Previously RAND_get_rand_method was returning a non-const pointer, but it
should be const. As with all other such cases, METHOD pointers are stored and
returned as "const". The only methods one should be able to alter are methods
"local" to the relevant code, in which case a non-const handle to the methods
should already exist.

This change has been forced by the constifying of the ENGINE code (before
which RAND_METHOD was the only method pointer in an ENGINE structure that was
not constant).

ENGINE handler functions should take the ENGINE structure as a parameter -
this is because ENGINE structures can be copied, and like other
structure/method setups in OpenSSL, it should be possible for init(),
finish(), ctrl(), etc to adjust state inside the ENGINE structures rather
than globally. This commit includes the dependant changes in the ENGINE
implementations.

Previous changes permanently removed the commented-out old code for where
it was possible to create and use an ENGINE statically, and this code gets
rid of the ENGINE_FLAGS_MALLOCED flag that supported the distinction with
dynamically allocated ENGINEs. It also moves the area for ENGINE_FLAGS_***
values from engine_int.h to engine.h - because it should be possible to
declare ENGINEs just from declarations in exported headers.

* Constify the get/set functions, and add some that functions were missing.

* Add a new 'ENGINE_cpy()' function that will produce a new ENGINE based
  copied from an original (except for the references, ie. the new copy will
  be like an ENGINE returned from 'ENGINE_new()' - a structural reference).

* Removed the "null parameter" checking in the get/set functions - it is
  legitimate to set NULL values as a way of *changing* an ENGINE (ie.
  removing a handler that previously existed). Also, passing a NULL pointer
  for an ENGINE is obviously wrong for these functions, so don't bother
  checking for it. The result is a number of error codes and strings could
  be removed.

to ENGINE_free(). Also, remove "#if 0" code that has no useful future.

(follows from technical discussion with Amit Chopra <amitc@pspl.co.in>).

to subjectAltName when signing a certificate.

extension instead of just copying it.  That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.

verified by looking at 'diff -u ../openssl-0.9.6a/CHANGES CHANGES')

0.9.5 is obsolete, so we don't have to discuss its 'openssl rsa'
seeding bug.

are however still common and are solved by checking config.log.

Ultra-Sparcs (both 32-bit and 64-bit compilations)

also 'test' appears to be available as '[' only in 'if' conditions.

Protect against future mistakes with an assert().

Spotted by Harald Koch <chk@pobox.com>

(we don't have an ASN1_TEMPLATE to complain about at this stage,
so  errtt == NULL  should be OK)

(provided by Stephen)