- update from current 0.9.7-stable CHANGES file:

  Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
  that all patches mentioned for 0.9.7d and 0.9.7e actually are
  in the CVS HEAD, i.e. what is to become 0.9.8.

  I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
  so that it explains the earlier change that is now listed (0.9.7e).

  The ENGINE_set_default typo bug entry has been moved from 0.9.8
  to 0.9.7b, which is where it belongs.

especially for AIX. But most important BIGNUM assembler implementation
submitted by IBM.

Submitted by: Peter Waltenberg <pwalten@au1.ibm.com>
Reviewed by: appro

additional contexts.

small key sizes seems to result from the code continually regenerating the
same prime value once the range is small enough. From my tests, this change
fixes the problem by setting an escape velocity of 3 repeats for the second
of the two primes.

PR: 874

proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe

PR:870

0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine
variant).

some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.

serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.

initial serial numbers.

PR: 842

days...  A little too much for my tests, currently...

else then at least so bc doesn't have problems parsing the output from
bntest :-).

consolidated these prior to committing).

dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies
being reproduced for "deprecated" header behaviour when a developer doesn't
define the symbol (with the subsequent CVS wars that can ensue).

tree. This further reduces header interdependencies, and makes some
associated cleanups.

changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.

make update

available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if libcrypto.so is linked with
-Bsymbolic (which it is).

appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700

make update

verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.