviour.
      Provide ASFLAGS in the subdirectories handling assembler code.
      Catch error condition to prevent NULL pointer dereference.     Submitted by: Goetz Babin-Ebell <babin-ebell at trustcenter.de>
      Make sure to initialize AES counters to obtain proper results.     Submitted by: Kirill Kochetkov <kochet at ixbt.com>
      Free "engine" resource in case of failure to prevent memory leak     PR: #778     Submitted by: George Mitchell <george at m5p.com>
      Some more ASFLAGS settings required     PR: #735     Submitted by: Tim Rice <tim at multitalents.net>
      Restructure make targets to allow parallel make.     Submitted by: Witold Filipczyk <witekfl at poczta.gazeta.pl>
      unintptr_t and <inttypes.h> are not strictly portable with respect to     ANSI C 89.     Undo change to maintain compatibility.
      Update URI     Submitted by: Gertjan van Oosten <gertjan at West.NL>
      Add s_time manual page     Submitted by: "Martin Witzel" <MWITZEL at de.ibm.com>
      Updates to s_time manual page     PR: #570     Submitted by: Martin Witzel <MWITZEL at de.ibm.com>
      Cover all DSA setups when running tests     PR: #748     Submitted by: Kirill Kochetkov <kochet at ixbt.com>
      More precise explanation of session id context requirements.
      Fix hang in EGD/PRNGD query when communication socket is closed     prematurely by EGD/PRNGD.     PR: 1014     Submitted by: Darren Tucker <dtucker at zip.com.au>
      Fix typo on blowfish manual page     PR: 1010     Submitted by: Marc Balmer <mbalmer at openbsd.org>
      Update to new home page
      Fix incorrect handling of special characters     PR: 1459     Submitted by: tnitschke at innominate.com     Reviewed by: steve at openssl.org
      Add support for m68k linux     PR: 1277     Submitted by: Mike Frysinger <vapier at gentoo.org>
      Add automatic detection for Linux on SuperH     PR: 1152     Submitted by: Mike Frysinger <vapier at gentoo.org>
      Extend SMTP and IMAP protocol handling to perform the required     EHLO or CAPABILITY handshake before sending STARTTLS
      Fix problem with multi line responses in -starttls by using a buffering     BIO and BIO_gets().
      Do not use uninitialized memory to seed the PRNG as it may confuse     code checking tools.     PR: 1499
      Initialize "buf" to 0 to make valgrind happy :-)     Note: the RAND_bytes() manual page says:      RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.     It does not talk about using the previous contents of buf so we are working     as documented.
      Port from 0.9.8-stable
      Typos     PR: 1578     Submitted by: Charles Longeau <chl at tuxfamily.org>
      Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f
      Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211)
      Typos in man pages: dependant->dependent
      Add missing colon in manpage
      Fix URI of OpenSSL Request Tracker information     PR: 1661
      Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev     PR: 1552     Submitted by: Roumen Petrov <openssl at roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev at gmail.com>
      Correctly handle case of bad arguments supplied to rsautl     PR: 1659
      Fix incorrect return value in apps/apps.c:parse_yesno()     PR: 1607     Submitted by: "Christophe Macé" <mace.christophe at gmail.com>
      Another minor update from the mingw development     PR: 1552     Submitted by: Roumen Petrov <openssl at roumenpetrov.info>
      Add missing 'extern "C" {' to some _err.h files in crypto/engines/     PR: 1609
      Another occurance of possible valgrind/purify "uninitialized memory"     complaint related to the PRNG: with PURIFY policy don't feed uninitialized     memory into the PRNG.
      Typo. (From 0.9.8-stable/S. Henson)     PR: 1672
      Provide information about "openssl dgst" -hmac option.
      Document "openssl s_server" -crl_check* options
      Correctly adjust location of comment
      Remove all root CA files (beyond test CAs including private key)     from the OpenSSL distribution.
      Clear error queue when starting SSL_CTX_use_certificate_chain_file     PR: 1417, 1513     Submitted by: Erik de Castro Lopo <mle+openssl at mega-nerd.com>
      Reword comment to be much shorter to stop other people from complaining     about "overcommenting".
      Add README about removed root CA certificates.
      Refer to SSL_pending from the man page for SSL_read
      Fix incorrect command for assember file generation on IA64
      When the underlying BIO_write() fails to send a datagram, we leave the     offending record queued as 'pending'. The DTLS code doesn't expect this,     and we end up hitting an OPENSSL_assert() in do_dtls1_write().
      Half of the commit for 0.9.8 as the bitmap handling has changed.     (Firstly... ommitted)
      Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8     but has been omitted from HEAD (0.9.9), see commit       http://cvs.openssl.org/chngview?cn=16627     by appro.
      Add missing "-d" to option list of openssl version.
      Allow detection of input EOF in quiet mode by adding -no_ign_eof option     to s_client application.     PR: #1761     Submitted by: David Woodhouse <dwmw2 at infradead.org>
      Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
      apps/speed.c: children should not inherit buffered I/O     PR: 1787     Submitted by: Artur Klauser <aklauser at google.com>
      Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP

Mark J. Cox (19):
      Fixes to BN code.  Previously the default was to define BN_RECURSION     but the BN code had some problems that would cause failures when     doing certificate verification and some other functions.
      fix typo
      Fix some more typos
      Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
      add what I'm doing and a vote
      Updates to the new SSL compression code          [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
      Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).  The     problem was that one of the replacement routines had not been working since     SSLeay releases.  For now the offending routine has been replaced with     non-optimised assembler.  Even so, this now gives around 95% performance     improvement for 1024 bit RSA signs.
      This corrects the reference count handling in SSL_get_session.     Previously, the returned SSL_SESSION didn't have its reference count     incremented so the SSL_SESSION could be freed at any time causing     seg-faults if the pointer was subsequently used. Code that uses     SSL_get_session must now make a corresponding SSL_SESSION_free() call when     it is done to avoid memory leaks (or blocked up session caches).
      I've still got one left; the backport of the Broadcom UBSEC driver to     0.9.6 that we've got - just waiting for clearance on that one     Submitted by:     Reviewed by:     PR:
      Phew, finished     Submitted by:     Reviewed by:     PR:
      Mention that the keys likely to have signed the distribution are now     listed on the web site for easy finding and downloading
      Make sure head CHANGES is up to date, we refer to this in announce.txt
      one time CAN->CVE update
      Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher     (CVE-2006-4339)
      Fix buffer overflow in SSL_get_shared_ciphers() function.     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
      Fix ASN.1 parsing of certain invalid structures that can result     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
      Initialise ctx to NULL to avoid uninitialized free, noticed by     Steve Kiernan
      This entry was in 0.9.8m changelog but missing from here, since it's     security relevent we'd better list it.
      Remove latest version, it's pretty redundant and just one more thing     to keep up to date with releases.  Reported because     http://www.openssl.org/support/faq.html#MISC1 was out of date

Martin Brejcha (2):
      dgram_sctp_ctrl: authkey memory leak
      Fix memory leak.

Martin Kaiser (3):
      Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
      Modify the description of -noout to match the manpage. PR#3364
      remove duplicate 0x for default RSASSA-PSS salt len

Martin Nowak (1):
      remove duplicate defines

Martin Olsson (5):
      RT2513: Fix typo's paramter-->parameter
      RT2848: Remove extra NULL check
      RT2847: Don't "check" uninitialized memory
      RT2842: Remove spurious close-comment marker.
      RT2843: Remove another spurious close-comment token

Mat (1):

Matt Caswell (131):
      Make binary curve ASN.1 work in FIPS mode.
      Document updates from wiki.
      PKCS5_PBKDF2_HMAC documentation submitted by Jeffrey Walton
      Fixed minor errors in docs
      Fix SSL_CONF_cmd missing =back
      Fixed spelling error in error message. Fix supplied by Marcos Marado
      Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339
      Fixed CRLF in file
      Move length check earlier to ensure we don't go beyond the end of the user's buffer. PR#3320
      Fixed NULL pointer dereference. See PR#3321
      Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)
      Fixed unterminated B tag, causing build to fail with newer pod2man versions
      Fixed minor copy&paste error, and stray space causing rendering problem
      Fix for non compilation with TLS_DEBUG defined
      Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg
      Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker
      Changed -strictpem to use PEM_read_bio
      Added SSLErr call for internal error in dtls1_buffer_record
      Fixed minor duplication in docs
      Fixed incorrect return code handling in ssl3_final_finish_mac
      Added OPENSSL_assert check as per PR#3377 reported by Rainer Jung <rainer.jung at kippdata.de>
      Revert "Fixed incorrect return code handling in ssl3_final_finish_mac"
      Fixed incorrect return code handling in ssl3_final_finish_mac.     Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
      Tidied up, added include to stdlib, removed "goto bad" usage
      Fix minor typos
      Fixed Windows compilation failure
      Revert "Fix off-by-one errors in ssl_cipher_get_evp()"
      Fixed error in pod files with latest versions of pod2man
      Fix memory leak in BIO_free if there is no destroy function.     Based on an original patch by Neitrino Photonov <neitrinoph at gmail.com>
      Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.     This is actually ok for this function, but initialised to zero anyway if     PURIFY defined.
      Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date
      Disabled XTS mode in enc utility as it is not supported
      Added comment for the frag->reassembly == NULL case as per feedback from Emilia
      Fix DTLS handshake message size checks.
      Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read.
      RT1665: Fix podpath to get xref's right
      Fixed out-of-bounds read errors in ssl3_get_key_exchange.
      Typo fixes to evp documentation.
      RT3065: automatically generate a missing EC public key
      Fixed double inclusion of string.h
      RT3192: spurious error in DSA verify
      Removed duplicate definition of PKCS7_type_is_encrypted
      Fix for SRTP Memory Leak
      Fix SRTP compile issues for windows
      Updates CHANGES file
      Updates to NEWS file
      Fix free of garbage pointer. PR#3595
      Updated comment references to draft-ietf-tls-ecc-12 to refer to RFC4492 instead
      Fixed cms-test.pl for no-ec2m
      Added references to RFC 7027
      Fix s_server -ssl2. Previously this reported "Error setting EC curve"
      When using EVP_PKEY_derive with a KDF set, a negative error from     ECDH_compute_key is silently ignored and the KDF is run on duff data
      Corrected comments in ssl.h about SSLv23_method and friends
      Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
      Add include of ssl.h which is required by srtp.h
      Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki     Minor changes made by Matt Caswell.
      Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki     Minor changes made by Matt Caswell.
      Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki     Minor changes made by Matt Caswell
      Tidy up ocsp help output
      Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST
      Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
      Delete unused file
      Check EVP_Cipher return values for SSL2
      Remove more references to dtls1_enc
      Fix warning in ssl2_enc
      Verify that we have a sensible message len and fail if not     RT#3592 provides an instance where the OPENSSL_assert that this commit     replaces can be hit. I was able to recreate this issue by forcing the     underlying BIO to misbehave and come back with very small mtu values. This     happens the second time around the while loop after we have detected that the     MTU has been exceeded following the call to dtls1_write_bytes.
      The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being     automatically updated, and we should use the one provided instead.     Unfortunately there are a couple of locations where this is not respected.
      The first call to query the mtu in dtls1_do_write correctly checks that the     mtu that we have received is not less than the minimum. If its less it uses the     minimum instead. The second call to query the mtu does not do that, but     instead uses whatever comes back. We have seen an instance in RT#3592 where we     have got an unreasonably small mtu come back. This commit makes both query     checks consistent.
      There are a number of instances throughout the code where the constant 28 is     used with no explanation. Some of this was introduced as part of RT#1929. The     value 28 is the length of the IP header (20 bytes) plus the UDP header (8     bytes). However use of this constant is incorrect because there may be     instances where a different value is needed, e.g. an IPv4 header is 20 bytes     but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP).     This commit introduces a new BIO_CTRL that provides the value to be used for     this mtu "overhead". It will be used by subsequent commits.
      Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP)     and instead use the value provided by the underlying BIO. Also provide some     new DTLS_CTRLs so that the library user can set the mtu without needing to     know this constant. These new DTLS_CTRLs provide the capability to set the     link level mtu to be used (i.e. including this IP/UDP overhead). The previous     DTLS_CTRLs required the library user to subtract this overhead first.
      Fix dtls_query_mtu so that it will always either complete with an mtu that is     at least the minimum or it will fail.     There were some instances in dtls1_query_mtu where the final mtu can end up     being less than the minimum, i.e. where the user has set an mtu manually. This     shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having     logic for guessing an mtu, was actually only ever used to work out the minimum     mtu to use.
      If we really get a situation where the underlying mtu is less than the minimum     we will support then dtls1_do_write can go into an infinite loop. This commit     fixes that.
      Updates to s_client and s_server to remove the constant 28 (for IPv4 header     and UDP header) when setting an mtu. This constant is not always correct (e.g.     if using IPv6). Use the new DTLS_CTRL functions instead.
      Only use the fallback mtu after 2 unsuccessful retransmissions if it is less     than the mtu we are already using
      Remove "#if 0" code
      Remove incorrect code inadvertently introduced through commit 59669b6ab.
      Add support for OCB mode as per RFC7253
      Add EVP support for OCB mode
      Add tests for OCB mode
      Add documentation for OCB mode
      Added OPENSSL_NO_OCB guards
      Add CHANGES entry for OCB
      Fix memory leak in SSL_new if errors occur.
      Fixed memory leak in the event of a failure of BUF_MEM_grow
      Remove internal bn dependancies from speed.c
      Prepare for bn opaquify. Implement internal helper functions.
      Prepare exptest for bn opaquify
      Implement internally opaque bn access from asn1
      Implement internally opaque bn access from dh
      Implement internally opaque bn access from dsa
      Implement internally opaque bn access from ec
      Implement internally opaque bn access from evp
      Implement internally opaque bn access from rsa
      Implement internally opaque bn access from srp
      Implement internally opaque bn access from ts
      Disable engines that will fail to build when bn is made opaque
      Update apps for bn opaque change
      Make bn opaque
      Update documentation following BN opaquify
      Move bn internal functions into bn_int.h and bn_lcl.h
      make update
      Fixed memory leak if BUF_MEM_grow fails
      DTLS fixes for signed/unsigned issues
      Remove extraneous white space, and add some braces
      Add OPENSSL_NO_ECDH guards
      Add missing OPENSSL_NO_EC guards
      Rename gost2814789t.c to gost2814789test.c. The old name caused problems     for dummytest if gost is compiled out, since the name of the test is not     standard (dummytest segfaults). Also the old name caused problems for git     because the executable was not in the .gitignore file
      Add more meaningful OPENSSL_NO_ECDH error message for suite b mode
      The dtls1_output_cert_chain function no longer exists so remove it from     ssl_locl.h
      Turn on OPENSSL_NO_DEPRECATED by default.     Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is     defined at config stage then OPENSSL_USE_DEPRECATED has no effect -     deprecated functions are not available.     If OPENSSL_NO_DEPRECATED is not defined at config stage then     applications must define OPENSSL_USE_DEPRECATED in order to access     deprecated functions.     Also introduce compiler warnings for gcc for applications using     deprecated functions
      Remove redundant OPENSSL_NO_DEPRECATED suppression
      Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED     Introduce use of DECLARE_DEPRECATED
      make update following changes to default config settings
      Update CHANGES for deprecated updates
      Made it an error to define OPENSSL_USE_DEPRECATED if OpenSSL has been built     with OPENSSL_NO_DEPRECATED defined
      Fix a problem if CFLAGS is too long cversion.c fails to compile when config     is run with --strict-warnings.
      Additional fix required for no-srtp to work
      Remove blank line from start of cflags character array in buildinf.h
      Further comment amendments to preserve formatting prior to source reformat
      Follow on from CVE-2014-3571. This fixes the code that was the original source     of the crash due to p being NULL. Steve's fix prevents this situation from     occuring - however this is by no means obvious by looking at the code for     dtls1_get_record. This fix just makes things look a bit more sane.
      A memory leak can occur in dtls1_buffer_record if either of the calls to     ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a     malloc failure, whilst the latter will fail if attempting to add a duplicate     record to the queue. This should never happen because duplicate records should     be detected and dropped before any attempt to add them to the queue.     Unfortunately records that arrive that are for the next epoch are not being     recorded correctly, and therefore replays are not being detected.     Additionally, these "should not happen" failures that can occur in     dtls1_buffer_record are not being treated as fatal and therefore an attacker     could exploit this by sending repeated replay records for the next epoch,     eventually causing a DoS through memory exhaustion.
      Fix build failure on Windows due to undefined cflags identifier
      Update .gitignore with windows files to be excluded from git
      Further windows specific .gitignore entries
      Remove redundant DSO_METHOD_beos declaration in dso.h. BEOS support has been     removed.
      make update
      Fix no-deprecated on Windows
      Ensure internal header files are used from mk1mf based builds
      Avoid deprecation problems in Visual Studio 13
      Fix warning where BIO_FLAGS_UPLINK was being redefined.     This warning breaks the build in 1.0.0 and 0.9.8
      Make output from openssl version -f consistent with previous versions

Matt Smart (1):
      Fix doc typo.

Matthias Andree (1):
      RT2272: Add old-style hash to c_rehash

Matthieu Crapet (1):
      RT 1505: Use SSL3_AL_FATAL not "2"

Michael Tuexen (4):
      Avoid unnecessary fragmentation.
      DTLS handshake fix.
      DTLS message_sequence number wrong in rehandshake ServerHello
      Fix incorrect OPENSSL_assert() usage.

Michal Bozon (2):
      Corrected POD syntax errors. PR#3353
      Correct timestamp output when clock_precision_digits > 0

Mihai Militaru (1):
      RT2210: Add missing EVP_cleanup to example

Mike Bland (16):
      Unit/regression test for TLS heartbeats.
      More through error checks in set_up
      Zero-initialize heartbeat test write buffer
      Fix heartbeat_test for -DOPENSSL_NO_HEARTBEATS
      Create test/testutil.h for unit test helper macros
      test/testutil.c test registry functions.
      Use testutil registry in heartbeat_test
      Update heartbeat_test #includes
      Check the test registry size during add_test()
      Add cscope.out and .d files to .gitignore
      Emit PERLASM_SCHEME to fix GitMake on OS X
      {,darwin64-}debug-test-64-clang Configure targets
      Improve variable parsing when generating MINFO
      Remove redundant test targets outside of test/
      Add missing SRC variable
      Add whrlpool and camellia .s files to perlasm list

Mike Frysinger (1):
      Have the .pc files depend on each other rather than duplicating the     various link settings. PR#3332

Miod Vallat (1):
      Fix off-by-one errors in ssl_cipher_get_evp()

Naftuli Tzvi Kay (1):
      Added custom PBKDF2 iteration count to PKCS8 tool.

Nick Alcock (1):
      Fix POD errors to stop make install_docs dying with pod2man 2.5.0+

Nick Lewis (1):
      PR 2580: dgst missing current SHA algorithms

Nick Mathewson (2):
      Do not include a timestamp in the Client/ServerHello Random field.
      Fix another gmt_unix_time case in server_random

Nick Urbanik (1):
      RT2609: Typo in EXAMPLE section of req.pod

Nils Larsch (197):
      some const fixes
      add new curves to the loop (with some cleanup from me)
      test, remove unnecessary const cast
      when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro     which cannot be evaluated in an if statement
      the second argument of EVP_SealInit is const
      update docs (recent constification)
      Makefile.ssl doesn't exist anymore
      fix header
      use SSL3_VERSION_MAJOR instead of SSL3_VERSION etc.
      really clear the error queue here
      use SHA-1 as the default digest for the apps/openssl commands
      remove unused recp method
      some const fixes and cleanup
      fix example in docu
      update progs.pl to reflect changes in progs.h
      some const fixes
      const fixes
      make sure error queue is totally emptied
      get rid of very buggy and very imcomplete DH cert support
      improve docu of SSL_CTX_use_PrivateKey()
      add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file()     and SSL_use_PrivateKey_file()
      include limits.h for UINT_MAX etc.
      Makefile.ssl -> Makefile
      EVP_CIPHER_CTX_init is a void function + fix typo
      const fixes
      the pointer to the message digest is const
      - use BN_set_negative and BN_is_negative instead of BN_set_sign       and BN_get_sign     - implement BN_set_negative as a function     - always use "#define BN_is_zero(a) ((a)->top == 0)"
      make update
      more const
      change prototype of the ecdh KDF: make input parameter const and the outlen argument  more flexible
      make asn.1 field names const
      remove false positive
      some updates for the blinding code; summary:     - possibility of re-creation of the blinding parameters after a       fixed number of uses (suggested by Bodo)     - calculatition of the rsa::e in case it's absent and p and q       are present (see bug report #785)     - improve the performance when if one rsa structure is shared by       more than a thread (see bug report #555)     - fix the problem described in bug report #827     - hide the definition ot the BN_BLINDING structure in bn_blind.c
      add docu for BN_BLINDING functions
      add missing parentheses
      no Makefile.ssl anymore
      get rid of Makefile.ssl in util/
      avoid warnings when building on systems where sizeof(void *) > sizeof(int)
      add reference to BN_BLINDING_new.pod
      add 192 bit prime curve to the command line options
      hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis     for ecdh)
      remove some false positive
      check return value of RAND_pseudo_bytes; backport from the stable branch
      remove false positive
      don't let BN_CTX_free(NULL) segfault
      backport fix from the stable branch
      fix typo
      rewrite of bn_nist.c, disable support for some curves on 64 bit platforms     for now (it was broken anyway)
      remove BN_ncopy, it was only used in bn_nist.c and wasn't particular     useful anyway
      remove false positive
      fix compiler warning; pow10 is also in math.h
      give EC_GROUP_*_nid functions a more meaningful name     	EC_GROUP_get_nid -> EC_GROUP_get_curve_name     	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
      improve command line argument checking
      give EC_GROUP_new_by_nid a more meanigful name:     EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
      use 'p' as conversion specifier for printf to avoid truncation of     pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz     via Mike Frysinger <vapier at gentoo.org>.
      ecc api cleanup; summary:     - hide the EC_KEY structure definition in ec_lcl.c + add       some functions to use/access the EC_KEY fields     - change the way how method specific data (ecdsa/ecdh) is       attached to a EC_KEY     - add ECDSA_sign_ex and ECDSA_do_sign_ex functions with       additional parameters for pre-computed values     - rebuild libeay.num from 0.9.7
      simplify EC_KEY_dup
      make the type parameter const when ID2_OF_const() is used
      fix "dereferencing type-punned pointer will break strict-aliasing rules"     warning when using gcc 4.0
      update ecdsa doc
      fix potential memory leak
      fix typo, add prototype
      include opensslconf.h if OPENSSL_NO_* is used
      changes from 0.9.8
      fix assertion
      clear error queue on success and return NULL if no cert could be read
      check return value
      ssl_create_cipher_list should return an error if no cipher could be     collected (see SSL_CTX_set_cipher_list manpage). Fix handling of     "cipher1+cipher2" expressions in ssl_cipher_process_rulestr.
      use "=" instead of "|=", fix typo
      - let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an       error if the cipher list is empty     - fix last commit in ssl_create_cipher_list     - clean up ssl_create_cipher_list
      replace the deprecated "-m486" gcc option with "-march=i486"
      update FAQ
      update for the cswift engine:     - fix the problem described in bug report 825     - fix a segfault when the engine fails to initialize     - let the engine switch to software when keysize > 2048
      clear dso pointer in case of an error
      remove OPENSSL_NO_ASM dependency
      initialize newly allocated data
      the second argument of d2i_X509, d2i_X509_CRL and d2i_X509_REQ is const
      add missing entries for "-multivalue-rdn" and "-utf8" in ca.pod and req.pod
      make         	./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]         	make depend all test     work again
      bugfix: 0 - w (w != 0) is actually negative
      fix typo
      the final byte of a pkcs7 padded plaintext can never be 0
      set correct bn->top value
      fix BN_mod_word and give a more reasonable return value if an error occurred
      improved error checking and some fixes
      remove unused variable
      add comment
      fix potential memory leak + improved error checking
      avoid infinite recursion if dynamic engine isn't loaded
      remove unused internal foo_base_method functions
      a ssl object needs it's own instance of a ecdh key; remove obsolete comment
      Let the TLSv1_method() etc. functions return a const SSL_METHOD     pointer and make the SSL_METHOD parameter in SSL_CTX_new,     SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
      add missing file
      initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock
      Keep cipher lists sorted in the source instead of sorting them at     runtime, thus removing the need for a lock. Add a test to ssltest     to verify that the cipher lists are sorted.
      fix warnings when building openssl with the following compiler options:             -Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar             -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts             -Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused             -Wno-unused-parameter -Wuninitialized
      don't try to load cert/key when the "-nocert" option is set
      fix typo in sbgp names
      fix function name in error
      bugfix: register engine as default engine in ENGINE_set_default_DSA
      fix typos
      add some doxygen comments
      cleanup doxygen comments
      protect BN_BLINDING_invert with a write lock and BN_BLINDING_convert     with a read lock
      successfully updating the db shouldn't result in an error message
      compile sstrsep only if HAVE_FORK is defined; patch supplied by Johan Gill <johane at lysator.liu.se>
      fix typo, pointed out by Patrick Guio
      2 is a prime
      fix comment
      support numeric strings in ASN1_generate_nconf
      recent changes from 0.9.8: fix cipher list order in s3_lib.c,     make "no-ssl2" work again
      add additional checks + cleanup
      fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state
      p could be uninitialized
      remove unnecessary check
      fix typo: pass pre-computed parameters to the underlying signature function; thanks to Lucas Newman
      fix warning
      fix warning: add missing prototype
      use stricter prototypes, fix warnings
      don't use the l length modifier for int
      use asn1 callbacks for new, free and d2i
      fix typos
      make some internal functions static; patch supplied by Kurt Roeckx
      fix no-dh configure option; patch supplied by Peter Meerwald
      fix "#ifndef HZ" statement
      force C locale when using [a-z] in sed expressions
      make some parameters const
      no need to cast away the const
      constify some print and ts functions
      fix function name in error message
      add initial support for RFC 4279 PSK SSL ciphersuites
      make update
      fix signed vs. unsigned warning
      fix "missing initializer" warning
      fix signed vs. unsigned warning
      note that SSL_library_init() is not reentrant
      use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output
      fix comment
      remove unused variables
      signed vs. unsigned
      fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
      fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
      create BN_CTX object
      fix problems found by coverity: remove useless code
      fix for OPENSSL_NO_EC
      remove unnecessary code
      check if con != NULL before using it
      ensure the pointer is valid before using it
      fix last commit: return NULL is TS_RESP_CTX_set_status_info_cond() failed
      make local function static
      as we encrypt every bit separately we need to loop through the number     of bits; thanks to Michael McDougall <mmcdouga at saul.cis.upenn.edu>
      undo accidental commit
      return an error if the supplied precomputed values lead to an invalid signature
      fix OPENSSL_NO_foo defines
      update md docs
      remove SSLEAY_MACROS code
      fix warning
      register the engine as default engine in ENGINE_set_default()
      replace macros with functions
      add support for whirlpool in apps/speed
      add "Certificate Issuer" and "Subject Directory Attributes" OIDs
      allocate a new attributes entry in X509_REQ_add_extensions()     if it's NULL (in case of a malformed pkcs10 request)
      return 0 if 'noout' is used and no error has occurred
      avoid duplicate entries in add_cert_dir()
      fix documentation
      use const ASN1_TIME *
      properly initialize SSL context, check return value
      fix order
      remove trailing '\'
      add support for ecdsa-with-sha256 etc.
      fix order
      update pkcs12 help message + manpage
      fix typos
      use OPENSSL_NO_DYNAMIC_ENGINE macro, disable debug messages
      fix return value of get_cert_chain()
      remove undefined constant
      fix potential memory leaks
      fix documentation
      add support for DSA with SHA2
      add note about 56 bit ciphers
      fix typo
      ensure that a ec key is used
      remove unused variable
      remove unreachable code
      use user-supplied malloc functions for persistent kssl objects
      avoid shifting input
      - use OPENSSL_malloc() etc. in zlib     - move zlib_stateful_ex_idx initialization to COMP_zlib()
      ensure that the EVP_CIPHER_CTX object is initialized
      remove dead code
      allow EVP_PKEY_CTX_free(NULL)
      remove unused file
      size_t -> int
      check if pointer is != NULL before dereferencing it (Coverity CID 40)
      check correct pointer before freeing it (Coverity CID 79,86)
      check return value of ASN1_item_i2d(), Coverity ID 55

Oscar Jacobsson (1):
      Add 3072, 7680 and 15360 bit RSA tests to openssl speed

PK (1):
      Add SHA256 Camellia ciphersuites from RFC5932

Paul C. Sutton (11):
      Makefiles updated to exit if an error occurs in a sub-directory make     (including if user presses ^C)
      Make the installation documentation easier to follow.
      Add votes
      ssldir.pl did not correctly set the directory in utils/mk1mk.pl when     perl5 was used.
      Some more changes for renaming the binary from ssleay to openssl.     I wonder what eay.c is?
      A couple more ssleay.cnf to openssl.cnf changes
      Binary is now apps/openssl not apps/ssleay so use the new name when     rehashing the test certs
      Various ssleay to openssl fixups
      Reflect change from "ssleay" to "openssl" as the main binary name.     Also document "sh config" as an easier alternative to "./Configure     system".
      Update scripts to use "openssl" instead of "ssleay"
      The dir is named util/ and better to explicitly call the     perl interpreter because not everyone has it in /usr/local/bin/perl.

Paul Suhler (1):
      RT2841: Extra return in check_issued

Peter Mosmans (2):
      Fix for test_bn regular expression to work on Windows using MSYS. PR#3346
      Add names of GOST algorithms.

Phil Mesnier (1):
      RT3334: Fix crypto/LPdir_win.c

Piotr Sikora (4):
      Fix compilation with no-nextprotoneg.
      Retry callback only after ClientHello received.
      Fix building with no-srtp

Ralf S. Engelschall (189):
      This commit was generated by cvs2svn to track changes on a CVS vendor     branch.
      Import of old SSLeay release: SSLeay 0.8.1b
      This commit was generated by cvs2svn to track changes on a CVS vendor     branch.
      Import of old SSLeay release: SSLeay 0.8.1b
      This commit was generated by cvs2svn to track changes on a CVS vendor     branch.
      Import of old SSLeay release: SSLeay 0.9.0b
      This commit was generated by cvs2svn to track changes on a CVS vendor     branch.
      Import of old SSLeay release: SSLeay 0.9.0b
      Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
      This commit was generated by cvs2svn to track changes on a CVS vendor     branch.
      Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
      This commit was generated by cvs2svn to track changes on a CVS vendor     branch.
      Various cleanups and fixed by Marc and Ralf to start the OpenTLS project
      *** empty log message ***
      Incorporation of RSEs assembled patches
      OpenTLS ready
      *** empty log message ***
      Fix unused variable warning of GCC
      Switch to OpenSSL name
      *** empty log message ***
      Switch version string to SSLeay/OpenSSL
      Add include dir
      *** empty log message ***
      *** empty log message ***
      *** empty log message ***
      Test for new CVS repository
      Test remote CVS commit...
      Import the first cut for manual pages.
      Fix an error message
      Replace AUTHOR with a better HISTORY as in FreeBSD's manpages
      Create a STATUS file to coordinate us. Feel free to edit
      Cleanup of doc/ directory: The old/obsolete SSLeay files are now assembled     together in a ssleay.txt file.
      Ops, forgot to commit the changes entry in recent commit...
      MIME encoding and ISO chars at the same time messes up the stuff
      Fix version stuff:
      Puhhh... now we've documented the prototypes of all 214 API "functions".  This     is a pain to do, because of the various macro definitions which I had to     expand manually to get their prototype :-(
      More structuring and sorting of the SSL API documentation.     And the first steps to descriptions in prosa.
      Some issues for voting
      A hint about the license
      Remove more old temporary files from CVS
      cleanup of apps/ and an answer
      Make GCC happy by removing an unused variable defintion.
      First cut of a cleanup for apps/. First the `ssleay' program is now named     `openssl' and second, the shortcut symlinks for the `openssl <command>' are no     longer created. This way we have a single and consistent command line     interface `openssl <command>', similar to `cvs <command>'.
      A few train of thoughts about the build procedure mess
      More .cvsignore stuff to make CVS quiet on our generated files.
      The dir is named util/ and better to explicitly call the     perl interpreter because not everyone has it in /usr/local/bin/perl.
      Make sure the already existing X509_STORE->depth variable is initialized     in X509_STORE_new(), but document the fact that this variable is still     unused in the certificate verification process.
      Start keeping track of wishes people make on our mailing lists to make sure we     don't forget them and this way we have them bundled together.
      Fix names in usage page of s_time, s_server and s_client
      One more incorrect name in usage page
      Fill in more contents for the openssl(1) manpage.
      Fixed ms/32all.bat script: `no_asm' -> `no-asm'
      Add CygWin32 platform information to Configure script.
      Change address now that we've the mailing lists established
      Ignore crypto/x509v3/lib
      Make sure `make rehash' target really finds the `openssl' program.
      Update README file a little bit...
      Reflect correct filename
      Ops, one more reference to 0.9.1c. Make sure we don't forget it...
      First cut for a very conservative source tree cleanup:
      Remember the cleanup
      Ignore mx86unix.cpp which is generated on Intel platforms
      Overhauled the Perl interface (perl/*):
      What is on my ToDo list...
      Remove three more bogus files (2x temp file, 1x trash)
      Remove one more totally bogus source file.     This one is exactly the same as ssl_sess.c.     Thanks to Adam Goodman <adam at a-domain.com> for hint.
      Make sure latest Perl versions don't interpret some generated C array as Perl     array code in the crypto/err/err_genc.pl script.
      Ok, propose a release date of March 15th with a code freeze a few days before     so we have enough time for final testing and tarball rolling.
      Remember some open issues and available patches
      Make gcc -Wall happy ("might be used uninitialized...")
      Fix usage message on gendsa:     1. The dsaparam argument is mandatory and not optional     2. Add a little text what this actually is: a filename
      Get rid of a nasty debugging message which was forgotten here...
      Make `openssl x509 -noout -modulus' functional also for DSA certificates (in     addition to RSA certificates) to match the behaviour of `openssl dsa -noout     -modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA     the -modulus is the real "modulus" while for DSA currently the public key is     printed (a decision which was already done by `openssl dsa -modulus' in the     past) which serves a similar purpose.  Additionally the NO_RSA no longer     completely removes the whole -modulus option; it now only avoids using the RSA     stuff. Same applies to NO_DSA now, too.
      Remember good pointers to Montgomery multiplication algorithm     descriptions as pointed out by Dave Carman <carman at erols.com>
      Don't hard-code path to Perl interpreter on shebang line of Configure     script. Instead use the usual Shell->Perl transition trick.
      More CVS ignore stuff...
      Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()     from `int' to `unsigned int' because it's a length and initialized by     EVP_DigestFinal() which expects an `unsigned int *'.
      Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
      Fix the cipher decision scheme for export ciphers: the export bits are *not*     within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the     original variable has to be used instead of the already masked variable.
      Move s_server -dcert and -dkey options out of the undocumented feature area     because they are useful for the DSA situation and should be recognized by the     users. Thanks to Steve for the original hint.
      Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH     private keys and/or callback functions which directly correspond to their     SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed     for applications which have to configure certificates on a per-connection     basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.     s_server).
      Remember one more wish from the users
      Use consistent and existing addresses
      Ops, the logic of the second argument has to be coupled with the != test to     work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes     again fine.
      Get rid of remaining C++-style comments which strict C compilers hate.     (Pointed out by Carlos Amengual).
      Don't install bss_file.c under PREFIX/include/.  It was introduced by Eric     between SSLeay 0.8 and 0.9 and just looks useless and confusing.
      Remove confusing variables in function signatures in files     ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable     confused some compilers.
      Added the new `Includes OpenSSL Cryptography Software' button as     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay     button and can be used by applications based on OpenSSL to show the     relationship to the OpenSSL project.
      Fix GCC warning...     t_req.c: In function `X509_REQ_print':     t_req.c:181: warning: suggest explicit braces to avoid ambiguous `else'
      General source tree makefile cleanups: Made `making xxx in yyy...' display     consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally     cleaned up the `make links' target: Remove unnecessary semicolons, subsequent     redundant removes, inline point.sh into mklink.sh to speed processing and no     longer clutter the display with confusing stuff. Instead only the actually     done links are displayed.
      Ralf is now using FreeBSD 3.1 which runs ELF instead of a.out...
      Cleaned up the LICENSE document: The official contact for any license     questions now is the OpenSSL core team under openssl-core at openssl.org.  And     add a paragraph about the dual-license situation to make sure people recognize     that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply to the OpenSSL     toolkit.
      Bring the README file in sync and shape a little bit more...
      Add a first cut for a NEWS document similar to what other packages (mostly GNU     packages) provide.  The idea is that because of the large number of CHANGES     entries, this file summarizes the major changes for a brief overview.
      just a little typo
      Reshape the README file out of the existing README stuff     into a single file. Need more cleanup for final release IMHO.
      Move the SSL_CTX_xxx defines at the top of ssl.h to the location of other     SSL_CTX_xxx defines. What was the reason to move them to the top, even before     the copyright and #ifdef HEADER_SSL_H? Hmmm...  when there was and still is a     good reason feel free to reverse this patch, but please document why it is     needed this way.
      Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified on the `perl     Configure ...' command line. This way one can compile OpenSSL libraries with     Position Independent Code (PIC) which is needed for linking it into DSOs.
      Typo :-)
      Add a useful kludge to allow package maintainers to specify compiler and other     platforms details on the command line without having to patch the Configure     script everytime: One now can use ``perl Configure <id>:<details>'', i.e.     platform ids are allowed to have details appended to them (seperated by     colons). This is treated as there would be a static pre-configured entry in     Configure's %table under key <id> with value <details> and ``perl Configure     <id>'' is called.  So, when you want to perform a quick test-compile under     FreeBSD 3.1 with pgcc and without assembler stuff you can use ``perl Configure     "FreeBSD-elf:pgcc:-O6:::"'' now, which overrides the FreeBSD-elf entry     on-the-fly.
      Notice freeze state and update my entry
      Two more .cvsignore files for the assembler stuff
      Second round of fixing the OpenSSL perl/ stuff. It now at least compiled fine     under Unix and passes some trivial tests I've now added. But the whole stuff     is horribly incomplete, so a README.1ST with a disclaimer was added to make     sure no one expects that this stuff really works in the OpenSSL 0.9.2 release.     Additionally I've started to clean the XS sources up and fixed a few little     bugs and inconsistencies in OpenSSL.{pm,xs} and openssl_bio.xs.
      Fix Win32 symbol export lists for BIO functions: Added BIO_get_ex_new_index,     BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data to ms/libeay{16,32}.def.     I'm not a Win32 hacker, but I think I've done it correctly.
      Let us start with some platform test list...
      Start with some more tarball rolling preparation to make sure it's not     overlooed next Monday:     - rmlinks is no longer existing     - use openssl as the name and not rse     - don't roll the STATUS file into the tarball
      Make `openssl version' output lines consistent.
      Solaris 2.6 makes still problems.     Details were posted.
      Make it more clear what option -WWW to s_server does.
      Update to current state...
      Two more things we should look at before release
      Update platform test list
      Let util/clean-depend.pl work also with older Perl 5.00x versions.
      Be less restrictive and allow also `perl util/perlpath.pl /path/to/bin/perl'     in addition to `perl util/perlpath.pl /path/to/bin', because this way one can     also use an interpreter named `perl5' (which is usually the name of Perl 5.xxx     on platforms where an Perl 4.x is still installed as `perl').
      Just cosmetics: replace a tab with a normal space because     the tab always looked too estoeric to my eyes while building... ;)
      Some more source tree cleanups (removed obsolete files crypto/bf/asm/bf586.pl,     test/test.txt and crypto/sha/asm/f.s; changed permission on "config" script to     be executable) and a fix for the INSTALL document.
      Remove confusing hint to non-existing file.  Instead make it clear that one     shouldn't change it manually just here. The util/ssldir.pl script does more     and has to be used for this.  Pointed out by Jacques Supcik     <supcik at inf.ethz.ch>.
      Add missing pipe char to "make dist" target.     Found by Richard Levitte <levitte at stacken.kth.se>
      Print a little bit more information
      Remove obsolete references to SSLeay and change default PLATFORM from     "FreeBSD" to the generic "dist" as it's done implicitly by "make dist".
      Be consistent: 0.9.2b
      More 0.9.2 -> 0.9.2b
      up_ver.pl is now obsolete
      Remove up_ver.pl call
      Bring style of INSTALL* documents in sync with README file     and fix some inconsistencies.
      Add latest changes to NEWS file
      Final polishing for README file
      One more 0.9.2b
      function names recently changed - consistency.
      Add two recently added functions
      Merge ext-conf.txt and buffer.txt into a global openssl.txt because we     shouldn't again start with thousend little text files or we quickly come back     to the old SSLeay days ;-)
      update list
      Ops, interrupted commit. Fixed
      Update after release...
      Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h     so they no longer are missing under -DNOPROTO.
      Make sure the RSA OAEP test is skipped under -DRSAref because     OAEP isn't supported when OpenSSL is built with RSAref.
      Add .cvsignore in new pkcs12 directory
      Fix a typo in the X.509v3 docs: cRLSign instead of cRLCertSign is correct     according to the sources.... found by Steffen Dettmer <steffen at tfh-berlin.de>.
      Fix a few typos and tabs while I'm poking around in ca.c...
      Make sure a corresponding plain text error message exists for the     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a     verify callback function determined that a certificate was revoked.
      Fix `openssl crl -noout -text' combination where `-noout' killed the `-text'     option at all and this way the `-noout -text' combination was inconsistent in     `openssl crl' with the friends in `openssl x509|rsa|dsa'.
      Add `openssl ca -revoke <certfile>' facility which revokes a certificate     specified in <certfile> by updating the entry in the index.txt file.     This way one no longer has to edit the index.txt file manually for     revoking a certificate. The -revoke option does the gory details now.
      SSL_ALLOW_ENULL was renamed to SSL_FORBID_ENULL some time ago by Ben.
      Start with some plans...
      Start assembling some NEWS entries....
      Better to not have blanks in .cvsignore files
      consistency cosmetics
      Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).
      Add missing sk_<type>_unshift() function to safestack.h
      Bundle stack'ification entries on Bens request
      Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow     -Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations     -Wnested-externs -Winline'' with EGCS 1.1.2+
      Ok, give us more time....
      Don't forget that it's freeze time now...
      Protect applications from failing to compile when they     try to directly include opensslv.h.
      Puhhh... today is a very hot day.
      Fix determination of Perl interpreter: A perl or perl5     _directory_ in $PATH was also accepted as the interpreter.
      First cut for a proposed code freeze and release dates (from Steve and me).     All OpenSSL developers: Please feel free to adjust the dates if they still do     not fit into your personal scheduling.
      typo while I poke around...
      consistent style
      A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.     Hint from: Andrija Antonijevic <TheAntony2 at bigfoot.com>
      I don't think this is a real showstopper.  Our internal verify procedure lacks     even more and I consider this more a useful feature request than a release     showstopper.
      Let us prepare for tomorrow...
      Remove the perl stuff also optically from the build procedure,     because it could confuse people (which then send us bug reports)...
      Fix two remaining prototype-related warnings
      Backout the following change:
      Install libRSAglue.a when OpenSSL is build with RSAref.     This should now finally make the RSAref users happy...
      Ok, final fix for `config' script to detect all flavors of FreeBSD     in a more general way.
      Ok, I'll do a few more final platform tests and then I'll roll the 0.9.4     tarball baby for us. PLEASE DO NOT COMMIT ANYTHING UNTIL YOU SEE MY FINAL     COMMITS TO `STATUS' INDICATING THAT WE'VE REACHED 0.9.5-dev.
      Bump version to 0.9.4
      Bump after tarball rolling.     Friends, feel free to start again hacking for 0.9.5... ;)
      Add prototypes for new DSA functions Steve added recently.
      Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align     -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
      Add an evil cast, because POSIX/SUSv2 define connect(2) require     the second argument to be of type ``struct sockaddr *''.
      Make gcc 2.95.2 happy here, too.
      Add missing prototypes for new functions
      Added configuration support for Linux/IA64
      Fix Blowfish URL.
      test blank-line commit after migration -- just ignore
      test commit (removing trailing blanks) after migration
      test commit (just removing tailing blanks) #2 after migration
      Fix prime generation loop in crypto/bn/bn_prime.pl by making     sure the loop does correctly stop and breaking ("division by zero")     modulus operations are not performed. The (pre-generated) prime     table crypto/bn/bn_prime.h was already correct, but it could not be     re-generated on some platforms because of the "division by zero"     situation in the script.
      small cosmetics: align title with the other similar manual page
      ignore a few additionally generated files
      remove a doubled entry for '-binary' in the usage message

Raphael Spreitzer (1):
      RT2400: ASN1_STRING_to_UTF8 missing initializer

Rich Salz (91):
      RT 487.  Mention that generated primes are "at least" B<bits> long.
      Fix typo in message (RT 3107)
      Merge branch 'master' of git.openssl.org:openssl
      Fix RT 3193
      Fix RT 2430; typo's in ca.pod
      Fix RT 2567; typo in pkeyutl page.
      Fix RT 3211; "and are" -->"are"
      RT 3245; it's "bitwise or" not "logical or"
      RT 1229; typo in comment "dont't"->"don't"
      RT 1530; fix incorrect comment
      RT 1528; misleading debug print, "pre-master" should be "master key"
      Close a whole bunch of documentation-related tickets:         298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623         2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
      Merge branch 'rsalz-docfixes'
      RT3408; fix some (not all suggested) typo's in openssl.cnf
      RT 1638; EVP_*Final() should mention they no longer cleanup the ctx.
      Close 3170, remove reference to Ariel Glenn's old 0.9.8 doc
      Add tags/TAGS; approved by tjh
      Merge branch 'master' of git.openssl.org:openssl
      Remove DJGPP (and therefore WATT32) #ifdef's.
      Undo a90081576c94f9f54de1755188a00ccc1760549a
      Add README.md
      Undo 77bf69dced875200f6f0e385a4a270298f8d3c45
      Merge branch 'master' of git.openssl.org:openssl
      Revert "RT 2820: Case-insensitive filenames on Darwin"
      Merge branch 'master' of git.openssl.org:openssl
      Merge branch 'master' of git.openssl.org:openssl
      RT2751: Declare get_issuer_sk() earlier.
      Merge branch 'master' of git.openssl.org:openssl
      Merge branch 'master' of git.openssl.org:openssl
      Add tags/TAGS target; rm tags/TAGS in clean
      RT2308: Add extern "C" { ... } wrapper
      Merge branch 'master' of git.openssl.org:openssl
      RT3102: Document -verify_error_return flag
      RT1665,2300: Crypto doc cleanups
      RT3246: req command prints version number wrong
      RT2379: Bug in BIO_set_accept_port.pod
      RT2379: Additional typo fix
      RT2119,3407: Updated to dgst.pod
      RT2820: case-insensitive filenames on Darwin
      Remove some outdated README files, to avoid confusing people.
      Add explanatory note to crypto/store/README
      RT1832: Fix PKCS7_verify return value
      RT1834: Fix PKCS7_verify return value
      Merge branch 'master' of git.openssl.org:openssl
      RT2849: Redundant check of "dsa" variable.
      RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM
      RT992: RSA_check_key should have a callback arg
      RT468: SSL_CTX_sess_set_cache_size wrong
      RT2600: Change Win line-endings to Unix.
      RT3271: Don't use "if !" in shell lines
      RT3271: Don't use "if !" in shell lines
      Merge branch 'master' of git.openssl.org:openssl
      RT2196: Clear up some README wording
      RT2560: missing NULL check in ocsp_req_find_signer
      RT3271 update; extra; semi-colon; confuses; some;
      RT2772 update: c_rehash was broken
      RT3291: Add -crl and -revoke options to CA.pl
      RT3544: Remove MWERKS support
      RT3544: Must update TABLE after Configure change
      Remove #ifdef's for IRIX_CC_BUG
      RT2309: Fix podpage MMNNFFPPS->MNNFFPPS
      RT2910: Remove des.c and its Makefile target
      RT3549: Remove obsolete files in crypto
      RT3462: Document actions when data==NULL
      RT3488: Update doc for OPENSSL_config
      Remove all .cvsignore files
      New location on website for binaries.
      Remove old private pod2man
      RT3543: Remove #ifdef LINT
      RT3497: Clean up "dclean" targets
      Minor doc fixes.
      RT1688: Add dependencies for parallel make
      RT3497: Fix; don't remove header files
      RT3497: The ticket that keeps on giving.
      RT3544: Restore MWERKS for NetWare
      RT3548: Remove some obsolete platforms
      Fix yet anoither 'make clean' breakage.
      RT3548: Remove some obsolete platforms
      RT3548: Remove outdated platforms
      RT3548: Remvoe unsupported platforms
      RT3548: Remove unsupported platforms.
      RT3548: unsupported platforms
      RT3548: Remove unsupported platforms
      RT2914: NULL check missing in X509_name_canon
      RT3546: Remove #define IRIX_CC_BUG
      Some cleanup of L<> markup in pod files
      RT478: Add uninstall make target
      RT3548: Remove some unsupported platforms.
      Allow multiple IDN xn-- indicators
      RT3548: Remove unsupported platforms
      Cleanup OPENSSL_NO_xxx, part 1

Richard Levitte (2344):
      Make sure installed files are world readable
      adjust to changes in test/testssl
      adjust to changes in test/Makefile.ssl
      DIFFERENCE doesn't handle long (>255 chars) lines well.  Use BACKUP instead.  No, I'm not joking.
      Adjust to changes in apps/Makefile.ssl
      Adjust to changes in apps/openssl.cnf
      Some new names in asn1.h are longer than 31 chars, which disturbs the VMS C compilers...
      Avoid silly compiler warnings about functions not being declared and an int missing.
      It's possible that considering the configuration file as a binary file     works on Unix and MS-DOS/Windows.  It does not under VMS, so open it     as text.
      Some crypto applications are now being built on Unix, so they should on VMS as well.  Not by default, however.
      Two changes have been made:
      Avoid some silly compiler warnings, and add the change log I forgot :-)
      The info removal code was overcomplicated, and error-prone (references being wrongly decreased).  Fixed.
      Add compilation of x509_trs
      Synchronise VMS scripts with Unix Makefiles
      Use MemCheck_start() instead of CRYPTO_mem_ctrl(), and generate a small leak to test (conditional)
      Rebuild of the OpenSSL memory allocation and deallocation routines.     With this change, the following is provided and present at all times     (meaning CRYPTO_MDEBUG is no longer required to get this functionality):
      Clear out license confusion.
      - Made sure some changed behavior is documented in CHANGES.      - Moved the handling of compile-time defaults from crypto.h to        mem_dbg.c, since it doesn't make sense for the library users to try        to affect this without recompiling libcrypto.      - Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear        and constant definitions.      - Aesthetic correction.
      - Added more documentation in CHANGES.      - Made CRYPTO_MDEBUG even less used in crypto.h, giving        MemCheck_start() and MemCheck_stop() only one possible definition.      - Made the values of the debug function pointers in mem.c dependent        on the existence of the CRYPTO_MDEBUG macro, and made the rest of        the code understand the NULL case.
      Make sure that generated files are labeled as such (except in dofile(), for now)
      Add more info to the memory allocation change log.     Suggested by Bodo.
      Added a comment about Win32.
      Tell the truth about list separators.
      Synchronise with the makefiles.
      Cut'n'paste error
      Another name longer than 31 chars
      Beautification and a few entries added.
      It doesn't make sense to try see if these variables are negative, since they're unsigned.
      Give the user the possibility to ask for compilation of only the files     that are directly in crypto/, and prepare for a possible disabling of     certain messages that DEC C spews out.
      Prepare for a possible disabling of certain messages that DEC C spews out.
      Build the crypto test applications as well.
      SOCKETSHR is showing bad declarations again.  However, a simple cast     which does no harm fixes that problem.
      Build the test apps after all of the library has been built.
      A test script to check on the header files
      Avoid converting void * to a function pointer when NULL is defined as     ((void *)0), by have a 0 instead.
      Compaq C 6.2 for VMS will complain when we want to convert     non-function pointers to function pointers and vice versa.     The current solution is to have unions that describe the     conversion we want to do, and gives us the ability to extract     the type of data we want.
      Correct indentation
      Let's make all the example formated the same, shall we?
      Add the PID to the output on Win32.
      Man page section forgotten...
      Update all links so they will be rendered better.
      Made link of reference
      Update all links so they will be rendered better.
      Since pod2man is still evolving, and some sites (among others dev.openssl.org)     don't have a version that will handle the L<foo(1)|foo(1)> construct yet, here     is a copy from my laptop (slightly modifed to work independently of the place     where perl itself resides).
      Use the pod2man that comes with OpenSSL.  Make it so config(5) really     ends up in section 5.
      Added a configuration for myself...
      It works much better when you don't press shift at the wrong moment...
      Declare BN_pseudo_rand().
      Put config in section 5, where it belongs.
      Synchronise with Unix code
      Finally found a form that I like...
      Reimplement so only one synchronous stack is used.  The benefit is     that function pointers are nicely tucker in their structure.
      Correct one link.
      Typo corrected...
      A proposed freeze and release time has come up.
      First try at documenting the DES (and other algorithms) modes
      des_modes is a section 7 manual, so let's make sure that's where it ends up
      Move down the attributions
      Add references to the new passwd utility.
      Add compilation of the new passwd utility.
      A hack to make sure access() will give us the correct answer about the     accessability of an "empty" directory.  Thsi *is* weird, and a better     solution will be provided in apps/ca.c, when I get time to hack at it.
      Add a couple of forgotten $(PERL), and make the code to run pod2html a     tad more readable.
      Time ran away...
      Remove the access() call altogether for VMS, since it doesn't quite     work for directory specifications (this will be reported as a bug to     DEC^H^H^HCompaq).  It could as well be removed for all others as well,     since stat() and open() will return appropriate errors as well, but I     leave that to someone else to decide.
      Cosmetic change.  No, openssl.h.in is not autogenerated :-)
      Make Configure add the configuration options that it was copmiled     with.
      Move the registration of callback functions to special functions     designed for that.  This removes the potential error to mix data and     function pointers.
      Blowfish docs.
      Sync with Unix
      Avoid saving any macros starting with a _, since that can create     trouble if header files are included in some "impropper" order.     It's much better if the application programmer has to specify on his     or her own if _REENTRANT shall be defined and when.
      make update
      Correct a couple of command errors.
      Make it possible to have differing tar versions.
      Remove structures that are no longer used.
      Status update
      Changes to synchronise with Unix.     (actually, much more is needed, like a real config script)
      Enhance consistency by using BIO_flush() instead of fflush().
      Another test passed
      Some time in history, SSL_CTX_sessions() disappeared.  It is now     restored, but not as a macro this time...
      Update the two threads modules to conform to our recommendations (use     CRYPTO_num_locks() instead of CRYPTO_NUM_LOCKS!), and correct all the     inconsistencies with the rest of OpenSSL.
      New script to compile on systems that already have pthreads in the     system.
      Adjust all the old scripts to deal with the new location.
      Small error fix.
      Since a stack with quite long name is declared here, vms_idhacks.h is     also needed to get around C compilers on VMS that set the symbol limit     to 31 characters.  Bot the macros VMS and __VMS are checked, since     there's no real way to know if e_os.h has been included yet.
      Correct small typo
      For safety, check __VMS as well.
      Compile rand_egd.c on VMS as well.
      Let's avoid compiler warnings over types.
      ftruncate() and fileno() are not supported on all versions of OpenVMS     (they don't really exist before version 7), so that solution was toast.     Instead, let's do it the way it's done on Unix, but then remove older     versions of the file.
      Add support for Unixware 7.  Thanks to Ron Record <rr at sco.com> for the     patch.
      The OpenVMS library is most definitely not built for anything but     files, unless it's all in unixly syntax.  We can't guarantee that     right now, so let's skip the whole test suit.  There are other places     (like the open()) where errors are detected anyway.
      Don't include sys/types.h if NO_SYS_TYPES_H is defined.
      Typo corrected.
      Just as in Unix, make sure to generate some kind of "random data".
      Move to using the same perl code as Makefile.ssl
      Make sure that all test files are gone before starting the tests, or     backup will complain about some version not existing.  Perhaps.
      make update
      Make sure there's some entropy, and log a few more errors.
      A small script to compile mttest.c on VMS as well.
      Add and change docs for the changes that have been made.
      New "target": CONFIG.  This will build the opensslconf.h file from     what is known about VAX and Alpha running VMS, and from the     opensslconf.h.in (in VMS often named OPENSSLCONF.H_IN) file.
      New logical names to skip algorithms are now supported.     Also, on Alpha, vms.mar is no longer used (it produced a lot of     confusing messages) for BN.  Instead, the assembler part of bn_lcl.h     is used.
      New logical names to skip algorithms are now supported.
      Stop logging all the files that are copied all over the place...
      Change version string to reflect the release of beta 2.
      For lack of a better name, this is now called 0.9.5beta3-dev until the     release.
      OpenVMS often has problems with files with more than on period in it.     Here's instructions on what to do if you get into trouble because of     that.
      A new beta has been released, and one test is documented.
      One test passed for VMS.
      OpenSSL doesn't compile well on OpenVMS/VAX, it seems.
      AIX and HP-UX are passing the tests.
      Update config for the unixware targets by looking at what was done in     Apache's GuessOS (from Apache 1.3.1).
      Make sure to catch UnixWare 7, even if the version is 7.1.1 or     something like that.
      No, the VAX is not a 64 bit architecture.
      Works with gcc 2.8.0 as well.
      Update the OpenVMS/VAX status
      More platforms passed the test.
      Include rand.h so RAND_pseudo_bytes may be declared.     Remove one ampersand so the compiler may complain less.     Make rand() static so it will not conflict with the C RTL.     Make bug() static too, for good measure.
      Short is always promoted to int when passed as a function argument.     This is especially true when it's part of a '...'.
      Typo corrected.
      A few more tests were reported.
      Time for a release
      Tagging has been done, time to switch to 0.9.6-dev.
      Forgot to check correctly for the new options
      I'm experimenting with a hack in dopr() and friends b_printf.c to make     it work like asprintf().
      It started with finding a misplaced #endif.  Then I wanted to see the     structure better.  I hope noone minds, and that it still works.  Steve?
      Make bss_log.c a bit more readable, and implement it for VMS as well.
      Hack b_print.c to implement asprintf() functionality.  Not enabled by     default yet, I wanna play with it a bit more.
      Let's care about the compiler warnings for both cases, shall we?
      Beautifying.  Sorry, but code that's slammed to the far left is not     very readable in my opinion.
      Let's not lie to the people.
      Check that a password was actually passed, or the user will just get     mysterious crashes.
      Protect variables from potential misinterpretations, for example a     colon which may bite the lesser knowleged...
      Add the possibility (with -ign_eof) to ignore end of file on input but     still not be quiet.  Also make it clear that -quiet implicitely means     -ign_eof as well.
      Correct a potential bug.
      Synchronise with Unix.
      Synchronise with Unixly tests
      Make sure strcmp() gets declared.
      Typo corrected
      bss_log has dollars, so compile it with that warning flag disabled.
      Typo corrected
      Bugs corrected, and a couple of include files to get declarations for     lib$-functions and sys$-functions.
      Target added.
      Make it possible top build just a part of the crypto library.
      Typos corrected.
      Typo corrected.
      The previous exit code handling was completely bogus for VMS.
      Bugs corrected
      Make sure to complete the cleanup of names.
      e_os.h: don't do double work with status codes.     openssl.c: make damn sure e_os.h knows about OPENSSL_C
      Small bugs in the test scripts removed.
      Keep in sync with Unix code, and prepare for a misfeature fix.
      Change the notation and coding of the version to be able to contain     both a patch level and a beta status.  IMHO, it also makes more sense     to have beta status be part of the development status than to have it     be an alternate name for patch levels under special conditions.
      Make sure an error condition is returned if, for some reason, the file     couldn't be opened.
      Change the version text, it's time to release the first beta of 0.9.5a.
      make update
      Beta 1 of 0.9.5a building.
      Tagging done, we move to the next possible.
      New status
      There are a few new features in 0.9.5a...  And I've probably     forgotten a few.
      I just got a not very pleasant report.
      Ref: Message-ID: <20000320070111.A90876 at wiz.Sendmail.COM>
      Jaenick Lutz reports that hpux-parisc-cc with +02 passed.
      Ulf Möller reports OpenBSD-x86 and solaris-sparcv9-cc passed.
      A quick hack to have ssize_t work with gcc under SunOS 4 (tested on     SunOS 4.1.4).
      Corrected.  It said before that ivec had to be initialised to zero,     which isn't true.  What is true, however, is that SSH assumes it is.
      Clean up context, even if an error occured.
      New FAQ for the OpenSSH configuration problem.
      Time for version 0.9.5a beta2
      I almost forgot...
      Tagging has been done, update to next probable version...
      Update status
      Surround the diff with the new snippage delimiters
      VMS on Alpha passed
      Another VMS/Alpha with a much more evil compiler passed as well...
      Geoff Thorpe reports a whole bunch of tests passing.
      A couple of corrections concerning HPUX 10 and shared libraries.     Contributed by Lutz Jaenicke.
      More info in the Win32 test
      One VAX environment passed
      VI gave me 4-space tabs...  Corrected
      Another VAX environment passed
      Info on proposed release date
      Vi, again
      Beautifying code.
      Removed, especially since it conflicts with des.pod on     case-insensitive file systems.
      Don't force the use of GNU make with Borland C++ Builder.  Contributed by Joon Radley <jradley at vps.co.za>
      Add a default banner.  Contributed by Joon Radley <jradley at vps.co.za>
      Since ssleay_rand_initialize() unlocks then locks CRYPTO_LOCK_RAND,     it's a good thing if ssleay_rand_status() would do the corresponding     lock and unlock as everyone else...
      _lrotl and _lrotr are defined in MSVC but nowhere else that we know     off.
      Building version 0.9.5a
      Version and name changes, and a last minute changelog
      Tagging has now been done, update to the next possible version (I keep     a low profile, so we don't get discontinuity in the numbering...)
      Tagging has now been done, update to the next version (it's not quite     as important to keep a low profile here :-))
      Release done, change status.
      I've always wanted to make the CONF library more adaptable.  Here's     the result.
      "make update"
      I forgot to update the change log
      OpenVMS, not OpenVSM...
      Clarifications and removal of double declaration...
      Use CONFerr, not RSAerr, in the conf library...
      In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>,     "Jan Mikkelsen" <janm at transactionsite.com> correctly states that the     OpenSSL header files have #include's and extern "C"'s in an incorrect     order.  Thusly fixed.
      In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>,     "Jan Mikkelsen" <janm at transactionsite.com> correctly states that the     OpenSSL header files have #include's and extern "C"'s in an incorrect     order.  Thusly fixed.
      In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>,     "Jan Mikkelsen" <janm at transactionsite.com> correctly states that the     OpenSSL header files have #include's and extern "C"'s in an incorrect     order.  Thusly fixed.
      Being sick and tired of the hogging Efence does on my laptop, I     decided to provide an alternative...
      Add a new file where all the standards and other documents that we try     to adhere to are listed.  It should be regarded as a complement to     whatever is out on the web, including the docs in http://www.openssl.org/
      Add a note about the new document.
      Add a couple of macros that make OpenSSL compilable on SunOS 4.1.4.     Contributed by SAKAI Kiyotaka <ksakai at kso.netwk.ntt-at.co.jp>
      Remove extra comma (creates a unnessecary null element, right?).
      'make update'
      Add the target system linux-m68k
      Configuration for linux on ARM (contributed by Jeremy Norris     <jeremy.norris at rebel.com>)
      You must have an empty line between =item's
      config can now detect ARM Linux automagically.     Contributed by Jeremy Norris <jeremy.norris at rebel.com>
      This seems to become a FAQ...
      Result of "make update"
      Small fix to enable reading from stdin as well.     Contributed by Yoichiro Okabe <okabe at wizsoft.co.jp>
      Small documentation bug, probably a cut'n'paste, corrected.
      There have been a number of complaints from a number of sources that names     like Malloc, Realloc and especially Free conflict with already existing names     on some operating systems or other packages.  That is reason enough to change     the names of the OpenSSL memory allocation macros to something that has a     better chance of being unique, like prepending them with OPENSSL_.
      According to Gordon Atwood <gordon at cs.ualberta.ca>, stdlib.h is     needed, or size_t won't be defined on SunOS 4.1.4.
      According to Gordon Atwood <gordon at cs.ualberta.ca>, GNU C on SunOS     4.1.4 uses libiberty to define strtoul and strerror.
      Using checks of the existence of HEADER_{foo}_H in other header files     was a really bad idea.  For example, the following:
      Add info on what some other people are currently working on.
      Make sure that bs is not getting free'd again.     Reported by Robert Eiglmaier <robert.eiglmaier at ixos.de>
      This seems to work better with enums...
      Change to have a single library that works on both Win9x and WinNT.     As far as I understand, it still needs to be compiled on NT...     Contributed by Arne Ansper <arne at ats.cyber.ee>
      First of all, with the current macros, we should never get any     type-specific stack function.  Second, even when we don't build any of     those functions, DECLARE_STACK_OF lines should not find themselves     into $def.
      Add support for dynamically created and destroyed mutexes.  This will     be needed in some ENGINE code, and might serve elsewhere as well.     Note that it's implemented in such a way that the locking itself is     done through the same CRYPTO_lock function as the static locks.
      Modifications for VMS.
      With the new stack hack macros, there's no need to shorten the names     any more.
      Redo the support for dynamic locks.  First of all, it was terribly     insecure, so a static lock is added to isolate the sensitive parts.     Also, to avoid one thread freeing a lock that is used by another, a     reference counter is added.
      The dynamic thread API changed, and so does the documentation.
      Add the missing callback pointer handling functions.     Also, make sure empty slots of the dynamic lock stack are used.     Actually, I'm not really sure this is the right thing to do, and may     remove it, with an endlessly growing stack as result...
      'make update'
      Small change to accept the command line parameter '-rand file'.  This     parameter takes precedence over the RANDFILE option in the     configuration file.
      Document the change in req.
      Forgot the self-documentation within req.
      Move the certificate and key loading functions to apps.c, so they can     be shared by several applications.
      On case-insensitive systems, the 'install' target gets matched against     the 'INSTALL' file, which means that 9 times of 10, the BlowFish     headers won't get installed.  Avoid this in the same way it's done in     crypto/des/Makefile.ssl, where someone apparently has thought of this...
      Change req so the new parameter '-rand file' uses the given file in     addition to the file given through the RANDFILE option or environment     variable.
      Document the change in req.
      Move add_oid_section to apps.c, so it can be shared by several     applications.  Also, have it and the certificate and key loading     functions take a BIO argument for error output.
      Added references to RFCs 1421 to 1424, that describe PEM.     Suggested by Randolph Bentson <bentson at grieg.holmsjoen.com>
      Make sure we use /usr/sbin/sysctl, especially since /usr/sbin is not     always in the users $PATH...
      That's it, I've seen questions about this one time too many for     today.  Time to add extra info so the poor users know where to     go with their troubles.
      Make it possible for people to tell where the EGD socket is through     the RANDEGD environment variable.
      Make it possible for users of the openssl applications to specify the     EGD should be used as seeding input, and where the named socket is.
      Document my latest changes.
      Undo the changes I just made.  I'm not sure what I was thinking of.     The message to everyone is "Do not hack OpenSSL when stressed"...
      Give the user the option to measure real time instead of user CPU time.
      Add a blurb on how to solve the problem with failing compiltaion of sha_dgst.c on Alpha True64 Unix
      I got sick and tired of having to keep track of NIDs when such a thing     could be done automagically, much like the numbering in libeay.num and     ssleay.num.  The solution works as follows:
      Document the change.
      Change the FAQ entry a bit, giving the details as I observed them.
      More experiments show that you can set your data segment size soft     limit higher and thereby get through compilation of sha_dgst.c.
      Corrected small bug that could add ',L' when it shouldn't
      FAQ about ar "missing" on Solaris.
      We do PKCS8 as well
      Redo and enhance the support for building shared libraries.  Currently     there's support for building under Linux and True64 (using examples     from the programming manuals), including versioning that is currently     the same as OpenSSL versions but should really be a different series.
      Show the running line count and definition cont in debug mode.  That     has helped me a bit when I ran into trouble.
      Add a note on installation under Win32.
      "make update"
      This isn't entirely necessary if you do everything right from the     start, but can save you some trouble.  Just ignore "shared" if it     comes up among the given options, at least for now...
      Avoid loops, and make sure that it's possible to still build shared     libraries even if the "shared" configuration option wasn't chosen.
      Add support for solaris shared libraries, currently just experimental     (there's no way to get it through configuration yet).
      Avoid a race condition if another thread happens to remove the error     state at the same time.
      Darrel Hankerson <dhankers at cacr.math.uwaterloo.ca> correctly discovered     that of the result pointer to bn_mul was the same as one of the two arguments,     That argument might have it's sign destroyed.  He provided this fix.
      There's a deadlock when ssleay_rand_bytes is called the first time, since     it wants to stir the pool using ssleay_rand_add.  This fix provides the     possibility to call ssleay_rand_add inside a locked state by simply telling     it not to do any locking through a static variable.  This isn't the most     elegant way one could do this, but it does retain thread safety during the     stirring process.
      When data are written out in very small blocks (less than 3 bytes in     size) through the base64 filter, b64_write() messes up it's parameters     in such a way that instead of writing correct base64 output, the first     4 characters of that output is repeated over and over.  This fix     corrects that problem.
      Add the possibility to get hexdumps of unprintable data when using     'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump     and BIO_dump_indent are added.
      Looks like Win32 builds do not define THREADS.  However, they're still     supporting threads, which means that th assertion is supperbly     dangerous, so make sure it's not compiled under Win32, period.
      In the case where a < 0 and |a| < w, the result (assigned to a) from     BN_add_word becomes wrongly negative...     This was discovered by Darrel Hankerson <dhankers at cacr.math.uwaterloo.ca>
      There's a slight possibility that a is 0 in BN_sub_word(), and might     therefore have unallocated parts.  Therefore, a check for the 0 case     is needed, resulting with the same thing as when a is negative.
      If a ip address is successfully parsed, the WSA structure under Win32 wasn't     properly initialised.  Fixed.     Bug reported by DeJuan Jackson <djackson at inverge.com>
      Remove casts that are no longer needed.
      Make it so we can dynamically enable memory allocation debugging through the     environment variable OPENSSL_DEBUG_MEMORY (existence is sufficient).  At the     same time, it makes sure that CRYPTO_malloc_debug_init() gets expanded some-     where and thereby tested for compilation.
      A few corrections with the shared library support:
      Add support for shared libraries on Solaris.
      I had completely forgotten that print_table_entry also needed to read the two     "shared" variables on it's own...
      "make update"
      It's probably a good idea to make the shared libraries depend in EX_LIBS.
      We've now covered the shared library support for Solaris, so the -shared hack     in config is no longer needed.
      Added and corrected documentation for the 'shared' option
      *mumble* unicos with Cray Standard C Version has a syslog.h     where the openlog() is declared like this:
      Unicos doesn't have sys/timeb.h.  Fix it by defining the TIMEB macro unless on Unicos.
      On Unicos, openlog() isn't constified, so let's not do that in xopenlog()
      On Unicos, shorts are 8 bytes, so instead, use a structure with 2 32-bit ints, just as in destest.c
      For n > 7, we might get uninitialized (unzeroed) data.     Spotted by "Kyoungho Jeon" <k.h.jeon at securesoft.co.kr>.
      Make sure that 'initialized' is zeroed as well when cleaning up.
      Duplicate names detected...
      Abdelilah Essiari <aes at george.lbl.gov> reports that for very small     records, EVP_EncodeUpdate() may misbehave.  This happens when there's     a record boundary between the two ending b64 equal signs, which makes     EVP_EncodeUpdate think there has been more than one EOF, and therefore     add an extra NUL at the end of the output buffer.  This fix corrects     that problem.
      The pkcs12 had no way of getting a CA file or path to be used when     building a complete chain.  Now added through the -CAfile and -CApath     arguments.
      Memory leaks fix.  There seems to be more in other parts of OpenSSL...
      Memory leaks fix.  It now looks like all memory leaks, at least around     building complete chains, are gone.
      MD4 implemented.  Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test
      I forgot this file that Assar provided as well...
      IBMcxx complains that maxmem is as low as 2048 for certain modules     (like all the digests).  Setting maxmem to 16K seems to give the     compiler enough space to do all the optimization it wants.
      Correct the title.  This also fooled the automatic documentation builder     that this was actually the pkcs7 document...
      Allow reconfiguration.  This can be useful if some source update     requires that you configure again, but you don't want to reenter all     those configuration arguments again.
      Document the reconfiguratoin option for Configure.
      New option 'ctestall' for mkdef.pl, that makes it not only generate     existing functions, but really all functions that exist in libeay.num     and ssleay.num.  This is a good check on how much we should actually     clean up the number files.
      make update
      Added md4 to the VMS compilation
      Add more diversity to the possible log levels.  Now we have full     coverage for all syslog level.
      Document the added diversity to the possible log levels.
      NULL is not an integer...
      Added BIO_vprintf() and BIO_vsnprintf().  The former because I've     found myself needing it a number of times, the latter for completeness.
      Assar wanted an address change.
      Added OIDs from RFC 2247, 1155, and a few from 1700
      Change the printing mahine used by BIO_printf() and friends so it can     handle an externally provided "static" buffer as well a a dynamic     buffer.  The "static" buffer is filled first, but if overflowed, the     dynamic buffer is used instead, being allocated somewhere i the heap.
      Another thing I'm working on.
      It's not just VMS that needs some symbols to be hacked.  Let's     centralise those hacks in crypto/symhacks.h and use it everywhere it's     needed.
      Major hack of mkdef.pl.  There should be no more need to redo the     process when some symbols are missing.  Instead, all needed info is     saved in the .num files, including what conditions are needed for a     specific symbol to exist.
      *.num rewitten to include the extra information.
      'make update'
      Two places where I forgot to change vms_idhacks to symhacks.
      Synchronise the VMS build with the Unix one.
      Clarify how one should behave when make fails.  The fault is not     necessarely ours.
      More VMS synchronisation
      Marin Kraemer <Martin.Kraemer at MchP.Siemens.De> sent us patches to make     the OpenSSL commands x50 and req work better on a EBCDIC system.
      A cast is needed or Borland C will complain.
      I started with a make update, but a rewrite was actually needed.     Perhaps we should make rewrites the default thing to do?
      Time to release a beta.  Change the version numbers and dates     accordingly.
      Time to release a beta.  Change the status accordingly.
      Last minute update, in time to make it to 0.9.6-beta1
      Reports for OpenBSD 2.7 and HP-UX 10.20
      Don't include e_os.h before the system headers
      OpenBSD doesn't support timeb.
      linux-elf passed
      mkdef.pl has erroneous conditions to check if a symbol is excluded     from the given target.  Fixed, I hope.
      mkdef.pl still needed better logic.  Also, the semantics of the     platforms list is clarified (it's however not quite followed in the     RSAREF case...).
      Failure on Solaris when using the CSwift card.
      debug-linux-elf and debug-linux-elf-efence need to be linked with     libdl just as linux-elf...
      A couple more HP-UX targets tested.
      DSA_verify() and DSA_sign() might return -1...
      SCO 5.0.5 with both gcc and cc passed
      Linux in Sparc v7 passed
      Better error checking for RSA and DSA signature and verification speed     tests.  This was required to not get mysterious errors when they     wouldn't quite want to work.
      FreeBSD and solaris with gcc passed
      Note the failure on Win32
      Holger Reif reports a few more Solaris successes.
      A few more systems reported successfull.
      3 changes:     - Make sure PCURSORINFO is defined even on systems that do not provide it.     - Change the reference to Peter Gutmann's paper.     - Make sure we don't walk the whole heap lists for performance reasons.       Jeffrey Altman suggests following Peter Gutmann's advice to keep it       to 50 heap entries per heap list.
      Make sure that Configure will defined DSO_WIN32 for the Win32 targets.  I feel a bit unsure if this should really be done for Mingw32 and CygWin32
      Update info on what has been fixed, and switch format for failure data
      Update info on what has been fixed
      One more passed test
      Jeffrey Altman convinced me this patch was really needed, or there is     no way to make sure GetCursorInfo will give us a valid answer.
      rsa_num2 is no longer used, so remove it.
      Remove indentation in the NAME section.  There's really no need to     indent there, especially since the pod2* scripts will regard that as     preformated text.  In one case, indent a code section one step.
      Add a configuration for Sony News 4.     Submitted by NAKAJI Hiroyuki <nakaji at tutrp.tut.ac.jp>
      Add a number of documentation files, mostly for SSL routines, but also     for a few BIO routines.     Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      Remove indentation in the NAME section.  There's really no need to     indent there, especially since the pod2* scripts will regard that as     preformated text.  In one case, indent a code section one step.
      Add Damien Miller's RPM specification file with a few modifications.
      Remove engine stuff that was erroneously put in the main trunk.
      Items without a =over and a =back are ignored.
      BIO_seed() and BIO_tell() were documented in two other documents,     which is redundant.  Instead, move them to their own page.
      BIO_seed() and BIO_tell() were documented in two other documents,     which is redundant.  They are now in their own document.
      Update the info on version numbering
      In the name section, all the functions described shoud be enumerated.     This will also make it much simpler to generate softlinks name like     each function to man-pages containing the info.
      Later, Jeffrey changed his mind.  Apparently, GetCursorInfo exists but     doesn't quite work on WinNT 4 earlier than SP6.  It works fine on     Windows 98 and Windows 2000.
      Add a flag for OpenVMS.
      'make update'
      Move up inclusion of conf.h, so non-MONOLITH programs can benefit from     it as well, especially in apps.c.
      A DSO method for VMS was missing, and I had the code lying around...
      Make sure dso_vms.c compiles on other operating systems as well.
      'make update'
      Compile all dso files on VMS as well.
      Add BIO_seek() and BIO_tell() to the BIO control functions manual.
      Move text that isn't really descriptions of the functions in the page     to the NOTES section, and add references to the functions mentioned     (and perhaps a few more).
      VMS didn't work out too well...
      Inform the VMS people that RSAref is no longer needed
      Make sure Compaq C doesn'r complain about dollars, and go around the     incompatibility between function and data pointers.
      A couple of more names need to be shortened for VMS on VAX.
      Some platforms define NULL as ((void *)0).  Unfortunately, a void*     can't be used as a function pointer according the the standards.  Use     a 0 instead and there will be no trouble.
      Tell users that a rewrite might be a good idea.
      Oops, no engine in the main trunk.
      siglen is unsigned, so comparing it to less than 0 is silly, and     generates a compiler warning with Compaq C.
      Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care     of complaints from the compiler about data pointers and function     pointers not being compatible with each other.
      Jeffrey Altman <jaltman at columbia.edu> sent me a patch that fixes the     problems with GetCursorInfo, but also adds network statistics and     performance statistics where available.
      Restore the descriptions to conform with the rest of the     documentation.  We'll work on better documents after the release of     0.9.6.
      A patch from HP for better performance.     Submitted by Kevin Steves <ks at hp.se> 3 months ago...
      make update
      A new beta is being released.  Change the version numbers     accordingly.
      Declare the availability of beta 2 in STATUS.
      Jeffrey Altman reminds us to initialize some variables and ercommends the use of LOadLibrary instead of GetModuleHandle
      Unless we cast, thorough compilers will complain
      The test status as it has been reported so far
      Typo in the added hpux targets.  -ldl should be -ldld.
      HP-UX didn't go through
      Disable the net statistics gathering code, since different compilers     disagree on the proper syntax and type names.
      cyclecount is only used when __GNUC__ isn't defined.
      Going through performance statistics sometimes generates an exception,     so disable that part.     Reported by Jeffrey Altman <jaltman at columbia.edu>
      A few more reports
      A few more reports
      No engine stuff in the main trunk.
      A few more reports
      HP-UX 64-bit has dlfcn, so let's use that instead of the old dl.
      New documentation about things related to SSL_CIPHER.  Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      ftime() is not supported on SGI.     Reported by Steve Robb <steve at eu.c2.net>
      A couple more reports.
      Reorder the Blowfish documentation so the low-level routines do not get so prominent, and make sure to say out loud what they expect.
      A few more HP-UX reports.  Reported by Kevin Steves <stevesk at sweden.hp.com>
      FreeBSD only supports ftime() through libcompat, which means it's     better not to use it.
      It seems like all HP-UX are successes as soon as the -ldl vs. -ldld     quirk is fixed.
      Extend the docs on setting the cipher list.  Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      Type correction.  Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      Document SSL_library_init() and it's aliases.  Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      BSDI only supports ftime() through libcompat, which means it's     better not to use it.
      make update
      On VMS, stdout may very well lead to a file that is written to in a     record-oriented fashion.  That means that every write() will write a     separate record, which will be read separately by the programs trying     to read from it.  This can be very confusing.
      Wrong variable used.  It's funny how some bugs take a long time     getting triggered...
      AIX doesn't like ftime() either.
      Reports about a few old systems.     Reported by Bernhard Simon <bs at bsws.zid.tuwien.ac.at>
      Add news and a description of the ENGINE part and how it's currently     distributed.
      Mistakes corrected.  Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      New documents.  Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      Portability patch for HP MPE/iX.  Submitted by Mark Bixby <mark_bixby at hp.com>
      Clarifications and new documents.     Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      Changes by Jeffrey Altman <jaltman at columbia.edu> to make RAND_poll()     work better in Win32.  Verified by zhu qun-ying <qyzhu at krdl.org.sg>.
      I'm using GNU tar...
      make update
      Time to build beta 3.  Bump the version numbers accordingly.
      Prepare STATUS for the beta 3 reports.
      Tests so far.
      Tests so far.
      More reports.
      Ugly hack to make sure static libraries are usable.  Without this,     anything that just links with libeay32.lib or libssl32.lib will get an     error saying the __imp__RegQueryValueEx is unresolved.
      Oops, if the target only had USE_TOD, an error message was issued...
      More reports
      Change IMPORTANT to WARNING for greater emphasis.
      More reports
      More reports
      More reports
      Kris Kennaway <kris at FreeBSD.org> tells us that FreeBSD/Alpha shouldn't     use an optimization higher than -O.
      Problem on FreeBSD/Alpha fixed.
      Catch V_ASN1_NULL.
      Change the Windows building scripts to enable DSO_WIN32.
      make update
      Time to build the release.  Bump the version info accordingly.
      Forgot to change the STATUS file...
      Update the status and version number to 0.9.7-dev.
      Make the algorithm implementations depend on the corresponding     selection macros.
      'ranlib' doesn't always run on some systems.  That's actually     acceptable, since all that happens if it fails is a library with     an index, which makes linking slower, but still working correctly.
      echo=off works on NT, but not on W2K.
      When creating a .def file, be a bit more selective so disabled     algorithms do not get in...
      Document the change.
      A compiler warning removed.  Thanks to the folks at HP!
      Include arpa/inet.h, since that's where htons() and friends are     supposed to be defined according to XPG4.2.     Found by Evan <n2xjk at ulster.net> for the MVS platform.
      Remove what was described by someone as "an EAY hack for compiling     SSLeay with Colin Plumb's MD5 implementation instead of his one".
      More SSL functions documented.  Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      Linux on Alpha has the configuration name linux-alpha-gcc, not     linux-alpha.
      Linux on Alpha with gcc knows about shared libraries.
      Make sure that shareable libraries are turned off if we don't know how     to make them...
      Make sure ranlib is only used on .a libraries.
      A few small corrections to the SSL documentation.     Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      Do a favor to those who get weird compiles and report if RAND_pseudo_bytes     returns -1...
      New docs and new facts in older docs.     Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      make update
      Make the new conf implementatoin bug-compatible with the old one.     Actually, it's a feature that it goes looking at environment     variables.  It's just a pity that it's at the cost of the error     checking...  I'll see if I can come up with a better interface for     this.
      Bump the shared library version (should have been done a while ago).
      Rework the system to generate shared libraries:
      Even when you don't want to create shared libraries, it's a good idea     to have the full extension information, so residual shared libraries     can be removed so the applications and test programs do not get linked     against them by mistake...
      The experimental Rijndael code moved to the main trunk.     make update done.
      CRYPTO_get_ex_new_index would never return an error.
      Two questions have been asked quite often lately.
      John Denney <jdenney at ca.mdis.com> reports that we forgot to convert     Free to OPENSSL_free in the SSL demos.
      NCONF_get_number() has no error checking at all.  As a replacement,     NCONF_get_number_e() is defined (_e for "error checking") and is     promoted strongly.  The old NCONF_get_number is kept around for     binary backward compatibility.
      Make it possible for methods to load from something other than a BIO,     by providing a function pointer that is given a name instead of a BIO.     For example, this could be used to load configuration data from an     LDAP server.
      Keep binary backward compatibility by putting new method function     pointers at the end of the structure.
      Document the change to NCONF.
      make update
      Add what's needed to get shared libraries on HP-UX.
      FreeBSD-elf can do threads.  However, there seems to be confusion if     you should defined _THREAD_SAFE (I found that in an include file, and     that's what everybody tells me) or _THREADSAFE (that's what the gcc     manual says in the FreeBSD-specific section), so I defined both, just     to be safe.
      Krister Walfridsson <cato at df.lth.se> tells us sysctl lives in /sbin     since NetBSD 1.5.
      There's no reason why app_RAND_load_file() should return 0 when     RAND_status() hasn't.     Reported by Dale Stimson <dale at accentre.com>.
      On some operating systems, MAX is defined.  Call ours OSSL_MAX instead
      If the functions get_dh*() are declared static, they should be defined the same way
      Pointer error corrected
      It seems like grep isn't as capable as I thought on some Unix systems.     Use egrep instead.
      When building shared libraries on HP-UX 10.20 and HP-UX 11.00 (32bit),     ld warns that -Fl "may not be supported in future releases".  We know     that, and are doing things in HP-UX 11 (64bit), so turn off that     warning with +vnocompatwarnings.
      For the operating systems where it matters, it is sometimes good to     translate library names by only adding ".so" to them without     prepending them with "lib".  Add the flag DSO_FLAG_NAME_TRANSLATION_EXT_ONLY     for that purpose.
      On HP-UX, at least when shl_* are used, the libraries have the     extension .sl instead of .so.
      Merge the engine branch into the main trunk.  All conflicts resolved.     At the same time, add VMS support for Rijndael.
      The majority of the OCSP code from CertCo.
      make update
      Document the OCSP addition.
      NetBSD doesn't use ftime().
      Small documentation change
      Add the possibility to use keys handled by engines in more     applications.
      Document the change.
      Make flag variables int instead of char.  This avoids getting into trouble on systems where char is unsigned by default
      Add configuration option to build on Linux on both big-endian and     little-endian MIPS.     Submitted by Ralf Baechle <ralf at uni-koblenz.de>
      Improvements to openssl.spec.     Submitted by Damien Miller <djm at mindrot.org>     This change has been CC:ed to crypt at bxa.doc.gov
      Rename true64 to the correct tru64.     Suggested by Albert Chin-A-Young <china at thewrittenword.com>
      Add support for shared libraries under Irix.     Submitted by Albert Chin-A-Young <china at thewrittenword.com>
      Add application to enumerate, list and test engines with.
      -t is supported, so display some help about it.
      make update
      Better error reporting in 'openssl engine'
      'openssl engine' can now list engine capabilities.  The current     implementation is contained in the application, and the capability     string building part should really be part of the engine library.     This is therefore an experimental hack, and will be changed in the     near future.
      Change the engine library so the application writer has to explicitely     load the "external" built-in engines (those that require DSO).  This     makes linking with libdl or other dso libraries non-mandatory.
      Update the standards list to the current status
      Instead of just STACK, use STACK_OF(ASN1_OBJECT).
      Make sure that shared libraries get the internal name engine with the     full version number and not just 0.  This should mark the shared     libraries as not backward compatible.  Of course, this should be     changed again when we can guarantee backward binary compatibility.
      mode used too early in EVP_PKEY_save_parameters.     Spotted by Ken Lalonde <ken at torus.ca>
      Constify the BIGNUM routines a bit more.  The only trouble were the     two functions that did expansion on in parameters (BN_mul() and     BN_sqr()).  The problem was solved by making bn_dup_expand() which is     a mix of bn_expand2() and BN_dup().
      Make all engines available in the openssl application.
      As a consequence of the BIGNUM constification, the ENGINE code needs a     few small constifying changes, and why not throw in a couple of extras     while I'm at it?
      Constify the RSA library.
      Constify the RSA library.
      Constify the RSA parts of the ASN.1 library.  Note some ugly casts     that are needed in the ASN.1 macros.  Hopefully, we can get rid of     those in an elegant way in the future.
      Constify the RSAref glue code.
      The consequence of constification is that to pass the address to a     pointer to a const double pointe parameter, the pointer must point to     const data as well.
      Constification of CRYPTO_get_ex_data() needed for the sake of     RSA_get_ext_data().
      Document recent constifications.
      shl_load() also needs to load along a path given through an     environment variable, SHLIB_PATH.  This change makes that possible.
      When ENGINE_by_id() couldn't find the given engine id, it generates an     error.  When checking like engine_add() is, those errors are actually     good, so remove them.
      Lutz tells me HP cc uses the same syntax for flags that should be     passed down to ld as GNU cc.
      A few more constifications of some RSA routines that I forgot     yesterday.
      Make sure ERR_get_error() is declared.
      Constify DSA-related code.
      Constify DH-related code.
      Document that the Nuron hardware has been added and remove the     requirement for an engine utility since we now have that.
      Constification of LHASH.  Contributed by "Paul D. Smith" <psmith at gnu.org>     I didn't apply all his patches yet, since I have some hesitance about     unconstifying.  To be pondered.
      Remove references to RSAref.  The glue library is but a memory to fade     away now...
      Really stupid glitch (a comment not properly ended) fixed.
      Update my own debugging configuration entry
      Enhance granularity on what I want to debug for the moment by changing     LEVITTE_DEBUG to LEVITTE_DEBUG_MEM.
      For a long time, I've wanted to be able to easily run one or a few     individual tests.  I finally got myself to implement it...
      Add Rijndael as things to look through.
      Typo, was "time" instead of "tim".     Caught by Jeffrey Altman <jaltman at columbia.edu>
      Detect and mark functions that no longer exist.
      Get the Rijndael function declarations.
      make update
      Two OCSP functions that aren't yet implemented.
      Modify () to (void), since that's what is actually defined in the     engine structure, and some ANSI C compilers will complain otherwise.
      /proc/cpuinfo can have several lines containing the word "type".  We want the one that is "type", plain and simple.  Caught by Raoul Borenius <borenius at shuttle.de>
      I've checked again and again.  There really is no need to expand a to     4 times it's size when bn_sqr_recursive() won't look farther than the     original length.  Thereby, constification is no longer a problem.
      Oops, when I clean, I should do it thoroughly.
      Make sure to print the BN counting (BN_COUNT) to stderr instead of     stdout.  bc gets so confused by bean counts.
      More constification of the BN library.
      Make sure BN_DIV2W is not defining when defining it, and remove the     declarations of bn_add_part_words() and bn_sub_part_words() since they     do not exist.
      I might want to debug the assembler modules...
      Make the definition of bn_add_words() match the definition.
      Remove a declaration for a function that does not exist.
      Remove two bn_wexpand() from BN_mul(), which is a step toward getting     BN_mul() correctly constified, avoids two realloc()'s that aren't     really necessary and saves memory to boot.  This required a small     change in bn_mul_part_recursive() and the addition of variants of     bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays     with differing sizes.
      Add news items early.  Please fill in with what I have forgotten.
      I wonder if I do too much...
      Make sure bs is assigned NULL when it's free'd, or there will be an     (incorrect) attempt to free it once more...
      'echo on' works better all over than 'echo=on'.  We had the same     problem in some other file, but I can't recall which.
      Avoid getting warnings about unary - being used on unsigned integer.
      Reimplement bn_div_words, bn_add_words and bn_sub_words for VAX.     I'm a little bit nervous about bn_div_words, as I don't know what it's     supposed to return on overflow.  For now, I trust the rest of the     system to give it numbers that will not cause any overflow...
      Addapt the VMS scripts to the changes in the Makefiles.
      Addapt the VMS scripts to the changes in the Makefiles.
      Correct a number of syntax errors.
      Addapt to added files in the BIGNUM section
      Copy and paste error...  bn_add_part_words() should of course call     bn_add_words(), not bn_sub_words()...
      Changes to c_zlib.c to make ZLIB.DLL dynamically loadable under     Windows.  Really, this should probably be done on Unix as well, but     that will be a later story...
      Change c_zlib further to allow loading a shared zlib on all operating     systems where such an operation is supported.
      Make it possible to test SSL compression
      COMP_METHOD has a new argument since some time back...
      Turn off memory checking when loading new compression algorithms.
      comp_methods in a SSL_CTX points at an internal database.  Do *not*     free that, since it's shared by all SSL_CTX's, present and future.
      Simplify and provide the possibility to clean a compression method.
      The compression method may be undefined for some reason that has     generated errors.  Therefore, print whatever error there may be...
      New format for the FAQ.  We now have different sections for different     types of questions.  Hopefully, that'll make them easier to spot, and     specially, easier to refer to.
      A few bug fixes for Windows.
      First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS.  Implemented by Vern Staats <staatsvr at asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab at columbia.edu>
      Recognise Darwin as well.  For now, have it do exactly the same thing as for Rhapsody
      Typo corrected.
      Document the addition of Kerberos stuff.
      Correct a mail address...
      Write a first HOWTO on how to create certificates.  This is currently     a draft.
      Add a comment to explain the purpose of bn_cmp_part_words().
      Remove the last bn_wexpand()s that made us break constness.  Of     course, that means we need to handle the cases where the two arrays to     bn_mul_recursive() and bn_mul_part_recursive() differ in size.
      It's completely unnecessary to add a compression algorithm that is     really undefined.     Spotted by Jeffrey Altman <jaltman at columbia.edu>
      On Windows, Rainbow uses _stdcall convention under Windows.     Spotted by plin <plin at rainbow.com>
      Update the internal docs.
      Have the self test use bctest to check that bc is sane.
      During the self test, we only want to know what bctest says on     stderr...
      Make TYPE_RSA the default type instead of just setting it when -new is     given.  That also allows the arguments to come in any order (-new     last, for example).
      SSL_new() may potentially add a certfificate.  Therefore, wen     duplicating the certificate that is in the original SSL, remove the     one that SSL_new() provided, if any.     Spotted by: Mike Zeoli <zeoli at roguewave.com>
      When using -pedantic, it's a good thing to define PEDANTIC as well.     Also, define a second debugging configuration without assembler.
      In bn_mul_recursive(), make sure the comba routines are only called     when both a and b are of the exact right size.  This may change to     something better later.
      Problem: bn_mul_normal() misbehaves if the size of b is 0.     Solution: multiply a with 0, putting the result in r, and return.
      Constification of the data of a hash table.  This means the callback     functions need to be constified, and therefore meant a number of easy     changes a little everywhere.
      Make sure each FAQ item has an index entry.
      Do not poll DEVRANDOM if weäre building without an file pointer API.     Spotted by "David Schwartz" <davids at webmaster.com>.
      Update VMS build procedures to match the current status.
      Enhancements to mkdef.pl:
      "make update" plus a rewrite of both .num files.
      Correct a typo.
      Check for deselection of KRB5.  In fact, skip it completely on VMS for now...
      Uhmm, the keyword TRUE does not exist of course...
      Remove anything connected to RSAref, since that's gone by now.     Add the C macros OPENSSL_BUILD_SHLIBCRYPTO and OPENSSL_BUILD_SHLIBSSL     to the build of the object files as appropriate for each library.
      Define OPENSSL_EXPORT and OPENSSL_IMPORT and give OPENSSL_EXTERN the     default value OPENSSL_IMPORT.  Explain the use of all those macros.
      If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto     objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl     objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.     This is actually only important on Win32, and can safely be ignored in     all other cases, at least for now.
      Remove RSAref-related things.
      Since asn1.h gets included recursively from many places, the easiest     is to have asn1.h include e_os.h and e_os2.h.  Of course, this makes     the unofficial "non-export" status of e_os.h a bit delicate...
      Temporary measure: if no KRB5 is defined, add "no-krb5" to the     options.  This is so mk1mf.pl can pick it up from Makefile.
      Look for no-krb5 and add the definition of NO_KRB5 if it's there.     I've no idea were the KRB5 header files and libraries are placed on     Win32.  When there's better knowledge, we might be able to process the     other KRB5-related arguments as well...
      The option line may start with a space, which gives an empty option.     Make sure those are purged...
      Make the DSO code for VMS work again.  First attempt.
      Keep up with the Unixly changes.
      Change RAND_poll for Unix to try a number of devices and only read     them for a short period of time (actually, poll them with select(),     then read() whatever is there), which is about 10ms (hard-coded value)     each.
      Because /dev/urandom has a better chance of giving us a good and     quick answer, take that one first.
      Keep up with Unix code.  It's beginning to be  time to rethink the VMS     build system...
      As response to a user request to be able to use external memory     handling routines that need file name and line number information,     I've added a call level to our memory handling routines to allow that     kind of hooking.
      Add configuration for GNU Hurd.
      Keep up with Unix
      Make the change log on the RAND_poll change a bit more explicit.  Suggested by Bodo Moeller.
      Documentation language corrections, contributed by Chris Pepper <pepper at mail.reppep.com>
      Increase consistency of header data (some mail readers really do not     like spaces before the semicolon, and besides, other parts of this     file makes the values without those spaces), and move spacing of     continuation lines to support BIO's that break lines after each     write.
      Document the change.
      Fix a memory leak in BIO_get_accept_socket().  This leak was small and     only happened when the port number wasn't parsable ot the host wasn't     possible to convert to an IP address.     Contributed by Niko Baric <Niko.Baric at epost.de>
      Add the -VAfile option to 'openssl ocsp'.  This option will give the     client code certificates to use to only check response signatures.     I'm not entirely sure if the way I just implemented the verification     is the right way to do it, and would be happy if someone would like to     review this.
      The check for request including a nonce and response not having it was     inversed.  Corrected.  Hopefully, this will make it work without     dumping core.
      Update of linux-ppc.  Contributed by MATSUURA Takanori     <t-matsuu at protein.osaka-u.ac.jp>
      Include the newly reported problem with bc on FreeBSD 4.2.
      Make it possible to use gcc to generate the dependency tables.
      Perl code patch contributed by "Kurt J. Pires" <kjpires at iat.com>     His own words are:
      VMS follows suit.
      Make the choice of "makedepend" program choosable through a switch.
      Do not insert things in syms{} and kind{} when parsing the header     files.  Instead, insert proper information in the $def string, which     will be properly munged later on.
      An obvious but hard-to-see cut'n'paste error corrected.
      make update
      Remove temporary files when done.
      Make all configuration macros available for application by making     sure they are available in opensslconf.h, by giving them names starting     with "OPENSSL_" to avoid conflicts with other packages and by making     sure e_os2.h will cover all platform-specific cases together with     opensslconf.h.
      I forgot to document the system identification macros
      Use the new-style system-identity macros.
      Make sure time() is properly declared.
      I'm sick of the warnings about long long...
      Use new-style system-id macros.
      Use new-style system-id macros everywhere possible.  I hope I haven't     missed any.
      Use 0 instead of NULL, at least for function casts, since there are     variants of stdio.h that define NULL in such a way that it's "unsafe"     to use for function pointer casting.
      Include string.h so mem* functions get properly declared.
      Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS     get a chance to be defined.
      Include string.h so mem* functions get properly declared.
      Use sk_*_new_null() instead of sk_*_new(NULL).  That avoids getting     lots of silly warnings from the compiler.
      DEC C on VMS is pedantic by definition.
      Let VMS catch up.
      Include opensslconf.h or the like early to make sure system macros get     correctly defined.
      Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS     get a chance to be defined.
      Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS     get a chance to be defined.     Make a batter file name translator (uhm, no, that's not the finished     variant :-)).
      DEC C on VMS is pedantic by definition.
      A new bunch of too long symbols to hack.     OCSP_CRLID_new and OCSP_crlID_new clash on case-insensitive systems.
      Include string.h so mem*() functions get properly declared.
      Get the right cast for lhash callback functions.
      Get e_os2.h to get all the system definitions correctly.
      OpenVMS catches up.
      I forgot there was a reason why the inclusions and definition of u_int     was made in a certain sequence.  This change restores the earlier     "chain of command".
      Some functions, like strdup() and strcasecmp(), are defined in     strings.h according to X/Open.
      With later version of DEC C on VMS, some functions (strcmp(), for     example) are declared with some extra linkage information.  This     generates a warning when using the function name as a value to a     regular function pointer with the "correct" definition of the     function.  Therefore, use a macro to cast the appropriate function on     VMS.
      strdup() is a X/Open extension.
      I had forgotten to change mkerr.pl to use the new macro system.
      Modify mkdef.pl to recognise and parse prprocessor conditionals of the     form '#if defined(...) || defined(...) || ...' and '#if !defined(...)     && !defined(...) && ...'.  This also avoids the growing number of     special cases it was previously handling (some of them wrongly).
      'make update'
      Include e_os2.h instead of opensslconf.h.     SSL_add_dir_cert_subjects_to_stack is not implemented on WIN32 and     VMS, so declare it the same way.
      Since SSL_add_dir_cert_subjects_to_stack isn't impemented on VMS,     there's no point creating an alias for it.
      When inside a #if 0..#endif, do not define anything.
      Always include opensslconf.h, even if it's already been done before.     The reason is that some parts are only included when certain other     include files have been included.
      Windows does not know of strigs.h or strcasecmp, so when in Windows,     make strcasecmp a macro to _stricmp.
      One indirection level too little compared to the     pre-CRYPTO_MEM_LEAK_CB time.
      Since opensslconf.h might be included over and over, undefine     OPENSSL_UNISTD before redefining it, to avoid compiler warnings.
      Exported header files should not include e_os.h.
      Use e_os2.h rather than opensslconf.h, since some needed macros are     defined there.
      Since RAND_file_name() uses strlen, make sure the number that's     compared to it has the type size_t.  Included the needed headers to     make that happen.
      e_os.h does not belong with the exported headers.  Do not put it there     and make all files the depend on it include it without prefixing it     with openssl/.
      Define the OPENSSL_NO_* macros as NO_* macros for the sake of applications thathaven't yet been changed
      CONF_METHOD is one of the few places where you find MS_FAR.  I can't     really see why we need to define these function pointers with MS_FAR     if it's not done cosistently everywhere.
      e_os.h defines Getenv()
      Define the right macro for Linux and other GNU-based systems to get a correct declaration of strdup()
      make depend.
      Add the CCITT pilot directory OIDs.
      make update     Note that all *_it variables are suddenly non-existant according to     libeay.num.  This is a bug that will be corrected.  Please be patient.
      MacOSX doesn't have ftime().     Spotted by Pieter Bowman <bowman at math.utah.edu>
      Introduce the possibility to access global variables through     functions on platform were that's the best way to handle exporting     global variables in shared libraries.  To enable this functionality,     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter     is normally done by Configure or something similar).
      Spelling corrected.
      Sort platforms lexicographically as well.  Also, support more than two     variants of a symbol.
      For SSLv2, return the SSLv2 method, not the SSLv23 method.  This way,     it's possible to reuse an SSLv2 session.
      Add the possibility for option macros and start using it to indicate     for Windows compilations if DLL linkage is required or not.
      Document the SSLv2 session reuse fix.
      Update the VMS build scripts for EC
      Code for better build under Darwin (MacOS X).     Submitted by Brad Dominy <jdominy at darwinuser.org>
      VMS catches up on the EC modifications.
      Some EC function names are really long.  Make aliases for VMS on VAX.
      Build ectest too.
      Write a small comment so we know...
      Too many dollars...
      Bug fixes.
      Use 32bit longs on Alpha as well, because that's what the VMS     assembler code works with.
      For some experiments, it is sometimes nice to serve files with complete     HTTP responses.
      Document the change.
      We need to build MINFO.
      make update.
      It is a good thing to prepare the .def files.
      For AIX 4.3 or above, allow the use of dlfcn.
      bsdi-elf needs to link with -ldl.
      Minimise the amount of -L. when linking the shared libraries.  It     seems like some Unixen (SCO) have opinions about too many -L.
      An enhanced bctest submitted by Tim Rice <tim at multitalents.net>.     It now looks along $PATH for a working bc and returns the absolute     path to one that does work.
      Correct a typo which might have lead to a dump.     Noted by Martin Kraemer <Martin.Kraemer at Fujitsu-Siemens.com>
      New cofiguration for Unixwre and SCO,with slightly better granularity.  Contributed by Tim Rice <tim at multitalents.net>
      avoid linking problems when OpenSSL is built with no-dsa.  Spotted by Hellan,Kim KHE <khe at kmd.dk>
      Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to     be "#if 0"'d, or they will (re)appear as existing functions in     util/libeay.num.
      Use stdlib.h to get size_t.
      Remove redundant operations and update version info.
      We really have no need for PEX_LIBS, so empty it.
      A lot of reports.
      Small AIX problems solved.
      ln on Solaris expects -f to come before -s.     The linux-shared method is actually gcc-specific, so call it     gnu-shared as well.
      gcc uses collect2, not ld, to link things.  Therefore, when using gcc     there's no need fooling ourselves, it's the gnu-shared method that we     should use.  Do it for Solaris to begin with.
      When using the native tools on Solaris, make damn sure the native ld     is used, even if the user has GNU ld earlier in his $PATH.
      make update
      For mips3 and alpha, put the assembler file directives in separate     variables and disable the Alpha assembler for now, since it has been     shown to fail.
      Reports seem to show that asm/mips3.s has faults.  To be investigated, but let's avoid using it in the mean time
      Include bn.h so we get BN_LLONG properly defined.  Otherwise, we can forget things like %lld
      Restore asm/mips3.s to be compiled and linked in, since the bug has     (at least hopefully :-)) been fixed.
      Add news section for OpenSSL 0.9.6a.  Please add what's missing
      Since there has been reports of clashes between OpenSSL's     des_encrypt() and des_encrypt() defined on some systems (Solaris and     Unixware and maybe others), we rename des_encrypt() to des_encrypt1().     This should have very little impact on external software unless     someone has written a mode of DES, since that's all des_encrypt() is     meant for.
      I forgot to rename des_encrypt to des_encrypt1 in libeay.num.
      Stress the news about the name change.
      One des_encrypt to des_encrypt1 I forgot to commit...
      Complete the des_encrypt to des_encrypt1 rename in the main     development line as well.
      Beta 3 has been released and announced.
      linux-elf verified.
      Note reports.
      A few more reports.
      Reports on VMS.
      Remove a typo in dgux-R4-gcc.
      libfisdef.h and LIB do not exist on older VMS versions
      Reports on Windows, DG-UX and older OpenVMS.
      Plug a memory leak.  Spotted by "Shijin" <shijin at comex.com>
      Make do_bsd-gcc-shared depend on do_gnu-shared instead of the non-existent linux-shared
      OpenVMS/Alpha should use 64 bits.  If nothing else, there's     performance to gain.
      Since vms.mar handles 32-bit integers, do not use it on Alpha, that's     just a slowdown.
      Incorporate some changes that make OpenSSL compilable in CygWin.
      Correct a typo.  linux != linus.
      Unixware config.
      Fix couple of memory leaks in PKCS7_dataDecode().     (provided by Stephen)
      Add the possibility to have AES removed in Windows as well.     Spotted by Harald Koch <chk at pobox.com>
      Resize a local buffer to accomodate the size requirements of AES.     Protect against future mistakes with an assert().
      Correct info in the FAQ.
      NetBSD and OpenBSD use TOD as well
      Make it possible to move the emailAddress object to the subjectAltName     extension instead of just copying it.  That makes a certificate comply     even more with PKIX recommendations according to RFC 2459.
      Show an example of moving the emailAddress object from the subkect DN     to subjectAltName when signing a certificate.
      Add -keyform.
      Correct typo.
      VMS was behind when it comes to OCSP.
      Script to create shareable images (shared libraries in Unixly terms)     on VMS.
      User OPENSSL_UNISTD instead of <unistd.h>.     Spotted by Mark Crispin <MRC at Panda.COM>
      We shouldn't skip over header files to avoid functions of disabled algorithms.  The selection is done in a different way
      engine.h includes all the needed header files, so don't do it again     here.
      Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable     appropriate code if any of them is defined.
      gcc warns when certain values of an enumeration aren't taken care of,     unless there's a default clause.
      Provide the possibility to clean up internal ENGINE structures.  This     takes care of what would otherwise be seen as a memory leak.
      Clean up ENGINE before exiting.
      make update
      Linux shared libraries can be linked with debug symbols.     Tru64 shared libraries can be linked with static libraries.
      Make proper use of all disabling variables.
      make update
      A method to create shared libraries on AIX, and according to     "Howard Chu" <hyc at highlandsun.com>, it may be general enough     to work on any Unixly system.
      Remove part conflict indicator...
      Add support for Sun C on Solaris x86.  Contributed by Ben <mouring at etoh.eviladmin.org>
      Some platforms (most notably Windows) do not have a $HOME by default.     For those, unless the environment variables RANDFILE or HOME are     defined (the default case!), RAND_file_name() will return NULL.     This change adds a default HOME for those platforms.
      Add a general user interface API.  This is designed to replace things     like des_read_password and friends (backward compatibility functions     using this new API are provided).  The purpose is to remove prompting     functions from the DES code section as well as provide for prompting     through dialog boxes in a window system and the like.
      make update
      Clarify the license and copyright, make preprocessor dirctives a     little bit clearer and use the new OPENSSL_SYS_* macros.
      Don't forget crypto/ui...
      There is no uitest
      e_os2.h defines things like OPENSSL_SYS_MSDOS, not opensslconf.h...     (basically: whooops :-))
      Put back a removed "extern", or many compilers will complain about     redefined variables.
      Move the password reading functions completely away from the DES     section.
      When doing rewrites on ssleay.num, the file was prematurely closed.     Make rewrites the default, since it works, and people get confused if     changed information doesn't get rewritten automagically.
      des_read_password() and des_read_2passwords() can only appear if DES     is compiled.
      Win16 too :-).
      make update
      Define `ok' and better error detection.
      A randomizer for OpenVMS, using the statistics that are easily     reachable.
      Document the addition.
      It seems like the removal of "extern" before "static" wasn't a     mistake.
      Make it so the compiler doesn't inform me about the dollars in some     symbols.
      Use ui_compat.h to get the password reading functions.
      len is a size_t, which is an unsigned integer.  Therefore, some     compilers will complain against the check for less than zero.
      Make more short aliases for symbols that are longer than 31     characters.
      Remove the password reading objects from LIB_DES.
      ui_compat.h was forgotten in the "symlinking" routine.
      ui was forgotten when installing libcrypto and it's headers.
      Make sure memset() is properly declared.
      Make sure strdup() is properly declared.
      branch on equal is beql, not beq...
      Low-case the names of the system routines, since some versions of     DEC C only have them declared that way (it doesn't really matter,     since the linker is case-insensitive by default)
      Do not forget to increment the pointers...
      New internal function OPENSSL_gmtime, which is intended to do the same     as gmtime_r() on the systems where that is defined.
      Add a few more details on what one might need.  make and a development     environment were a part of a Unix operating systems, but these days     you see an increasing number of installations that do not necessarely     have these crucial parts by default, so it's needs mentioning.
      Add a requirements section for OpenVMS.
      VMS doesn't support more than on period in a file name
      We had the password callback for ENGINEs pretty much wrong.  And     passwords that were given to the key loading functions were completely     ignored, at least in the ncipher code, and then we made the assumption     that the callback wanted a prompt as user argument.
      Document the latest change in ENGINEs.
      A wish was expressed.
      Extend all the loading functions to take an engine pointer, a pass     string (some engines may have certificates protected by a PIN!) and     a description to put into error messages.
      Don't decrement the reference counter twice when destroying dynamic     links.
      Stop mishandling the type number in dynlock locking
      nCipher callbacks shall return 0 on success, something else otherwise.
      Confusion between algorithms resolved.
      Added more info in SRP.
      More info on SRP.
      Accept digits in symbol names.  Spotted by Brian Havard <brianh at kheldar.apana.org.au>
      Small detail about AIX forgotten...
      A good use of the UI interface is as a password callback replacement     (for new functions...).  One might still want to be able to pass down     a user-data pointer to be used by the UI.  However, ex_data doesn't     quite cut it, since that means the appropriate index to it might need     to be shared between parts that aren't really related in that sense,     and would require the currently hidden (static) index holders to be     uncovered.  Not a good thing.  Therefore, add the possibility to add a     user-data pointer to a UI.
      Defining __USE_XOPEN_EXTENDED was the wrong thing.  Instead, define     _XOPEN_SOURCE.
      'make update'
      Don't forget to initialise.
      Use memmove() instead of memcpy() on areas that may overlap.     Spotted by Nalin Dahyabhai <nalin at redhat.com>
      Provide an application-common setup function for engines and use it     everywhere.
      One feature wasn't quite commited yet
      Enhance the user interface with better support for dialog box     prompting, application-defined prompts, the possibility to use     defaults (for example default passwords from somewhere else) and     interrupts/cancelations.
      The default flag should be for default passwords only.  Otherwise,     someone having a default that is not a password will be confused.
      - Add the possibility to control engines through control names but       with arbitrary arguments instead of just a string.     - Change the key loaders to take a UI_METHOD instead of a callback       function pointer.  NOTE: this breaks binary compatibility with       earlier versions of OpenSSL [engine].     - Addapt the nCipher code for these new conditions and add a card       insertion callback.
      Change the common application routines to use a UI_METHOD for password     prompting, even when done through the callback.
      Do a proof of concept.  "openssl genrsa" will make the name of the     file part of the password prompt unless it's standard input...
      cp is only used when DSA is built.
      Modify "openssl engine" to handle and display internal control     commands appropriately.
      Since there is a way to create UI_METHODs, implement a destructor as     well.
      Update my status.
      For the UI functions that return an int, 0 or any positive number is a     success return, any negative number is a failure.  Make sure we check     the return value with that in mind.
      Include the UI error strings.
      New error printing function that gives the possibility to print the     errors through an arbitrary function.
      Implement boolean (yes/no or OK/Cancel, ...) input.
      make update
      Do not loop i the OpenSSL UI method any more.  Instead, letthe     application do that.
      Document recent changes.
      Oops, applies to 0.9.7 only.
      Make use of new features in UI's.  Among others, the application     password callbak doesn't need to check for sizes any more.
      apps_startup() needs a corresponding apps_shutdown().
      Use apps_shutdown() in all applications, in case someone decides not     to go the monolith way (does anyone do that these days?).
      make update
      Including stdio.h before setting _XOPEN_SOURCE and     _XOPEN_SOURCE_EXTENDED wasn't very smart...
      Use the new UI features, among others the new boolean input.
      Make sure we don't return 0 on error.
      Call apps_shutdown() to take down what apps_startup() set up.
      Make better use of load_cert, load_certs and load_key.
      Make get_ip() a bit more strict in it's parsing of IP addresses, and     at the same time a bit more accepting with host names.
      Make better use of load_cert, load_certs and load_key.
      Make better use of load_cert, load_certs and load_key.
      Changes to have OpenSSL compile on OS/2.     Contributed by "Brian Havard" <brianh at kheldar.apana.org.au>
      Insuline shot
      [Forgotten commits?]     Changes to have OpenSSL compile on OS/2.     Contributed by "Brian Havard" <brianh at kheldar.apana.org.au>
      Let's include cryptlib.h *before* things like NO_SYSLOG are tested or     used.
      Make an extra note about shared libraries and backward compatibility.
      Change info to correct values.
      Use one address consistently.
      Patches from Vern Staats <staatsvr at asc.hpc.mil> to get Kerberos 5 in     SSL according to RFC 2712.  His comment is:
      If I define _XOPEN_SOURCE before including *any* system header file,     things will work much more smoothly.
      EVP_Digest() takes one more parameter.
      make update
      One forgotten function.
      Make sure crypto/krb5/krb5_asn.h becomes part of libeay.num.
      Make sure crypto/krb5/krb5_asn.h is copied to the directory of     exported header files.
      make update
      The implementation of the TKTBODY ASN.1 functions was missing.
      Changes to the Kerberos SSL code by Jeffrey Altman <jaltman at columbia.edu>     His comments are:
      Code to avoid the use of non-standard strptime().  By     Jeffrey Altman <jaltman at columbia.edu>
      Changes to the Kerberos SSL code by Jeffrey Altman <jaltman at columbia.edu>     His comments are:
      Private functions do not belong in an exported header file, so move     them to one that won't get exported.
      Include kssl_lcl.h where needed.
      make update
      Document the recent Kerberos SSL changes.
      Some of the Kerberos code had dissapeared.  Reapply.
      Add the possibility to specify the use of zlib compression and     decompression.  It can be set up to link at link time or to load the     zlib library at run-time.
      Clarify that zlib-dynamic is the default choice.
      paddr may be NULL.  Do not crash if it is.
      Prevent KSSL server from requesting a client certificate.     Submitted by Jeffrey Altman <jaltman at columbia.edu>
      SSL_get_[rw]fd were documented but not implemented.
      SSL_get_rfc were documented but not implemented.
      More Kerberos SSL patches from Vern Staats <staatsvr at asc.hpc.mil>.     His comments are:
      Not all platforms have the OpenBSD crypto device.
      Addapt VMS script to the latest changes in the makefiles.
      make update
      More Kerberos SSL changes from Jeffrey Altman <jaltman at columbia.edu>     His comments are:
      Whoops, my fault, a backslash got converted to a slash...
      Correct most of the unsigned vs. signed warnings (or int vs. size_t),     and rename some local variables to avoid name shadowing.
      Make as sure as possible that gethostname() will be properly declared.
      Vade retro C++ comments!
      Make sure the source file is included among the dependencies.  This is     the norm for 'gcc -M' but not for 'makedepend', and is merely     introduced here to avoid commit wars.
      make update
      Make sure memcpy() gets properly declared by including string.h.
      Apply the Tru64 patch from Tim Mooney <mooney at dogbert.cc.ndsu.NoDak.edu>
      gcc 3.0 tells me that -m486 is deprecated.  The gcc 2.95 manual tells     me the same and that the correct option is -mcpu=i486.  I'm assuming     -mcpu has been around for some time, and that it's therefore safe to     change all occurences of -m486 to -mcpu=i486.
      Make sure evil file name characters, like spaces or ampersands (!),     don't disturb the rehashing process.     Spotted and suggested patch from Rudo Thomas <rudo at internet.sk>
      In case of memory problems, the va_start() wasn't cleaned with a va_end().     Noticed by Thomas Klausner <wiz at danbala.ifoer.tuwien.ac.at>.
      Two changes:
      The #error message must match a very specific regexp (see mkdef.pl,     currently line 470).
      'make update'
      Apparently, Linux is identified with __linux__ as well.
      Stop thinking arguments starting with - are algorithm identifiers.     Show timing parameters and timing functions used.     It looks like some Linuxen have very weird settings for CLK_TCK.  I'm     very unsure about this change and will investigate further.
      Synchronise with Unixly build.
      Change HZ in speed to rely on sysconf() if the clock tick is available     that way.  Synchronise s_time with these changes.
      o_time.c contains symbols with dollar signs in them, so we must tell     the compiler not to warn about that.
      Some new symbols have very long names...
      Addapt seldom compiled code to new semantics of the key schedule (not     a pointer any more).
      sk_ENGINE_CLEANUP_ITEM_pop_free() is duplicated in ENGINE_cleanup().     Let's use sk_ENGINE_CLEANUP_ITEM_pop_free() instead.
      'make update'
      Hmm, everything "open" isn't necessarely "openssl" :-).     *sigh* habit...
      A lot of things are undeclared unless x509.h is included.
      sch isn't an array, how did this pass through gcc?
      Because there's chances we clash with the system's types.h, rename our     types.h to ossl_typ.h.
      Because there's chances we clash with the system's types.h, rename our     types.h to ossl_typ.h.     Also, it seems like krb5 was forgotten in some places.
      Since ossl_typ.h is an exported header, we sure need to export it on     VMS as well :-).
      'make update'
      SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented.     Submitted by Massimo Santin <msantin at santineassociati.com>.
      Copy evptests.txt to the right place.
      A few more OIDs, contributed by Peter Sylvester <Peter.Sylvester at EdelWeb.fr>
      makedepend sometimes produces duplicates.  Remove them.
      To avoid commit wars over dependencies, let's make it so things that     depend on the environment, like the presence of the OpenBSD crypto     device or of Kerberos, do not change the dependencies within OpenSSL.
      'make update'
      It seems like gcc does canonicalisation of file names.  More     specifically, a starting './' is removed.  makedepend doesn't do this,     resulting in another possible commit war, so let's fix that by doing a     poor mans canonicalisation of file names that gives the same effect as     doing dependencies through gcc.
      'make update'
      For systems where gcc is used and where we don't know if GNU ld is     used or not, let's ask collect2 which ld it uses and choose to use the     target do-gnu_shared if GNU ld is used.
      Add support for md4WithRSAEncryption.
      'make update'
      In certain cases, no encoding has been set up for the b64 filter.  In     such cases, a flush should *not* attempt to finalise the encoding, as     the EVP_ENCODE_CTX structure will only be filled with garbage.  For     the same reason, do the same check when a wpending is performed.
      The EVP_*Init_ex() functions take one extra argument.  Let's default     it to NULL.
      Wrong place...
      Correction of the id-pda OID's.     Submitted by Frederic.Giudicelli at INTRINsec.com
      make update
      make update
      Deprecate the macro MAC_OS_pre_X.
      Due to an increasing number of clashes between modern OpenSSL and     libdes (which is still used out there) or other des implementations,     the OpenSSL DES functions are renamed to begin with DES_ instead of     des_.  Compatibility routines are provided and declared by including     openssl/des_old.h.  Those declarations are the same as were in des.h     when the OpenSSL project started, which is exactly how libdes looked     at that time, and hopefully still looks today.
      A C file is a C file is a C file!
      Have the removal warnings very high up in the source.
      Remove DES_random_seed() but retain des_random_seed() for now.  Change     the docs to reflect this change and correct libeay.num.
      Make sure openssl speed is compilable on systems where fork() doesn't     exist.  For now, that's all the ones we "support" except Unix.
      Change the DES documentation to reflect the current status.  Note that     some password reading functions are really part of the UI     compatibility library...
      Correct some links...
      Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names
      Change the shared library support so the shared libraries get built     sooner and the programs get built against the shared libraries.
      DOS and Windows do not like unistd.h
      No need to include anything on systems that do not have /dev/crypt
      Place the OpenSSL-specific headers back so they always get included,     or we get a dependency war in Makefile.ssl
      des_old.h doesn't really need to include des.h, so don't.  That will     avoid clashes with other code that have their own DES_ functions but     really only use OpenSSL's old des_ functions.
      Exclude .out files
      unsigned int vs. int.
      Remove temporary files
      Implement STARTTLS for certain protocols, currently only supporting SMTP.
      Change the order of events so the capabilities of loaded engines can     get listed as well.
      After loading a dynamic engine, reset the command definitions to the     empty set.  This prevents engines that do not set the command     definitions themselves to inherit the ones from "dynamic", which would     otherwise be very confusing.
      Add a demo that reimplements the RSAref glue in form of a dynamically     loadable engine.
      In a Debian Linux environment, it's not a good idea, apparently, to     manually declare the include directory /usr/include at the same time     as the macro PROTOTYPES is defined with the value 1.  Besides,     /usr/include is the standard include directory anyway, so there's no     need to specify it explicitely.
      Make use of RSAref's header files instead of EAY's crafted rsaref.h.
      make update     perl util/mkerr.pl -recurse -write -rebuild
      Make it possible to build completely static, independent error C     files.
      Add a local error code configuration file for the rsaref dynamic     engine.
      Add targets to update the error code files.
      'make update' + some touches.
      Use the generated error code files.
      At least for the two common Unixly DSO loading methods, include the     system error in the error text.
      If an engine isn't built in, try loading it as a shareable library     instead.  This also makes it possible for users to simply give said     shareable library as argument for the -engine option.
      Add DES functions.     Restructure the code and comment it a bit.     Prepare for the presence of digests.
      Make it possible to give digest names as -evp arguments.
      Add MD digests.
      make update
      A missing comma added.
      Make sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that).
      On systems that don't do too well including headers from a different     directory, trust the building scripts to handle it properly.
      End assembler macro correctly.
      Build dynamic rsaref engine on VMS.  Tested on VAX so far.
      On VMS, the norm is still that symbols are uppercased, so for now it's better      to trust that norm.  I might implement a control for this later on
      Extentions of the explanations to the linking problem on Win32.  Provided by Andrew Gray <agray at iconsinc.com>
      Certain missing algorithms make some SSL versions or TLS impossible to     build.
      I was recently informed that some people wrongly use ssleay.txt as     main documentation, so let's warn them a little more, so the word     "OBSOLETE" really gets understood.
      UID was never a lable for uniqueIdentifier.  However, LDAP and certain     RFCs concerning X.500 directories use UID as a shorter name for the     attribute type userId, which is defined by CCITT and available through     RFCs 1274 and 2247.
      make update
      Implement failover for ubsec.  Submitted by Subramanian Ramamoorthy     <sram at broadcom.com> with the following comment:
      Change pkcs12 so the certificates coming from -in do not get tossed if     -certfile is given as well.
      Synchronise with the 0.9.6 branch.
      Do not forget to compile comp_err.c
      Better use the same number in all branches, to avoid confusion
      And just for the sake of completeness, let's add some standard macros...
      Status update
      Add support for Linux on HP/PA.     Submitted by "Bryan W. Headley" <bheadley at interaccess.com>
      On Solaris64, cc needs the flag -xarch=v9 when linking shared     libraries.  Make a general change to support shared library     linking flags in general.     Noted by Nick Briggs <briggs at parc.xerox.com>
      Allow 8-bit characters.  This is not really complete, it only marks     characters with the highest bit set as HIGHBIT.  We need to expand     this to support the UTF-8 character set properly.  However, this     solves the problem that the character 0x80 (which is common in UTF-8)     gets masked to 0x00.     Patch submitted by "Huang Yuzhen" <huangyuzhen at bj.tom.com>
      Say that recent CygWin perl versions work as well.     Submitted by Eric Hanchrow <erich at votehere.net>
      Allow verification of other types than DATA.     Submitted by Leonard Janke <leonard at votehere.net>
      RSA counter should only be defined of RSA is available.
      make update
      When RSA or DSA are disabled, do not include the stuff that's specific     to them.
      The block size may be something other than 8!
      Because Rijndael is more known as AES, use crypto/aes instead of     crypto/rijndael.  Additionally, I applied the AES integration patch     from Stephen Sprunk <stephen at sprunk.org> and fiddled it to work     properly with the normal EVP constructs (and incidently work the same     way as all other symmetric cipher implementations).
      Implement speed measurement for AES.     Submitted by Stephen Sprunk <stephen at sprunk.org> as part of his AES     integration patch.
      make update
      Better clarification on perl
      Patches to make OpenSSL compilable on MacOS/X.     Submitted by Pier Fumagalli <pier at betaversion.org>
      Bring VMS up to date with development.
      Add more of the NIST test vectors for AES.
      Use FIPS-197 vectors for AES.  The NIST vectors were constructed by     reencrypting or redecrypting the ciphertext 10000 times, which of     course gives higly different results.
      To avoid all kinds of link-level clashes, rename all old des_*     functions to _old_des_*.
      To avoid all kinds of link-level clashes, rename all old des_*     functions to _old_des_*.
      Because of recent changes, there's no need to hack the des symbols any     more.
      make update     libeay.num got tweaked so the old des symbols would retain their     positions.
      Keep the NIST AES vectors that were there previously.
      There is no aestest currently.  The EVP tester is used to check the     AES algorithm.
      Add -keyform.  Document -engine.
      Document the change in rsautl.
      I must learn to compile before I commit...
      Apply a change by Toomas Kiisk <vix at cyber.ee>:
      Apply the following changes by Toomas Kiisk <vix at cyber.ee>:
      Apply Neale Ferguson's patch to add a configuration target for linux-s390x
      I got a request to make the "old des" symbols more closely tied to     OpenSSL.  Adding '_ossl' in the name seems to be a good way to do     this.
      Add old patch from Robert Dahlem <Robert.Dahlem at ffm2.siemens.de> to     make it possible to produce shared libraries on ReliantUNIX.
      GCC uses __i386__.
      Apply a small patch from Diego R. Lopez <diego.lopez at rediris.es>,     making X509_check_issued() properly match an issuer that's found in a     Authority Key Identifier.
      It looks like I didn't remove everything that has to do with the     non-existant aestest.c.
      Apply a small patch from Oscar Jacobsson <oscar at jacobsson.org> that     makes things more compilable with VC++.
      Apply a small patch from Dan Lanz <lanz at zolera.com> to get shared     libraries with debug-linux-elf.
      Update SCO5 targets.
      I got some reports that some targets have weird dso_schemes.     Therefore, I've added a sanity checker.
      Detect one-step shifts of the dso_scheme.
      Correct the number of colons for the targets aix43-cc, aix43-gcc,     alpha-cc, alpha-cc-rpath, alpha-gcc, alpha164-cc and alphaold-cc.
      Spelling correction.
      Apply patch from Toomas Kiisk <vix at cyber.ee> and complete it.
      ASN1_BIT_STRING_set_bit() didn't clear previously set bits
      Apply three patches from Assar Westerlund <assar at kth.se>:
      Apply one patch from Assar Westerlund <assar at sics.se>:
      With the changed des_old API, let's complete the work by renaming the     functions in ui_compat.  This gave reason to rework that part more     thoroughly, so here are the changes made:
      'make update'
      If the intended header file doesn't exist, create it.
      Generate the individual engines' error strings and macros     automatically.
      Certain reasons aren't really part of the engine framework, so let's     make them ubsec-specific in the ubsec implementation.
      Add aep and sureware implementations and clean up some error reasons     that were never part of the engine framework.
      Because AEP and we used the same AEP_R_ prefix for error reasons,     lets change our prefix to AEPHK_R_.  Otherwise, we get very mysterious     errors because we happen to redefine AEP_R_OK and AEP_R_GENERAL_ERROR.
      I forgot to include the aep and sureware vendor header files.
      Oops, do not unlock CRYPTO_LOCK_DYNLOCK when we locked     CRYPTO_LOCK_RAND...
      Remove an unused variable.
      Add notes on the added support for aep and sureware crypto cards in     0.9.7.
      Make link-shard a little bit more efficient.  If there are no     extensions to link together, there's no point looping at all.
      Move teh silencer to the right place.
      Update the configuration of CygWin32 to use the new capabilities of     CygWin 1.3.x, which includes thread and shared library support.
      Modify the main trunk version to 0.9.8-dev.     0.9.7 now lives in the branch OpenSSL_0_9_7-stable.
      Correct sh, please
      At Corinna Vinschen's request, change CygWin32 to Cygwin
      The Cygwin shared extension was shifted.
      make update, with libeay.num remade to match the 0.9.7-stable one.
      For some reason, getting the topmost error was done the same way as     getting the bottommost one.  I hope I understood correctly how this     should be done.  It seems to work when running evp_test in an     environment where it can't find openssl.cnf.
      Make sure memset() is defined by including string.h     Notified by Oscar Jacobsson <oscar at jacobsson.org>
      Add the configuration target VxWorks.
      Give the linux-sparv9 target shared capability.     Submitted by Ian Marsh <mushypea at dominion.net.uk>
      gcc chokes on C++ comments in C code.
      Missing #endif
      Local `time' shadows the global function `time()'.  Rename the local     variable to `tim' (and, as a matter of consequence, `time_d' to `tim_d').
      The macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;,     so do not add one after the expansion, since ANSI C doesn't allow ;;     at this level (or at least, so tells me gcc).
      Adjust the NID names for the AES modes OFB and CFB to contain the number     of feedback bits
      Add the modes OFB128, CFB128 and CTR128 to AES.     Submitted by Stephen Sprunk <stephen at sprunk.org>
      The AES modes OFB and CFB are defined with 128 feedback bits.  This     deviates from the "standard" 64 bits of feedback that all other     algorithms are using.  Therefore, let's redo certain EVP macros to     accept different amounts of feedback bits for these modes.
      Since Cygwin is the proper spelling, let's change to that everywhere.     Also, with the change in Configure, it now knows on it's own if     threads are supported or not.
      Oh, and since config figures out that we run Cygwin and what versions,     let's recommend running config instead of a manual Configure.
      Don't shadow already defined variables
      With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all
      Comparing a pointer (data) with 0 using > is incorrect.  The changed     comparison doesn't look right, but at least it compiles.  It would be nice     if the one who knows what this is supposed to do changed it to do it correctly
      Instead of just checking for OpenVMS, check if DEC C is used, since it's as     picky on all platforms
      With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all
      Add reports on checked 64-bit platforms and make space to add platforms that need to be checked
      Update the status on 64-bit thingy.
      Instead of casting a lvalue, let's constify meth.
      gcc figures that the format specifier %2x means unsigned int, so let's     make n unsigned.
      Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since     it's exported.  Changing that is a BIG step, which has been done in     0.9.7-dev.
      Stop assuming the IV is 8 bytes long, use the real size instead.     This is especially important for AES that has a 16 bytes IV.
      Add comfy aliases for AES in CBC mode.
      Add AES support in the applications that support -des and -des3.
      We have AES support in openssl speed
      make update, after moving around symbols in libeay.num to match     0.9.7-stable.
      Document the added modes for AES
      Updated AEP engine, submitted by Diarmuid O'Neill <Diarmuid.ONeill at aep.ie>
      Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
      Make sure aep_close_connection() is declared and has a prototype that's     consistent with the rest of the AEP functions
      VMS addaptation, including a few more long names that needed hacking.
      make update
      Remove the perl/ subdirectory.  It hasn't been worked on for ages, is     very broken, and there are working modules in CPAN, which makes our     module even more moot.
      This change was only made in 0.9.7-stable.  Synchronise
      Make it so one can select tests from within the test directory
      Rename des_SPtrans to DES_SPtrans to differentiate from libdes and avoid certain linkage clashes.
      Typo.  In DCL, the continuation character is a dash at the end of the     line, which I forgot when spliting one.
      New configuration targets for OpenBSD, handed to me by Bob Beck <beck at openbsd.org>
      Provide a pre 0.9.7 compatibility mapping if     OPENSSL_DES_PRE_0_9_7_COMPATIBILITY is defined.  NOT AT ALL TESTED YET!     Add a comment as to the libdes compatibility.
      OpenSSL currently fails on certain pure 64-bit architectures.  This is a showstopper
      Change des_old.c to use types prefixed with _ossl_old_des_.
      When closing, do not use close().  Also, if the closing call fails, do     not return immediately since that leaves a locked lock.
      Synchronise the AEP engine in all branches.  For 0.9.6-stable [engine], implement software fallback
      Merge in DES changed from 0.9.7-stable.
      Merge in DES changed from 0.9.7-stable.
      Merge changes from 0.9.7-stable
      Merge changes from 0.9.7-stable
      Make the change to strong keys in the string to key(s) functions experimental in the main trunk as well
      Correct the mapping for des_read_pw()
      Add the mapping of des_random_seed() for 0.9.6 compatibility.     Make sure DES_cblock is defined at all times (meaning one shouldn't include     openssl/des_old.h directly any more).
      Add the possibility to enable olde des support, not just disable it, for future support.  Redocument
      A forgotten file
      Fix of mixup bwtween SOMAXCONN and SO_MAXCONN.     Furthermore, make SO_MAXCONN the first choice, since that's the standard     (as far as I know).
      Cast the pointers to the BIGNUM data to unsigned long *.  This would be     harmful if we didn't also pass the exact number of bytes of that data
      Forgot one of the casts
      Make shared libraries resolve global symbols within themselves first.     Currently only on GNUish linkers...     Submitted by Steven Bade <sbade at austin.ibm.com>
      Use recv() and send() for socket communication on VMS instead of read()     and write().  The reason is that read() and write() make additional record     level locking which causes hangs of Compaq Secure Web Server (Apache) with     SSL.     Submitted by Compaq.
      Recognise DEC C++ as equivalent to DEC C for the definitions of OPENSSL_EXTERN and OPENSSL_GLOBAL.     Submitted by Compaq.
      Oops, the system macro for VMS is OPENSSL_SYS_VMS, not VMS
      Allow longer program names (VMS allows up to 39 characters).     Submitted by Compaq.
      make update (libeay.num has been edited to match 0.9.7-stable)
      Allow longer program names (VMS allows up to 39 characters).     Submitted by Compaq.
      Change the date to XX xxx XXXX in development versions.
      Check error code from a2d_ASN1_OBJECT().
      Avoid emacs backup files when making a snapshot
      Make sure the opened directory is closed on exit.     Notified by Lorinczy Zsigmond <lzsiga at mail.ahiv.hu>
      Do not free p if it hasn't been used yet.     Notified by Bernd Matthes <bernd.matthes at gemplus.com>
      No point constifying an int.     Notified by Bernd Matthes <bernd.matthes at gemplus.com>
      The callback must have (void) as argument list.     Notified by Bernd Matthes <bernd.matthes at gemplus.com>
      Signedness mismatch.     Notified by Bernd Matthes <bernd.matthes at gemplus.com>
      Make sure ec and ecdsa is properly handled in Windows.     Notified by Bernd Matthes <bernd.matthes at gemplus.com>
      Uhmmm, if we use && after having tested for the presence of the certificate,     we just *might* stand a certain chance of actually getting it written     to file...
      Potential memory leak removed.  Notified by <threaded at totalise.co.uk>
      Synchronise with 0.9.7-stable.
      Synchronise with 0.9.7-stable.
      Fix unsigned vs. signed clash
      Make sure that date is run under the C locale, so dates are given in the     default format.     PR: 16
      Generate an error if rewinding wasn't possible.     Notified by Ken Hirsch <kenhirsch at myself.com>.     PR: 23
      Small documentation fix for EVP_CipherFinal or EVP_CipherFinal_ex.     Notified by Stella Power <snpower at maths.tcd.ie>.     PR: 24
      Move an assert() to avoid core dumps when a static buffer hasn't been given.     Notified by Verdon Walker <VWalker at novell.com>
      One place where VMS wasn't changed to OPENSSL_SYS_VMS...
      Make the huge buffer smaller, so the size becomes reasonable for small-stack environments.     Notified by Verdon Walker <VWalker at novell.com>
      Synchronise the FAQ
      Updating status for 0.9.6d
      Use OPENSSL_SYS_VMS instead of just VMS
      Allow the use of the TCP/IP stack keyword TCPIP and NONE
      Make sure ECDSA is built and tested on VMS.
      Make sure ECDSA is built and tested on VMS.     Avoid loops if linking an application fails.
      Define a short alias for another long EC symbol.
      Make sure short aliases are used where required.
      make update
      Recover from errors
      There is a chance that the input string is larger than size, and on VMS,     this wasn't checked and could possibly be exploitable (slim chance, but still)
      Set DLOPEN_FLAG the same way on NetBSD as on OpenBSD.     PR: 58, submitted by andrew at cis.uoguelph.ca
      Remove the duplicate description of -out.     PR: 28
      Add more warnings for my debug targets.
      Our copy of pod2man.pl is old and comparatively broken, so lets remove it.     PR: 30
      Some shlib extensions were in the wrong field
      Correct darwin shared library support.     PR: 39
      Correct AES counter mode, which incorrectly incremented the counter before     using it.     PR: 56
      Apparently, there are still chances we have to deal with buggy pod2man versions.     Deal with that by testing any available pod2man and using it if appropriate,     and falling back to util/pod2man.pl if none was found.
      pod2man.pl would only remove the first LF from the name.
      Make sure that MS_STATIC isn't defined to 'static' under Win32.     PR: 51
      CAformat should not be used for CA key format.
      Check the return values where memory allocation failures may happen.     PR: 49
      a B< that wasn't properly ended.
      Support shared libraries properly on linux-sparcv[89].     PR: 60
      Support the newly release gcc 3.1 on 64-bit Solaris.  Not automatic.     PR: 57
      Reformat the CFLAG string so it can be made part of a C string.     Incidently, this works pretty well on the command line as well.     PR: 52
      In CFB mode, the iv is always encrypted.
      Declare the CFB and OFB modes for AES, and prepare for a declaration     of CTR mode.
      For CFB and OFB modes, always create the encryption key.
      Make it possible to give vectors only for decryption or encryption.
      Add the AES test vectors from NIST document SP800-38A.
      Document the AES changes.
      use sstrsep() to get the proper type to aoti().     Remove unneeded cast in ustrsep().     PR: 69
      make update (including adjusting libeay.num in HEAD to the changes in the     0.9.7-stable libeay.num
      Update the recognision of GCC version numbers to handle the prefix text     that GCC 3.1 adds to the --version output
      Since there's no continuation, the ; can go as well :-)
      Documentation bug corrected.     PR: 70
      Check errors when parsing a PKCS8INF PEM FILE, or there will be a core dump on error.     PR: 77
      It's not good to have a pointer point at something in an inner block.     PR: 66
      Make perl replacement for dirname, for system that lack the latter.     PR: 81
      Merge from 0.9.7-stable.
      Making a softlink from crypto/des/asm/perlasm to crypto/perlasm isn't     strictly necessary, so let's not do that.
      Parse directory using both slashes and backslashes as separators.     Do file copying in term of perl statements instead of using cp.     Part of PR: 75
      Check for the executable $openssl, not just the file.     Part of PR: 75
      Add support for DJGPP.     PR: 75
      Add support for DJGPP.
      Make sure that any dash in the prefix before the version number is removed.     PR: 96
      Tentatively add support for UWIN, a Unix-like environment on top of Windows.     PR: 62
      make update (adapt libeay.num to the 0.9.7-stable branch)
      For some reason, we need to return the full path to perl
      A number of includes were removed from evp.h some time ago.  The reason     was that they weren't really needed any more for EVP itself.  However,     it seems like soma applications (I know about OpenSSH, but there may     be more) used evp.h as the 'load all' header file, which makes sense     since we try our best to promote the use of EVP instead of the lower     level crypto algorithms.  Therefore, I put the inclusions back so     the application authors don't get too shocked by all the errors they     would otherwise get.
      The general debug target must specify that it doesn't use assembler routines.     PR: 105
      There is no RSAREF any more, so do not ty to install it.     PR: 106
      Use bg instead of bag as argument to macros, to avoid clashes with     structure field names.     PR: 112
      gcc requires -m64 to link 64-bit shared libraries on Solaris.     PR: 117
      have 'openssl pkcs7' exit with code 1 on error instead of 0.     PR: 119
      Use 32-bit sections instead of the default, 16-bit ones.     Part of PR 123
      When compiling for Windows, make sure we have the windows definitions declared.     Part of PR 123
      Use underscores instead of dashes in temporary file names.     This is due to weird Borland compilers.     Part of PR 123
      Document the new way of building with Borland Builder.     This concludes the changes from PR 123
      The new stuff is for Borland Bulider 5, so document it appropriately
      Forgot to change the second $ENV{DJDIR} to /dev/env/DJDIR.     Part of PR 75
      Update the information on Cygwin.     Part of PR 75
      DJGPP has some needed header files that other MSDOS/Windows compilers don't have.     Part of PR 75
      Pass CFLAG to dependency makers, so non-standard system include paths are     handled properly.     Part of PR 75
      A few changes to BC-32.pl didn't get properly applied.     This completes PR 123
      Try to avoid double declaration of ERR_load_PEM_strings().     PR 71
      opensslconf.h doesn't define what we want, e_os2.h does.     PR 123
      Do not define crypt() on OpenBSD.  Notified by Bob Beck of OpenBSD.
      In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ.     Submitted by Götz Babin-Ebell <babinebell at trustcenter.de>
      There's an ongoing project to bring some kind of path selection     mechanism to the ENGINE framework.  This means there there are going     to be new functionality for the DSO part, and ultimately some way of     merging two file specifications together.
      Set up the engine before doing anything random-related, since engine randomness     is only used for seeding and doing it in the wrong order will mean seeding     is done before the engine randomness is hooked in.     Notified by Frederic DONNAT <frederic.donnat at zencod.com>
      Using -Wtraditional took it a little far.  After all, we expect ANSI C, so     we don't need to care about traditional compilers
      Let's not forget the second -Wtraditional
      Some older code (never committed) wasn't converted to the new format.     Corrected.
      For those wanting to build for several platforms with the same source     directory, making a separate directory tree with lots of symbolic links     seems to be the solution.  Unfortunatelt, Configure doesn't take appropriate     steps to support this solution (as in removing a file that's going to be     rewritten).  This change corrects that situation.  Now I just have to     find all other places where there's lack of support for this.
      For those wanting to build for several platforms with the same source     directory, making a separate directory tree with lots of symbolic links     seems to be the solution.  Unfortunately, Configure doesn't take appropriate     steps to support this solution (as in removing a file that's going to be     rewritten).  This change corrects that situation.  Now I just have to     find all other places where there's lack of support for this.
      There are problems on certain platforms, and possible answers on how to (temporarly) solve them.
      Actually, the "bug" is really documented in the man-page for ld, so     it's really a misfeature according to the jargon file (4.0.0)     definition:
      The default C compiler on MacOS X doesn't like empty object files
      We had some experimental options in the Darwin entries.  They are no longer needed
      Add the usually recommended solution to the linking problem entry for MacOS X
      On MacOS X, you're not allowed to have common objects in shared libraries
      On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH
      If OpenSSL is built with shared library support on MacOS X,      everything works fine.  Note: this is only true for 0.9.7 and on
      Add a few FAQ entries for the various ways building OpenSSL on MacOS X     can fail, and point at the text in the PROBLEMS file
      Add support for shared libraries with OS/2.     PR: 124
      Make mkdir failsafe in case the directories are already present
      OPENSSL_SYS_WIN32 is important so util/mkdef.pl can detect it
      Unixware doesn't have strings.h, so we need to declare strcasecmp()     differently.     Unixware 2 needs to link with libresolv.     PR: 148
      Make S/MIME output conform with the mail and MIME standards.     PR: 151
      Reverse the change with the following log, it needs further investigation:
      Further enhance assembler support on Cygwin and DJGPP.     Make pod2mantest useable on DOS-based systems.     Part of PR 75, the rest is still under investigation.
      Allow subjects with more than 255 characters to be properly printed.     PR: 147
      Add history for documented new functions.     PR: 59
      Explain why RSA_check_key() doesn't work with hard keys.     PR: 86
      Two more names that are a little too long for the standard VMS linker.
      The first compile of the new merger method for VMS *almost* got     through.  That's not enough, is it?  :-)
      If DH is disabled, don't define the DH functions.     Notified by Kim Hellan <KHE at kmd.dk>
      Make dummy tests to make it easier to physically remove unwanted algorithms.     This should complete PR 75
      Document the recent DJGPP-related changes
      Don't clobber loop variable.     PR: 159
      The version of the shared library should, for now, reflect the version     of OpenSSL.     Part of PR 181.
      ln -f -s doesn't always work, so do a rm -f followed by a ln -s.     Part of PR 181
      Make sure to use $(MAKE) everywhere instead of make.     Part of PR 181
      If the email address is moved from the subject to the subject alternate name,     the subject in the certificate would differ from the subject in the index file,     which has quite bad concequences.     PR: 180
      If CRYPTO_realloc() is called with a NULL pointer, have it call     OPENSSL_malloc().     PR: 187
      Cut'n'paste error with other reposnder certificates cleared.     PR: 190
      Linux on s390 really knows about loading dynamically.     PR: 183
      OCSP and KRB5 Makefil.ssl should be consistent with all the others
      Make it possible to load keys from stdin, and restore that     functionality in the programs that had that before.     Part fo PR 164
      Avoid yet another name clash with libdes, and make the declaration consistent     with the definition.
      Add the CBC flag for cbc ciphers
      make update
      Add aix64-cc, and make sure that ar gets proper flags for 64-bit libraries
      Don't try testing with parallell make, that will just fail.     PR: 175
      We don't need to find out which pod2man to use more than once
      Certain flag macros were tested with #if instead if #ifdef...
      make update
      0.9.6f is released
      Parse version numbers prefixed with text (egcs does that, even with     -dumpversion).     PR: 203, part 1
      When we want to give a -f argument to $(MAKE), we'd better make sure the     variable doesn't already contain a -f argument.     PR: 203, part 4
      More long names to shorten.
      Synchronise with Unix.     (I expect the next run will generate lots of errors on VMS :-)).
      A new header.
      Synchronise tests with Unix.
      mem* functions are declared in string.h.
      More long symbols to shorten.
      Remove clashes between symbols that have the same name except for     casing.
      One more file to compile on VMS as well.
      In case of shared libraries, we might run one version of the     application with a different version of the library.  Detect if there     is a difference of versions, and print both versions in that case.     This might prove to be a good enough debugging tool in case of doubt.
      Update with the status for 0.9.6g.
      A few files in the ENGINE and EVP sections forgotten.
      Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5.     PR: 216, point 3
      Do not include openssl/ripemd.h when the RIPEMD algorithm has been deselected.     PR: 216, point 1
      Oh, ec2_smpt.c is #included by ec2_smpl.c!
      Comma forgotten.
      Merge in demo engines from 0.9.7-stable.
      Some files deserve to be ignored
      Make sure that the test input file comes in the same record format as the     typical output from a program in C.     PR: 222
      The applications 'ecdsa' and 'ecparam' were missing from the VMS     build.
      Instead of returning errors when certain flags are unusable, just ignore them.     That will make the test go through even if DH (or in some cases ECDH) aren't     built into OpenSSL.     PR: 216, part 2
      Sometimes, the value of the variable containing the compiler call can     become rather large.  This becomes a problem when the default 1024     character large buffer that WRITE uses isn't enough.  WRITE/SYMBOL     uses a 2048 byte large buffer instead.
      Yet a couple of modules forgotten.  These weren't important for     OpenSSL itself, since they aren't used there (yet).  It became quite     visible qhen building a shared library, however...
      Add a FAQ entry for yet another bc failure.     PR: 199
      Missing =back.     Part of PR 196
      It seems like sun4u doesn't always have a sparcv9 inside.  Trust isalist.     PR: 220
      q may be used uninitialised
      Add -lz to the ld flags when the user has chosen to link in zlib *statically*.     Notified by Doug Kaufman <dkaufman at rahul.net>
      isalist was less trustable than I thought (or rather, one can trust it to     come up with all kinds of names we don't have in our targets).     Besides, our sparcv9 targets currently generate sparcv8 code, I'm told.
      So, I discovered that if you have your $PATH set so a ld different from     GNU ld comes first, checking the usage of collect2 gives that instead of     GNU ld, even if GNU ld would be the one that would get used if we link using     gcc.  It's much better, apparently, to ask gcc directly what the path to     GNU ld is (provided it's there at all and gcc knows about it), and ask     the result if it's a GNU or not.  The bonus is that our GNU ld detection     mechanism got shorter and easier to understand...
      Typo, I assigned the variable ld instead of my_ld...
      -elapsed is also useful when using gettimeofday
      Missing ;
      Incorrect argument order to memset()
      It makes more sense to refer to specific function manuals than the concept     manual when the specific function is refered to in the current manual text.     This correction was originally introduced in OpenBSD's tracking of OpenSSL.
      Remove reference to RSA_PKCS1_RSAref, since it doesn't exist any more.     This correction was originally introduced in OpenBSD's tracking of OpenSSL.
      Remove *all* references to RSA_PKCS1_RSAref, since it doesn't exist any more.     This correction was originally introduced in OpenBSD's tracking of OpenSSL.
      It makes more sense to refer to specific function manuals than the concept     manual when the specific function is refered to in the current manual text.     This correction was originally introduced in OpenBSD's tracking of OpenSSL.
      Make sure that the signal storage is regarded as volatile.     This correction was originally introduced in OpenBSD's tracking of OpenSSL.
      The OpenBSD project has replaced the first implementation of the /dev/crypto     engine with something they claim is better.  I have nothing to compare to,     and I assume they know what they're talking about.  The interesting part with     this one is that it's loaded by default on OpenBSD systems.     This change was originally introduced in OpenBSD's tracking of OpenSSL.
      Removal missing
      Add a small note saying the 'debug' option should come before the platform in     the arguments to mk1mf.pl.     PR: 298
      Document should match reality :-).     PR: 255
      If we're loading libz dynamically, and COMP_zlib() is called more than once,     only the first call would provide the correct result.     PR: 277
      Add random number generation capability to the cswift engine.     Should this be added to 0.9.6-stable as well?     PR: 275
      Installed libraries should not be overwritten, especially shared ones.     Use mv to make sure the old copy is unlinked instead of overwritten.     PR: 273, and probably others...
      For some reason, the random number support removed the destructor
      Do not define crypt().  The supported function is DES_crypt() (an des_crypt()     when backward compatibility is desired).
      Please do not use C++ comments in C code.
      Since crypt() isn't defined anywhere, define it locally in destest.c
      Add missing LF
      Use double dashes so makedepend doesn't misunderstand the flags we     give it.     For 0.9.7 and up, that means util/domd needs to remove those double     dashes from the argument list when gcc is used to find the     dependencies.
      Add a few more VxWorks targets.     Correct misspelled VXWORKS macros.     Add VXWORKS identifying macros to e_os2.h.     Add required inclusions and mappings for VxWorks in e_os.h.     A few small modifications to make OpenSSL build and work on VxWorks.     PR: 253, except for the  change that was handled in an earlier              commit, and a request for easy build of just parts of OpenSSL.
      Don't fuss with the demo binaries
      Change the main Makefile to have "mini-build" targets.     PR: 253, last part.
      Keep the sub_all symbol so all the algorithm Makefiles won't break.
      Remove redundancy and use the main makefile better
      Make sure that the 'config' variable is correctly defined and declared     for monolithic as well as non-monolithic biuld.     More work is probably needed in this area.     PR: 144
      RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.     PR: 189
      VMS below version 7 doesn't have strcasecmp, so let's roll our own on VMS.     PR: 184
      Add a few more target platforms, to see how well the shared library     linking works on them.
      Rhapsody had ftime, Darwin doesn't (any longer?)
      Move the shared library construction stuff to Makefile.shared, a     helper makefile that generalises our way of building shared libraries     and is designed to take care of almost anything (I hope).
      Add a suffix for Darwin's sake, since it seems like .dylib comes after     the version in the file name.
      Fix inconsistencies in the Darwin targets.     Add a variant of SHLIB_SOVER without the preceding period.
      BN_bn2hex() returns "0" instead of "00" for zero.  This disrputs the     requirement that the serial number always be an even amount of characters.     PR: 248
      Make sure $fname will not give us any surprises with any funny characters.     PR: 256
      Make sure it's properly detected when there's no version information     at all, and in all other cases, make sure foo.so is linked to     foo.so.{soversion}.
      There may be more than one single quote to fix.     PR: 256
      make update
      Add a configuration target for A/UX.     PR: 271
      Step 2 of move of engines: copy engines to new directory and rename them     to be prefixed with e_ instead of hw_.  They aren't necessarely hardware     engines.  The files commited here are exact copies of the corresponding     hw_ files found in crypto/engine/.
      Step 3 of move of engines: copy the corresponding vendor header files.
      Step 4 of move of engines: Split e.ec into individual files for each     engine.
      Step 5 of move of engines: Add a makefile (and a .cvsignore).
      That wasn't supposed to be there...
      Step 6 of move of engines: rename the macro ENGINE_DYNAMIC_SUPPORT to     OPENSSL_NO_DYNAMIC_ENGINE and make sure that gets defined unless     shared library support has been specifically requested.
      Step 7 of move of engines: Engines should not depend on private     OpenSSL header files.
      We didn't copy the cryptodev engine here, darn it!
      Step 8 of move of engines: Remove the last little quirks.     DECIMAL_SIZE is copied from crypto/cryptlib.h.
      Step 9 of move of engines: rename crypto/engine/hw_cryptodev.c to     eng_cryptodev.c.  This is an engine that (at least currently) has     to be built in.
      Step 10 of move of engines: Change crypto/engine/Makefile.ssl so we     don't build any "built-in" engines in that directory any more, except     fo the cryptodev one.
      Step 11a of move of engines: Time to make the changes to support     automatic load of dynamic engines.  Unless we don't have shared     library support, do not try to load any "built-in" engines except for     cryptodev.
      Step 11b of move of engines: Time to make the changes to support     automatic load of dynamic engines.  Add functionality to the dynamic     engine to handle engine directories and loading from those.  This     is currently NOT compatible with the use of LD_LIBRARY_PATH and     similar environment variables.
      Step 11c of move of engines: Time to make the changes to support     automatic load of dynamic engines.  Change the iterator to try to load     the requested engine dynamically.  The environment variable     OPENSSL_ENGINES can be used to override the internal default directory     where one can expect to find dynamically loadable engines.
      Step 12 of move of engines: Time to make the changes to support     automatic load of dynamic engines.  Make the changes in the main     Makefile so the engines are built, but now in the engines/ directory.
      Step 13 of move of engines:  Remove old files.
      For the platforms where version info is inserted separately into the     shared library, set those flags conditionally.
      Oh, there were *two* places where we needed to protect the file     name...
      And if the path has a space, we definitely need to protect $openssl.
      make update.
      Step 14 of move of engines:  Final step, document the change.
      The AES CTR API was buggy, we need to save the encrypted counter as well     between calls, or that will be lost if it returned with *num non-zero.
      Add more commentary.  Check that *num is smaller than the block size.
      Chase down the missing backslashes.
      Clarify where the engines are by default.
      Targeting the solaris platform for specific tests.  Something is going     wrong, and my test engine doesn't show it.  The verbosity will be     temporary for about a day.
      Add missing quotes.     Make sure test doesn't barf because of missing spaces before the     closing ].     Add -lc to the list of libraries we depend upon.  Not always     necessary, but never hurts.
      Add needed libraries as per configuration to the list of libraries we     depend upon.
      libs is a timestamp that we don't really need to know about.
      Complete the VxWorks fix by implementing a NULL RAND_poll() for it.     PR: 253
      makedepend complains when a header file is included more than once in     the same source file.
      When BN_add_word() reaches top, it shouldn't try to add the the corresponding     word, since that word may not be zero.
      Makefile.shared needs to know how it can reach itself.
      A much better idea, of course, is not to do a submake at all...
      Typos.     PR: 189
      Typos.     PR: 189
      Eh, -Wl,--whole-archive disappeared from the GNU targets.  I've no     idea why, but that was definitely wrong...
      In my extreme debug mode, gcc complains that 'static' doesn't come     first.
      Signal an error if the entered output password didn't match itself.     PR: 314
      On certain platforms, we redefine certain symbols using macros in     apps.h.  For those, it's better to include apps.h after the system     headers where those symbols may be defined, since there's otherwise a     chance that the C compiler will barf when it sees something that looks     like this after expansion:
      There's a name clash between OpenSSL and RSAref.  Since this engine handles     RSAref data, pretend we don't care for OpenSSL's MD2 and MD5 structures or     implementation.     Remove all kinds of silly warning
      For the mkdef.pl to recognise if the "external" engines are inserted     into libcrypto, we need the "algorithm" STATIC_ENGINE.
      make update
      External engines aren't in crypto/engine/ any more, so don't try to     build them there.
      Make sure toupper() is declared
      A small detail: since 0.9.7, DH_new_method() and DSA_new_method()     don't take an ENGINE* as parameter any more.     PR: 156
      Revert, that was an incorrect change.     PR: 156
      The #else part of the conditionals have two statements, so they need     to be surrounded with braces, or the surrounding if..else will fail     miserably in case the #else part is compiled.
      synchronise util/libeay.num with the 0.9.7-stable variant (guys, this     is something we really need to keep track of!).     make update
      Plug potential memory leak.     Identified by Goetz Babin-Ebell <babinebell at trustcenter.de>
      New files have appeared, tell VMS.
      Add the command procedure to build external engines on VMS.     Currently, we simply assume that they shall always be built as     shareable images.
      Add all that is needed to build external engines on VMS.     Currently, we simply assume that they shall always be built as     shareable images.
      Remove all referenses to RSAref, since that's been gone for more than     a year.
      Depend on OPENSSL_NO_STATIC_ENGINE rather than OPENSSL_NO_DYNAMIC_ENGINE.     Make sure to include openssl/opensslconf.h to make sure we get the     definition of those macros.
      Since we're currently assuming VMS can deal with dynamic engines,     don't include the static engine entry points in libcrypto.exe.
      Cosmetic change
      Off-by-one-error corrected.     PR: 235
      some people just can't read the instructions
      Stupid bug fixes.  I've forgotten my DCL...
      Generate openssl.pc so pkg-config can return proper data.     PR: 163
      Keep on using ${CC}, since gcc may act in disguise.
      Windows doesn't know sys/file.h
      -CAcreateserial doesn't take a filename argument.     PR: 332
      -CAserial does take a filename argument.     PR: 332
      X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type     ia5String correctly.     PR: 244
      Make the programs link against the static library on MacOS X.     PR: 335
      Variables on the stack must be initialized or we can't depend on any     initial value.  For errline/errorline, we did depend on that, erroneously
      Make the CBC mode od AES accept lengths that aren't multiples of 16.     PR: 330
      Make it possible to run individual tests even when linked with libcrypto.so and libssl.so
      Name the flag files correctly.
      Make internal functions static.
      When build as dynamic engines, the loading functions should be defined     static.
      Correct support for SunOS 4.1.3_U1.     PR: 227
      This didn't get to the 0.9.8-dev thread...
      Merge from 0.9.7-stable.
      free() -> OPENSSL_free()
      Constification needed.     PR: 241
      Handle last lines that aren't properly terminated.     PR: 308
      Make the Windows test scripts consistent in their echoing
      When AES is skipped because the option 'no-rijndael' was given,     make sure it's skipped from SDIRS as well.
      The directory 'rijndael' doesn't exist any more, let's check the aes     directory instead (this should have been done long ago...).
      Fix to build better with DJGPP.     PR: 338
      Cygwin fixes
      Add a FAQ on how to check the authenticity of the openSSL distribution.     PR: 292
      It seems like gcc 2.9aix5.1 doesn't do will with optimization level 3.     PR: 115
      DCL logic bugs fixed.
      Remove warnings.
      Add Tandem OSS target.     PR: 192
      Close the implicitely opened registry key.     PR: 264
      make update
      We need to read one more byte of the REQUEST-CERTIFICATE message.     PR: 300
      Add -Wstrict-prototype and -Wmissing-prototype to my debugging targets
      Spell prototypes correctly :-).
      I know ANSI C doesn't like 'long long', and I don't want to see it
      -Wid-clash-n isn't support in gcc 3, and I get better result from continuously     rebuilding on a VMS box.
      The architecture name is i486, not just 486
      A few more Microsoft OIDs added
      make update
      Document the change to remove the 'done' flag variable in the     OpenSSL_add_all_*() routines
      Changes to make shared library building and use work better with Cygwin
      Add the INHIBIT_SYMLINKS flag variable to help Cygwin.     Add missing semicolons.     Add a comment explaining a bunch of targets without any action lines.
      WinCE patches
      Mention ActiveState Perl much earlier in INSTALL.WCE.
      We don't want TARGETCPU expanded here.
      I forgot this is compiled in test/, not crypto/ec/...
      Add the file openssl.pc that I forgot a while ago.
      Adding openssl.pc to the repository was a mistake,     since it's generated.
      Ignore openssl.pc.  This way, there's no risk that I'll add it again :-).
      Make it possible to build for more than one CPU.     Clarify what the CE tests do.
      A variable of type time_t is supposed to be a time measurement starting at     Epoch.  offset isn't such a measurement, so let's stop pretend it is.
      Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7).
      Determine HZ exactly as in apps/speed.c.
      Add the ASN.1 structures and functions for CertificatePair, which is     defined as follows (according to X.509_4thEditionDraftV6.pdf):
      Document the addition of certificate pairs.
      Add news items for 0.9.6h and expand on the 0.9.7 news as well.
      Update STATUS
      Fix an unsigned/signed mismatch.
      make update
      It works on my laptop :-).
      Mention a current showstopper
      Disable this module if OPENSSL_NO_SOCK is defined.
      Heimdal isn't really supported right now.  Say so, and offer a possibility     to force the use of Heimdal, and warn if that's used.     PR: 346
      Small bugfixes to the KSSL implementation.     PR: 349
      Heimdal isn't really supported right now.  Say so, and offer a possibility     to force the use of Heimdal, and warn if that's used.     PR: 346
      The logic in the main signing and verifying functions to check lengths was     incorrect.  Fortunately, there is a second check that's correct, when adding     the pads.     PR: 355
      I forgot that @ in strings must be escaped in Perl
      Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler     and linker optimizations.     PR: 343
      Extra ; removed.
      Unused variable removed.
      Cleanse memory using the new OPENSSL_cleanse() function.     I've covered all the memset()s I felt safe modifying, but may have missed some.
      Make sure EXIT() can always be used as one statement.
      Have all tests use EXIT() to exit rather than exit(), since the latter doesn't     always give the expected result on some platforms.
      A few more memset()s converted to OPENSSL_cleanse().     I *think* I got them all covered by now, bu please, if you find any more,     tell me and I'll correct it.     PR: 343
      Correct some names.
      Make it so all names mentioned in the NAME section of each manpage becomes a     symlink to said manpage.     PR: 242
      Remove incorrect assert.     PR: 360
      Redo the VAX assembler version of bn_div_words().     PR: 366
      EXIT() needs to be in a function that returns int.
      Small bugfix: even when r == d, we need to adjust r and q.     PR: 366
      Through some experimentation and thinking, I think I finally got the     proper implementation of bn_div_words() for VAX.
      Make some names consistent.
      I think I got it now.  Apparently, the case of having to shift down     the divisor was a bit more complex than I first saw.  The lost bit     can't just be discarded, as there are cases where it is important.     For example, look at dividing 320000 with 80000 vs. 80001 (all     decimals), the difference is crucial.  The trick here is to check if     that lost bit was 1, and in that case, do the following:
      define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN     gets defined).     PR: 371
      Windows CE updates, contributed by Steven Reddie <smr at essemer.com.au>
      Make CRYPTO_cleanse() independent of endianness.
      EXIT() may mean return().  That's confusing, so let's have it really mean     exit() in whatever way works for the intended platform, and define     OPENSSL_EXIT() to have the old meaning (the name is of course because     it's only used in the openssl program)
      A gcc 3.0 bug is triggered by our code.  Add a section about it in PROBLEMS.     PR: 375
      Add support for x86_64.     PR: 348
      DJGPP patches.     PR: 347
      Correct a few typos that I introduced after applying DJGPP patches.
      gethostname() is more a BSD feature than an XOPEN one.     PR: 379
      Do not implement RC4 stuff if RC4 is disabled.  Concequently, apply the same     rule for SHA stuff.     PR: 381
      Only check for a result buffer if the allocated string is a prompt string.     PR: 381
      PR: 381
      If an application supports static locks, it MUST support dynamic locks as     well to be able to use the CHIL engine.     PR: 281
      Make sure using SSL_CERT_FILE actually works, and has priority over system defaults.     PR: 376
      Allow users to modify /MD to /MT.     PR: 380
      Declare another general file.
      make update
      Make sure to implement the cryptodev engine only when /dev/crypto exists.
      Corrected DJGPP patch
      SSL_CERT_FILE should be used in place of the system default file, not as     a first alternative to try
      Merge in relevant changes from the OpenSSL 0.9.6h release.
      Keep STATUS in HEAD up to date.
      Keep NEWS in HEAD up to date.
      Apparently, bash is more forgiving than sh.  To be backward     compatible, don't use ==, use = instead...
      Some compilers are quite picky about non-void functions that don't return     anything.
      Add a few items I intend to work on for 0.9.8 and on.
      Forgot one.
      Implement a stateful variant if the ZLIB compression method.  The old     stateless variant is kept, but isn't used anywhere.
      Since it's defined in draft-ietf-tls-compression-04.txt, let's make     ZLIB a known compression method, with the identity 1.
      Since it's defined in draft-ietf-tls-compression-04.txt, let's make     ZLIB a known compression method, with the identity 1.
      Hmm, Geoff's change made things quite interesting.  We can now give     users the option of disabling deprecated functions, which should of     course be reflected in libeay.num and .def files.  Quite nice,     actually.
      make update
      A memset() too many got converted into a OPENSSL_cleanse().     PR: 393
      Since HEADER_DES_H has been the protector of des.h since libdes     (before SSLeay, maybe?), it's better to have that macro protect     the compatibility header des_old.h.  In the new des.h, let's use     a slightly different protecting macro.
      Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H     were defined.
      Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H     were defined.
      sk_*_push() returns the number of items on the stack, not the index of the     pushed item.  The index is the number of items - 1.  And if a NULL item was     found, actually use it.     Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a     requested dynamic lock really must exist, instead of just being silent about it
      In CRYPTO_lock(), check that the application cares about locking (provided     callbacks) before attempting to lock.
      Document the modifications in 0.9.7 that will make the hw_ncipher.c     engine work properly even in bad situations.
      Skip DH-specific tests when no-dh has been configured.     PR: 353
      I forgot one item I intend to work on.
      BIO_set_nbio() is enumerated, but not explained.  Remove it from enumeration     since it's both enumerated and explained in BIO_s_connect.pod.     PR: 370
      BIO_new_bio_pair() was unnecessarily described in it's own page as well as in     BIO_s_bio.pod.  The most logical is to move everything needed from     BIO_new_bio_pair.pod to BIO_s_bio.pod (including the nice example)     and toss BIO_new_bio_pair.pod.  I hope I got all the info over properly.     PR: 370
      OK, there's at least one application author who has provided dynamic locking     callbacks
      Bring des_locl.h at the same level as in the 0.9.7 branch.     Don't define macros in terms of asm() when __STRICT_ANSI is defined.
      Don't define macros in terms of asm() when __STRICT_ANSI is defined.
      Update the make system for installations:
      Make sure manual pages are properly linked to on systems that have case     insensitive file names, as well as those that do not have symlinks.     Incidently, both these cases apply on DOS/Windows...
      Synchronise with Makefiles.
      Protect loading routines with a lock.     PR: 373
      Transfer the Solaris shared library building changes from     0.9.7-stable.
      Update the current status
      It was pointed out to me that .pc files are normally stored in     ${prefix}/lib/pkgconfig, not ${prefix}/lib/pkginfo.
      It was pointed out to me that .pc files are normally stored in     ${prefix}/lib/pkgconfig, not ${prefix}/lib/pkginfo.
      If _XOPEN_SOURCE_EXTENDED or _XOPEN_SOURCE are defined, _POSIX_C_SOURCE gets     defined in DECC$TYPES.H.  If _POSIX_C_SOURCE is defined, certain types do     not get defined (u_char, u_int, ...).  DECC.H gets included by assert.h     and others.  Now, in6.h uses the types u_char, u_int and so on, and gets     included as part of other header inclusions, and will of course fail because     of the missing types.
      I have no idea what possesed me to compile s_socket.c as POSIXly code.     Incidently, it now compiles so much better without _POSIX_C_SOURCE.
      To avoid any future programming glitches, let's make each and every     assignment (modulo those I missed) individual statements.
      Small tweaks for code consistency.
      Because the contents of openssl.pc may have to change when a configuration     has been performed (and possibly changed), have it depend on Makefile.ssl.
      We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,     and then didn't support it very well.  And that when there already is a     useful variable for exactly this kind of thing; EX_LIBS...
      There was a mixup between INSTALLTOP and OPENSSLDIR...
      Be consistent with capitalisation of object names.
      Be consistent with capitalisation of object names.
      Keep the internal lowercase 'surname', for programmer's sake.
      Propagate MAKEDEPPROG to the subdirs under crypto/.
      A little debugging.
      More accurate comments.
      Make AES_ENCRYPT and AES_DECRYPT macros instead of static constants.     PR: 411
      Stop a possible memory leak.     (I wonder why s2_connect() handles the initial buffer allocation slightly     differently...)     PR: 416
      Finally, a bn_div_words() in VAX assembler that goes through all tests.     PR: 413
      All VMS-specific problems have been solved.     Confirmed by Mark Daniel <Mark.Daniel at wasd.vsm.com.au>
      Cygwin needs the library locatin for .DLLs to be set in PATH.  Unfortunately,     the conditional was set to add the library directory to PATH when the     platform is NOT Cygwin.  Corrected.     PR: 404
      Avoid double definition of config.     PR: 420
      Spelling error.     This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
      Update our list of implemented and related standards.
      Update our list of implemented and related standards.
      Add SPKM among the related stanrds.
      Can't find the referense to errors on XP with Kerberos
      Kenneth R. Robinette just told me the latest snapshot works well with     MIT Kerberos.
      Merge from 0.9.7-stable.
      make update
      Finally get rid of all the algorithm inclusions that were done from     evp.h.
      make update
      OS/2 does binary by default, apparently.     Reported by Brian Havard <brianh at kheldar.apana.org.au>.
      Since we're including Kerberos 5 headers in our exported header files (when     OpenSSL is configured to use Kerberos), we'd better tell pkg-config users     where they can be found.     PR: 421
      Merge in changes from 0.9.7-stable.
      Merge in changes from 0.9.7-stable.
      It's rather silly to believe we'd release 0.9.7a in 2002 :-).     It's even more silly to pretend we know which year 0.9.8 will be     released.
      Make sure the last character of the ASN.1 time string (the 'Z') is copied.     PR: 429
      Adjust the parameter lists in some not commonly used files.     PR: 428
      Link engines against libcrypto, even when a TCP/IP implementation is     specified...
      Rijndael should be called AES everywhere
      gcc wants character constants to be correct.  Before this change, the     following would happen on Solaris:
      The naming scheme wasn't quite correct for Cygwin
      Typos corrected.     PR: 445
      Make sure everything that may be freed is allocated or initiated.     PR: 446
      Certain files must be removed before generating them, in case they point     into a read-only source tree.     PR: 437
      Force the removal.     PR: 437
      When preparing a separate build tree, don't make softlinks to softlinks.     Add instructions in INSTALL, for easy access.     PR: 437
      It's recommended to do 'make clean' after having prepared a new build tree.     PR: 437
      CFLAG, not CFLAGS
      Name the flag file correctly
      Add documentation on how to handle the shared libaries.     PR: 423
      Double the dollars that are intended for the command line.     PR: 423
      If the user said 'shared' and we haven't included support for shared libraries,     warn him or her.     Reminder by Andrew Marlow <apm35 at student.open.ac.uk>
      Add better support for FreeBSD on non-x86 machines.     Add specific support for FreeBSD on sparc64.     PR: 427
      tty_in will never be stderr, so it will always be closed, which means stdin     might get closed...     Reported by Mark Daniel <Mark.Daniel at wasd.vsm.com.au>
      UI_UTIL_read_pw() misinterpreted the values returned from UI functions.     PR: 456
      Revert: the names of the cygwin distribution will not be named openssl2-*.     Requested by Corinna Vinschen <vinschen at redhat.com>
      Correct a misleading comment.     PR: 456
      DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment.     PR: 453
      Make sure not to declare a clashing read() for DJGPP.     PR: 440
      Merge from 0.9.7-stable.
      Correct an example that has a few typos.     PR: 458
      Extend the HOWTO on creating certificates, and add a HOWTO in creating keys.     PR: 422
      Add verbosity
      Fix possible NULL dereferencial.     Notified by Verdon Walker <VWalker at novell.com>
      make update
      Add some debugging output.
      FreeBSD has /dev/crypto as well.     PR: 462
      make update
      A few more files to ignore
      Ingore the correct flag file.
      Missing 0 broke FreeBSD build.     PR: 470
      DVCS (see RFC 3029) was missing among the possible purposes.     Notified privately to me by Peter Sylvester <Peter.Sylvester at EdelWeb.fr>,     one of the authors of said RFC
      cert_sk isn't always allocated, so freeing it may cause a crash.     PR: 481
      Fix a memory leak in SSL.     PR: 477
      Small typo, OENSSL should really be spelled OPENSSL.     PR: 476
      Add the possibility to build without the ENGINE framework.     PR: 287
      make update
      The OPENSSL_NO_ENGINE has small problem: it changes certain structures.  That's     bad, so let's not check OPENSSL_NO_ENGINE in those places.  Fortunately, all     the header files where the problem existed include ossl_typ.h, which makes     a 'forward declaration' of the ENGINE type.
      For VC++7 and up, the file is VSVARS32.BAT.     PR: 327
      The MASM situation is more difficult than described so far.  It is part of VC++ 7.     PR: 327
      The util scripts need to handled no-hw.     PR: 327
      A few small bugs with BIO popping.     PR: 364
      Document -engine where missing.     PR: 424
      We can't say in advance what the argument to BIO_socket_ioctl() should be, so     let's make that a void *.  Also, BIO_socket_nbio() should send it an int     argument, not a long.     PR: 457
      PKCS#1 has a new RFC, which we do implement
      Make sure memcpy() is properly declared by including string.h.
      Adjust DES_cbc_cksum() so the returned value is the same as MIT's     mit_des_cbc_cksum().  The difference was first observed, then verified by     looking at the MIT source.
      Oh, the destest program did look at the return value...
      Another long name to deal with
      Add full support for -rpath/-R, both in shared libraries and     applications, at least on the platforms where it's known how     to do it.
      Make it possible to disable OCSP, the speed application, and the use of sockets.     PR: 358
      Change no_rmd160 to no_ripemd for consistency.     PR: 500
      Pay attention to disabled SSL versions.     PR: 500
      Update linux-mips and linux-mipsel to support threads and shared libraries.     I also updated the bn_ops field with values taken from OpenBSD-mips.     PR: 498
      Handle krb5 libraries separately and make sure only libssl.so depends     on it.
      Add support for IA64.     PR: 454
      Make the no-err option work properly
      Borland C++ Builder 5 complains about unreachable statements.
      Make sure the memory allocation routines check for negative sizes
      Security fix: Vaudenay timing attack on CBC.     An advisory will be posted to the web.  Expect a release within the hour.
      Update release information
      Allow building applications against static libraries with Makefile.shared.
      Remove duplication and have clean depend on libclean
      Add the target linux-ia64-ecc, suggested by Keith Thompson <kst at sdsc.edu>.     PR: 516
      Shut up an ANSI compiler about uninitialised variables.     PR: 517
      hinv may generate more than one line (1 line per CPU).     PR: 520
      Make sure that all the library paths are modified in prepend mode, not     replace mode.     PR: 528
      Spelling errors.     PR: 538
      Some shells (ksh in this case) don't say 'command not found'.     PR: 540
      Add documentation for -starttls (s_client) and -id_prefix (s_server).     PR: 542
      Because it may be needed in public header files, move the definition     of OPENSSL_NO_FP_API on existence of OPENSSL_SYS_MSDOS to e_os2.h.
      Make sure we get the definition of OPENSSL_NO_AES.
      Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.
      Make sure we get the definition of OPENSSL_NO_BF.
      Make sure we get the definition of OPENSSL_NO_FP_API.
      Make sure we get the definition of OPENSSL_NO_SOCK.
      Make sure we get the definition of OPENSSL_NO_ERR.
      Make sure we get the definition of OPENSSL_NO_CAST.
      Make sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES,     DES_LONG and OPENSSL_NO_DESCBCM.
      Make sure we get the definition of OPENSSL_NO_DH.
      Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA.
      Make sure we get the definition of OPENSSL_NO_EC.
      Make sure we get the definition of OPENSSL_NO_ECDH.
      Make sure we get the definition of OPENSSL_NO_ECDSA.
      Make sure we get the definition of OPENSSL_NO_HMAC.
      Make sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT.
      Make sure we get the definition of OPENSSL_NO_FP_API.
      Make sure we get the definition of OPENSSL_NO_MD2.
      Include e_os.h correctly.
      Make sure we get the definition of OPENSSL_NO_BIO.
      Make sure we get the definition of a number of OPENSSL_NO_* macros.
      Make sure we get the definition of OPENSSL_NO_AES.
      Make sure we get the definition of OPENSSL_NO_BF.
      Make sure we get the definition of OPENSSL_NO_CAST.
      Make sure we get the definition of OPENSSL_NO_IDEA.
      Make sure we get the definition of OPENSSL_NO_RC2.
      Make sure we get the definition of OPENSSL_NO_RC4.
      Make sure we get the definition of OPENSSL_NO_RC5.
      Make sure we get the definition of OPENSSL_NO_DES.
      Make sure we get the definition of OPENSSL_NO_MD2.
      Make sure we get the definition of OPENSSL_NO_MD4.
      Make sure we get the definition of OPENSSL_NO_MD5.
      Make sure we get the definition of OPENSSL_NO_MDC2.
      Make sure we get the definition of OPENSSL_NO_RIPEMD.
      Make sure we get the definition of OPENSSL_NO_SHA.
      Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA.
      Make sure we get the definition of OPENSSL_NO_RSA.
      Sometimes, we have partial comments on the same line as other stuff we     parse.  Make sure to read in the whole comment, so it can be entirely     removed.
      Don't put configuration macro definitions on the command line, we're     just fooling ourselves and then screwing up for other applications.
      make update
      Make sure to declare mem*() properly.
      Define COMP method function prototypes properly.
      To define OPENSSL_NO_FP_API for all MSDOS type targets was unfair     against DJGPP, and much more restricted than previous definitions.
      Missed a few dollars.     PR: 528
      Let's limit the extent of the definition of _XOPEN_SOURCE.
      Update VMS building system
      OpenUNIX 8 has some problems using -G with gcc.  Maybe using gnu-shared works better (will be tested tonight).
      Add usage string for -fingerprint.     PR: 560
      Don't feil when indent is 0.     PR: 559
      No need to test -setalias twice.     PR: 556
      It seems like gcc-drivven shared library building on OpenUnix 8 requires     -shared rather than -G.
      Make it possible to have multiple active certificates with the same     subject.
      Conditionalise all debug strings.
      Reset the version number of the issuer certificate?  I believe this     hasn't been tested in a long while...
      Remove unused variable.
      Reindent for readability.
      Don't try to free NULL values...
      Typo correction
      It's recommended to use req rather than x509 to create self-signed certificates
      Add functionality to help making self-signed certificate.
      Implement self-signing in 'openssl ca'.  This makes it easier to have     the CA certificate part of the CA database, and combined with     'unique_subject=no', it should make operations like CA certificate     roll-over easier.
      Add a CA section, to make sure the test will work with the changes in     CA.sh.
      One more debug line to conditionalise.
      Counter for GCC attributes.
      Add GCC attributes when compiled with gcc.  This helps find out if     we're using the printing functions correctly or not.
      Make %p and %# work properly, at least with pointers and floats.
      Correct a lot of printing calls.  Remove extra arguments...
      There's no need to check for __attribute__ with ANSI functions, since     we only check to the opening parenthesis anyway...
      make update
      Add documentation on the added functionality in 'openssl ca'.
      Convert save_serial() to work like save_index(), and add a     rotate_serial() that works like rotate_index().
      Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.     PR: 564
      Correct a typo.     Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note     about the lack of parameter comparison for EC.
      What was I smoking?  EVP_PKEY_cmp() should return with 0 if     EVP_PKEY_cmp_parameters() returned 0, otherwise it should     go on processing the public key component.  Thia has nothing     to do with the proper handling of EC parameters or not.
      RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function     pointers should be used.  It doesn't necessarely mean it should go through     the ENGINE framework.
      We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form     of unneeded includes of openssl/engine.h.
      We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in     form of unneeded direct calls through the engine pointer..
      It seems like OpenUnix's ld uses LD_LIBRARY_PATH to search for     libraries.  What's worse, the directories given in LD_LIBRARY_PATH are     checked first!  Therefore, we need a hack to prepend all the     directories we give with -L to the current value of LD_LIBRARY_PATH,     thereby temporarly forming a hacked value.
      I forgot to continuation mark.
      A single quote too many.
      Correct a few typos.
      Include rand.h, so RAND_status() and friends get properly declared.
      Explicitely tell the compiler we're mips3 for the target irix-mips3-cc.
      There's a problem building shared libraries on the sco5-gcc target.  However,     it's time for a release, so I'm just adding an enty in PROBLEMS, and will     hopefully solve this for a later release
      Remove all those infernal stupid CR characters
      New NEWS
      make update
      Add the 0.9.6j news.
      Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
      Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.     Memory leak fix: RSA_blinding_on() would leave a dangling pointer in                      rsa->blinding under certain circumstances.     Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
      Make it possible to affect the extension of man pages.     PR: 578
      Add an extended variant of OBJ_bsearch() that can be given a few     flags.
      Add an extended variant of sk_find() which returns a non-NULL pointer     even if an exact match wasn't found.
      Correct documentation.  sk_find_ex() doesn't return a pointer, it     returns an index.
      Some variables were uninitialised...
      Include objects.h to get a correct declaration of OBJ_bsearch_ex(),     not to mention the OBJ_BSEARCH_* macros.
      make update
      Add BUF_strndup() and BUF_memdup().  Not currently used, but I've code     that uses them that I'll commit in a few days.
      make update
      Define the OPENSSL_ITEM structure.
      Define a STORE lock (the STORE type will be committed later).
      Define a STORE type.  For documentation, read the entry in CHANGES,     crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.
      Add STORE support in ENGINE.
      make update
      Provide some extra comments about the STORE_Memory STORE method.
      Get the year right...
      STORE was created 2003, darnit!
      It's usually best if the function name matches everywhere...
      Yeah, right, an object file ending with .c, that'll work!
      Constify RSA_sign() and RSA_verify().     PR: 602
      Add the possibility to store arbitrary data in a STORE.     Suggested by Götz Babin-Ebell <babin-ebell at trustcenter.de>.
      DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function     called downstream that need it to be non-const.  The fact that the RSA_METHOD     functions take the RSA* as a const doesn't matter, it just expresses that     *they* won't touch it.     PR: 602
      /usr/lib/pkgconfig/openssl.pc was never installed in the RPM.     Notified by Bennett Todd <bet at rahul.net>.
      Add the possibility to hand execution parameters (for example     authentication material) to the STORE functions.     Suggested by Götz Babin-Ebell <babin-ebell at trustcenter.de>.
      Define the two authentication parameter types for passphrase and     Kerberos 5 authentications.
      Remove certain functions
      Make the function STORE_new_engine() public.
      Some misspelled function names.
      Misspelled functions.
      make update
      I don't remember what my thinking was with str_compat.h.  Maybe it'll     come back to me...
      I have no idea how I cut away that piece of text...
      Make sure EC_window_bits_for_scalar_size() returns a size_t
      Correct signedness
      Fix sign bugs.     PR: 621
      Brackets are now allowed, after a small hack in the processing of the     docs-on-web.
      Make sure to compare unsigned against unsigned.
      PR: 630
      Have ASFLAGS be defined the same way as CFLAGS
      Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration     macros get properly defined.
      Make sure debug-solaris-sparcv9-gcc is consistent with solaris-sparcv9-gcc.
      Make sure that size_t matches size_t.
      Make sure the function definitions match their declaration.
      Remove extra ;
      Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others).
      The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting
      Document the AES_cbc_encrypt() change
      Add crypto/store to the directories to look through.
      Make sure to NUL-terminate the string on end-of-file (and error)     PR: 643
      Handle des_modes.pod properly.     PR: 634
      Add functionality to set marks on the error stack and to pop all errors to the next mark.
      Add documentation for ERR_set_mark() and ERR_pop_to_mark().
      Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[].     PR: 617
      Remove unused variable
      Avoid warnings saying that the format takes a void*.
      make update
      Add the possibility to have symbols loaded globally with DSO.
      Typo.     PR: 593
      Make sure DSO-dlfcn works properly on SunOS4.     PR: 585
      Make sure ssize_t is defined on SunOS4.     PR: 585
      Do not try to use non-existent gmtime_r() on SunOS4.     PR: 585
      Typo.     PR: 584
      Slightly better check of attributes.  Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key.
      Missing string and potential memory leaks.     Notified by Goetz Babin-Ebell <goetz at shomitefo.de>
      Add the application data type to the README.
      EXIT() should mainly be exit(n), not return(n).  OPENSSL_EXIT() will     take care of returning if necessary.
      Unsigned vs. signed fixed.
      dynamic_ctrl() didn't have exactly the same prototype as defined by     ENGINE_CTRL_FUNC_PTR.
      Implement CRL numbers.     Contributed in whole by Laurent Genier <Laurent.Genier at intrinsec.com>     PR: 644
      Add documentation for the new crlnumber configuration option.
      We set the export flag for 512 *bit* keys, not 512 *byte* ones.     PR: 587
      Prepare for changes in the 0.9.6 branch
      Prepare for changes in the 0.9.6 branch
      Document the last change.     PR: 587
      make update
      Make sure the compiler knows we run with pedantic settings.
      The definition of dynamic_ctrl() should change along with the     declaration :-).
      Scan through the engines directory as well.
      Conform with the standard prototype for engine control functions.
      "Remove" unused variable
      Implement missing functions.     Have the f parameter to _ctrl functions have the prototype (*)(void)     rather than (*)(), for the sake of C++ compilers.     Disable unimplemented functionality.
      make update
      Nils Larsch told me I could remove that variable entirely.
      Only remove old files if they exist.  [Maing32].     Notified by Michael Gerdau <mgd at technosis.de>
      Change AES-CTR to increment the IV by 1 instead of 2^64.
      The 'counter' is really the IV.
      The convenience argumetn for -nameopt and -certopt is ca_default, not     default_ca.     PR: 653
      Add -issuer_hash and make -subject_hash the default way to get the     subject hash, with -hash a synonym kept around for backward     compatibility reasons.     PR: 650
      Oops, I forgot to replace 'counter' with 'ivec' when used...
      The counter is big-endian.  Since it comes as an array of char,     there's absolutely no need to special-case it on little-endian     machines.
      Make sure openssl.pc is readable by everyone.     PR: 654
      Replace CCITT with ITU-T.  Keep CCITT around as an alias.     make update
      A document that has a very rough description of the X509     functionality.  This is mostly so there's a way to get from the     crypto.html page to the function descriptions.
      Inclusion of openssl/engine.h should always be wrapped with a check that     OPENSSL_NO_ENGINE is not defined.
      Correct two problems, found by Martin Kochanski <cardbox at easynet.co.uk>:
      Generalise the definition of strcasecmp() and strncasecmp() for     platforms that don't (necessarely) have it.  In the case of VMS, this     means moving a couple of functions from apps/ to crypto/ and make them     general (although only used privately).
      Add necessary changes to be able to build on VxWorks for PPC860.     Contributed by Bob Bradley <bob at chaoticsoftware.com>
      Free the Kerberos context upon freeing the SSL.     Contributed by Andrew Mann <amann at tccgi.com>
      Correct small documentation error.     PR: 698
      Include the instance in the Kerberos ticket information.     In s_server, print the received Kerberos information.     PR: 693
      Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.     PR: 680
      Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.     PR: 679
      Add reference counting around the thread state hash table.     Unfortunately, this means that the dynamic ENGINE version just went up, and     isn't backward compatible.     PR: 678
      Selected changes for MSDOS, contributed by Gisle Vanem <giva at bgnett.no>.     PR: 669
      Make MD5 assembler code able to handle messages larger than 2GB on 32-bit     systems and above.     PR: 664
      Change the indentation from 12 to indent+4.     PR: 657
      Uhmm, It seem to have forgotten one file when I committed the MSDOS     change yesterday.     PR: 669
      Synchronise util/libeay.num with the 0.9.7-stable one.     make update
      Further VxWorks changes from Bob Bradley <bob at chaoticsoftware.com>, this     time involving VxWorks on MIPS
      Correct buggy PODs (missing commas and a prepended space).
      Correct incorrect mode bits change.
      Use correct case for manual page references
      Avoid 'file names' with spaces
      Remove leading and trailing spaces and tabs
      Corrected misplacement of one of the greps...
      Include e_os.h to get a proper definition of memmove on the platforms     that do not have it.
      Correct a mixup of return values
      Check for errors from SSL_COMP_add_compression_method().     Notified by Andrew Marlow <AMARLOW1 at bloomberg.net>
      Remove unused code, don't use zlib functions that are really macros     and provide missing prototypes.
      Setting the ex_data index is unsafe in a threaded environment, so     let's wrap it with a lock.
      Make sure int SSL_COMP_add_compression_method() checks if a certain     compression identity is already present among the registered     compression methods, and if so, reject the addition request.
      Add functionality to get information on compression methods (not quite complete).
      s_client should inform the user of any compression/expansion methods used.
      make update
      In realloc, don't destroy the old memory area if a new one couldn't be     allocated.     Notified by Daniel Lucq <daniel at lucq.org>
      The object file is o_str.o, not o_str.c.
      Correct serious bug in AES-CBC decryption when the message length isn't     a multiple of AES_BLOCK_SIZE.     Optimize decryption of all complete blocks in AES-CBC by removing an     unnecessary memcpy().
      Removing those memcpy()s also took away the possibility for in and out to     be the same.  Therefore, the removed memcpy()s need to be restored.
      Let exit codes propagate from within for loops.
      Engines are usually binary, and should therefore be in INSTALLTOP     rather than OPENSSLDIR.
      Less restrictive debugging build.
      Change my debugging entries to do fierce BIGNUM debugging.
      Netware-specific changes,
      Allow multi-valued rdns in subjects.  This adds the -multivalue-rdn option     to 'openssl req' and 'openssl ca'.
      Move do_subject() to apps.c and rename it to parse_name().  The     rationale behind the move is that it's use by several applications.     The rationale behind the name change is that it describes what the     function does a bit better.
      Forgot to change the declaration of do_subject() to one of parse_name()...
      Let's use text/plain in the example instead of crapy HTML.     PR: 777     Submitted by: Michael Shields <mshields at sunblocksystems.com>
      Move another common functionality (reproduced so far with cut'n'paste)     to apps.c, and give it the hopefully descriptive name parse_yesno().
      Make a number of changes to the OS/2 build.  Submitter's comment below.
      1024 is the export key bits limit according to current regulations, not 512.     PR: 771     Submitted by: c zhang <czhang2005 at hotmail.com>
      RSA_size() and DH_size() return the amount of bytes in a key, and we     compared it to the amount of bits required...     PR: 770     Submitted by: c zhang <czhang2005 at hotmail.com>
      Damnit, I'm sick of having to do something special every time a module     that gets built before objects barfs all over the place because it     uses a new NID that hasn't had a chance of getting defined yet (in     this case, it was about a couple of new EC curves, and therefore a     couple of new corresponding NIDs).
      Add IPSec/IKE/Oakley curves.
      We're getting a clash with C++ because it has a type called 'list'.     Therefore, change all instances of the symbol 'list' to something else.
      Make sure the documentation matches reality.
      CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL     if the give size is 0.
      Check that OPENSSL_malloc() really returned some memory.
      It was pointed out to me that if the requested size is 0, we shouldn't     ty to allocate anything at all.  This will allow eNULL to still work.
      Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).     Correct the typo PUKEY...
      Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).     Correct the typo PUKEY...
      To figure out if we're going outside the buffer, use the size of the buffer,     not the size of the integer used to index in said buffer.
      Add a newline at the end of the last line.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Use BUF_strlcpy() instead of strcpy().     Use BUF_strlcat() instead of strcat().     Use BIO_snprintf() instead of sprintf().     In some cases, keep better track of buffer lengths.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Include strings.h so strcasecmp() and strncasecmp() get properly declared.
      Use sh explicitely to run point.sh     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      OpenBSD-internal changes.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Correct documentation typos.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Check if a random "file" is really a device file, and treat it     specially if it is.     Add a few OpenBSD-specific cases.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Only use environment variables if uid and gid are the same as euid and egid.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Avoid including cryptlib.h, it's not really needed.     Check if IDEA is being built or not.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Fix Perl problems on sparc64.     This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
      Adding a slash between the directoryt and the file is a problem with     VMS.  The C RTL can handle it well if the "directory" is a logical     name with no colon, therefore ending being 'logname/file'.  However,     if the given logical names actually has a colon, or if you use a full     VMS-syntax directory, you end up with 'logname:/file' or     'dev:[dir1.dir2]/file', and that isn't handled in any good way.
      We're passed p, so let's use p instead of making assumptions.
      S_IFBLK and S_IFCHR may not exist in some places (like Windows), so     let's check for those macros, and if they aren't defined, let's assume     there aren't Unixly devices on this platform.
      Avoid signed vs. unsigned warnings (which are treated like errors on     Windows).
      Unsigned vs. signed problem removed
      make update
      Add the missing parts for DES CFB1 and CFB8.     Add the corresponding AES parts while I'm at it.     make update
      make update
      In the development branch, it feels quite all right to warn on a lot     more stuff.
      -Wtraditional was a little too much...
      Remove typos
      Document the AES options for 'openssl smime'.     PR: 834
      Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.     PR: 833
      AES is spelled AES, not ASE.  Oops...
      Avoid a memory leak in OCSP_parse_url().     Notified by Paul Siegel <psiegel at corestreet.com>
      Make our page with pointers to binary distributions visible in the FAQ
      Make sure we use unsigned constants, or come compilers may complain.
      Make sure that the last argument to RAND_add() is a float, or some     compilers may complain.
      It was just pointed out to me that it's better to cast to double...
      Constify d2i, s2i, c2i and r2i functions and other associated     functions and macros.
      Make sure fd is defined where it should.     PR: 849
      Remove a warning for conversion double->long.  This has impacts on Windows.     PR: 849
      Change \t to real tab in echo argument.     PR: 847
      Correct minor spelling error.     PR: 845
      Sync the VMS build with Unix.
      make update
      Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)
      Make sure toupper() is properly declared.
      o_str.h isn't a public header file.
      o_str.h isn't a public header file, so make sure it will still be     included.
      Add store.h among the exported headers on VMS.
      Only build the PKCS#7 test applications if "pkcs7" is present in     SDIRS.
      Make it easier to buld test applications...
      Correct constness problems.
      Don't define fd for platforms that do not use it, as some may not declare fileno() properly
      RAND_add() wants a double as it's last argument.
      A couple more cases where RAND_add() gets an integer instead of a     doule as last argument.
      Make prototypes for some callback pointers.
      Change spaces to symbols in names.     PR: 856
      Wrap code starting with a definition.     PR: 854
      Move the definition of Win32_rename(), since the macro rename gets undefined     in the middle of the code on Windows, and that disrupts operations in functions     later that use rename()...     PR: 853
      SSL_COMP_get_compression_method is a typo (a missing 's' at the end of     the symbol name).
      Add symbol hacks for some long names.     make update
      Print the debug thingies on stderr instead of stdout.  If for nothing     else then at least so bc doesn't have problems parsing the output from     bntest :-).
      Whooaaaaa, the BN_CTX_DEBUG macro really produces output these     days...  A little too much for my tests, currently...
      When the pointer 'from' changes, it's stored length needs to change as     well.
      Remove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't     use it.
      Let's make life easier and have the VMS version of the configuration be     generated from the Unixly configuration file.
      make update
      Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.
      Reimplement old functions, so older software that link to libcrypto     don't crash and burn.
      X509_policy_lib_init is declared but not defined, so it raises havoc     when trying to build a shared library on VMS or Windows...
      Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP     wrapping preprocessor directive.  This also removes a duplicate     declaration.
      make update
      Synchronise VMS with the Unixly Malefiles.
      Since num is now a size_t, it's not necssary to check for less than 0,     AND it avoids warnings on certain systems.
      SHA224_Update() and SHA224_Final() aren't implemented, and since     SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just     create aliases in form of macros.
      make update
      Typo, setting the first element of nids[] to NULL instead of setting     *cnids.
      Making some values explicitely unsigned was derived from ongoing work     that isn't yet committed.  It wasn't meant to be committed already, so     I'm removing it for now.
      Linux on ARM needs -ldl     PR: 905
      NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev.     The changes have been mailed to <crypt at bis.doc.gov> as well.
      Make sure that the buffers are large enough to contain padding.     PR: 904
      Make the tests of EVP operations without padding.  As a consequence,     there's no need for a larger BUFSIZE any more...
      Changes for VOS, submitted by Paul Green <Paul.Green at stratus.com>.
      Explain a little better what BN_num_bits() and BN_num_bits_word() do.     Add a note as to how these functions do not always return the key size, and     how one can deal with that.
      o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and     _stricmp() on that platform, use the appropriate header file for it,     <string.h>.     o_str.h: we only want to get size_t, which is defined in <stddef.h>.
      Copy a few files from LPlib (a new project of mine), add a wrapper.     Now we have directory reading capabilities for VMS as well, and all     of it in a fairly general manner.
      Use the new directory reading functions.
      make update
      In some cases, EVMSERR isn't visible (that's fairly new...).
      o_dir needs to be compiler with the warnings about dollar signs in     identities disabled.
      'SSL_add_dir_cert_subjects_to_stack' is longer than 31 characters.     Lucky me, I had prepared for this :-).
      Some test programs in crypto/sha were named differently than usual...
      Because it's one of our libraries calling new functions in the other,     we need to have them among the symbols that should appear in the     transfer table, at least on VMS (and it wouldn't surprise me if     Windows would whine as well).
      make update
      I think it could be a good thing to know what went wrong with the tests...
      Since version 7.0, The C RTL in VMS handles time in terms of UTC     instead of local time.
      Imported from LPlib, making sure the entry name (at least on Unix) is     NUL-teminated at all times, and that we don't make unneeded calls to     free().
      From LPlib:
      From LPlib:
      From LPlib:
      From LPlib:
      The compiler may complain about what looks like a double definition of a     static variable
      We build the crypto stuff, not the ssl stuff, in this command procedure...
      DJGPP has opendir() and friends, according to Gisle Vanem <giva at bgnett.no>.
      Stupid casts...
      Basically, I wanted to be able to make a dump to a FILE*, and not have     to bother creating a BIO around it.  So here's a few more functions to     make it possible to make the dump using a printing callback, and to     print to a FILE* (based on the callback variant), done in the same     style as the functions in crypto/err/err_prn.c.
      On systems that use case-insensitive symbol names (i.e. they're all     converted to upper case or something like that), the application-     level bio_dump_cb() has a name clash with the new library function     BIO_dump_cb().  The easiest fix is to rename the function at the     application level.
      'compatibility', not 'computability' :-)...
      Another symbol longer than 31 characters...
      Synchronise VMS build files with Unixly Makefiles.
      make update
      Synchronise with Unix build.
      - There's no more need for the snprintf macro.     - Move the inclusion of malloc.h until after all other includes, so we       can do proper tests of system macros.     - Make sure the correct header file is included to get the builtin       "alloca" under VMS, and define a macro to map the symbol 'alloca' to       it.
      Import changed files from LPlib.  The changes are logged as follows     for LPdir_unix.c in LPlib.  For the other files, only the last log     entry applies.
      Move the declaration of alloca() so it's ony declared when really     necessary.
      usr/doc has recently changed to usr/share/doc on Cygwin.     Notified by Corinna Vinschen <vinschen at redhat.com>
      Because libraries on Windows lack useful version information, the zlib     guys had to change the name to differentiate with older versions when     a backward incompatibility came up.  Of course, we need to adapt.     This change simply tries to load the library through the newer name     (ZLIB1) first, and if that fails, it tries the good old ZLIB.
      Make sure memmove() is defined, even on SunOS 4.1.4.     PR: 963
      Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH     and friends may be entirely useless.  In such a case, LD_PRELOAD is     the answer, at least on platforms using LD_LIBRARY_PATH.  There might     be other variables to set on other platforms, please fill us in...
      Don't use $(EXHEADER) directly in for loops, as most shells will break     if $(EXHEADER) is empty.
      Make sure LD_PRELOAD is only set when we build shared libraries (and     therefore link with them).  Add LD_PRELOAD setting code where it was     still missing.
      Some find it confusing that environment variables are set when shared     libraries aren't built or used.  I can see the point, so I'm     reorganising a little for clarity.
      Whoops, syntactic mistake...
      Cut'n'paste mistake.  All tested OK now...
      Make an explicit check during certificate validation to see that the     CA setting in each certificate on the chain is correct.  As a side-     effect always do the following basic checks on extensions, not just     when there's an associated purpose to the check:     - if there is an unhandled critical extension (unless the user has       chosen to ignore this fault)     - if the path length has been exceeded (if one is set at all)     - that certain extensions fit the associated purpose (if one has been       given)
      Document the change.
      Split X509_check_ca() into a small self and an internal function     check_ca(), to resolve constness issue.  check_ca() is called from the     purpose checkers instead of X509_check_ca(), since the stuff done by     the latter (except for calling check_ca()) is also done by     X509_check_purpose().
      Propagate a few more variables to Makefile.shared when linking     programs.
      Change libeay.num so it's synchronised with additions in 0.9.7-stable.     make update
      make update (oops, missed this file)
      Add functionality needed to process proxy certificates.
      Forgot to synchronise the VMS build scripts.
      iv needs to be const because it sometimes takes it's value from a     const.
      Correct a faulty address assignment, and add a length check (not     really needed now, but may be needed in the future, who knows?).
      Small typo, `mask' got the same value ORed to it twice instead of     `mask' and `emask' getting that operation done once each.
      Changes concering RFC 3820 (proxy certificates) integration:
      Small thing.  It seems like we have to defined _XOPEN_SOURCE to get     isascii() on DEC/Compaq/HP C for VMS.
      Apparently, at least with my VMS C environment, defining _XOPEN_SOURCE     gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from     being defined, and that breaks havock into the rest of the standard     headers...  *sigh*
      The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and     Makefile.shared was a bit overcomplicated.
      Get rid if the annoying warning
      Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might     cause a segfault...  This was uncovered because EVP_VerifyInit() may fail     in FIPS mode if the wrong algorithm is chosen...
      Oops, == should really be = when used with test ([ and ]).
      The first argument to load_iv should really be a char ** instead of an     unsigned char **, since it points at text.
      Added HOWTO about proxy certificates.
      There are cases when there are no files left to verify.  Make sure to     handle that properly.
      Change the memory leak FAQ entry to describe the levels of thread safety in each function
      Add a file with fingerprints that have recently been used to sign     OpenSSL distributions, or are about to.  This has been requested a     little now and then by users, for years :-/...
      Added restrictions on the use of proxy certificates, as they may pose     a security threat on unexpecting applications.  Document and test.
      Add emacs cache files to .cvsignore.
      Add a NEWS item for 0.9.7g.
      Synchronise with ec/Makefile.
      Avoid compiler complaint about mismatched function signatures     (void * != RSA *)
      Type mismatch detected by DEC C compiler.  void* != void**
      Resolve signed vs. unsigned.
      Avoid compiler complaint about mismatched function signatures     (void * != char *)
      signed vs. unsigned.
      Make sure id2_func is properly cast as well...
      signed vs. unsigned.
      Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where     util/libeay.num is important when building shared libraries, like     VMS.
      Synchronise with Unix build system.
      From branch OpenSSL_0_9_7-stable, revision, 2002-05-23 17:25:
      Remove a bunch of false positives, fix one true positive.
      From branch OpenSSL_0_9_7-stable, 2002-11-13 15:30:
      Remove a bunch of false positives, and fix some true positives.
      This one deserves a note.  In the change to CHANGES, there's the     following:
      All kinds of changes from branch OpenSSL_0_9_7-stable
      From branch OpenSSL_0_9_7-stable, 2004-08-11 22:34:
      From branch OpenSSL_0_9_7-stable, 2004-09-11 11:45:
      Some true positives fixed, toss some false positives.
      A few more fingerprints...
      Actually, C on VMS/Alpha knows very well what a long long is, and     knows how to make use of it.  So let's stop pretending the Alpha     doesn't know long long...
      Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS,     there's no need to undefine it here.  Then, let's get a bit paranoid     and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG     isn't defined.
      I was incorrect about VMS/Alpha.  Defining BN_LLONG with     SIXTY_FOUR_BIT could cause havoc, so don't (it's lucky bn.h undefines     BN_LLONG when SIXTY_FOUR_BIT is defined).
      I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev.
      Version changes where needed.
      Update status information
      Patches for Cygwin, provided by Corinna Vinschen <vinschen at redhat.com>
      When _XOPEN_SOURCE is defined, make sure it's defined to 500.  Required in     http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.
      DEC C complains about bad subscript, but we know better, so let's shut it up.
      Typo correction
      It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512     was still active when it came down to the functions.  mkdef.pl should really     be corrected, but that'll be another day...
      We have some source with \r\n as line ends.  DEC C informs about that,     and I really can't be bothered...
      Change all relevant occurences of 'ncipher' to 'chil'.  That's what nCipher always wanted...
      Synchronise with Unixly build
      pqueue and dtls uses 64-bit values.  Unfortunately, OpenSSL doesn't     have a uniform representation for those over all architectures, so a     little bit of hackery is needed.
      DJGPP changes.  Contributed by Doug Kaufman <dkaufman at rahul.net>
      Merge in the new news from 0.9.8-stable.
      Merge from 0.9.8-stable.
      Synchronise more with the Unix build.
      Synchronise yet a little more with the Unixly build
      From 0.9.8-stable:
      The macro THREADS was changed to OPENSSL_THREADS a long time ago.
      Updated support for NetWare, submitted by Verdon Walker <VWalker at novell.com>.
      Old typo...
      Add support for the new Intel compiler, icc.     Submitted by Keith Thompson <kst at sdsc.edu>
      Correct typo ia64.o -> bn-ia64.o.
      gcc 2.95.3 on Ultrix supports long long.
      Change pq_compat.h to trust the macros defined by bn.h a bit more, and thereby     provide better generic support for environments that do not have 64-bit     integers.  Among others, this should solve PR 1086
      Remove the incorrect installation of '%{openssldir}/lib'.
      Document the change and update the version number (d'oh!).
      Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER     and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true),     depending on which is true.  Use those flags everywhere else to provide     the correct implementation for handling certain operations in q PQ_64BIT.
      Update from 0.9.8-stable.
      _GNU_SOURCE needs to be defined before any standard header.
      Skipping all tests just because one algorithm is disabled seems a bit harsch.
      Avoid endless loops.  Really, we were using the same variable for two     different conditions...
      When the return type of the function is int, it's better to return an     in than NULL, especially when an error is signalled with a negative     value.
      Show what the offending target was.
      Netware patch submitted by Verdon Walker" <VWalker at novell.com> in PR     1107.  He says:
      Status update
      0.9.8-beta5 works on VMS/Alpha
      0.9.8-beta5 works on Cygwin
      0.9.8-beta5 works on SuSE 9.3
      Data about which Cygwin versions 0.9.8-beta5 work on
      0.9.8-beta5 works on Gentoo/arml but not /armb, and works on Linux AMD64
      Do not undefine _XOPEN_SOURCE.  This is currently experimental, and     will be firmed up as soon as it's been verified not to break anything.
      Have pod2man.pl accept '=for comment ...' before the '=head1 NAME' line.
      Only define ZLIB_SHARED if it hasn't already been defined (on the command     line, for example).
      Move the definition of DEVRANDOM for DJGPP from Configure to e_os.h.     That should solve the issues with propagating it through the Makefiles.
      Add better documentation on how id_function() should be defined and what     issues there are.
      Undefine DECRANDOM before redefining it.
      With DJGPP, it seems like the return code from grep, even when in the     middle of a pipe, is noted.  Counter that by forcing a true return code     when the return code has no importance.
      Add crypto/bn/bn_prime.h to the collection of generated files.  In the     update target, place the dependency on depend last, so all necessary files     are generated *before* the dependencies are figured out.
      Check for 'usage' and 'Usage'.     Submitted by Tim Rice <tim at multitalents.net>.  His comment is:
      Do no try to pretend we're at the end of anything unless we're at the end     of a 4-character block.
      Strip the engine shared libraries as well.
      Change dir_ctrl to check for the environment variable before using the default     directory instead of the other way around.
      Configure update for Stratus VOS.
      Update for Stratus VOS.
      DCC doesn't like argument names in returned function pointers.
      The NAME section of a man page is required to have a dash followed by a     short description, at least according to pod2man.
      Initialise dir to avoid a compiler warning.
      Do not defined des_crypt(), since it clashes with Solaris crypt.h.
      Wrap the inclusion of openssl/engine.h with a protective check for     the absence of OPENSSL_NO_ENGINE.
      Wrap the inclusion of openssl/engine.h with a protective check for     the absence of OPENSSL_NO_ENGINE.
      Someone did some cutting and pasting and didn't quite finish the job :-).
      Updated status from 0.9.8-stable.
      There are a few showstoppers.  Unfortunately, I only remember one.  Please fill this in.
      asn1parse doesn't support any TXT format, so let's stop pretending     it does.
      Actually, the 64bit format specifier differs between SIXTY_FOUR_BIT and     SIXTY_FOUR_BIT_LONG
      The private key should never have ended up in newreq.pem.     Now, it ends up in newkey.pem instead.
      Add libcrypto.pc and libssl.pc, and install them along with openssl.pc.
      Changes from the 0.9.8 branch.
      Changes from the 0.9.8 branch.
      On case insensitive systems, 'install' gets mixed up with the existing file     'INSTALL', so we need to put some force into installing
      I'm reversing this change, as it seems the error is somewhere else.
      bytes_to_long_long isn't used anywhere any more, so let's remove it     entirely.
      Synchronise with Unix changes.
      More synchronisation with the Unixly build.
      Last synchronisationn with Unixly build.  I hope...
      Synchronise with Unixly build.
      Synchronise VMS build with Unixly build.
      Remove warnings about signed vs. unsigned...
      Change a comment so it corresponds to reality.  Put back a character that     was previously replaced with a NUL for parsing purposes.  This seems to     fix a very weird parsing bug involving two variable references in the same     value.
      Renumber to follow what happens with 0.9.8.
      Add in CHANGES for 0.9.7i.
      A slight change in documentation that makes it so much more comprehensible
      Fix numerous bugs in the Win32 path splitter
      Document it
      Synchronise with the Unix build.
      When using POSIXly functions, we need to define _POSIX_C_SOURCE, at     least when the source is compiled with ANSI settings.
      Build Whirlpool on VMS as well
      Whirlpool was added to EVP, so let's build it on VMS as well.
      wq instead of wp?  That's gotta be among the more amazing typos I've     made...
      Whoops, we were copying instead of comparing at the end of trying to     find a queue element.
      Missing files in the VMS installation
      Fix signed/unsigned char clashes.
      The VMS I run on doesn't know socklen_t and uses size_t instead.
      Disable the Mixed Linkage warning for some selected modules.  This is     because the Compaq C compiler will not accept that a variable be     declared extern then defined static without a warning.
      Forgot to initialize CC6DISABLEWARNINGS properly...
      signed vs. unsigned clash.
      As an effect of revisions 1.261, BUILD_CMD was changed so $(DIRS)     wasn't respected when using it to build different parts of OpenSSL.     1.269 was an attempt to correct that, but unfortunately meant that we     built every part that was given i $(DIRS) 7 times.  This change puts     back the original intent with BUILD_CMD via the new macro     BUILD_ONE_CMD while keeping the intent with RECURSIVE_BUILD_CMD.
      Document the building macros.
      Break out deltree in its' own command procedure.
      Add TS to the VMS build.
      Add a TSA test.  testtsa.com is a manual sh to dcl translation of     testtsa.
      Synchronise with openss.cnf
      Forgot the TSA application...
      Make shorter TS symbols for OpenVMS.     Don't convert a function pointer to a void*, ISO C doesn't like that.
      The actual whirlpool test was missing on VMS...
      Remember to *build* WP_TEST on VMS, as well :-)
      Resolve signed vs. unsigned issues
      Oh, now I noticed Bodo's change that made tlsext_ecpointformatlist     unsigned...
      tlsext_ecpointformatlist_length is unsigned, so check if it's less     than zero will only result in pissing of some compilers...
      Synchronise with recent changes
      VMS doesn't support includes of paths very well.
      Keep up with the changes in the Unix build system.
      Only try to remove the tsa.dir subdirectory if it actually exists.
      Since we're moving between directories, let's get an absolute path to     openssl.exe.
      Small bug.  apps/CA.sh and apps/CA.com look at SSLEAY_CONFIG, not     OPENSSL_CONF.
      The -config option flag needs to be in the SSLEAY_CONFIG value.
      Synchronise with recent changes
      If we declare a function, like d2i_TS_MSG_IMPRINT_bio(), we'd better     *define* it too, or things like shared libraries might be a bit sad.
      Change chop to chomp when reading lines, so CRLF is properly processed on     the operating systems where they are the normal line endings
      Synchronise with the Unix build
      Synchronise what what's happening with the Unix build
      Got sick and tired of duplicating...  Too error-prone (i.e. I forget     to update both...)!
      Synchronise with Unixly build.     (Geez, a lot is happening right now, eh? :-))
      Make sure obj_xref.h is updated during a "make update"
      Someone made a mistake, and some function and reason codes got     duplicate numbers.  Renumbering.
      make update
      Keep in sync with Unix
      There was a problem with too long command lines, so I rebuilt to make     it work better.
      Signed vs. unsigned conflict
      rslen is unsigned, so it can never go below 0.
      Deal with another name that's longer than 31 characters.
      Use a new signed int ii instead of j (which is unsigned) to handle the     return value from sk_SSL_CIPHER_find().
      Because all object files are now in a file, we don't need to mention     any of them on the linker command line.  Besides, OBJECT_FILE now     represents the last compiled file, and using it here only results in     getting warnings about multiple definitions of the symbols in that     file.
      Synchronise with the Unixly build.
      Synchronise with Unix
      A few more ENGINE strings that need shortening.
      Keep synchronised with the Unix build
      Keep synchronised with Unix
      Use poll() when possible to gather Unix randomness entropy
      Correct warnings about signedness.
      According to documentation, including time.h declares select() on     OpenVMS, and possibly more.
      Complete the change for VMS.
      Fixes for the following claims:
      Synchronise with Unixly build
      Synchronise with Unixly build, again ;-)
      Replace strdup() with BUF_strdup().
      Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see     the declarations of fd_set, select() and so on.
      Synchronise a bit more with Unixly build
      After objects have been freed, NULLify the pointers so there will be no double     free of those objects
      Add STARTTLS support for IMAP and FTP.     Submitted by Kees Cook <kees at outflux.net>
      Synchronise the VMS build with recent movements in the Unix build.
      Apply a more modern way to get the definition of select(), except for VMS.     Submitted by Corinna Vinschen <vinschen at redhat.com>
      Synchronise VMS with Unix.
      VAX C can't handle 64 bit integers, making SHA512 impossible...
      Change submitted by Doug Kaufman.  He writes:
      Synchronise with Unix build
      Provide other forms for symbols that are too long or that clash with others
      Further synchronisation with Unix build.  I hadn't noticed pq_compat.h     was gone...
      Synchronise with Unix.
      Synchronise VMS build system with the Unixly one
      A few more symbols that are a little bit long for VMS
      Stack changes made dso_vms.c not compile properly.
      Remove extraneous semicolons
      Constify where needed
      Further synchronisation with Unix
      In BIO_write(), update the write statistics, not the read statistics.     PR: 1803
      More synchronisation with Unix
      VMS stuff I forgot...
      Synchronise with Unix build
      Do the Camellia part right
      Hopefully resolve signed vs unsigned issue.
      Because DEC C - sorry, HP C - is picky about features, we need to     define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and     functionality.
      Data not initialised.     Notified by Gerardo Ganis <gerardo.ganis at cern.ch>
      Reference bug.
      Make it possible to disable STORE.
      Make STORE an experimental feature.
      A DTLS1 symbol needs to be chopped off a bit.
      Include sys/time.h to declare gettimeofday().
      Cast to avoid signedness confusion
      Add local symbol hacks for OpenVMS
      Add padlock data     Redo the loop so it really compiles all objects for one engine, then     links the engine (until now, it still thought every file was an engine     of its own...).
      Stupid typo
      Reimplement time check for VMS to mimic the way it's done on Windows.     Reason: gettimeofday() is deprecated.
      Make the NULL definition of OPENSSL_ia32cap_loc() compatible with the     declaration in crypto.h.
      Move the time fetching code to its own static function, and thereby     make sure that BOTH instances of said code get the VMS modification.
      Synchronise VMS with Unixly build.
      Make sure the padlock code compiles correctly even on hardware that     doesn't have padlocks.
      Do not try to link the support file(s), as they aren't a complete     engine ;-)
      Forgotten comma...
      Add a comment about libeay.num and ssleay.num
      Have mkdef.pl also handle VAX and Non-VAX differences for VMS
      Functional VMS changes submitted by sms at antinode.info (Steven M. Schweda).     Thank you\!     (note: not tested for now, a few nightly builds should give indications though)
      Stupid typo
      Update from 1.0.0-stable
      A few more macros for long symbols.     Submitted by Steven M. Schweda <sms at antinode.info>
      Compile t1_reneg on VMS as well.     Submitted by Steven M. Schweda <sms at antinode.info>
      It seems like sslroot: needs to be defined for some tests to work.     Submitted by Steven M. Schweda <sms at antinode.info>
      Forgot to correct the definition of __arch in this file.     Submitted by Steven M. Schweda <sms at antinode.info>
      There's really no need to use $ENV::HOME
      size_t doesn't compare less than zero...
      Apparently, test/testtsa.com was only half done
      Have the VMS build system catch up with the 1.0.0-stable branch.
      If opensslconf.h and buildinf.h are to be in an architecture specific     directory, place it in the same tree as the other architecture     specific things.
      Architecture specific header files need special handling.
      The previous take went wrong, try again.
      We redid the structure on architecture dependent source files, but     apparently forgot to adapt the copying to the installation directory.
      Synchronise with Unix tests
      We expect these scripts not to bail on error, so make sure that's what happens.
      Tell the user what test is being performed.
      Taken from OpenSSL_1_0_0-stable:
      Synchronise with Unix and do all other needed modifications to have it     build on VMS again.
      Better way to build tests.  Taken from OpenSSL-1_0_1-stable
      * tests.com: Add the symbol openssl_conf, so the openssl application       stops complaining about a missing configuration file.  Define the logical       name PERL_ENV_TABLES with values to Perl considers the DCL symbol table       as part of the environment (see 'man perlvms' for details), so cms-test.pl       can get the value of EXE_DIR from tests.com, among others.     * cms-test.pl: Make changes to have it work on VMS as well.  Upper or mixed       case options need to be quoted and the openssl command needs a VMS-specific       treatment.  It all should work properly on Unix, I hope it does on Windows       as well...
      Don't define an empty CFLAGS, it's much more honest not to defined it at all.     Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of     [.''ARCH'.CRYPTO]BUILDINF.H
      Give the architecture dependent directory higher priority
      Print openssl version information at the end of the tests
      Implement bc test strategy as submitted by Steven M. Schweda <sms at antinode.info>.     Make sure we move to '__here' before trying to use it to build local sslroot:
      Use the same directory for architecture dependent header files as in     the branches OpenSSL-1_0_0-stable and OpenSSL-1_0_1-stable.
      Better method for creating SSLROOT:.     Make sure to include the path to evptest.txt.
      First attempt at adding the possibility to set the pointer size for the builds on VMS.     PR: 2393
      Part of the IF structure didn't get pasted here...     PR: 2393
      PR: 2407     Fix fault include.     Submitted by Arpadffy Zoltan <Zoltan.Arpadffy at scientificgames.se>
      PR: 2425     Synchronise VMS build with Unixly build.
      Add rsa_crpt
      After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS     submitted by Steven M. Schweda <sms at antinode.info>
      Add missing source.  Also, have the compile also use [.MODES] as     include directory, as other parts (notably, EVP) seem to need it.
      A few more long symbols need shortening.
      * apps/openssl.c: For VMS, take care of copying argv if needed much earlier,       directly in main().  'if needed' also includes when argv is a 32 bit       pointer in an otherwise 64 bit environment.     * apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional       =ARGV, but only if it's supported.  Fortunately, DCL is very helpful       telling us in this case.
      * apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV       with turning trapping back on.     * test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV       here.     * test/clean-test.com: A new script for cleaning up.
      * apps/makeapps.com: Add srp.
      * util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h.  Maybe some       more need to be added...
      * crypto/crypto-lib.com: Add a few more missing modules.
      make update (1.1.0-dev)
      Implement FIPS CMAC.
      Implement FIPS CMAC.
      make update
      * Makefile.fips: Update and add details about cmac.
      * fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we       support (Two Key TDEA is not supported), to handle really big       messages (some of the test vectors have messages 65536 bytes long),       and to handle cases where there are several keys (Three Key TDEA)
      * fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES.  Support       both names.
      * fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers       we support.
      * fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B       aren't trustworthy (see examples 13 and 14, they have the same mac,       as do examples 17 and 18), use examples from official test vectors       instead.
      * Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl:       Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have       disabled by default.  If we don't do it this way, it screws up       libeay.num.     * util/libeay.num: make update
      make update
      For VMS, implement the possibility to choose 64-bit pointers with     different options:     "64"		The build system will choose /POINTER_SIZE=64=ARGV if     		the compiler supports it, otherwise /POINTER_SIZE=64.     "64="		The build system will force /POINTER_SIZE=64.     "64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
      Corrections to the VMS build system.     Submitted by Steven M. Schweda <sms at antinode.info>
      Error discrepancy corrected.
      fips_check_dsa_prng() should only be built when OPENSSL_FIPS is defined.
      No spaces in assignements in a shell script...
      Add symbols for the parameters on a couple more functions.
      Add a symbol for the first parameter to OPENSSL_showfatal().
      Add a tool that (semi)automatically created the API documentation     required for FIPS.
      Teach mkshared.com to have a look for disabled algorithms in opensslconf.h
      Add missing algorithms to disable, and in particular, disable     EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on     VMS.  Synchronise with Unix.
      Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.
      Harmonise symhacks.h in this branch with lower versions.     Add aliases for SSL_CTX_set_not_resumable_session_callback and     SSL_set_not_resumable_session_callback on top of that.
      Add the missing modules for Camellia, as well as dh_rfc5114 and evp_cnf.
      Add d1_srtp and t1_trce.
      Install srtp.h
      * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug.  Fortunately in       debugging code that's seldom used.
      * Configure: make the debug-levitte-linux{elf,noasm} less extreme.
      * crypto/ui/ui_lib.c: misplaced brace in switch statement.       Detected by dcruette at qualitesys.com
      Followup on RT3334 fix: make sure that a directory that's the empty     string returns 0 with errno = ENOENT.
      Include "constant_time_locl.h" rather than "../constant_time_locl.h".     The different -I compiler parameters will take care of the rest...
      Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces.
      [PR3597] Advance to the next state variant when reusing messages.
      Check for FindNextFile when defining it rather than FindFirstFile
      Clear warnings/errors within BN_CTX_DEBUG code sections
      Clear warnings/errors within CIPHER_DEBUG code sections
      Clear warnings/errors within CIPHER_DEBUG code sections
      Clear warnings/errors within KSSL_DEBUG code sections
      Clear warnings/errors within TLS_DEBUG code sections
      Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed)
      Small typo

Rob Austein (1):
      RT2465: Silence some gcc warnings

Rob Stradling (11):
      Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.     OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
      Fix compilation with no-ec and/or no-tlsext.
      Use TLS version supplied by client when fingerprinting Safari.
      Tidy up comments.
      Update CHANGES.
      Additional "chain_cert" functions.
      Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions.     Add the RFC6962 OIDs to the objects table.
      Move the SCT List extension parser into libssl.     Add the extension parser in the s_client, ocsp and x509 apps.
      Parse non-v1 SCTs less awkwardly.
      CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration.
      Separate the SCT List parser from the SCT List viewer

Robin Lee (1):
      RT3031: Need to #undef some names for win32

Robin Seggelmann (2):
      DTLS/SCTP Finished Auth Bug
      DTLS/SCTP struct authchunks Bug

Russell Coker (1):
      Fix datarace reported by valgrind/helgrind

Sami Farin (1):
      Typo: set i to -1 before goto.

Samuel Neves (1):
      Use only unsigned arithmetic in constant-time operations

Scott Deboy (7):
      Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)     Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API     Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.     Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
      Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
      Initialize next_proto in s_server - resolves incorrect attempts to free
      Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.
      Updating DTCP authorization type to expected value
      Re-add alert variables removed during rebase     Whitespace fixes
      Don't break out of the custom extension callback loop - continue instead     The contract for custom extension callbacks has changed - all custom extension callbacks are triggered

Scott Schaefer (5):
      Document pkcs12 -password behavior
      Fix various spelling errors
      RT 2517: Various typo's.
      RT 2517: Various typo's.     Reviewed-by: Emilia Kasper
      RT2518: fix pod2man errors

Serguei E. Leontiev (1):
      Replace manual ASN1 decoder with ASN1_get_object

Steve Marquess (2):
      Remove gratuitous patent references
      Add new sponsors

TANABE Hiroyasu (1):
      RT1325,2973: Add more extensions to c_rehash

Thijs Alkemade (1):
      Make disabling last cipher work.

Thorsten Glaser (1):
      Document openssl dgst -hmac option

Tim Hudson (12):
      Add option to generate old hash format.
      - fix coverity issues 966593-966596
      fix coverity issue 966597 - error line is not always initialised
      PR#3342 fix resource leak coverity issue 966577
      coverity 966576 - close socket in error path
      safety check to ensure we dont send out beyond the users buffer
      Minor documentation update removing "really" and a     statement of opinion rather than a fact.
      Remove old unused and unmaintained demonstration code.
      Fixed error introduced in commit f2be92b94dad3c6cbdf79d99a324804094cf1617     that fixed PR#3450 where an existing cast masked an issue when i was changed     from int to long in that commit
      Add constant_time_locl.h to HEADERS,     so the Win32 compile picks it up correctly.
      no-ssl2 with no-ssl3 does not mean drop the ssl lib
      mark all block comments that need format preserving so that     indent will not alter them when reformatting comments

Tom Greenslade (1):
      Handle IPv6 addresses in OCSP_parse_url.

Tomas Mraz (1):
      Don't advertise ECC ciphersuits in SSLv2 compatible client hello.

Trevor (3):
      Add support for arbitrary TLS extensions.
      Cleanup of custom extension stuff.
      Cosmetic touchups.

Trevor Perrin (5):
      Various custom extension fixes.
      Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
      Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"...
      Update docs to mention "BEGIN SERVERINFO FOR ".
      Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.

Ulf Möller (661):
      New switch "386" to generate 80386 code (emulate bswap).
      Remove file that is to be auto-generated by sha1-586.pl.
      New option to generate 80386 code.
      pre-0.9.3 development version.
      New Makefile variables $(RANLIB) and $(PERL).
      Pointer to Ariel Glenn's SSLeay documentation.
      Remove obsolete files.
      Include bn.h instead of defining BIGNUM as char.
      Remove obsolete files from SSLeay 0.8.
      Bug fix for X.509 two-digit year.
      More assembler problems; new OCSP patch; obsolete patches removed from     list.
      bn_div_words has been added to alpha.s (Hannes Reinecke's patch).
      Fix linux-mips entry.
      Test RSA after the BN library it is based on.
      Bad dependencies.
      Avoid error message about missing gcc.
      Separate DSA functionality from ASN.1 encoding.     New functions DSA_do_sign and DSA_do_verify to provide access to     the raw DSA values.
      Use Perl 5 even if Perl 4 comes first in the search path.
      Test PKCS#1 v1.5 padding as well.
      recent changes.
      New Configure option "rsaref".
      Write random seed file in binary mode.
      Another bug.
      Pass $PERL on make errors.
      SPARC v8 assembler BIGNUM code.
      Defunct assembler files removed; various cleanups.
      Definition did not match prototype.
      Fix typos in error codes.
      Error in comment.
      Document additional Configure flags.
      Clean up prototypes (prepare for removing NOPROTO).
      Change functions to ANSI C.
      Missing #endif.
      Arguments are des_cblock.
      Problems with 64-bit long.     Pointed out by Andy Polyakov <appro at fy.chalmers.se>.
      Remove useless defines.
      Problems with 64-bit long.
      -Wall implies -Wuninitialized.
      Fix some warnings.
      Fix lots of warnings.
      Move all autogenerated header file parts to crypto/opensslconf.h.
      New header file opensslconf.h contains the macros set by Configure.
      Ultrix compatibility.
      Be more specify about system requirements.
      Set the 386 flag automatically when building on i386.
      Pass the $PROCESSOR variable through.
      Remove references to .org header file names.
      Recognize CPU version on NetBSD and FreeBSD.
      Function didn't get ANSIfied because of unusual formatting.
      Undo evil cast! <g>
      Andy Polyakov points out that BF_PTR2 is slower than the generic case.
      *.org files are gone for good.
      Remove header files from .cvsignore.
      ANSIfy, fix typo in error message, and remove redundant statement from     my code.
      Replaced by mkerr.pl
      New Configure option --openssldir to replace util/ssldir.pl.
      New Configure option --openssldir to replace ssldir.pl.
      *** empty log message ***
      exit on error.
      Submitted by:     Reviewed by:     PR:
      Remove NOPROTO definitions and error code comments.
      Ignore autogenerated file.
      Last week I proposed to increase the version number to 1.0.     So far nobody complained...
      Remove NOPROTO-related macros.
      New Configure option no-<cipher> (rsa, idea, rc5, ...).
      Add missing DEPFLAG.
      New Configure option no-<cipher> (rsa, idea, rc5, ...).
      Message digest stuff.
      Update NO_* macros.
      *** empty log message ***
      More portable blowfish macros.
      Remove autogenerated file.
      Do make rehash automatically at make test.
      Linux shared libraries.
      Linux shared libraries (now in Makefile.ssl).
      Pass $PERL on make dclean.
      Decrypt test vector data even if previous decryption failed to get     better diagnostics.
      Ignore autogenerated assembler files.
      Autogenerated files.
      Change error message for consistency.
      Missing "else".
      exptest dumps core. Optimizer bug?
      Ignore Makefile.save
      Compare with BN_mod_exp_simple, too.
      Close files.
      Bug fix.
      OAEP bug fix.
      Unused file.
      $perl should never be empty.
      More information about installing.
      Better Sun config.
      Typo. (You ought to trademark "Configurion". :)
      Update HPUX config, work around HPUX library incompatibility.
      c_rehash doesn't work at that point of the installation, so don't even     try.
      Sparc v8plus assembler.
      Andy Polyakov points out there are default rules in make in gmake for this.
      solaris64 entry.
      Recognise Ultra Sparc and compiler version number.
      SHA-1 cleanups and performance enhancements.
      Fix problem with /usr/ccs/lib/cpp.
      C++ bug fix.
      Use ANSI stdarg.
      Note about required SC5.0 patches.
      v8plus must be specified.
      Remove unreachable return statements.
      Info on how to submit patches.
      Support additional Win32 compilers.
      Borland C++ builder.
      Add missing semicolon.
      config is Unix specific.
      Get the Mingw32 makefiles right.
      Generate DLLs with Mingw32.
      Superseded by sparcv8.S and sparcv8plus.s.
      pass $PERL on make files.
      The libssl32.dll definition file is called ssleay32.def. (why?)
      no-xxx option to exclude ciphers.
      Fix for +xxx options.
      Move openssl.cnf out of lib/.
      Move openssl.cnf out of lib/.
      Use ifndef PEDANTIC for all inline assembler.
      Missing argument in prototype.
      Caldera OpenLinux passes test now.
      mk1mf.pl and mkdef.pl read OPTIONS from toplevel Makefile.     Configure no longer changes files in place.
      VMS support.
      Reorganize and speed up MD5.
      VMS support.
      VMS support bug fixes.
      Remove redundant ifdef.
      Oops. Close the file.
      Cut&paste error.
      Missed one line.
      mk1mf.pl syntax has been changed.
      Mention Andy's assembler stuff.
      Mention "make depend".
      Move prototypes to the right place.
      BC now compiles crypto/des
      Spelling error.
      BSD alpha config.
      no-xxx options.
      gcc < 2.8 does not support ultrasparc.
      Small corrections.
      Bignum library bug fix. IRIX 6 passes "make test" now!     This also avoids the problems with SC4.2 and unpatched SC5.
      Declare test key data as static.
      Avoid a warning.
      Detect Siemens platforms.
      NeXT doesn't have dirent.
      Bring VMS in sync with the recent changes.
      Borland C fix.
      Remove redundant line.
      gcc dumps core on HPUX.
      Define a macro to avoid name conflicts.
      Avoid type conflict on Unix with DEC C.
      Hint about unresolved symbols when mixing compilers.
      Test apps.
      Generate no-xxx options for missing ciphers.
      Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
      Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
      Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
      Prevent name conflicts.
      Fix to compile the des app.
      Don't #define _, and eliminate casts.
      Warnings and casts.
      Call our crypt implementation des_crypt(). crypt() now is a wrapper if     there is no system crypt() available.
      crypt(), demos patched.
      The des app.
      Remove old libdes version number.
      "extern" is a C++ reserved word.
      Don't define _ANSI_SOURCE for NetBSD.
      Circumvent bug in SC5 without patch #107357-01.
      Put SC5 warning back in, future changes might trigger the compiler bug again.
      Recognize CPU on BSD/OS.
      Use the same CPU recogition method for FreeBSD 3 as for the other FreeBSD     versions. (The FreeBSD and FreeBSD-elf Configure entries were identical.)
      Use "long long" for all Win32 gcc ports.
      Fix no-hmac and no-ripemd.
      More no-xxx option tweaks.
      Broken HPUX cc.
      Obsolete/experimental code.
      RSA private keys without dmp1/dmq1/iqmp are also valid (but slower).
      More DES library cleanups: remove references to srand/rand     and delete an unused file.
      Did not check the last SDIR line for excluded algorithms.
      DES library changes.
      Make the perl module compile and eliminate some of the warnings.     Still doesn't work (the destructor on BIO and SSL is called immediately     after creating the object. Why that??)
      Remove obsolete files.
      VMS updates.     Submitted by: Richard Levitte <levitte at stacken.kth.se>
      Restore compability with kerberos/des.h (I had deleted some seemingly useless     definitions such as C_Block earlier).
      obj_dat.h is autogenerated (it was in the CVS because old versions of     Configure didn't generate the file in Windows builds).
      *** empty log message ***
      No use in naming the cblock _; the structure still is incompatible     to Kerberos.
      Avoid path separator problems.
      Compile pkcs7 and des apps.
      Add pkcs7 and des apps to "make all".
      Fix faulty base64 decoding of data that was 46 or 47 bytes long.
      Honor $PERL environment variable in Configure.
      editing error.
      Undo base64 decoding change (was not a bug fix).
      make update.
      make testapps after the library.
      Check the as version on Solaris x86. People don't read INSTALL anyway. :)
      *** empty log message ***
      Correct address in a comment.
      Use proper flags to build the testapps (default CC value causes confusion     on Solaris)
      Correction for the testapps lines.
      Parantheses not needed.
      note a few things that need to be done
      More patches.
      Generate obj_dat.h in "make update".
      VC++ warning.
      Cosmetic changes.
      HPUX 11 flags.     Contributed by: Peter Huang <PETER_HUANG at HP-Cupertino-om8.om.hp.com>
      More patches.
      *** empty log message ***
      Missing #ifdef NO_DES
      Circumvent an exploitable buffer overrun error in RSA Security's RSAREF     library. See: http://www.CORE-SDI.COM/english/ssh/index.html
      CORE SDI proposed patch doesn't make any sense. Undo.
      Don't use inline assembler on x86 Solaris (would need a different syntax).
      Solaris x86 assembler problem is already addressed in ./config     (bug reports keep coming in because that was still missing in 0.9.4)
      Update contact information (openssl-bugs, openssl-security).
      Add some newlines needed for pod2man, and run ispell.
      Remove obsolete SSLeay instructions.
      Honor the no-xxx Configure options when creating .DEF files.
      Submitted by:     Reviewed by:     PR:
      Minor format changes.
      Install man pages.
      Add missing =back.
      dep/ directory is not needed.
      Document the RSA library.
      Dummy page superseded by crypto/crypto.pod
      PKCS#1 signatures don't use randomness.     Add a note about the padding functions.
      Precautions against using the PRNG uninitialized: RAND_bytes() now     returns int (1 = ok, 0 = not seeded). New function RAND_add() is the     same as RAND_seed() but takes an estimate of the entropy as an additional     argument.
      minor change for the prng
      New function RAND_pseudo_bytes() generated pseudorandom numbers that     are not guaranteed to be unpredictable.
      remove debug modification that I checked in accidentally
      Header for RAND_seed()
      Add missing #ifndefs that caused missing symbols when building libssl     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of     NO_RSA in ssl/s2*.c.
      Rename rsa_oaep_test to the more appropriate name rsa_test for the     benefit of MS-DOS users.
      WINDOWS is defined in e_os.h. The problem was WIN32 (the new egcs uses _WIN32).
      AFAICS lst1 stands for "lshift test" not "list".
      Don't build the testapps automatically because the openssl program now     has s/mime functionality.
      Some more ifdefs for no-xxx options.
      Check RAND_bytes() return value or use RAND_pseudo_bytes().
      Move ssl.pod to doc/ssl
      Document RAND library.
      Use comment from md_rand.c in rand.pod
      Use comment from md_rand.c (part 2, as well).
      Move ssl.pod to doc/ssl
      Document the DH library, and make some minor changes along the way.
      fail on all errors.
      config string comment
      dh renamed to dhparam
      Document the BN library.
      Rename asn1/pkcs8.c to asn1/p8_key.c to avoid name conflict.
      RSA_print etc
      Documented in the RSA_print page
      Run ispell.     Clean up bn_mont.c.
      New manpage.
      Increase the year by one.
      New news.
      Document DSA and SHA.     New function BN_pseudo_rand().     Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when     generating DSA primes (why not use BN_is_prime()?)
      Update comment from bn.h
      comment was wrong.
      fix link
      Update docs: corrections, turn buffer docs into manpage, fold SHA1     pages into one for improved readability, add lhash manpage
      Source code cleanups: Use void * rather than char * in lhash,     eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
      Seek out and destroy another evil cast.
      Note changes.
      Checked in some junk. Sorry.
      Print a reassuring message when Configure is done.
      Document ERR library.
      EBCDIC support.
      undo. I keep confusing my directories. :(
      dhgen is gone.
      link to SSL_get_error(3)
      Remove an =over that never ends
      match the prototype
      Bug fix: BN_is_prime() would fail with a high probability for small     primes (negligible for larger ones).
      Document hash functions.
      ispell (and minor modifications)
      a short page for "speed"
      *** empty log message ***
      Replace ridiculous libdes PRNG with RAND_bytes. These functions are not     used anywhere in OpenSSL, but might be used by libdes applications.
      Document RC4.
      md2 is documented in the md5 page. lets see if this works...
      New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access     temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but     the BN_CTX implementation could now easily be changed.
      Use MONT_WORD macro to control if the word-based or the bignum     algorithm is used.
      BN_div bugfix. The q-- loop should not be entered in the n0==d0 case.
      Improve bntest slightly, and fix another bug in the BN library.
      put missing line back in.
      BN bug fixes
      Refer to EVP_DigestInit() in the hash function descriptions.
      "print" is GNU bc specific.
      Create the man directories where the manpages will be put.
      Install manpages below OPENSSLDIR (I think it was meant to be this way?).     New variable for man directory.
      Make excluded cipher entry in opensslconf.h a bit more descriptive.
      Fix gcc warnings.
      More compact Configure usage message.
      Correction for RSA_padding_check_xxx() documentation.
      Correction to RSA_padding_check_xxx() docs (this time for real).
      Check tlen size in all padding_check functions. As called within the rsa     library, the output buffer always is large enough, but if the tlen     parameter is there, it should be checked in the interest of clarity,     as proposed by David Sacerdote <das33 at cornell.edu>.
      Don't list prototypes for internal functions.
      Frequently asked questions.
      minor docs changes (added links is the openssl(1) text)
      threads mapage.
      another faq.
      add missing names.
      Run the test suite and generate a report.
      *** empty log message ***
      correct macro.
      yet another faq.
      New make target "report" to run util/selftest.pl
      Support EGD.
      remove test "goto err"
      EGD info, as requested.
      Fix NO_RSA (misplaced #endif).
      nicer manpages
      remove some (apparently) obsolete entries.     please put them back in if they're still valid, and remove others     that are outdated
      EGD socket info.
      mention that EGD is used in non-blocking mode.
      Use public domain snprintf() implementation by Patrick Powell to avoid     potential buffer overrun in BIO_printf().     ----------------------------------------------------------------------     crypto/bio/b_print.c CVS:     ----------------------------------------------------------------------
      Yet another "unixware" spelling.
      some test results.
      BIO_printf() change
      work around a bug in BN_div_recp or BN_reciprocal
      divide the correct number...
      different snprintf version.
      signed/unsigned mismatch (VC++)
      EGD bugfix.
      *** empty log message ***
      VC++ problem
      mt contained an old copy of mttest.c. remove it and move the other     files to crypto/threads
      mention RAND_egd()
      The main() return value is a program's exit code.
      Test the division functions.
      flush output.     Looks like it fails when b is a power of 2, but I never get incorrect     results.
      Make clear which naming convention is meant.
      minor clarification
      Reorganize bn_mul.c (no bugfix yet), remove obsolete files in BN library.
      workaround no longer needed
      *** empty log message ***
      Bug fix!
      Overly long lines look ugly in the DOS editor. :)
      put function names in the title.
      remove obsolete BN_CTX info
      works on solaris
      Shared library support for Solaris and HPUX     by Lutz Behnke and by Lutz Jaenicke.
      Support assembler for Mingw32.
      Fix for non-monolithic build.
      Switch for turning on the predictable "random" number generator.
      Mingw32 can now use assembler.
      Bug fix.
      how to recognize assembler problems
      change wording
      some people can't read :)
      Keep the references to other INSTALL files short. These are the Unix     instructions.
      check for WIN32 (needed by Mingw32)
      change info text (as on the web site)
      add RAND_status() to title
      pseudo-seed for the PRNG before testing DSA
      Note bug fix for the DSA infinite loop
      Bug fix.
      add comment.
      gcc warnings
      new component
      The selftest sometimes lacked important information
      bug fix release planned
      bug fix.     Submitted by: "Yoram Meroz" <yoram at mail.idrive.com>
      Repair bss_log.
      Don't generate asm files for no-asm.
      Use L for all constants.
      NO_SYSLOG is defined for MSDOS anyway. just don't include the Unix     header...
      make update
      asm workaround for SuSE Linux     proposed by Holger Reif
      change manpages to pod. Contents are not up to date!
      superseded by des_modes.pod
      DES in Perl was incomplete and not very useful
      add =cut
      des_quad_cksum() byte order bug fix.     See http://www.pdc.kth.se/kth-krb/
      libdes manpage.
      make update
      Integrate podd.h sk.h into set_key.c
      FLAT_INC is not needed; we use -I.. all the time
      New function RAND_event() collects entropy from Windows events.
      oops. don't use "entropy" directly.
      Bug fix: RAND_write_file() failed to write to files created by open()     on Win32.
      Sample application using RAND_event() to collect entropy from mouse     movements, keyboard etc. and write it to a seed file.
      Mention the bug fixes.
      Problems with the Windows build.
      In some of the Makefiles CPP was not defined.
      OpenBSD complains.
      More failures.
      more failures
      ssize_t for Ultrix
      Test results.
      Add pointer to EGD manpage.     Update the "randomness" section for the upcoming 0.9.5a release.
      Submitted by:     Reviewed by:     PR:
      linux-elf bugfix
      MacOS changes.
      Missing cases when no_rsa is defined
      Make sure that NO-RSA applications etc can include evp.h
      Get rid of more non-ANSI declarations.
      #include <stdlib.h> is not needed.
      #include <stdio.h> not needed.
      is needed.
      Bug fix for 64 bit HP-UX.
      Don't include <stdlib.h>. In the NO_FP_API case, don't include <stdio.h>.
      Use NO_FP_API.
      Yet another bc FAQ.
      CygWin32 support.
      Increased consideration for stupid Linux users.
      Option "no-symlinks" to configure without creating the links (e.g.     for use with makefile.one)
      use faster version
      Add PRNGD link.
      Randomness polling function for Win9x.
      Move RNG initialization to RAND_poll(), and shared definitions to     rand_lcl.h
      don't print debug output
      Profiling option for mk1mf.pl
      Fix some CygWin problems.
      bug: RAND_poll().
      Don't set the two top bits to one when generating a random number < q.:wq
      Not the DSA change.
      More Windows failures reported
      The other log message should have read "Note the DSA change".
      Point to Peter Gutmann's revised paper.     The copy at www.usenix.org is the old version.
      Bug fix: Montgomery multiplication could produce results with the wrong     sign.
      Jeffrey Altman points out that GetQueueStatus() crashes on NT.
      add links to the new BIO and SSL manpages to make them visible on the web.
      ispell and some other nit-picking
      Note the BN_mod_exp_word bug. (Markus Friedl provided a test program.)
      Note about contribtions from the US
      The RSA patent will have expired when the next version is released...
      Malloc() -> OPENSSL_malloc() etc.
      URL to "latest" Mingw release (which is almost a year old :()
      tlhelp32.h is currently missing in Mingw32 (release 2.95.2 and 2.95.2-1)
      Add some missing info.
      Workaround for tlhelp32.h: place the missing header file in outinc
      more manpage links.
      stop perlpod from complaining.
      update info to match the README.
      print the perlasm rule only for linux-elf (it seems it confuses some     version of make for Mingw32)     ----------------------------------------------------------------------     ----------------------------------------------------------------------
      The des_modes manpage is in section 7.
      fix problems in the selftest
      cosmetic change
      cosmetic changes
      Add short overview, move header files section further down.
      correction from Lutz
      "DESCRIPTION" is required.
      give pseudo prototypes instead of macro definitions for better clarity
      Correction from Tani Hosokawa <unknown at riverstyx.net>
      s_server not s_client
      -engine is gone.
      _lrotl() is a call to the C runtime library!
      Minor corrections (HPUX).     From: Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
      increase the value a bit
      Set the CryptoAPI randomness estimate back to 0.     The randomness may not actually be very good (we don't know).
      looks like a cut&paste error
      in some new file names the first 8 characters were not unique
      Remove RSAREF (not used).
      use standard C
      fix for Borland C
      Add a warning about the usage of the montgomery functions (if the inputs     are not reduced modulo m, the outputs won't be either).
      Borland C fix.
      GPL FAQ.
      remove unused static function
      Fix bn_cmp_part_words() and move it to bn_lib.c.
      New function BN_bntest_rand() to detect more BN library bugs.
      Note the bntest change.
      Move the rijndael "test" to the bf and cast tests.
      Loops like this one:
      forgot to remove the loop variable
      remember the problem with ftime()
      last commit was wrong. Now it works. :)
      Use assert as in the rest of the BN library.
      PERLASM - the wierdest programming language since Intercal.
      minor modification to the previous change
      more of the same: add printf() for perlasm.
      save registers in the debug output code (return value is overwritten too)
      looks like it works now
      push the flags too
      move constants for debug functions to end of file
      test_mod_mul is useful, let's run it more often.
      another fix for the debug print
      Intel assembler version for bn_sub_part_words().  I haven't got     reliable timings yet, please try it out!
      remove useless instruction
      remove a comment that shouldn't have been there any more
      Don't check for bc at all. We can now run a meaningful test even if     it is missing.
      bn_part_sub_word prototype.
      Test for SCO bc bug
      *** empty log message ***
      Stop on bntest error.
      c&p error spotted by Martin Forssen
      "Andrew W. Gray" <agray at iconsinc.com> says /GD is no longer a valid     compiler switch.
      Stop build when an error occurs.     "Peter 'Luna' Runestig" <peter+openssl-dev at runestig.com>
      branches have been merged.
      rsa_num is not used with NO_RSA
      link to the new manpage.
      Mention the ./config script fixes.
      Use the correct number of arguments in the example.
      Definition of NO_KRB5 in ssl.h for external applications.
      There is no C version of bn_div_3_words
      new year
      Fix potential buffer overrun for EBCDIC.
      format strings
      Bleichenbacher's DSA attack
      Note that EGD is used automatically.
      point out that RAND_load_file() etc are only for seed files, not for     entropy devices or sockets.
      use <= instead of ==
      IRIX bugfix
      New function OPENSSL_issetugid(). Needs more work.
      That was misleading. The problem won't happen with 0.9.6a anyway.
      pod format error
      Temporary fix for build break.     It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing.
      note OPENSSL_issetugid().
      BN_rand_range() needs a BN_rand() variant that doesn't set the MSB.
      Fix warning.
      Use BN_rand_range().
      make it a loop as in dsa
      autoconf would be useful...
      That statement seems to be not true. In fact, I have said that I would     like to use libtool, but not automake.
      run self-test with no-krb5
      don't read from tty in test mode
      %f conversion bug fix     Submitted by: Henrik Eriksson <henrik.eriksson at axis.com>
      Forgot a '$'.
      old MSVC versions don't have rdtsc     use _emit instead
      note the rand_win.c change
      check CRT
      check CRT
      Note the Alpha asm change
      the backslash is significant...
      make sure we don't write to seed[-1]
      move check to avoid memory leak.
      more error codes fixed
      zlib default was broken on most platforms.
      make update
      strsep implementation to allow the file to compile on non-BSD systems
      *** empty log message ***
      undo, didn't work
      strsep implementation to allow the file to compile on non-BSD systems
      Use GCC 2.95/3.0 optimization
      Eric Hanchrow points out that Cygwin perl works.
      bug fix: bn_sqr_recursive output is twice its input size.
      double definition
      include the proper header file
      unused function
      make engine file names unique in 8.3
      missed one file
      openbsd-x86 macros
      remove compatibility notes that no longer apply
      name confusion with HP library function prototype (?)
      Cygwin patch. Submitted by Michael Kobar <mkobar at lymeware.com>
      ssl3_read_bytes bug fix
      *** empty log message ***
      Cygwin target name has been changed!
      error reported by Karsten Braaten
      another error discovered by Karsten Braaten. The number was not even     prime!
      updated Mingw32 instructions.
      values were reset for no reason.
      Use assembler implementations with Cygwin.     This also fixes the bn_sub_part_word problem.
      Cygnus correction. (I thought I had tested that...)
      make files didn't work on case insensitive filesystems
      use OPENSSL_SYS_MSDOS rather than __DJGPP__ to disable egd, this is not     compiler specific
      update mingw info
      clean up MinGW build. MinGW make now supports the Windows path name     conventions.
      avoid duplicate definiton of bn_sub_part_words
      add test
      more mingw related cleanups.
      remove some more useless code. The mingw target can now be built     under cygwin.
      Copy rather than symlink the test data.     This is needed because Windows doesn't support symlinks.
      Add instructions for building the MinGW target in Cygwin, and     rearrange some of the other text for better readability.
      Cygwin debugging
      cleanup as discussed with Geoff
      typo in comment
      oops... the description of ->top was inaccurate (the example is correct though)
      Geoff suggested a more succinct description for "top".
      BN_set_bit() etc should use "unsigned int".     Keep it as is to avoid an API change, but check for negativ values.
      The x9.62 tests replace the PRNG with specific numbers,     so don't run them if BN_DEBUG_RAND is defined.
      re-enable the test, keeping the original method for RAND_pseudo_bytes     which is used by BN_DEBUG_RAND     Submitted by: Nils Larsch
      Avoid segfault if ret==0.
      Skip a curve with generator of non-prime order.
      Add "dif" variable to clean up the loop implementations.
      fix breakage for Perl versions that do boolean operations on long words
      Use Windows randomness code on Cygwin
      undo Cygwin change
      RFC 3161 compliant time stamp request creation, response generation     and response verification.
      time stamp Makefile, test files     Submitted by: Zoltan Glozik <zglozik at opentsa.org>
      make update
      *** empty log message ***
      shorter filenames
      wrap shlib for testtsa     Submitted by: David Somers <dsomers at omz13.com>
      message style
      TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding.
      unused function
      Clarification for CPU specific config options.
      *** empty log message ***
      improve make dclean to remove files generated during build
      uncomment; that one slipped through
      Use Dl_info only on systems where it is known to exist. It does not     exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin.
      manual pages as HTML     Submitted by: Oliver Tappe <zooey at hirschkaefer.de>
      Add BeOS support.
      declare as in prototype     Submitted by: Gisle Vanem
      Bug fix.
      bug fix.     PR: 1326     Submitted by: John Skodon
      Add includes in synopsis.     Submitted by: Mike Frysinger <vapier at gentoo.org>
      Correct punctuation.     PR: 1367
      Use gmtime on cygwin     Submitted by: Corinna Vinschen
      wording (can't really call shared libs experimental after several years in the major Linux distributions)

Veres Lajos (1):
      misspellings fixes by https://github.com/vlajos/misspell_fixer

Viktor Dkhovni (1):
      RT1325,2973: Add more extensions to c_rehash

Viktor Dukhovni (16):
      Fix infinite loop. PR#3347
      Fixes to host checking.
      Client-side namecheck wildcards.
      Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only
      More complete X509_check_host documentation.
      Drop hostlen from X509_VERIFY_PARAM_ID.
      X509_check_mumble() failure is <= 0, not just 0
      More complete input validation of X509_check_mumble
      Implement sk_deep_copy.
      Multiple verifier reference identities.
      Fix typo in last commit
      One more typo when changing !result to result <= 0
      New peername element in X509_VERIFY_PARAM_ID
      Set optional peername when X509_check_host() succeeds.
      Update API to use (char *) for email addresses and hostnames
      Improve X509_check_host() documentation.

Viktor Szakats (1):
      RT 1988: Add "const" to SSL_use_RSAPrivateKey_ASN1

ZNV (1):
      Make EVP_CIPHER_CTX_copy work in GCM mode.

l.montecchiani at gmail.com (1):
      RT2193: #ifdef errors in bss_dgram.c

mancha (2):
      Fix eckey_priv_encode()
      Fix version documentation.

nnposter at users.sourceforge.net (2):
      PR 718: Configure not exiting with child status
      PR 719: Configure not exiting with child status

rfkrocktk (2):
      Added documentation for -iter for PKCS#8
      Conform to whitespace conventions

stephen (5):
      external error lib number now global and allow error lib to have a name
      fix pk7_doit.c for new i2d_ASN1_SET argument
      Fix for sk_insert bug: it never worked properly.     Allow explicit tag asn macros to handle indefinite length constructed stuff:     without this certain "certificates" can't be read in.
      Update CHANGES file for latest additions
      This is a quick hack conversion of the 'CA.sh' script to perl. It fixes one     bug in the original but is otherwise just as horrible :-)

yogesh nagarkar (1):
      Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG

zhu qun-ying (1):
      Free up s->d1->buffered_app_data.q properly.


More information about the openssl-commits mailing list