type is "other".

sure the loop does correctly stop and breaking ("division by zero")
modulus operations are not performed. The (pre-generated) prime
table crypto/bn/bn_prime.h was already correct, but it could not be
re-generated on some platforms because of the "division by zero"
situation in the script.

0.9.6h forked into 0.9.6i and 0.9.7 ...

exiting on the first error in a request.

one, as required by SSL/TLS specs.

Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller

add code for kP+lQ timings

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Reviewed by: Bodo Moeller

PR: 659

typo in 0.9.6k section

PR: 587

crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.

that uses them that I'll commit in a few days.

returns an index.

flags.

the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.

subject.

enable it automatically for the built-in engine

applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.

dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).

This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.

PR: 507

- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary