"ERR_load_strings" function.

      [DR]SA_up  =>  [DR]SA_up_ref

(by using new BN_pseudo_rand_range function)

is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined

Henson). Also, reverse a previous change that used an implicit function
pointer cast rather than an explicit data pointer cast in the STACK cleanup
code.

See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.

Currently, this change merely addresses where ex_data indexes are stored
and managed, and thus fixes the thread-safety issues that existed at that
level. "Class" code (eg. RSA, DSA, etc) no longer store their own STACKS
and per-class index counters - all such data is stored inside ex_data.c. So
rather than passing both STACK+counter to index-management ex_data
functions, a 'class_index' is instead passed to indicate the class (eg.
CRYPTO_EX_INDEX_RSA). New classes can be dynamically registered on-the-fly
and this is also thread-safe inside ex_data.c (though whether the caller
manages the return value in a thread-safe way is not addressed).

This does not change the "get/set" functions on individual "ex_data"
structures, and so thread-safety at that level isn't (yet) assured.
Likewise, the method of getting and storing per-class indexes has not
changed, so locking may still be required at the "caller" end but is
nonetheless thread-safe ins...

Submitted by: "Brian Havard" <brianh@kheldar.apana.org.au>

-mcpu=i486 is new as of gcc 2.95, and if you have that, you wouldn't
want to optimize for 486 anyway.

this construct, and Ulf provided the following insight as to why;

> ANSI C compliant compilers must substitute "??)" for "]" because your
> terminal might not have a "]" key if you bought it in the early 1970s.

So we escape the final '?' to avoid this pathological case.

leave memory debugging turned off.
[Spotted by Götz Babin-Ebell]

leak.

error strings and a hash table storing per-thread error state) go via an
ERR_FNS function table. The first time an ERR operation occurs, the
implementation that will be used (from then on) is set to the internal
"defaults" implementation if it has not already been set. The actual LHASH
tables are only accessed by this implementation.

This is primarily for modules that can be loaded at run-time and bound into
an application (or a shared-library version of OpenSSL). If the module has
its own statically-linked copy of OpenSSL code - this mechanism allows it
to *not* create and use ERR information in its own linked "ERR" code, but
instead to use and interact with the state stored in the loader
(application or shared library). The loader calls ERR_get_implementation()
and the return value is what the module should use when calling its own
copy of ERR_set_implementation().

counts in DH, DSA, and RSA structures. Instead they use the new "***_up()"
functions that handle this.

dependant code has to directly increment the "references" value of each
such structure using the corresponding lock. Apart from code duplication,
this provided no "REF_CHECK/REF_PRINT" checking and violated
encapsulation.

(found by Massimiliano Pala <madwolf@hackmasters.net>).

connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.