applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.

dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).

This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.

PR: 507

- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary

the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)

rearrange some of the other text for better readability.

when reading from a non blocking BIO.

It would incorrectly interpret retries as EOF, incorrectly
buffer initial data and have no buffering at all after initial
data (data would be sent one byte at a time to EVP_DecodeUpdate).

An advisory will be posted to the web.  Expect a release within the hour.

PR: 454

applications, at least on the platforms where it's known how
to do it.

Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others.  Additionally, it's not yet
supported on the following platforms, for lack of information:

Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX

Please help out with testing and the platforms we don't yet know well
enough.

mit_des_cbc_cksum().  The difference was first observed, then verified by
looking at the MIT source.

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller

PR: 287

where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.

Submitted by: Nils Larsch <nla@trustcenter.de>

PR: 459

PR: 377

override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.

Add specific support for FreeBSD on sparc64.
PR: 427

Add instructions in INSTALL, for easy access.
PR: 437

It's even more silly to pretend we know which year 0.9.8 will be
released.

PR: 377

and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...

callbacks

engine work properly even in bad situations.

ZLIB a known compression method, with the identity 1.

key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.