Import OpenSSL 0.9.8l
authorUser <aoiko@clone27.cslab.ece.ntua.gr>
Fri, 6 Nov 2009 18:43:50 +0000 (18:43 +0000)
committerUser <aoiko@clone27.cslab.ece.ntua.gr>
Fri, 6 Nov 2009 18:43:50 +0000 (18:43 +0000)
Disables renegotiation to workaround CVE-2009-3555.

1095 files changed:
crypto/openssl/CHANGES [new file with mode: 0644]
crypto/openssl/FAQ [new file with mode: 0644]
crypto/openssl/LICENSE [new file with mode: 0644]
crypto/openssl/NEWS [new file with mode: 0644]
crypto/openssl/PROBLEMS [new file with mode: 0644]
crypto/openssl/README [new file with mode: 0644]
crypto/openssl/README.ASN1 [new file with mode: 0644]
crypto/openssl/README.DELETED [new file with mode: 0644]
crypto/openssl/README.DRAGONFLY [new file with mode: 0644]
crypto/openssl/README.ENGINE [new file with mode: 0644]
crypto/openssl/apps/CA.pl [new file with mode: 0644]
crypto/openssl/apps/CA.sh [new file with mode: 0644]
crypto/openssl/apps/app_rand.c [new file with mode: 0644]
crypto/openssl/apps/apps.c [new file with mode: 0644]
crypto/openssl/apps/apps.h [new file with mode: 0644]
crypto/openssl/apps/asn1pars.c [new file with mode: 0644]
crypto/openssl/apps/ca.c [new file with mode: 0644]
crypto/openssl/apps/ciphers.c [new file with mode: 0644]
crypto/openssl/apps/cms.c [new file with mode: 0644]
crypto/openssl/apps/crl.c [new file with mode: 0644]
crypto/openssl/apps/crl2p7.c [new file with mode: 0644]
crypto/openssl/apps/dgst.c [new file with mode: 0644]
crypto/openssl/apps/dh.c [new file with mode: 0644]
crypto/openssl/apps/dhparam.c [new file with mode: 0644]
crypto/openssl/apps/dsa.c [new file with mode: 0644]
crypto/openssl/apps/dsaparam.c [new file with mode: 0644]
crypto/openssl/apps/ec.c [new file with mode: 0644]
crypto/openssl/apps/ecparam.c [new file with mode: 0644]
crypto/openssl/apps/enc.c [new file with mode: 0644]
crypto/openssl/apps/engine.c [new file with mode: 0644]
crypto/openssl/apps/errstr.c [new file with mode: 0644]
crypto/openssl/apps/gendh.c [new file with mode: 0644]
crypto/openssl/apps/gendsa.c [new file with mode: 0644]
crypto/openssl/apps/genrsa.c [new file with mode: 0644]
crypto/openssl/apps/nseq.c [new file with mode: 0644]
crypto/openssl/apps/ocsp.c [new file with mode: 0644]
crypto/openssl/apps/openssl.c [new file with mode: 0644]
crypto/openssl/apps/openssl.cnf [new file with mode: 0644]
crypto/openssl/apps/passwd.c [new file with mode: 0644]
crypto/openssl/apps/pkcs12.c [new file with mode: 0644]
crypto/openssl/apps/pkcs7.c [new file with mode: 0644]
crypto/openssl/apps/pkcs8.c [new file with mode: 0644]
crypto/openssl/apps/prime.c [new file with mode: 0644]
crypto/openssl/apps/progs.h [new file with mode: 0644]
crypto/openssl/apps/rand.c [new file with mode: 0644]
crypto/openssl/apps/req.c [new file with mode: 0644]
crypto/openssl/apps/rsa.c [new file with mode: 0644]
crypto/openssl/apps/rsautl.c [new file with mode: 0644]
crypto/openssl/apps/s_apps.h [new file with mode: 0644]
crypto/openssl/apps/s_cb.c [new file with mode: 0644]
crypto/openssl/apps/s_client.c [new file with mode: 0644]
crypto/openssl/apps/s_server.c [new file with mode: 0644]
crypto/openssl/apps/s_socket.c [new file with mode: 0644]
crypto/openssl/apps/s_time.c [new file with mode: 0644]
crypto/openssl/apps/sess_id.c [new file with mode: 0644]
crypto/openssl/apps/smime.c [new file with mode: 0644]
crypto/openssl/apps/speed.c [new file with mode: 0644]
crypto/openssl/apps/spkac.c [new file with mode: 0644]
crypto/openssl/apps/testdsa.h [new file with mode: 0644]
crypto/openssl/apps/testrsa.h [new file with mode: 0644]
crypto/openssl/apps/timeouts.h [new file with mode: 0644]
crypto/openssl/apps/verify.c [new file with mode: 0644]
crypto/openssl/apps/version.c [new file with mode: 0644]
crypto/openssl/apps/x509.c [new file with mode: 0644]
crypto/openssl/crypto/LPdir_unix.c [new file with mode: 0644]
crypto/openssl/crypto/aes/README [new file with mode: 0644]
crypto/openssl/crypto/aes/aes.h [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_cbc.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_cfb.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_core.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_ctr.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_ecb.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_ige.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_locl.h [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_misc.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_ofb.c [new file with mode: 0644]
crypto/openssl/crypto/aes/aes_wrap.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_bitstr.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_bool.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_bytes.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_d2i_fp.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_digest.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_dup.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_enum.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_gentm.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_hdr.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_i2d_fp.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_int.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_mbstr.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_meth.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_object.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_octet.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_print.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_set.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_sign.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_strex.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_strnid.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_time.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_type.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_utctm.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_utf8.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/a_verify.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn1.h [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn1_err.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn1_gen.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn1_lib.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn1_mac.h [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn1_par.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn1t.h [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn_mime.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn_moid.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/asn_pack.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/charmap.h [new file with mode: 0644]
crypto/openssl/crypto/asn1/d2i_pr.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/d2i_pu.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/evp_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/f_enum.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/f_int.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/f_string.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/i2d_pr.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/i2d_pu.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/n_pkey.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/nsseq.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/p5_pbe.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/p5_pbev2.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/p8_pkey.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/t_bitst.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/t_crl.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/t_pkey.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/t_req.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/t_spki.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/t_x509.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/t_x509a.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/tasn_dec.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/tasn_enc.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/tasn_fre.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/tasn_new.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/tasn_typ.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/tasn_utl.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_algor.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_attrib.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_bignum.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_crl.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_exten.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_info.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_long.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_name.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_pkey.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_pubkey.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_req.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_sig.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_spki.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_val.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_x509.c [new file with mode: 0644]
crypto/openssl/crypto/asn1/x_x509a.c [new file with mode: 0644]
crypto/openssl/crypto/bf/COPYRIGHT [new file with mode: 0644]
crypto/openssl/crypto/bf/README [new file with mode: 0644]
crypto/openssl/crypto/bf/VERSION [new file with mode: 0644]
crypto/openssl/crypto/bf/bf_cfb64.c [new file with mode: 0644]
crypto/openssl/crypto/bf/bf_ecb.c [new file with mode: 0644]
crypto/openssl/crypto/bf/bf_enc.c [new file with mode: 0644]
crypto/openssl/crypto/bf/bf_locl.h [new file with mode: 0644]
crypto/openssl/crypto/bf/bf_ofb64.c [new file with mode: 0644]
crypto/openssl/crypto/bf/bf_pi.h [new file with mode: 0644]
crypto/openssl/crypto/bf/bf_skey.c [new file with mode: 0644]
crypto/openssl/crypto/bf/blowfish.h [new file with mode: 0644]
crypto/openssl/crypto/bio/b_dump.c [new file with mode: 0644]
crypto/openssl/crypto/bio/b_print.c [new file with mode: 0644]
crypto/openssl/crypto/bio/b_sock.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bf_buff.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bf_lbuf.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bf_nbio.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bf_null.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bio.h [new file with mode: 0644]
crypto/openssl/crypto/bio/bio_cb.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bio_err.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bio_lcl.h [new file with mode: 0644]
crypto/openssl/crypto/bio/bio_lib.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_acpt.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_bio.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_conn.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_dgram.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_fd.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_file.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_log.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_mem.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_null.c [new file with mode: 0644]
crypto/openssl/crypto/bio/bss_sock.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn.h [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_add.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_asm.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_blind.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_const.c [new file with mode: 0755]
crypto/openssl/crypto/bn/bn_ctx.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_depr.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_div.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_err.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_exp.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_exp2.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_gcd.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_gf2m.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_kron.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_lcl.h [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_lib.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_mod.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_mont.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_mpi.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_mul.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_nist.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_opt.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_prime.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_prime.h [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_print.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_rand.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_recp.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_shift.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_sqr.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_sqrt.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_word.c [new file with mode: 0644]
crypto/openssl/crypto/bn/bn_x931p.c [new file with mode: 0644]
crypto/openssl/crypto/bn/todo [new file with mode: 0644]
crypto/openssl/crypto/buffer/buf_err.c [new file with mode: 0644]
crypto/openssl/crypto/buffer/buf_str.c [new file with mode: 0644]
crypto/openssl/crypto/buffer/buffer.c [new file with mode: 0644]
crypto/openssl/crypto/buffer/buffer.h [new file with mode: 0644]
crypto/openssl/crypto/camellia/camellia.c [new file with mode: 0644]
crypto/openssl/crypto/camellia/camellia.h [new file with mode: 0644]
crypto/openssl/crypto/camellia/cmll_cbc.c [new file with mode: 0644]
crypto/openssl/crypto/camellia/cmll_cfb.c [new file with mode: 0644]
crypto/openssl/crypto/camellia/cmll_ctr.c [new file with mode: 0644]
crypto/openssl/crypto/camellia/cmll_ecb.c [new file with mode: 0644]
crypto/openssl/crypto/camellia/cmll_locl.h [new file with mode: 0644]
crypto/openssl/crypto/camellia/cmll_misc.c [new file with mode: 0644]
crypto/openssl/crypto/camellia/cmll_ofb.c [new file with mode: 0644]
crypto/openssl/crypto/cast/c_cfb64.c [new file with mode: 0644]
crypto/openssl/crypto/cast/c_ecb.c [new file with mode: 0644]
crypto/openssl/crypto/cast/c_enc.c [new file with mode: 0644]
crypto/openssl/crypto/cast/c_ofb64.c [new file with mode: 0644]
crypto/openssl/crypto/cast/c_skey.c [new file with mode: 0644]
crypto/openssl/crypto/cast/cast.h [new file with mode: 0644]
crypto/openssl/crypto/cast/cast_lcl.h [new file with mode: 0644]
crypto/openssl/crypto/cast/cast_s.h [new file with mode: 0644]
crypto/openssl/crypto/cms/cms.h [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_att.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_cd.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_dd.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_enc.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_env.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_err.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_ess.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_io.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_lcl.h [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_lib.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_sd.c [new file with mode: 0644]
crypto/openssl/crypto/cms/cms_smime.c [new file with mode: 0644]
crypto/openssl/crypto/comp/c_rle.c [new file with mode: 0644]
crypto/openssl/crypto/comp/c_zlib.c [new file with mode: 0644]
crypto/openssl/crypto/comp/comp.h [new file with mode: 0644]
crypto/openssl/crypto/comp/comp_err.c [new file with mode: 0644]
crypto/openssl/crypto/comp/comp_lib.c [new file with mode: 0644]
crypto/openssl/crypto/conf/README [new file with mode: 0644]
crypto/openssl/crypto/conf/conf.h [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_api.c [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_api.h [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_def.c [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_def.h [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_err.c [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_lib.c [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_mall.c [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_mod.c [new file with mode: 0644]
crypto/openssl/crypto/conf/conf_sap.c [new file with mode: 0644]
crypto/openssl/crypto/cpt_err.c [new file with mode: 0644]
crypto/openssl/crypto/cryptlib.c [new file with mode: 0644]
crypto/openssl/crypto/cryptlib.h [new file with mode: 0644]
crypto/openssl/crypto/crypto.h [new file with mode: 0644]
crypto/openssl/crypto/cversion.c [new file with mode: 0644]
crypto/openssl/crypto/des/COPYRIGHT [new file with mode: 0644]
crypto/openssl/crypto/des/README [new file with mode: 0644]
crypto/openssl/crypto/des/VERSION [new file with mode: 0644]
crypto/openssl/crypto/des/cbc3_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/cbc_cksm.c [new file with mode: 0644]
crypto/openssl/crypto/des/cbc_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/cfb64ede.c [new file with mode: 0644]
crypto/openssl/crypto/des/cfb64enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/cfb_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/des.h [new file with mode: 0644]
crypto/openssl/crypto/des/des_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/des_lib.c [new file with mode: 0644]
crypto/openssl/crypto/des/des_locl.h [new file with mode: 0644]
crypto/openssl/crypto/des/des_old.c [new file with mode: 0644]
crypto/openssl/crypto/des/des_old.h [new file with mode: 0644]
crypto/openssl/crypto/des/des_old2.c [new file with mode: 0644]
crypto/openssl/crypto/des/des_ver.h [new file with mode: 0644]
crypto/openssl/crypto/des/ecb3_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/ecb_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/ede_cbcm_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/enc_read.c [new file with mode: 0644]
crypto/openssl/crypto/des/enc_writ.c [new file with mode: 0644]
crypto/openssl/crypto/des/fcrypt.c [new file with mode: 0644]
crypto/openssl/crypto/des/fcrypt_b.c [new file with mode: 0644]
crypto/openssl/crypto/des/ncbc_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/ofb64ede.c [new file with mode: 0644]
crypto/openssl/crypto/des/ofb64enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/ofb_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/pcbc_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/qud_cksm.c [new file with mode: 0644]
crypto/openssl/crypto/des/rand_key.c [new file with mode: 0644]
crypto/openssl/crypto/des/read2pwd.c [new file with mode: 0644]
crypto/openssl/crypto/des/rpc_des.h [new file with mode: 0644]
crypto/openssl/crypto/des/rpc_enc.c [new file with mode: 0644]
crypto/openssl/crypto/des/set_key.c [new file with mode: 0644]
crypto/openssl/crypto/des/spr.h [new file with mode: 0644]
crypto/openssl/crypto/des/str2key.c [new file with mode: 0644]
crypto/openssl/crypto/des/xcbc_enc.c [new file with mode: 0644]
crypto/openssl/crypto/dh/dh.h [new file with mode: 0644]
crypto/openssl/crypto/dh/dh_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/dh/dh_check.c [new file with mode: 0644]
crypto/openssl/crypto/dh/dh_depr.c [new file with mode: 0644]
crypto/openssl/crypto/dh/dh_err.c [new file with mode: 0644]
crypto/openssl/crypto/dh/dh_gen.c [new file with mode: 0644]
crypto/openssl/crypto/dh/dh_key.c [new file with mode: 0644]
crypto/openssl/crypto/dh/dh_lib.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/README [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa.h [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_depr.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_err.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_gen.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_key.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_lib.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_ossl.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_sign.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_utl.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/dsa_vrf.c [new file with mode: 0644]
crypto/openssl/crypto/dsa/fips186a.txt [new file with mode: 0644]
crypto/openssl/crypto/dso/README [new file with mode: 0644]
crypto/openssl/crypto/dso/dso.h [new file with mode: 0644]
crypto/openssl/crypto/dso/dso_dl.c [new file with mode: 0644]
crypto/openssl/crypto/dso/dso_dlfcn.c [new file with mode: 0644]
crypto/openssl/crypto/dso/dso_err.c [new file with mode: 0644]
crypto/openssl/crypto/dso/dso_lib.c [new file with mode: 0644]
crypto/openssl/crypto/dso/dso_null.c [new file with mode: 0644]
crypto/openssl/crypto/dso/dso_openssl.c [new file with mode: 0644]
crypto/openssl/crypto/dyn_lck.c [new file with mode: 0644]
crypto/openssl/crypto/ebcdic.c [new file with mode: 0644]
crypto/openssl/crypto/ebcdic.h [new file with mode: 0644]
crypto/openssl/crypto/ec/ec.h [new file with mode: 0644]
crypto/openssl/crypto/ec/ec2_mult.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec2_smpl.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec2_smpt.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_check.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_curve.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_cvt.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_err.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_key.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_lcl.h [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_lib.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_mult.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ec_print.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ecp_mont.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ecp_nist.c [new file with mode: 0644]
crypto/openssl/crypto/ec/ecp_smpl.c [new file with mode: 0644]
crypto/openssl/crypto/ecdh/ecdh.h [new file with mode: 0644]
crypto/openssl/crypto/ecdh/ech_err.c [new file with mode: 0644]
crypto/openssl/crypto/ecdh/ech_key.c [new file with mode: 0644]
crypto/openssl/crypto/ecdh/ech_lib.c [new file with mode: 0644]
crypto/openssl/crypto/ecdh/ech_locl.h [new file with mode: 0644]
crypto/openssl/crypto/ecdh/ech_ossl.c [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecdsa.h [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecs_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecs_err.c [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecs_lib.c [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecs_locl.h [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecs_ossl.c [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecs_sign.c [new file with mode: 0644]
crypto/openssl/crypto/ecdsa/ecs_vrf.c [new file with mode: 0644]
crypto/openssl/crypto/engine/README [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_all.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_cnf.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_cryptodev.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_ctrl.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_dyn.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_err.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_fat.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_init.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_int.h [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_lib.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_list.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_openssl.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_padlock.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_pkey.c [new file with mode: 0644]
crypto/openssl/crypto/engine/eng_table.c [new file with mode: 0644]
crypto/openssl/crypto/engine/engine.h [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_cipher.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_dh.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_digest.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_dsa.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_ecdh.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_ecdsa.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_rand.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_rsa.c [new file with mode: 0644]
crypto/openssl/crypto/engine/tb_store.c [new file with mode: 0644]
crypto/openssl/crypto/err/err.c [new file with mode: 0644]
crypto/openssl/crypto/err/err.h [new file with mode: 0644]
crypto/openssl/crypto/err/err_all.c [new file with mode: 0644]
crypto/openssl/crypto/err/err_bio.c [new file with mode: 0644]
crypto/openssl/crypto/err/err_def.c [new file with mode: 0644]
crypto/openssl/crypto/err/err_prn.c [new file with mode: 0644]
crypto/openssl/crypto/err/err_str.c [new file with mode: 0644]
crypto/openssl/crypto/evp/bio_b64.c [new file with mode: 0644]
crypto/openssl/crypto/evp/bio_enc.c [new file with mode: 0644]
crypto/openssl/crypto/evp/bio_md.c [new file with mode: 0644]
crypto/openssl/crypto/evp/bio_ok.c [new file with mode: 0644]
crypto/openssl/crypto/evp/c_all.c [new file with mode: 0644]
crypto/openssl/crypto/evp/c_allc.c [new file with mode: 0644]
crypto/openssl/crypto/evp/c_alld.c [new file with mode: 0644]
crypto/openssl/crypto/evp/dig_eng.c [new file with mode: 0644]
crypto/openssl/crypto/evp/digest.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_aes.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_bf.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_camellia.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_cast.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_des.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_des3.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_idea.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_null.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_rc2.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_rc4.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_rc5.c [new file with mode: 0644]
crypto/openssl/crypto/evp/e_xcbc_d.c [new file with mode: 0644]
crypto/openssl/crypto/evp/enc_min.c [new file with mode: 0644]
crypto/openssl/crypto/evp/encode.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp.h [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_acnf.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_cnf.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_enc.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_err.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_key.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_lib.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_locl.h [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_pbe.c [new file with mode: 0644]
crypto/openssl/crypto/evp/evp_pkey.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_dss.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_dss1.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_ecdsa.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_md2.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_md4.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_md5.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_mdc2.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_null.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_ripemd.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_sha.c [new file with mode: 0644]
crypto/openssl/crypto/evp/m_sha1.c [new file with mode: 0644]
crypto/openssl/crypto/evp/names.c [new file with mode: 0644]
crypto/openssl/crypto/evp/openbsd_hw.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p5_crpt.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p5_crpt2.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p_dec.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p_enc.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p_lib.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p_open.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p_seal.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p_sign.c [new file with mode: 0644]
crypto/openssl/crypto/evp/p_verify.c [new file with mode: 0644]
crypto/openssl/crypto/ex_data.c [new file with mode: 0644]
crypto/openssl/crypto/fips_err.c [new file with mode: 0644]
crypto/openssl/crypto/fips_err.h [new file with mode: 0644]
crypto/openssl/crypto/hmac/hmac.c [new file with mode: 0644]
crypto/openssl/crypto/hmac/hmac.h [new file with mode: 0644]
crypto/openssl/crypto/idea/i_cbc.c [new file with mode: 0644]
crypto/openssl/crypto/idea/i_cfb64.c [new file with mode: 0644]
crypto/openssl/crypto/idea/i_ecb.c [new file with mode: 0644]
crypto/openssl/crypto/idea/i_ofb64.c [new file with mode: 0644]
crypto/openssl/crypto/idea/i_skey.c [new file with mode: 0644]
crypto/openssl/crypto/idea/idea.h [new file with mode: 0644]
crypto/openssl/crypto/idea/idea_lcl.h [new file with mode: 0644]
crypto/openssl/crypto/idea/version [new file with mode: 0644]
crypto/openssl/crypto/krb5/krb5_asn.c [new file with mode: 0644]
crypto/openssl/crypto/krb5/krb5_asn.h [new file with mode: 0644]
crypto/openssl/crypto/lhash/lh_stats.c [new file with mode: 0644]
crypto/openssl/crypto/lhash/lhash.c [new file with mode: 0644]
crypto/openssl/crypto/lhash/lhash.h [new file with mode: 0644]
crypto/openssl/crypto/md2/md2.h [new file with mode: 0644]
crypto/openssl/crypto/md2/md2_dgst.c [new file with mode: 0644]
crypto/openssl/crypto/md2/md2_one.c [new file with mode: 0644]
crypto/openssl/crypto/md32_common.h [new file with mode: 0644]
crypto/openssl/crypto/md4/md4.h [new file with mode: 0644]
crypto/openssl/crypto/md4/md4_dgst.c [new file with mode: 0644]
crypto/openssl/crypto/md4/md4_locl.h [new file with mode: 0644]
crypto/openssl/crypto/md4/md4_one.c [new file with mode: 0644]
crypto/openssl/crypto/md5/md5.h [new file with mode: 0644]
crypto/openssl/crypto/md5/md5_dgst.c [new file with mode: 0644]
crypto/openssl/crypto/md5/md5_locl.h [new file with mode: 0644]
crypto/openssl/crypto/md5/md5_one.c [new file with mode: 0644]
crypto/openssl/crypto/mdc2/mdc2.h [new file with mode: 0644]
crypto/openssl/crypto/mdc2/mdc2_one.c [new file with mode: 0644]
crypto/openssl/crypto/mdc2/mdc2dgst.c [new file with mode: 0644]
crypto/openssl/crypto/mem.c [new file with mode: 0644]
crypto/openssl/crypto/mem_clr.c [new file with mode: 0644]
crypto/openssl/crypto/mem_dbg.c [new file with mode: 0644]
crypto/openssl/crypto/o_dir.c [new file with mode: 0644]
crypto/openssl/crypto/o_dir.h [new file with mode: 0644]
crypto/openssl/crypto/o_init.c [new file with mode: 0644]
crypto/openssl/crypto/o_time.c [new file with mode: 0644]
crypto/openssl/crypto/o_time.h [new file with mode: 0644]
crypto/openssl/crypto/objects/o_names.c [new file with mode: 0644]
crypto/openssl/crypto/objects/obj_dat.c [new file with mode: 0644]
crypto/openssl/crypto/objects/obj_dat.h [new file with mode: 0644]
crypto/openssl/crypto/objects/obj_err.c [new file with mode: 0644]
crypto/openssl/crypto/objects/obj_lib.c [new file with mode: 0644]
crypto/openssl/crypto/objects/obj_mac.h [new file with mode: 0644]
crypto/openssl/crypto/objects/objects.README [new file with mode: 0644]
crypto/openssl/crypto/objects/objects.h [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp.h [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_asn.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_cl.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_err.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_ext.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_ht.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_lib.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_prn.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_srv.c [new file with mode: 0644]
crypto/openssl/crypto/ocsp/ocsp_vfy.c [new file with mode: 0644]
crypto/openssl/crypto/opensslv.h [new file with mode: 0644]
crypto/openssl/crypto/ossl_typ.h [new file with mode: 0644]
crypto/openssl/crypto/pem/message [new file with mode: 0644]
crypto/openssl/crypto/pem/pem.h [new file with mode: 0644]
crypto/openssl/crypto/pem/pem2.h [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_all.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_err.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_info.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_lib.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_oth.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_pk8.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_pkey.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_seal.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_sign.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_x509.c [new file with mode: 0644]
crypto/openssl/crypto/pem/pem_xaux.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_add.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_asn.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_attr.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_crpt.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_crt.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_decr.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_init.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_key.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_kiss.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_mutl.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_npas.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_p8d.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_p8e.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/p12_utl.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/pk12err.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs12/pkcs12.h [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/doc [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/example.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pk7_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pk7_attr.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pk7_dgst.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pk7_doit.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pk7_lib.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pk7_mime.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pk7_smime.c [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pkcs7.h [new file with mode: 0644]
crypto/openssl/crypto/pkcs7/pkcs7err.c [new file with mode: 0644]
crypto/openssl/crypto/pqueue/pq_compat.h [new file with mode: 0644]
crypto/openssl/crypto/pqueue/pq_test.c [new file with mode: 0644]
crypto/openssl/crypto/pqueue/pqueue.c [new file with mode: 0644]
crypto/openssl/crypto/pqueue/pqueue.h [new file with mode: 0644]
crypto/openssl/crypto/rand/md_rand.c [new file with mode: 0644]
crypto/openssl/crypto/rand/rand.h [new file with mode: 0644]
crypto/openssl/crypto/rand/rand_egd.c [new file with mode: 0644]
crypto/openssl/crypto/rand/rand_eng.c [new file with mode: 0644]
crypto/openssl/crypto/rand/rand_err.c [new file with mode: 0644]
crypto/openssl/crypto/rand/rand_lcl.h [new file with mode: 0644]
crypto/openssl/crypto/rand/rand_lib.c [new file with mode: 0644]
crypto/openssl/crypto/rand/rand_nw.c [new file with mode: 0644]
crypto/openssl/crypto/rand/rand_unix.c [new file with mode: 0644]
crypto/openssl/crypto/rand/randfile.c [new file with mode: 0644]
crypto/openssl/crypto/rc2/rc2.h [new file with mode: 0644]
crypto/openssl/crypto/rc2/rc2_cbc.c [new file with mode: 0644]
crypto/openssl/crypto/rc2/rc2_ecb.c [new file with mode: 0644]
crypto/openssl/crypto/rc2/rc2_locl.h [new file with mode: 0644]
crypto/openssl/crypto/rc2/rc2_skey.c [new file with mode: 0644]
crypto/openssl/crypto/rc2/rc2cfb64.c [new file with mode: 0644]
crypto/openssl/crypto/rc2/rc2ofb64.c [new file with mode: 0644]
crypto/openssl/crypto/rc2/version [new file with mode: 0644]
crypto/openssl/crypto/rc4/rc4.h [new file with mode: 0644]
crypto/openssl/crypto/rc4/rc4_enc.c [new file with mode: 0644]
crypto/openssl/crypto/rc4/rc4_fblk.c [new file with mode: 0644]
crypto/openssl/crypto/rc4/rc4_locl.h [new file with mode: 0644]
crypto/openssl/crypto/rc4/rc4_skey.c [new file with mode: 0644]
crypto/openssl/crypto/rc5/rc5.h [new file with mode: 0644]
crypto/openssl/crypto/rc5/rc5_ecb.c [new file with mode: 0644]
crypto/openssl/crypto/rc5/rc5_enc.c [new file with mode: 0644]
crypto/openssl/crypto/rc5/rc5_locl.h [new file with mode: 0644]
crypto/openssl/crypto/rc5/rc5_skey.c [new file with mode: 0644]
crypto/openssl/crypto/rc5/rc5cfb64.c [new file with mode: 0644]
crypto/openssl/crypto/rc5/rc5ofb64.c [new file with mode: 0644]
crypto/openssl/crypto/ripemd/README [new file with mode: 0644]
crypto/openssl/crypto/ripemd/ripemd.h [new file with mode: 0644]
crypto/openssl/crypto/ripemd/rmd_dgst.c [new file with mode: 0644]
crypto/openssl/crypto/ripemd/rmd_locl.h [new file with mode: 0644]
crypto/openssl/crypto/ripemd/rmd_one.c [new file with mode: 0644]
crypto/openssl/crypto/ripemd/rmdconst.h [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa.h [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_asn1.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_chk.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_depr.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_eay.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_eng.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_err.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_gen.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_lib.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_none.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_null.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_oaep.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_pk1.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_pss.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_saos.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_sign.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_ssl.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_x931.c [new file with mode: 0644]
crypto/openssl/crypto/rsa/rsa_x931g.c [new file with mode: 0644]
crypto/openssl/crypto/sha/sha.h [new file with mode: 0644]
crypto/openssl/crypto/sha/sha1_one.c [new file with mode: 0644]
crypto/openssl/crypto/sha/sha1dgst.c [new file with mode: 0644]
crypto/openssl/crypto/sha/sha256.c [new file with mode: 0644]
crypto/openssl/crypto/sha/sha512.c [new file with mode: 0644]
crypto/openssl/crypto/sha/sha_dgst.c [new file with mode: 0644]
crypto/openssl/crypto/sha/sha_locl.h [new file with mode: 0644]
crypto/openssl/crypto/sha/sha_one.c [new file with mode: 0644]
crypto/openssl/crypto/stack/safestack.h [new file with mode: 0644]
crypto/openssl/crypto/stack/stack.c [new file with mode: 0644]
crypto/openssl/crypto/stack/stack.h [new file with mode: 0644]
crypto/openssl/crypto/store/README [new file with mode: 0644]
crypto/openssl/crypto/store/store.h [new file with mode: 0644]
crypto/openssl/crypto/store/str_err.c [new file with mode: 0644]
crypto/openssl/crypto/store/str_lib.c [new file with mode: 0644]
crypto/openssl/crypto/store/str_locl.h [new file with mode: 0644]
crypto/openssl/crypto/store/str_mem.c [new file with mode: 0644]
crypto/openssl/crypto/store/str_meth.c [new file with mode: 0644]
crypto/openssl/crypto/symhacks.h [new file with mode: 0644]
crypto/openssl/crypto/threads/README [new file with mode: 0644]
crypto/openssl/crypto/threads/th-lock.c [new file with mode: 0644]
crypto/openssl/crypto/tmdiff.c [new file with mode: 0644]
crypto/openssl/crypto/tmdiff.h [new file with mode: 0644]
crypto/openssl/crypto/txt_db/txt_db.c [new file with mode: 0644]
crypto/openssl/crypto/txt_db/txt_db.h [new file with mode: 0644]
crypto/openssl/crypto/ui/ui.h [new file with mode: 0644]
crypto/openssl/crypto/ui/ui_compat.c [new file with mode: 0644]
crypto/openssl/crypto/ui/ui_compat.h [new file with mode: 0644]
crypto/openssl/crypto/ui/ui_err.c [new file with mode: 0644]
crypto/openssl/crypto/ui/ui_lib.c [new file with mode: 0644]
crypto/openssl/crypto/ui/ui_locl.h [new file with mode: 0644]
crypto/openssl/crypto/ui/ui_openssl.c [new file with mode: 0644]
crypto/openssl/crypto/ui/ui_util.c [new file with mode: 0644]
crypto/openssl/crypto/uid.c [new file with mode: 0644]
crypto/openssl/crypto/x509/by_dir.c [new file with mode: 0644]
crypto/openssl/crypto/x509/by_file.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509.h [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_att.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_cmp.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_d2.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_def.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_err.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_ext.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_lu.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_obj.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_r2x.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_req.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_set.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_trs.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_txt.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_v3.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_vfy.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_vfy.h [new file with mode: 0644]
crypto/openssl/crypto/x509/x509_vpm.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509cset.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509name.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509rset.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509spki.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x509type.c [new file with mode: 0644]
crypto/openssl/crypto/x509/x_all.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/ext_dat.h [new file with mode: 0644]
crypto/openssl/crypto/x509v3/pcy_cache.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/pcy_data.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/pcy_int.h [new file with mode: 0644]
crypto/openssl/crypto/x509v3/pcy_lib.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/pcy_map.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/pcy_node.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/pcy_tree.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_addr.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_akey.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_akeya.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_alt.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_asid.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_bcons.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_bitst.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_conf.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_cpols.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_crld.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_enum.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_extku.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_genn.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_ia5.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_info.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_int.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_lib.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_ncons.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_ocsp.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_pci.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_pcia.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_pcons.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_pku.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_pmaps.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_prn.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_purp.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_skey.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_sxnet.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3_utl.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/v3err.c [new file with mode: 0644]
crypto/openssl/crypto/x509v3/x509v3.h [new file with mode: 0644]
crypto/openssl/doc/apps/CA.pl.pod [new file with mode: 0644]
crypto/openssl/doc/apps/asn1parse.pod [new file with mode: 0644]
crypto/openssl/doc/apps/ca.pod [new file with mode: 0644]
crypto/openssl/doc/apps/ciphers.pod [new file with mode: 0644]
crypto/openssl/doc/apps/config.pod [new file with mode: 0644]
crypto/openssl/doc/apps/crl.pod [new file with mode: 0644]
crypto/openssl/doc/apps/crl2pkcs7.pod [new file with mode: 0644]
crypto/openssl/doc/apps/dgst.pod [new file with mode: 0644]
crypto/openssl/doc/apps/dhparam.pod [new file with mode: 0644]
crypto/openssl/doc/apps/dsa.pod [new file with mode: 0644]
crypto/openssl/doc/apps/dsaparam.pod [new file with mode: 0644]
crypto/openssl/doc/apps/ec.pod [new file with mode: 0644]
crypto/openssl/doc/apps/ecparam.pod [new file with mode: 0644]
crypto/openssl/doc/apps/enc.pod [new file with mode: 0644]
crypto/openssl/doc/apps/errstr.pod [new file with mode: 0644]
crypto/openssl/doc/apps/gendsa.pod [new file with mode: 0644]
crypto/openssl/doc/apps/genrsa.pod [new file with mode: 0644]
crypto/openssl/doc/apps/nseq.pod [new file with mode: 0644]
crypto/openssl/doc/apps/ocsp.pod [new file with mode: 0644]
crypto/openssl/doc/apps/openssl.pod [new file with mode: 0644]
crypto/openssl/doc/apps/passwd.pod [new file with mode: 0644]
crypto/openssl/doc/apps/pkcs12.pod [new file with mode: 0644]
crypto/openssl/doc/apps/pkcs7.pod [new file with mode: 0644]
crypto/openssl/doc/apps/pkcs8.pod [new file with mode: 0644]
crypto/openssl/doc/apps/rand.pod [new file with mode: 0644]
crypto/openssl/doc/apps/req.pod [new file with mode: 0644]
crypto/openssl/doc/apps/rsa.pod [new file with mode: 0644]
crypto/openssl/doc/apps/rsautl.pod [new file with mode: 0644]
crypto/openssl/doc/apps/s_client.pod [new file with mode: 0644]
crypto/openssl/doc/apps/s_server.pod [new file with mode: 0644]
crypto/openssl/doc/apps/s_time.pod [new file with mode: 0644]
crypto/openssl/doc/apps/sess_id.pod [new file with mode: 0644]
crypto/openssl/doc/apps/smime.pod [new file with mode: 0644]
crypto/openssl/doc/apps/speed.pod [new file with mode: 0644]
crypto/openssl/doc/apps/spkac.pod [new file with mode: 0644]
crypto/openssl/doc/apps/verify.pod [new file with mode: 0644]
crypto/openssl/doc/apps/version.pod [new file with mode: 0644]
crypto/openssl/doc/apps/x509.pod [new file with mode: 0644]
crypto/openssl/doc/apps/x509v3_config.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ASN1_STRING_length.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ASN1_STRING_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ASN1_generate_nconf.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_ctrl.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_f_base64.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_f_buffer.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_f_cipher.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_f_md.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_f_null.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_f_ssl.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_find_type.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_push.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_read.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_accept.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_bio.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_connect.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_fd.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_file.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_mem.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_null.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_s_socket.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_set_callback.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BIO_should_retry.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_BLINDING_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_CTX_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_CTX_start.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_add.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_add_word.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_bn2bin.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_cmp.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_copy.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_generate_prime.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_mod_inverse.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_num_bytes.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_rand.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_set_bit.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_swap.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/BN_zero.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/CONF_modules_free.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/CONF_modules_load_file.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DH_generate_key.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DH_generate_parameters.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DH_get_ex_new_index.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DH_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DH_set_method.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DH_size.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_SIG_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_do_sign.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_dup_DH.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_generate_key.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_generate_parameters.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_set_method.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_sign.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/DSA_size.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_GET_LIB.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_clear_error.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_error_string.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_get_error.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_load_strings.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_print_errors.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_put_error.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_remove_state.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ERR_set_mark.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_BytesToKey.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_DigestInit.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_EncryptInit.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_OpenInit.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_PKEY_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_SealInit.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_SignInit.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/EVP_VerifyInit.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/OBJ_nid2obj.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/OPENSSL_Applink.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/OPENSSL_config.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/PKCS12_create.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/PKCS12_parse.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/PKCS7_decrypt.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/PKCS7_encrypt.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/PKCS7_sign.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/PKCS7_verify.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RAND_add.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RAND_bytes.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RAND_cleanup.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RAND_egd.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RAND_load_file.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RAND_set_rand_method.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_blinding_on.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_check_key.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_generate_key.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_print.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_private_encrypt.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_public_encrypt.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_set_method.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_sign.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/RSA_size.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/X509_NAME_print_ex.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/X509_new.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/bio.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/blowfish.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/bn.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/bn_internal.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/buffer.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/crypto.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_DHparams.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_X509.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_X509_CRL.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_X509_NAME.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_X509_REQ.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/d2i_X509_SIG.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/des.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/des_modes.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/dh.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/dsa.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ecdsa.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/engine.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/err.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/evp.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/hmac.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/lh_stats.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/lhash.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/md5.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/mdc2.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/pem.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/rand.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/rc4.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ripemd.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/rsa.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/sha.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/threads.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ui.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/ui_compat.pod [new file with mode: 0644]
crypto/openssl/doc/crypto/x509.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_add_session.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_flush_sessions.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_free.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_new.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_sess_number.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_sessions.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_options.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_SESSION_free.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_accept.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_alert_type_string.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_clear.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_connect.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_do_handshake.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_free.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_ciphers.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_current_cipher.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_default_timeout.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_error.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_fd.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_rbio.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_session.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_verify_result.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_get_version.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_library_init.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_load_client_CA_file.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_new.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_pending.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_read.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_rstate_string.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_session_reused.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_set_bio.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_set_connect_state.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_set_fd.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_set_session.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_set_shutdown.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_set_verify_result.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_shutdown.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_state_string.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_want.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/SSL_write.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod [new file with mode: 0644]
crypto/openssl/doc/ssl/ssl.pod [new file with mode: 0644]
crypto/openssl/e_os.h [new file with mode: 0644]
crypto/openssl/e_os2.h [new file with mode: 0644]
crypto/openssl/engines/e_4758cca.c [new file with mode: 0644]
crypto/openssl/engines/e_4758cca_err.c [new file with mode: 0644]
crypto/openssl/engines/e_4758cca_err.h [new file with mode: 0644]
crypto/openssl/engines/e_aep.c [new file with mode: 0644]
crypto/openssl/engines/e_aep_err.c [new file with mode: 0644]
crypto/openssl/engines/e_aep_err.h [new file with mode: 0644]
crypto/openssl/engines/e_atalla.c [new file with mode: 0644]
crypto/openssl/engines/e_atalla_err.c [new file with mode: 0644]
crypto/openssl/engines/e_atalla_err.h [new file with mode: 0644]
crypto/openssl/engines/e_chil.c [new file with mode: 0644]
crypto/openssl/engines/e_chil_err.c [new file with mode: 0644]
crypto/openssl/engines/e_chil_err.h [new file with mode: 0644]
crypto/openssl/engines/e_cswift.c [new file with mode: 0644]
crypto/openssl/engines/e_cswift_err.c [new file with mode: 0644]
crypto/openssl/engines/e_cswift_err.h [new file with mode: 0644]
crypto/openssl/engines/e_gmp.c [new file with mode: 0644]
crypto/openssl/engines/e_gmp_err.c [new file with mode: 0644]
crypto/openssl/engines/e_gmp_err.h [new file with mode: 0644]
crypto/openssl/engines/e_nuron.c [new file with mode: 0644]
crypto/openssl/engines/e_nuron_err.c [new file with mode: 0644]
crypto/openssl/engines/e_nuron_err.h [new file with mode: 0644]
crypto/openssl/engines/e_sureware.c [new file with mode: 0644]
crypto/openssl/engines/e_sureware_err.c [new file with mode: 0644]
crypto/openssl/engines/e_sureware_err.h [new file with mode: 0644]
crypto/openssl/engines/e_ubsec.c [new file with mode: 0644]
crypto/openssl/engines/e_ubsec_err.c [new file with mode: 0644]
crypto/openssl/engines/e_ubsec_err.h [new file with mode: 0644]
crypto/openssl/engines/vendor_defns/aep.h [new file with mode: 0644]
crypto/openssl/engines/vendor_defns/atalla.h [new file with mode: 0644]
crypto/openssl/engines/vendor_defns/cswift.h [new file with mode: 0644]
crypto/openssl/engines/vendor_defns/hw_4758_cca.h [new file with mode: 0644]
crypto/openssl/engines/vendor_defns/hw_ubsec.h [new file with mode: 0644]
crypto/openssl/engines/vendor_defns/hwcryptohook.h [new file with mode: 0644]
crypto/openssl/engines/vendor_defns/sureware.h [new file with mode: 0644]
crypto/openssl/ssl/bio_ssl.c [new file with mode: 0644]
crypto/openssl/ssl/d1_both.c [new file with mode: 0644]
crypto/openssl/ssl/d1_clnt.c [new file with mode: 0644]
crypto/openssl/ssl/d1_enc.c [new file with mode: 0644]
crypto/openssl/ssl/d1_lib.c [new file with mode: 0644]
crypto/openssl/ssl/d1_meth.c [new file with mode: 0644]
crypto/openssl/ssl/d1_pkt.c [new file with mode: 0644]
crypto/openssl/ssl/d1_srvr.c [new file with mode: 0644]
crypto/openssl/ssl/dtls1.h [new file with mode: 0644]
crypto/openssl/ssl/kssl.c [new file with mode: 0644]
crypto/openssl/ssl/kssl.h [new file with mode: 0644]
crypto/openssl/ssl/kssl_lcl.h [new file with mode: 0644]
crypto/openssl/ssl/s23_clnt.c [new file with mode: 0644]
crypto/openssl/ssl/s23_lib.c [new file with mode: 0644]
crypto/openssl/ssl/s23_meth.c [new file with mode: 0644]
crypto/openssl/ssl/s23_pkt.c [new file with mode: 0644]
crypto/openssl/ssl/s23_srvr.c [new file with mode: 0644]
crypto/openssl/ssl/s2_clnt.c [new file with mode: 0644]
crypto/openssl/ssl/s2_enc.c [new file with mode: 0644]
crypto/openssl/ssl/s2_lib.c [new file with mode: 0644]
crypto/openssl/ssl/s2_meth.c [new file with mode: 0644]
crypto/openssl/ssl/s2_pkt.c [new file with mode: 0644]
crypto/openssl/ssl/s2_srvr.c [new file with mode: 0644]
crypto/openssl/ssl/s3_both.c [new file with mode: 0644]
crypto/openssl/ssl/s3_clnt.c [new file with mode: 0644]
crypto/openssl/ssl/s3_enc.c [new file with mode: 0644]
crypto/openssl/ssl/s3_lib.c [new file with mode: 0644]
crypto/openssl/ssl/s3_meth.c [new file with mode: 0644]
crypto/openssl/ssl/s3_pkt.c [new file with mode: 0644]
crypto/openssl/ssl/s3_srvr.c [new file with mode: 0644]
crypto/openssl/ssl/ssl.h [new file with mode: 0644]
crypto/openssl/ssl/ssl2.h [new file with mode: 0644]
crypto/openssl/ssl/ssl23.h [new file with mode: 0644]
crypto/openssl/ssl/ssl3.h [new file with mode: 0644]
crypto/openssl/ssl/ssl_algs.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_asn1.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_cert.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_ciph.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_err.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_err2.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_lib.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_locl.h [new file with mode: 0644]
crypto/openssl/ssl/ssl_rsa.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_sess.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_stat.c [new file with mode: 0644]
crypto/openssl/ssl/ssl_txt.c [new file with mode: 0644]
crypto/openssl/ssl/t1_clnt.c [new file with mode: 0644]
crypto/openssl/ssl/t1_enc.c [new file with mode: 0644]
crypto/openssl/ssl/t1_lib.c [new file with mode: 0644]
crypto/openssl/ssl/t1_meth.c [new file with mode: 0644]
crypto/openssl/ssl/t1_srvr.c [new file with mode: 0644]
crypto/openssl/ssl/tls1.h [new file with mode: 0644]
crypto/openssl/util/extract-names.pl [new file with mode: 0644]
crypto/openssl/util/extract-section.pl [new file with mode: 0644]

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
new file mode 100644 (file)
index 0000000..3c9f51c
--- /dev/null
@@ -0,0 +1,8339 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
+ Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
+
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
+  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+     checked correctly. This would allow some invalid signed attributes to
+     appear to verify correctly. (CVE-2009-0591)
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Reject UniversalString and BMPString types with invalid lengths. This
+     prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+     a legal length. (CVE-2009-0590)
+     [Steve Henson]
+
+  *) Set S/MIME signing as the default purpose rather than setting it 
+     unconditionally. This allows applications to override it at the store
+     level.
+     [Steve Henson]
+
+  *) Permit restricted recursion of ASN1 strings. This is needed in practice
+     to handle some structures.
+     [Steve Henson]
+
+  *) Improve efficiency of mem_gets: don't search whole buffer each time
+     for a '\n'
+     [Jeremy Shapiro <jnshapir@us.ibm.com>]
+
+  *) New -hex option for openssl rand.
+     [Matthieu Herrb]
+
+  *) Print out UTF8String and NumericString when parsing ASN1.
+     [Steve Henson]
+
+  *) Support NumericString type for name components.
+     [Steve Henson]
+
+  *) Allow CC in the environment to override the automatically chosen
+     compiler. Note that nothing is done to ensure flags work with the
+     chosen compiler.
+     [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
+
+  *) Properly check EVP_VerifyFinal() and similar return values
+     (CVE-2008-5077).
+     [Ben Laurie, Bodo Moeller, Google Security Team]
+
+  *) Enable TLS extensions by default.
+     [Ben Laurie]
+
+  *) Allow the CHIL engine to be loaded, whether the application is
+     multithreaded or not. (This does not release the developer from the
+     obligation to set up the dynamic locking callbacks.)
+     [Sander Temme <sander@temme.net>]
+
+  *) Use correct exit code if there is an error in dgst command.
+     [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
+
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
+     [Ben Laurie]
+
+  *) Set the comparison function in v3_addr_canonize().
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Add support for XMPP STARTTLS in s_client.
+     [Philip Paeps <philip@freebsd.org>]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
+
+  *) The fix in 0.9.8c that supposedly got rid of unsafe
+     double-checked locking was incomplete for RSA blinding,
+     addressing just one layer of what turns out to have been
+     doubly unsafe triple-checked locking.
+
+     So now fix this for real by retiring the MONT_HELPER macro
+     in crypto/rsa/rsa_eay.c.
+
+     [Bodo Moeller; problem pointed out by Marius Schilder]
+
+  *) Various precautionary measures:
+
+     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+       (NB: This would require knowledge of the secret session ticket key
+       to exploit, in which case you'd be SOL either way.)
+
+     - Change bn_nist.c so that it will properly handle input BIGNUMs
+       outside the expected range.
+
+     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+       builds.
+
+     [Neel Mehta, Bodo Moeller]
+
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
+  *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+     [Steve Henson]
+
+  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+     [Huang Ying]
+
+  *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+     keystores. Support for SSL/TLS client authentication too.
+     Not compiled unless enable-capieng specified to Configure.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certifcate requests and PKCS#12
+     files.
+     [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h  [28 May 2008]
+
+  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+     handshake which could lead to a cilent crash as found using the
+     Codenomicon TLS test suite (CVE-2008-1672) 
+     [Steve Henson, Mark Cox]
+
+  *) Fix double free in TLS server name extensions which could lead to
+     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
+     [Joe Orton]
+
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
+  *) Remove root CA certificates of commercial CAs:
+
+     The OpenSSL project does not recommend any specific CA and does not
+     have any policy with respect to including or excluding any CA.
+     Therefore it does not make any sense to ship an arbitrary selection
+     of root CA certificates with the OpenSSL software.
+     [Lutz Jaenicke]
+
+  *) RSA OAEP patches to fix two separate invalid memory reads.
+     The first one involves inputs when 'lzero' is greater than
+     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+     before the beginning of from). The second one involves inputs where
+     the 'db' section contains nothing but zeroes (there is a one-byte
+     invalid read after the end of 'db').
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Partial backport from 0.9.9-dev:
+
+     Introduce bn_mul_mont (dedicated Montgomery multiplication
+     procedure) as a candidate for BIGNUM assembler implementation.
+     While 0.9.9-dev uses assembler for various architectures, only
+     x86_64 is available by default here in the 0.9.8 branch, and
+     32-bit x86 is available through a compile-time setting.
+
+     To try the 32-bit x86 assembler implementation, use Configure
+     option "enable-montasm" (which exists only for this backport).
+
+     As "enable-montasm" for 32-bit x86 disclaims code stability
+     anyway, in this constellation we activate additional code
+     backported from 0.9.9-dev for further performance improvements,
+     namely BN_from_montgomery_word.  (To enable this otherwise,
+     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+     [Andy Polyakov (backport partially by Bodo Moeller)]
+
+  *) Add TLS session ticket callback. This allows an application to set
+     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+     values. This is useful for key rollover for example where several key
+     sets may exist with different names.
+     [Steve Henson]
+
+  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+     This was broken until now in 0.9.8 releases, such that the only way
+     a registered ENGINE could be used (assuming it initialises
+     successfully on the host) was to explicitly set it as the default
+     for the relevant algorithms. This is in contradiction with 0.9.7
+     behaviour and the documentation. With this fix, when an ENGINE is
+     registered into a given algorithm's table of implementations, the
+     'uptodate' flag is reset so that auto-discovery will be used next
+     time a new context for that algorithm attempts to select an
+     implementation.
+     [Ian Lister (tweaked by Geoff Thorpe)]
+
+  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+     implemention in the following ways:
+
+     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+     hard coded.
+
+     Lack of BER streaming support means one pass streaming processing is
+     only supported if data is detached: setting the streaming flag is
+     ignored for embedded content.
+
+     CMS support is disabled by default and must be explicitly enabled
+     with the enable-cms configuration option.
+     [Steve Henson]
+
+  *) Update the GMP engine glue to do direct copies between BIGNUM and
+     mpz_t when openssl and GMP use the same limb size. Otherwise the
+     existing "conversion via a text string export" trick is still used.
+     [Paul Sheer <paulsheer@gmail.com>]
+
+  *) Zlib compression BIO. This is a filter BIO which compressed and
+     uncompresses any data passed through it.
+     [Steve Henson]
+
+  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+     RFC3394 compatible AES key wrapping.
+     [Steve Henson]
+
+  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+     sets string data without copying. X509_ALGOR_set0() and
+     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+     from an X509_ATTRIBUTE structure optionally checking it occurs only
+     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+     data.
+     [Steve Henson]
+
+  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+     to get the expected BN_FLG_CONSTTIME behavior.
+     [Bodo Moeller (Google)]
+  
+  *) Netware support:
+
+     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+     - added some more tests to do_tests.pl
+     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+     - various changes to netware.pl to enable gcc-cross builds on Win32
+       platform
+     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+     - various changes to fix missing prototype warnings
+     - fixed x86nasm.pl to create correct asm files for NASM COFF output
+     - added AES, WHIRLPOOL and CPUID assembler code to build files
+     - added missing AES assembler make rules to mk1mf.pl
+     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+     [Guenter Knauf <eflash@gmx.net>]
+
+  *) Implement certificate status request TLS extension defined in RFC3546.
+     A client can set the appropriate parameters and receive the encoded
+     OCSP response via a callback. A server can query the supplied parameters
+     and set the encoded OCSP response in the callback. Add simplified examples
+     to s_client and s_server.
+     [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]
+
+  *) Fix various bugs:
+     + Binary incompatibility of ssl_ctx_st structure
+     + DTLS interoperation with non-compliant servers
+     + Don't call get_session_cb() without proposed session
+     + Fix ia64 assembler code
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]
+
+  *) DTLS Handshake overhaul. There were longstanding issues with
+     OpenSSL DTLS implementation, which were making it impossible for
+     RFC 4347 compliant client to communicate with OpenSSL server.
+     Unfortunately just fixing these incompatibilities would "cut off"
+     pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+     server keeps tolerating non RFC compliant syntax. The opposite is
+     not true, 0.9.8f client can not communicate with earlier server.
+     This update even addresses CVE-2007-4995.
+     [Andy Polyakov]
+
+  *) Changes to avoid need for function casts in OpenSSL: some compilers
+     (gcc 4.2 and later) reject their use.
+     [Kurt Roeckx <kurt@roeckx.be>, Peter Hartley <pdh@utter.chaos.org.uk>,
+      Steve Henson]
+  
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecogninzed_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou, Steve Henson]
+
+  *) Add AES and SSE2 assembly language support to VC++ build.
+     [Steve Henson]
+
+  *) Mitigate attack on final subtraction in Montgomery reduction.
+     [Andy Polyakov]
+
+  *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+     (which previously caused an internal error).
+     [Bodo Moeller]
+
+  *) Squeeze another 10% out of IGE mode when in != out.
+     [Ben Laurie]
+
+  *) AES IGE mode speedup.
+     [Dean Gaudet (Google)]
+
+  *) Add the Korean symmetric 128-bit cipher SEED (see
+     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+     add SEED ciphersuites from RFC 4162:
+
+        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"
+        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"
+        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"
+        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, SEED remains excluded from compilation unless OpenSSL
+     is configured with 'enable-seed'.
+     [KISA, Bodo Moeller]
+
+  *) Mitigate branch prediction attacks, which can be practical if a
+     single processor is shared, allowing a spy process to extract
+     information.  For detailed background information, see
+     http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+     J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+     and Necessary Software Countermeasures").  The core of the change
+     are new versions BN_div_no_branch() and
+     BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+     respectively, which are slower, but avoid the security-relevant
+     conditional branches.  These are automatically called by BN_div()
+     and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+     of the input BIGNUMs.  Also, BN_is_bit_set() has been changed to
+     remove a conditional branch.
+
+     BN_FLG_CONSTTIME is the new name for the previous
+     BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+     modular exponentiation.  (Since OpenSSL 0.9.7h, setting this flag
+     in the exponent causes BN_mod_exp_mont() to use the alternative
+     implementation in BN_mod_exp_mont_consttime().)  The old name
+     remains as a deprecated alias.
+
+     Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+     RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+     constant-time implementations for more than just exponentiation.
+     Here too the old name is kept as a deprecated alias.
+
+     BN_BLINDING_new() will now use BN_dup() for the modulus so that
+     the BN_BLINDING structure gets an independent copy of the
+     modulus.  This means that the previous "BIGNUM *m" argument to
+     BN_BLINDING_new() and to BN_BLINDING_create_param() now
+     essentially becomes "const BIGNUM *m", although we can't actually
+     change this in the header file before 0.9.9.  It allows
+     RSA_setup_blinding() to use BN_with_flags() on the modulus to
+     enable BN_FLG_CONSTTIME.
+
+     [Matthew D Wood (Intel Corp)]
+
+  *) In the SSL/TLS server implementation, be strict about session ID
+     context matching (which matters if an application uses a single
+     external cache for different purposes).  Previously,
+     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+     set.  This did ensure strict client verification, but meant that,
+     with applications using a single external cache for quite
+     different requirements, clients could circumvent ciphersuite
+     restrictions for a given session ID context by starting a session
+     in a different context.
+     [Bodo Moeller]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+     not complete and could lead to a possible single byte overflow
+     (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+
+  *) Since AES128 and AES256 (and similarly Camellia128 and
+     Camellia256) share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't
+     (or if Camellia128 is available and Camellia256 isn't).
+     [Victor Duchovni]
+
+  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
+     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
+     When a point or a seed is encoded in a BIT STRING, we need to
+     prevent the removal of trailing zero bits to get the proper DER
+     encoding.  (By default, crypto/asn1/a_bitstr.c assumes the case
+     of a NamedBitList, for which trailing 0 bits need to be removed.)
+     [Bodo Moeller]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Add RFC 3779 support.
+     [Rob Austein for ARIN, Ben Laurie]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     Improve header file function name parsing.
+     [Steve Henson]
+
+  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+     or CAPABILITY handshake as required by RFCs.
+     [Goetz Babin-Ebell]
+
+ Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
+     match only those.  Before that, "AES256-SHA" would be interpreted
+     as a pattern and match "AES128-SHA" too (since AES128-SHA got
+     the same strength classification in 0.9.7h) as we currently only
+     have a single AES bit in the ciphersuite description bitmap.
+     That change, however, also applied to ciphersuite strings such as
+     "RC4-MD5" that intentionally matched multiple ciphersuites --
+     namely, SSL 2.0 ciphersuites in addition to the more common ones
+     from SSL 3.0/TLS 1.0.
+
+     So we change the selection algorithm again: Naming an explicit
+     ciphersuite selects this one ciphersuite, and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions.
+     Thus, "RC4-MD5" again will properly select both the SSL 2.0
+     ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
+
+     Since SSL 2.0 does not have any ciphersuites for which the
+     128/256 bit distinction would be relevant, this works for now.
+     The proper fix will be to use different bits for AES128 and
+     AES256, which would have avoided the problems from the beginning;
+     however, bits are scarce, so we can only do this in a new release
+     (not just a patchlevel) when we can change the SSL_CIPHER
+     definition to split the single 'unsigned long mask' bitmap into
+     multiple values to extend the available space.
+
+     [Bodo Moeller]
+
+ Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Add AES IGE and biIGE modes.
+     [Ben Laurie]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
+     [Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactivate the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+     versions), which is now available for royalty-free use
+     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+     Also, add Camellia TLS ciphersuites from RFC 4132.
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, Camellia remains excluded from compilation unless OpenSSL
+     is configured with 'enable-camellia'.
+     [NTT]
+
+  *) Disable the padding bug check when compression is in use. The padding
+     bug check assumes the first packet is of even length, this is not
+     necessarily true if compresssion is enabled and can result in false
+     positives causing handshake failure. The actual bug test is ancient
+     code so it is hoped that implementations will either have fixed it by
+     now or any which still have the bug do not support compression.
+     [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b  [04 May 2006]
+
+  *) When applying a cipher rule check to see if string match is an explicit
+     cipher suite and only match that one cipher suite if it is.
+     [Steve Henson]
+
+  *) Link in manifests for VC++ if needed.
+     [Austin Ziegler <halostatue@gmail.com>]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-12.txt with proposed changes (but without
+     TLS extensions, which are supported starting with the 0.9.9
+     branch, not in the OpenSSL 0.9.8 branch).
+     [Douglas Stebila]
+
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Fixes and enhancements to zlib compression code. We now only use
+     "zlib1.dll" and use the default __cdecl calling convention on Win32
+     to conform with the standards mentioned here:
+           http://www.zlib.net/DLL_FAQ.txt
+     Static zlib linking now works on Windows and the new --with-zlib-include
+     --with-zlib-lib options to Configure can be used to supply the location
+     of the headers and library. Gracefully handle case where zlib library
+     can't be loaded.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
+  *) Add support for building of engines under engine/ as shared libraries
+     under VC++ build system.
+     [Steve Henson]
+
+  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+     Hopefully, we will not see any false combination of paths any more.
+     [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Add two function to clear and return the verify parameter flags.
+     [Steve Henson]
+
+  *) Keep cipherlists sorted in the source instead of sorting them at
+     runtime, thus removing the need for a lock.
+     [Nils Larsch]
+
+  *) Avoid some small subgroup attacks in Diffie-Hellman.
+     [Nick Mathewson and Ben Laurie]
+
+  *) Add functions for well-known primes.
+     [Nick Mathewson]
+
+  *) Extended Windows CE support.
+     [Satoshi Nakamura and Andy Polyakov]
+
+  *) Initialize SSL_METHOD structures at compile time instead of during
+     runtime, thus removing the need for a lock.
+     [Steve Henson]
+
+  *) Make PKCS7_decrypt() work even if no certificate is supplied by
+     attempting to decrypt each encrypted key in turn. Add support to
+     smime utility.
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
+
+  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+     [Richard Levitte]
+
+  *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+     key into the same file any more.
+     [Richard Levitte]
+
+  *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+     [Andy Polyakov]
+
+  *) Add -utf8 command line and config file option to 'ca'.
+     [Stefan <stf@udoma.org]
+
+  *) Removed the macro des_crypt(), as it seems to conflict with some
+     libraries.  Use DES_crypt().
+     [Richard Levitte]
+
+  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+     involves renaming the source and generated shared-libs for
+     both. The engines will accept the corrected or legacy ids
+     ('ncipher' and '4758_cca' respectively) when binding. NB,
+     this only applies when building 'shared'.
+     [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
+
+  *) Add attribute functions to EVP_PKEY structure. Modify
+     PKCS12_create() to recognize a CSP name attribute and
+     use it. Make -CSP option work again in pkcs12 utility.
+     [Steve Henson]
+
+  *) Add new functionality to the bn blinding code:
+     - automatic re-creation of the BN_BLINDING parameters after
+       a fixed number of uses (currently 32)
+     - add new function for parameter creation
+     - introduce flags to control the update behaviour of the
+       BN_BLINDING parameters
+     - hide BN_BLINDING structure
+     Add a second BN_BLINDING slot to the RSA structure to improve
+     performance when a single RSA object is shared among several
+     threads.
+     [Nils Larsch]
+
+  *) Add support for DTLS.
+     [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
+
+  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+     [Walter Goulet]
+
+  *) Remove buggy and incompletet DH cert support from
+     ssl/ssl_rsa.c and ssl/s3_both.c
+     [Nils Larsch]
+
+  *) Use SHA-1 instead of MD5 as the default digest algorithm for
+     the apps/openssl applications.
+     [Nils Larsch]
+
+  *) Compile clean with "-Wall -Wmissing-prototypes
+     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+     DEBUG_SAFESTACK must also be set.
+     [Ben Laurie]
+
+  *) Change ./Configure so that certain algorithms can be disabled by default.
+     The new counterpiece to "no-xxx" is "enable-xxx".
+
+     The patented RC5 and MDC2 algorithms will now be disabled unless
+     "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+     (IDEA remains enabled despite being patented.  This is because IDEA
+     is frequently required for interoperability, and there is no license
+     fee for non-commercial use.  As before, "no-idea" can be used to
+     avoid this algorithm.)
+
+     [Bodo Moeller]
+
+  *) Add processing of proxy certificates (see RFC 3820).  This work was
+     sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+     EGEE (Enabling Grids for E-science in Europe).
+     [Richard Levitte]
+
+  *) RC4 performance overhaul on modern architectures/implementations, such
+     as Intel P4, IA-64 and AMD64.
+     [Andy Polyakov]
+
+  *) New utility extract-section.pl. This can be used specify an alternative
+     section number in a pod file instead of having to treat each file as
+     a separate case in Makefile. This can be done by adding two lines to the
+     pod file:
+
+     =for comment openssl_section:XXX
+
+     The blank line is mandatory.
+
+     [Steve Henson]
+
+  *) New arguments -certform, -keyform and -pass for s_client and s_server
+     to allow alternative format key and certificate files and passphrase
+     sources.
+     [Steve Henson]
+
+  *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+     update associated structures and add various utility functions.
+
+     Add new policy related verify parameters, include policy checking in 
+     standard verify code. Enhance 'smime' application with extra parameters
+     to support policy checking and print out.
+     [Steve Henson]
+
+  *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+     Nehemiah processors. These extensions support AES encryption in hardware
+     as well as RNG (though RNG support is currently disabled).
+     [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
+
+  *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+     [Geoff Thorpe]
+
+  *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+     [Andy Polyakov and a number of other people]
+
+  *) Improved PowerPC platform support. Most notably BIGNUM assembler
+     implementation contributed by IBM.
+     [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+  *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+     exponent rather than 'unsigned long'. There is a corresponding change to
+     the new 'rsa_keygen' element of the RSA_METHOD structure.
+     [Jelte Jansen, Geoff Thorpe]
+
+  *) Functionality for creating the initial serial number file is now
+     moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+     (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+     number file to 1, which is bound to cause problems.  To avoid
+     the problems while respecting compatibility between different 0.9.7
+     patchlevels, 0.9.7e  employed 'openssl x509 -next_serial' in
+     CA.pl for serial number initialization.  With the new release 0.9.8,
+     we can fix the problem directly in the 'ca' utility.)
+     [Steve Henson]
+
+  *) Reduced header interdepencies by declaring more opaque objects in
+     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+     give fewer recursive includes, which could break lazy source code - so
+     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+     developers should define this symbol when building and using openssl to
+     ensure they track the recommended behaviour, interfaces, [etc], but
+     backwards-compatible behaviour prevails when this isn't defined.
+     [Geoff Thorpe]
+
+  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+     [Steve Henson]
+
+  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
+     This will generate a random key of the appropriate length based on the 
+     cipher context. The EVP_CIPHER can provide its own random key generation
+     routine to support keys of a specific form. This is used in the des and 
+     3des routines to generate a key of the correct parity. Update S/MIME
+     code to use new functions and hence generate correct parity DES keys.
+     Add EVP_CHECK_DES_KEY #define to return an error if the key is not 
+     valid (weak or incorrect parity).
+     [Steve Henson]
+
+  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+     as looking them up. This is useful when the verified structure may contain
+     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+     present unless the new PKCS7_NO_CRL flag is asserted.
+     [Steve Henson]
+
+  *) Extend ASN1 oid configuration module. It now additionally accepts the
+     syntax:
+
+     shortName = some long name, 1.2.3.4
+     [Steve Henson]
+
+  *) Reimplemented the BN_CTX implementation. There is now no more static
+     limitation on the number of variables it can handle nor the depth of the
+     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
+     information can now expand as required, and rather than having a single
+     static array of bignums, BN_CTX now uses a linked-list of such arrays
+     allowing it to expand on demand whilst maintaining the usefulness of
+     BN_CTX's "bundling".
+     [Geoff Thorpe]
+
+  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
+     to allow all RSA operations to function using a single BN_CTX.
+     [Geoff Thorpe]
+
+  *) Preliminary support for certificate policy evaluation and checking. This
+     is initially intended to pass the tests outlined in "Conformance Testing
+     of Relying Party Client Certificate Path Processing Logic" v1.07.
+     [Steve Henson]
+
+  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
+     remained unused and not that useful. A variety of other little bignum
+     tweaks and fixes have also been made continuing on from the audit (see
+     below).
+     [Geoff Thorpe]
+
+  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
+     associated ASN1, EVP and SSL functions and old ASN1 macros.
+     [Richard Levitte]
+
+  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
+     and this should never fail. So the return value from the use of
+     BN_set_word() (which can fail due to needless expansion) is now deprecated;
+     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
+     [Geoff Thorpe]
+
+  *) BN_CTX_get() should return zero-valued bignums, providing the same
+     initialised value as BN_new().
+     [Geoff Thorpe, suggested by Ulf Möller]
+
+  *) Support for inhibitAnyPolicy certificate extension.
+     [Steve Henson]
+
+  *) An audit of the BIGNUM code is underway, for which debugging code is
+     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
+     is considered valid when processing BIGNUMs, and causes execution to
+     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
+     further steps are taken to deliberately pollute unused data in BIGNUM
+     structures to try and expose faulty code further on. For now, openssl will
+     (in its default mode of operation) continue to tolerate the inconsistent
+     forms that it has tolerated in the past, but authors and packagers should
+     consider trying openssl and their own applications when compiled with
+     these debugging symbols defined. It will help highlight potential bugs in
+     their own code, and will improve the test coverage for OpenSSL itself. At
+     some point, these tighter rules will become openssl's default to improve
+     maintainability, though the assert()s and other overheads will remain only
+     in debugging configurations. See bn.h for more details.
+     [Geoff Thorpe, Nils Larsch, Ulf Möller]
+
+  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+     that can only be obtained through BN_CTX_new() (which implicitly
+     initialises it). The presence of this function only made it possible
+     to overwrite an existing structure (and cause memory leaks).
+     [Geoff Thorpe]
+
+  *) Because of the callback-based approach for implementing LHASH as a
+     template type, lh_insert() adds opaque objects to hash-tables and
+     lh_doall() or lh_doall_arg() are typically used with a destructor callback
+     to clean up those corresponding objects before destroying the hash table
+     (and losing the object pointers). So some over-zealous constifications in
+     LHASH have been relaxed so that lh_insert() does not take (nor store) the
+     objects as "const" and the lh_doall[_arg] callback wrappers are not
+     prototyped to have "const" restrictions on the object pointers they are
+     given (and so aren't required to cast them away any more).
+     [Geoff Thorpe]
+
+  *) The tmdiff.h API was so ugly and minimal that our own timing utility
+     (speed) prefers to use its own implementation. The two implementations
+     haven't been consolidated as yet (volunteers?) but the tmdiff API has had
+     its object type properly exposed (MS_TM) instead of casting to/from "char
+     *". This may still change yet if someone realises MS_TM and "ms_time_***"
+     aren't necessarily the greatest nomenclatures - but this is what was used
+     internally to the implementation so I've used that for now.
+     [Geoff Thorpe]
+
+  *) Ensure that deprecated functions do not get compiled when
+     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
+     the self-tests were still using deprecated key-generation functions so
+     these have been updated also.
+     [Geoff Thorpe]
+
+  *) Reorganise PKCS#7 code to separate the digest location functionality
+     into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
+     New function PKCS7_set_digest() to set the digest type for PKCS#7
+     digestedData type. Add additional code to correctly generate the
+     digestedData type and add support for this type in PKCS7 initialization
+     functions.
+     [Steve Henson]
+
+  *) New function PKCS7_set0_type_other() this initializes a PKCS7 
+     structure of type "other".
+     [Steve Henson]
+
+  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
+     sure the loop does correctly stop and breaking ("division by zero")
+     modulus operations are not performed. The (pre-generated) prime
+     table crypto/bn/bn_prime.h was already correct, but it could not be
+     re-generated on some platforms because of the "division by zero"
+     situation in the script.
+     [Ralf S. Engelschall]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
+     SHA-1 now is only used for "small" curves (where the
+     representation of a field element takes up to 24 bytes); for
+     larger curves, the field element resulting from ECDH is directly
+     used as premaster secret.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
+     curve secp160r1 to the tests.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add the possibility to load symbols globally with DSO.
+     [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
+
+  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
+     control of the error stack.
+     [Richard Levitte]
+
+  *) Add support for STORE in ENGINE.
+     [Richard Levitte]
+
+  *) Add the STORE type.  The intention is to provide a common interface
+     to certificate and key stores, be they simple file-based stores, or
+     HSM-type store, or LDAP stores, or...
+     NOTE: The code is currently UNTESTED and isn't really used anywhere.
+     [Richard Levitte]
+
+  *) Add a generic structure called OPENSSL_ITEM.  This can be used to
+     pass a list of arguments to any function as well as provide a way
+     for a function to pass data back to the caller.
+     [Richard Levitte]
+
+  *) Add the functions BUF_strndup() and BUF_memdup().  BUF_strndup()
+     works like BUF_strdup() but can be used to duplicate a portion of
+     a string.  The copy gets NUL-terminated.  BUF_memdup() duplicates
+     a memory area.
+     [Richard Levitte]
+
+  *) Add the function sk_find_ex() which works like sk_find(), but will
+     return an index to an element even if an exact match couldn't be
+     found.  The index is guaranteed to point at the element where the
+     searched-for key would be inserted to preserve sorting order.
+     [Richard Levitte]
+
+  *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+     takes an extra flags argument for optional functionality.  Currently,
+     the following flags are defined:
+
+       OBJ_BSEARCH_VALUE_ON_NOMATCH
+       This one gets OBJ_bsearch_ex() to return a pointer to the first
+       element where the comparing function returns a negative or zero
+       number.
+
+       OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+       This one gets OBJ_bsearch_ex() to return a pointer to the first
+       element where the comparing function returns zero.  This is useful
+       if there are more than one element where the comparing function
+       returns zero.
+     [Richard Levitte]
+
+  *) Make it possible to create self-signed certificates with 'openssl ca'
+     in such a way that the self-signed certificate becomes part of the
+     CA database and uses the same mechanisms for serial number generation
+     as all other certificate signing.  The new flag '-selfsign' enables
+     this functionality.  Adapt CA.sh and CA.pl.in.
+     [Richard Levitte]
+
+  *) Add functionality to check the public key of a certificate request
+     against a given private.  This is useful to check that a certificate
+     request can be signed by that key (self-signing).
+     [Richard Levitte]
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) Generate muti valued AVAs using '+' notation in config files for
+     req and dirName.
+     [Steve Henson]
+
+  *) Support for nameConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyMappings certificate extension.
+     [Steve Henson]
+
+  *) Make sure the default DSA_METHOD implementation only uses its
+     dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+     and change its own handlers to be NULL so as to remove unnecessary
+     indirection. This lets alternative implementations fallback to the
+     default implementation more easily.
+     [Geoff Thorpe]
+
+  *) Support for directoryName in GeneralName related extensions
+     in config files.
+     [Steve Henson]
+
+  *) Make it possible to link applications using Makefile.shared.
+     Make that possible even when linking against static libraries!
+     [Richard Levitte]
+
+  *) Support for single pass processing for S/MIME signing. This now
+     means that S/MIME signing can be done from a pipe, in addition
+     cleartext signing (multipart/signed type) is effectively streaming
+     and the signed data does not need to be all held in memory.
+
+     This is done with a new flag PKCS7_STREAM. When this flag is set
+     PKCS7_sign() only initializes the PKCS7 structure and the actual signing
+     is done after the data is output (and digests calculated) in
+     SMIME_write_PKCS7().
+     [Steve Henson]
+
+  *) Add full support for -rpath/-R, both in shared libraries and
+     applications, at least on the platforms where it's known how
+     to do it.
+     [Richard Levitte]
+
+  *) In crypto/ec/ec_mult.c, implement fast point multiplication with
+     precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
+     will now compute a table of multiples of the generator that
+     makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
+     faster (notably in the case of a single point multiplication,
+     scalar * generator).
+     [Nils Larsch, Bodo Moeller]
+
+  *) IPv6 support for certificate extensions. The various extensions
+     which use the IP:a.b.c.d can now take IPv6 addresses using the
+     formats of RFC1884 2.2 . IPv6 addresses are now also displayed
+     correctly.
+     [Steve Henson]
+
+  *) Added an ENGINE that implements RSA by performing private key
+     exponentiations with the GMP library. The conversions to and from
+     GMP's mpz_t format aren't optimised nor are any montgomery forms
+     cached, and on x86 it appears OpenSSL's own performance has caught up.
+     However there are likely to be other architectures where GMP could
+     provide a boost. This ENGINE is not built in by default, but it can be
+     specified at Configure time and should be accompanied by the necessary
+     linker additions, eg;
+         ./config -DOPENSSL_USE_GMP -lgmp
+     [Geoff Thorpe]
+
+  *) "openssl engine" will not display ENGINE/DSO load failure errors when
+     testing availability of engines with "-t" - the old behaviour is
+     produced by increasing the feature's verbosity with "-tt".
+     [Geoff Thorpe]
+
+  *) ECDSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
+     via PR#459)
+     [Lutz Jaenicke]
+
+  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+     and DH_METHOD (eg. by ENGINE implementations) to override the normal
+     software implementations. For DSA and DH, parameter generation can
+     also be overriden by providing the appropriate method callbacks.
+     [Geoff Thorpe]
+
+  *) Change the "progress" mechanism used in key-generation and
+     primality testing to functions that take a new BN_GENCB pointer in
+     place of callback/argument pairs. The new API functions have "_ex"
+     postfixes and the older functions are reimplemented as wrappers for
+     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+     declarations of the old functions to help (graceful) attempts to
+     migrate to the new functions. Also, the new key-generation API
+     functions operate on a caller-supplied key-structure and return
+     success/failure rather than returning a key or NULL - this is to
+     help make "keygen" another member function of RSA_METHOD etc.
+
+     Example for using the new callback interface:
+
+          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
+          void *my_arg = ...;
+          BN_GENCB my_cb;
+
+          BN_GENCB_set(&my_cb, my_callback, my_arg);
+
+          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
+          /* For the meaning of a, b in calls to my_callback(), see the
+           * documentation of the function that calls the callback.
+           * cb will point to my_cb; my_arg can be retrieved as cb->arg.
+           * my_callback should return 1 if it wants BN_is_prime_ex()
+           * to continue, or 0 to stop.
+           */
+
+     [Geoff Thorpe]
+
+  *) Change the ZLIB compression method to be stateful, and make it
+     available to TLS with the number defined in 
+     draft-ietf-tls-compression-04.txt.
+     [Richard Levitte]
+
+  *) Add the ASN.1 structures and functions for CertificatePair, which
+     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+     CertificatePair ::= SEQUENCE {
+        forward                [0]     Certificate OPTIONAL,
+        reverse                [1]     Certificate OPTIONAL,
+        -- at least one of the pair shall be present -- }
+
+     Also implement the PEM functions to read and write certificate
+     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+     This needed to be defined, mostly for the sake of the LDAP
+     attribute crossCertificatePair, but may prove useful elsewhere as
+     well.
+     [Richard Levitte]
+
+  *) Make it possible to inhibit symlinking of shared libraries in
+     Makefile.shared, for Cygwin's sake.
+     [Richard Levitte]
+
+  *) Extend the BIGNUM API by creating a function 
+          void BN_set_negative(BIGNUM *a, int neg);
+     and a macro that behave like
+          int  BN_is_negative(const BIGNUM *a);
+
+     to avoid the need to access 'a->neg' directly in applications.
+     [Nils Larsch]
+
+  *) Implement fast modular reduction for pseudo-Mersenne primes
+     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+     EC_GROUP_new_curve_GFp() will now automatically use this
+     if applicable.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add new lock type (CRYPTO_LOCK_BN).
+     [Bodo Moeller]
+
+  *) Change the ENGINE framework to automatically load engines
+     dynamically from specific directories unless they could be
+     found to already be built in or loaded.  Move all the
+     current engines except for the cryptodev one to a new
+     directory engines/.
+     The engines in engines/ are built as shared libraries if
+     the "shared" options was given to ./Configure or ./config.
+     Otherwise, they are inserted in libcrypto.a.
+     /usr/local/ssl/engines is the default directory for dynamic
+     engines, but that can be overriden at configure time through
+     the usual use of --prefix and/or --openssldir, and at run
+     time with the environment variable OPENSSL_ENGINES.
+     [Geoff Thorpe and Richard Levitte]
+
+  *) Add Makefile.shared, a helper makefile to build shared
+     libraries.  Addapt Makefile.org.
+     [Richard Levitte]
+
+  *) Add version info to Win32 DLLs.
+     [Peter 'Luna' Runestig" <peter@runestig.com>]
+
+  *) Add new 'medium level' PKCS#12 API. Certificates and keys
+     can be added using this API to created arbitrary PKCS#12
+     files while avoiding the low level API.
+
+     New options to PKCS12_create(), key or cert can be NULL and
+     will then be omitted from the output file. The encryption
+     algorithm NIDs can be set to -1 for no encryption, the mac
+     iteration count can be set to 0 to omit the mac.
+
+     Enhance pkcs12 utility by making the -nokeys and -nocerts
+     options work when creating a PKCS#12 file. New option -nomac
+     to omit the mac, NONE can be set for an encryption algorithm.
+     New code is modified to use the enhanced PKCS12_create()
+     instead of the low level API.
+     [Steve Henson]
+
+  *) Extend ASN1 encoder to support indefinite length constructed
+     encoding. This can output sequences tags and octet strings in
+     this form. Modify pk7_asn1.c to support indefinite length
+     encoding. This is experimental and needs additional code to
+     be useful, such as an ASN1 bio and some enhanced streaming
+     PKCS#7 code.
+
+     Extend template encode functionality so that tagging is passed
+     down to the template encoder.
+     [Steve Henson]
+
+  *) Let 'openssl req' fail if an argument to '-newkey' is not
+     recognized instead of using RSA as a default.
+     [Bodo Moeller]
+
+  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+     As these are not official, they are not included in "ALL";
+     the "ECCdraft" ciphersuite group alias can be used to select them.
+     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+  *) Add ECDH engine support.
+     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add ECDH in new directory crypto/ecdh/.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Let BN_rand_range() abort with an error after 100 iterations
+     without success (which indicates a broken PRNG).
+     [Bodo Moeller]
+
+  *) Change BN_mod_sqrt() so that it verifies that the input value
+     is really the square of the return value.  (Previously,
+     BN_mod_sqrt would show GIGO behaviour.)
+     [Bodo Moeller]
+
+  *) Add named elliptic curves over binary fields from X9.62, SECG,
+     and WAP/WTLS; add OIDs that were still missing.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Extend the EC library for elliptic curves over binary fields
+     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+     New EC_METHOD:
+
+          EC_GF2m_simple_method
+
+     New API functions:
+
+          EC_GROUP_new_curve_GF2m
+          EC_GROUP_set_curve_GF2m
+          EC_GROUP_get_curve_GF2m
+          EC_POINT_set_affine_coordinates_GF2m
+          EC_POINT_get_affine_coordinates_GF2m
+          EC_POINT_set_compressed_coordinates_GF2m
+
+     Point compression for binary fields is disabled by default for
+     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+     enable it).
+
+     As binary polynomials are represented as BIGNUMs, various members
+     of the EC_GROUP and EC_POINT data structures can be shared
+     between the implementations for prime fields and binary fields;
+     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+     are essentially identical to their ..._GFp counterparts.
+     (For simplicity, the '..._GFp' prefix has been dropped from
+     various internal method names.)
+
+     An internal 'field_div' method (similar to 'field_mul' and
+     'field_sqr') has been added; this is used only for binary fields.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+     through methods ('mul', 'precompute_mult').
+
+     The generic implementations (now internally called 'ec_wNAF_mul'
+     and 'ec_wNAF_precomputed_mult') remain the default if these
+     methods are undefined.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New function EC_GROUP_get_degree, which is defined through
+     EC_METHOD.  For curves over prime fields, this returns the bit
+     length of the modulus.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New functions EC_GROUP_dup, EC_POINT_dup.
+     (These simply call ..._new  and ..._copy).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+     Polynomials are represented as BIGNUMs (where the sign bit is not
+     used) in the following functions [macros]:  
+
+          BN_GF2m_add
+          BN_GF2m_sub             [= BN_GF2m_add]
+          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
+          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
+          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
+          BN_GF2m_mod_inv
+          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
+          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
+          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
+          BN_GF2m_cmp             [= BN_ucmp]
+
+     (Note that only the 'mod' functions are actually for fields GF(2^m).
+     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+     For some functions, an the irreducible polynomial defining a
+     field can be given as an 'unsigned int[]' with strictly
+     decreasing elements giving the indices of those bits that are set;
+     i.e., p[] represents the polynomial
+          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+     where
+          p[0] > p[1] > ... > p[k] = 0.
+     This applies to the following functions:
+
+          BN_GF2m_mod_arr
+          BN_GF2m_mod_mul_arr
+          BN_GF2m_mod_sqr_arr
+          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
+          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
+          BN_GF2m_mod_exp_arr
+          BN_GF2m_mod_sqrt_arr
+          BN_GF2m_mod_solve_quad_arr
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     Conversion can be performed by the following functions:
+
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     bntest.c has additional tests for binary polynomial arithmetic.
+
+     Two implementations for BN_GF2m_mod_div() are available.
+     The default algorithm simply uses BN_GF2m_mod_inv() and
+     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
+     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add new error code 'ERR_R_DISABLED' that can be used when some
+     functionality is disabled at compile-time.
+     [Douglas Stebila <douglas.stebila@sun.com>]
+
+  *) Change default behaviour of 'openssl asn1parse' so that more
+     information is visible when viewing, e.g., a certificate:
+
+     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+     mode the content of non-printable OCTET STRINGs is output in a
+     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+     avoid the appearance of a printable string.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+     functions
+          EC_GROUP_set_asn1_flag()
+          EC_GROUP_get_asn1_flag()
+          EC_GROUP_set_point_conversion_form()
+          EC_GROUP_get_point_conversion_form()
+     These control ASN1 encoding details:
+     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+       has been set to OPENSSL_EC_NAMED_CURVE.
+     - Points are encoded in uncompressed form by default; options for
+       asn1_for are as for point2oct, namely
+          POINT_CONVERSION_COMPRESSED
+          POINT_CONVERSION_UNCOMPRESSED
+          POINT_CONVERSION_HYBRID
+
+     Also add 'seed' and 'seed_len' members to EC_GROUP with access
+     functions
+          EC_GROUP_set_seed()
+          EC_GROUP_get0_seed()
+          EC_GROUP_get_seed_len()
+     This is used only for ASN1 purposes (so far).
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'field_type' member to EC_METHOD, which holds the NID
+     of the appropriate field type OID.  The new function
+     EC_METHOD_get_field_type() returns this value.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add functions 
+          EC_POINT_point2bn()
+          EC_POINT_bn2point()
+          EC_POINT_point2hex()
+          EC_POINT_hex2point()
+     providing useful interfaces to EC_POINT_point2oct() and
+     EC_POINT_oct2point().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Change internals of the EC library so that the functions
+          EC_GROUP_set_generator()
+          EC_GROUP_get_generator()
+          EC_GROUP_get_order()
+          EC_GROUP_get_cofactor()
+     are implemented directly in crypto/ec/ec_lib.c and not dispatched
+     to methods, which would lead to unnecessary code duplication when
+     adding different types of curves.
+     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
+
+  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+     arithmetic, and such that modified wNAFs are generated
+     (which avoid length expansion in many cases).
+     [Bodo Moeller]
+
+  *) Add a function EC_GROUP_check_discriminant() (defined via
+     EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+     Add a function EC_GROUP_check() that makes some sanity tests
+     on a EC_GROUP, its generator and order.  This includes
+     EC_GROUP_check_discriminant().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add ECDSA in new directory crypto/ecdsa/.
+
+     Add applications 'openssl ecparam' and 'openssl ecdsa'
+     (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+     ECDSA support is also included in various other files across the
+     library.  Most notably,
+     - 'openssl req' now has a '-newkey ecdsa:file' option;
+     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+       them suitable for ECDSA where domain parameters must be
+       extracted before the specific public key;
+     - ECDSA engine support has been added.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Include some named elliptic curves, and add OIDs from X9.62,
+     SECG, and WAP/WTLS.  Each curve can be obtained from the new
+     function
+          EC_GROUP_new_by_curve_name(),
+     and the list of available named curves can be obtained with
+          EC_get_builtin_curves().
+     Also add a 'curve_name' member to EC_GROUP objects, which can be
+     accessed via
+         EC_GROUP_set_curve_name()
+         EC_GROUP_get_curve_name()
+     [Nils Larsch <larsch@trustcenter.de, Bodo Moeller]
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+
+ Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]
+
+  *) In the SSL/TLS server implementation, be strict about session ID
+     context matching (which matters if an application uses a single
+     external cache for different purposes).  Previously,
+     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+     set.  This did ensure strict client verification, but meant that,
+     with applications using a single external cache for quite
+     different requirements, clients could circumvent ciphersuite
+     restrictions for a given session ID context by starting a session
+     in a different context.
+     [Bodo Moeller]
+
+ Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
+
+  *) Cleanse PEM buffers before freeing them since they may contain 
+     sensitive data.
+     [Benjamin Bennett <ben@psc.edu>]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Since AES128 and AES256 share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't.
+     [Victor Duchovni]
+
+  *) Expand security boundary to match 1.1.1 module.
+     [Steve Henson]
+
+  *) Remove redundant features: hash file source, editing of test vectors
+     modify fipsld to use external fips_premain.c signature.
+     [Steve Henson]
+
+  *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+     run algorithm test programs.
+     [Steve Henson]
+
+  *) Make algorithm test programs more tolerant of whitespace.
+     [Steve Henson]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     [Steve Henson]
+
+ Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Change ciphersuite string processing so that an explicit
+     ciphersuite selects this one ciphersuite (so that "AES256-SHA"
+     will no longer include "AES128-SHA"), and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions (so that
+     "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
+     SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining
+     changes from 0.9.8b and 0.9.8d.
+     [Bodo Moeller]
+
+ Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j  [04 May 2006]
+
+  *) Adapt fipsld and the build system to link against the validated FIPS
+     module in FIPS mode.
+     [Steve Henson]
+
+  *) Fixes for VC++ 2005 build under Windows.
+     [Steve Henson]
+
+  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make 
+     from a Windows bash shell such as MSYS. It is autodetected from the
+     "config" script when run from a VC++ environment. Modify standard VC++
+     build to use fipscanister.o from the GNU make build. 
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
+
+  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+     The value now differs depending on if you build for FIPS or not.
+     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
+     safely run with a non-FIPSed libcrypto, as it may crash because of
+     the difference induced by this change.
+     [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Minimal support for X9.31 signatures and PSS padding modes. This is
+     mainly for FIPS compliance and not fully integrated at this stage.
+     [Steve Henson]
+
+  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+     the exponentiation using a fixed-length exponent.  (Otherwise,
+     the information leaked through timing could expose the secret key
+     after many signatures; cf. Bleichenbacher's attack on DSA with
+     biased k.)
+     [Bodo Moeller]
+
+  *) Make a new fixed-window mod_exp implementation the default for
+     RSA, DSA, and DH private-key operations so that the sequence of
+     squares and multiplies and the memory access pattern are
+     independent of the particular secret key.  This will mitigate
+     cache-timing and potential related attacks.
+
+     BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+     and this is automatically used by BN_mod_exp_mont() if the new flag
+     BN_FLG_EXP_CONSTTIME is set for the exponent.  RSA, DSA, and DH
+     will use this BN flag for private exponents unless the flag
+     RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+     DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+     [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+  *) Change the client implementation for SSLv23_method() and
+     SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+     Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+     (Previously, the SSL 2.0 backwards compatible Client Hello
+     message format would be used even with SSL_OP_NO_SSLv2.)
+     [Bodo Moeller]
+
+  *) Add support for smime-type MIME parameter in S/MIME messages which some
+     clients need.
+     [Steve Henson]
+
+  *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+     a threadsafe manner. Modify rsa code to use new function and add calls
+     to dsa and dh code (which had race conditions before).
+     [Steve Henson]
+
+  *) Include the fixed error library code in the C error file definitions
+     instead of fixing them up at runtime. This keeps the error code
+     structures constant.
+     [Steve Henson]
+
+ Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
+
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Fixes for newer kerberos headers. NB: the casts are needed because
+     the 'length' field is signed on one version and unsigned on another
+     with no (?) obvious way to tell the difference, without these VC++
+     complains. Also the "definition" of FAR (blank) is no longer included
+     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+     some needed definitions.
+     [Steve Henson]
+
+  *) Undo Cygwin change.
+     [Ulf Möller]
+
+  *) Added support for proxy certificates according to RFC 3820.
+     Because they may be a security thread to unaware applications,
+     they must be explicitely allowed in run-time.  See
+     docs/HOWTO/proxy_certificates.txt for further information.
+     [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
+
+  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+     server and client random values. Previously
+     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+     This change has negligible security impact because:
+
+     1. Server and client random values still have 24 bytes of pseudo random
+        data.
+
+     2. Server and client random values are sent in the clear in the initial
+        handshake.
+
+     3. The master secret is derived using the premaster secret (48 bytes in
+        size for static RSA ciphersuites) as well as client server and random
+        values.
+
+     The OpenSSL team would like to thank the UK NISCC for bringing this issue
+     to our attention. 
+
+     [Stephen Henson, reported by UK NISCC]
+
+  *) Use Windows randomness collection on Cygwin.
+     [Ulf Möller]
+
+  *) Fix hang in EGD/PRNGD query when communication socket is closed
+     prematurely by EGD/PRNGD.
+     [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
+
+  *) Prompt for pass phrases when appropriate for PKCS12 input format.
+     [Steve Henson]
+
+  *) Back-port of selected performance improvements from development
+     branch, as well as improved support for PowerPC platforms.
+     [Andy Polyakov]
+
+  *) Add lots of checks for memory allocation failure, error codes to indicate
+     failure and freeing up memory if a failure occurs.
+     [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
+
+  *) Add new -passin argument to dgst.
+     [Steve Henson]
+
+  *) Perform some character comparisons of different types in X509_NAME_cmp:
+     this is needed for some certificates that reencode DNs into UTF8Strings
+     (in violation of RFC3280) and can't or wont issue name rollover
+     certificates.
+     [Steve Henson]
+
+  *) Make an explicit check during certificate validation to see that
+     the CA setting in each certificate on the chain is correct.  As a
+     side effect always do the following basic checks on extensions,
+     not just when there's an associated purpose to the check:
+
+      - if there is an unhandled critical extension (unless the user
+        has chosen to ignore this fault)
+      - if the path length has been exceeded (if one is set at all)
+      - that certain extensions fit the associated purpose (if one has
+        been given)
+     [Richard Levitte]
+
+ Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
+
+  *) Avoid a race condition when CRLs are checked in a multi threaded 
+     environment. This would happen due to the reordering of the revoked
+     entries during signature checking and serial number lookup. Now the
+     encoding is cached and the serial number sort performed under a lock.
+     Add new STACK function sk_is_sorted().
+     [Steve Henson]
+
+  *) Add Delta CRL to the extension code.
+     [Steve Henson]
+
+  *) Various fixes to s3_pkt.c so alerts are sent properly.
+     [David Holmes <d.holmes@f5.com>]
+
+  *) Reduce the chances of duplicate issuer name and serial numbers (in
+     violation of RFC3280) using the OpenSSL certificate creation utilities.
+     This is done by creating a random 64 bit value for the initial serial
+     number when a serial number file is created or when a self signed
+     certificate is created using 'openssl req -x509'. The initial serial
+     number file is created using 'openssl x509 -next_serial' in CA.pl
+     rather than being initialized to 1.
+     [Steve Henson]
+
+ Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)                    
+     [Joe Orton, Steve Henson]   
+
+  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+     (CVE-2004-0112)
+     [Joe Orton, Steve Henson]   
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) X509 verify fixes. Disable broken certificate workarounds when 
+     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+     keyUsage extension present. Don't accept CRLs with unhandled critical
+     extensions: since verify currently doesn't process CRL extensions this
+     rejects a CRL with *any* critical extensions. Add new verify error codes
+     for these cases.
+     [Steve Henson]
+
+  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+     A clarification of RFC2560 will require the use of OCTET STRINGs and 
+     some implementations cannot handle the current raw format. Since OpenSSL
+     copies and compares OCSP nonces as opaque blobs without any attempt at
+     parsing them this should not create any compatibility issues.
+     [Steve Henson]
+
+  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+     this HMAC (and other) operations are several times slower than OpenSSL
+     < 0.9.7.
+     [Steve Henson]
+
+  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Use the correct content when signing type "other".
+     [Steve Henson]
+
+ Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+     
+     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
+
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+  *) Change AES_cbc_encrypt() so it outputs exact multiple of
+     blocks during encryption.
+     [Richard Levitte]
+
+  *) Various fixes to base64 BIO and non blocking I/O. On write 
+     flushes were not handled properly if the BIO retried. On read
+     data was not being buffered properly and had various logic bugs.
+     This also affects blocking I/O when the data being decoded is a
+     certain size.
+     [Steve Henson]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+     ENGINE as defaults for all supported algorithms irrespective of
+     the 'flags' parameter. 'flags' is now honoured, so applications
+     should make sure they are passing it correctly.
+     [Geoff Thorpe]
+
+  *) Target "mingw" now allows native Windows code to be generated in
+     the Cygwin environment as well as with the MinGW compiler.
+     [Ulf Moeller] 
+
+ Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+  *) Make the no-err option work as intended.  The intention with no-err
+     is not to have the whole error stack handling routines removed from
+     libcrypto, it's only intended to remove all the function name and
+     reason texts, thereby removing some of the footprint that may not
+     be interesting if those errors aren't displayed anyway.
+
+     NOTE: it's still possible for any application or module to have it's
+     own set of error texts inserted.  The routines are there, just not
+     used by default when no-err is given.
+     [Richard Levitte]
+
+  *) Add support for FreeBSD on IA64.
+     [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
+
+  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+     Kerberos function mit_des_cbc_cksum().  Before this change,
+     the value returned by DES_cbc_cksum() was like the one from
+     mit_des_cbc_cksum(), except the bytes were swapped.
+     [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
+
+  *) Allow an application to disable the automatic SSL chain building.
+     Before this a rather primitive chain build was always performed in
+     ssl3_output_cert_chain(): an application had no way to send the 
+     correct chain if the automatic operation produced an incorrect result.
+
+     Now the chain builder is disabled if either:
+
+     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
+
+     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
+
+     The reasoning behind this is that an application would not want the
+     auto chain building to take place if extra chain certificates are
+     present and it might also want a means of sending no additional
+     certificates (for example the chain has two certificates and the
+     root is omitted).
+     [Steve Henson]
+
+  *) Add the possibility to build without the ENGINE framework.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Under Win32 gmtime() can return NULL: check return value in
+     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+     [Steve Henson]
+
+  *) DSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
+     Nils Larsch <nla@trustcenter.de> via PR#459)
+     [Lutz Jaenicke]
+
+  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+     checked on reconnect on the client side, therefore session resumption
+     could still fail with a "ssl session id is different" error. This
+     behaviour is masked when SSL_OP_ALL is used due to
+     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     followup to PR #377.
+     [Lutz Jaenicke]
+
+  *) IA-32 assembler support enhancements: unified ELF targets, support
+     for SCO/Caldera platforms, fix for Cygwin shared build.
+     [Andy Polyakov]
+
+  *) Add support for FreeBSD on sparc64.  As a consequence, support for
+     FreeBSD on non-x86 processors is separate from x86 processors on
+     the config script, much like the NetBSD support.
+     [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
+
+ Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
+
+  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+  OpenSSL 0.9.7.]
+
+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
+  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
+     removed entirely.
+     [Richard Levitte]
+
+  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it
+     seems that in spite of existing for more than a year, many application
+     author have done nothing to provide the necessary callbacks, which
+     means that this particular engine will not work properly anywhere.
+     This is a very unfortunate situation which forces us, in the name
+     of usability, to give the hw_ncipher.c a static lock, which is part
+     of libcrypto.
+     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
+     appear in 0.9.8 or later.  We EXPECT application authors to have
+     dealt properly with this when 0.9.8 is released (unless we actually
+     make such changes in the libcrypto locking code that changes will
+     have to be made anyway).
+     [Richard Levitte]
+
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
+  *) Disable Heimdal support, since it hasn't been fully implemented.
+     Still give the possibility to force the use of Heimdal, but with
+     warnings and a request that patches get sent to openssl-dev.
+     [Richard Levitte]
+
+  *) Add the VC-CE target, introduce the WINCE sysname, and add
+     INSTALL.WCE and appropriate conditionals to make it build.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+     cygssl-x.y.z.dll, where x, y and z are the major, minor and
+     edit numbers of the version.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Introduce safe string copy and catenation functions
+     (BUF_strlcpy() and BUF_strlcat()).
+     [Ben Laurie (CHATS) and Richard Levitte]
+
+  *) Avoid using fixed-size buffers for one-line DNs.
+     [Ben Laurie (CHATS)]
+
+  *) Add BUF_MEM_grow_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid using fixed size buffers for configuration file location.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation for various CA files.
+     [Ben Laurie (CHATS)]
+
+  *) Use sizeof in preference to magic numbers.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation in cert requests.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to check for (supposedly impossible) buffer
+     overflows.
+     [Ben Laurie (CHATS)]
+
+  *) Don't cache truncated DNS entries in the local cache (this could
+     potentially lead to a spoofing attack).
+     [Ben Laurie (CHATS)]
+
+  *) Fix various buffers to be large enough for hex/decimal
+     representations in a platform independent manner.
+     [Ben Laurie (CHATS)]
+
+  *) Add CRYPTO_realloc_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Add BIO_indent() to avoid much slightly worrying code to do
+     indents.
+     [Ben Laurie (CHATS)]
+
+  *) Convert sprintf()/BIO_puts() to BIO_printf().
+     [Ben Laurie (CHATS)]
+
+  *) buffer_gets() could terminate with the buffer only half
+     full. Fixed.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to prevent user-supplied crypto functions from
+     overflowing internal buffers by having large block sizes, etc.
+     [Ben Laurie (CHATS)]
+
+  *) New OPENSSL_assert() macro (similar to assert(), but enabled
+     unconditionally).
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused copy of key in RC4.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+     [Ben Laurie (CHATS)]
+
+  *) Fix off-by-one error in EGD path.
+     [Ben Laurie (CHATS)]
+
+  *) If RANDFILE path is too long, ignore instead of truncating.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized X.509 structure
+     CBCParameter.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous function knumber().
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous structure, KSSL_ERR.
+     [Ben Laurie (CHATS)]
+
+  *) Protect against overlong session ID context length in an encoded
+     session object. Since these are local, this does not appear to be
+     exploitable.
+     [Ben Laurie (CHATS)]
+
+  *) Change from security patch (see 0.9.6e below) that did not affect
+     the 0.9.6 release series:
+
+     Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CVE-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Change the SSL kerb5 codes to match RFC 2712.
+     [Richard Levitte]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
+
+  *) Make sure tests can be performed even if the corresponding algorithms
+     have been removed entirely.  This was also the last step to make
+     OpenSSL compilable with DJGPP under all reasonable conditions.
+     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
+
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+     to allow version independent disabling of normally unselected ciphers,
+     which may be activated as a side-effect of selecting a single cipher.
+
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Add appropriate support for separate platform-dependent build
+     directories.  The recommended way to make a platform-dependent
+     build directory is the following (tested on Linux), maybe with
+     some local tweaks:
+
+       # Place yourself outside of the OpenSSL source tree.  In
+       # this example, the environment variable OPENSSL_SOURCE
+       # is assumed to contain the absolute OpenSSL source directory.
+       mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+       cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+       (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+               mkdir -p `dirname $F`
+               ln -s $OPENSSL_SOURCE/$F $F
+       done
+
+     To be absolutely sure not to disturb the source tree, a "make clean"
+     is a good thing.  If it isn't successfull, don't worry about it,
+     it probably means the source directory is very clean.
+     [Richard Levitte]
+
+  *) Make sure any ENGINE control commands make local copies of string
+     pointers passed to them whenever necessary. Otherwise it is possible
+     the caller may have overwritten (or deallocated) the original string
+     data when a later ENGINE operation tries to use the stored values.
+     [Götz Babin-Ebell <babinebell@trustcenter.de>]
+
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]
+
+  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
+     allows existing EVP_CIPHER_CTX structures to be reused after
+     calling EVP_*Final(). This behaviour is used by encryption
+     BIOs and some applications. This has the side effect that
+     applications must explicitly clean up cipher contexts with
+     EVP_CIPHER_CTX_cleanup() or they will leak memory.
+     [Steve Henson]
+
+  *) Check the values of dna and dnb in bn_mul_recursive before calling
+     bn_mul_comba (a non zero value means the a or b arrays do not contain
+     n2 elements) and fallback to bn_mul_normal if either is not zero.
+     [Steve Henson]
+
+  *) Fix escaping of non-ASCII characters when using the -subj option
+     of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
+     [Lutz Jaenicke]
+
+  *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+     form for "surname", serialNumber has no short form.
+     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+     therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
+     Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
+     [Lutz Jaenicke]
+
+  *) Add an "init" command to the ENGINE config module and auto initialize
+     ENGINEs. Without any "init" command the ENGINE will be initialized 
+     after all ctrl commands have been executed on it. If init=1 the 
+     ENGINE is initailized at that point (ctrls before that point are run
+     on the uninitialized ENGINE and after on the initialized one). If
+     init=0 then the ENGINE will not be iniatialized at all.
+     [Steve Henson]
+
+  *) Fix the 'app_verify_callback' interface so that the user-defined
+     argument is actually passed to the callback: In the
+     SSL_CTX_set_cert_verify_callback() prototype, the callback
+     declaration has been changed from
+          int (*cb)()
+     into
+          int (*cb)(X509_STORE_CTX *,void *);
+     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+          i=s->ctx->app_verify_callback(&ctx)
+     has been changed into
+          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+     To update applications using SSL_CTX_set_cert_verify_callback(),
+     a dummy argument can be added to their callback functions.
+     [D. K. Smetters <smetters@parc.xerox.com>]
+
+  *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+     [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
+
+  *) Add and OPENSSL_LOAD_CONF define which will cause
+     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+     This allows older applications to transparently support certain
+     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+     Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+     load the config file and OPENSSL_add_all_algorithms_conf() which will
+     always load it have also been added.
+     [Steve Henson]
+
+  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+     Adjust NIDs and EVP layer.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  *) Move default behaviour from OPENSSL_config(). If appname is NULL
+     use "openssl_conf" if filename is NULL use default openssl config file.
+     [Steve Henson]
+
+  *) Add an argument to OPENSSL_config() to allow the use of an alternative
+     config section name. Add a new flag to tolerate a missing config file
+     and move code to CONF_modules_load_file().
+     [Steve Henson]
+
+  *) Support for crypto accelerator cards from Accelerated Encryption
+     Processing, www.aep.ie.  (Use engine 'aep')
+     The support was copied from 0.9.6c [engine] and adapted/corrected
+     to work with the new engine framework.
+     [AEP Inc. and Richard Levitte]
+
+  *) Support for SureWare crypto accelerator cards from Baltimore
+     Technologies.  (Use engine 'sureware')
+     The support was copied from 0.9.6c [engine] and adapted
+     to work with the new engine framework.
+     [Richard Levitte]
+
+  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+     make the newer ENGINE framework commands for the CHIL engine work.
+     [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
+
+  *) Make it possible to produce shared libraries on ReliantUNIX.
+     [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
+
+  *) Add the configuration target debug-linux-ppro.
+     Make 'openssl rsa' use the general key loading routines
+     implemented in apps.c, and make those routines able to
+     handle the key format FORMAT_NETSCAPE and the variant
+     FORMAT_IISSGC.
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add -keyform to rsautl, and document -engine.
+     [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
+
+  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+     BIO_R_NO_SUCH_FILE error code rather than the generic
+     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+     [Ben Laurie]
+
+  *) Add new functions
+          ERR_peek_last_error
+          ERR_peek_last_error_line
+          ERR_peek_last_error_line_data.
+     These are similar to
+          ERR_peek_error
+          ERR_peek_error_line
+          ERR_peek_error_line_data,
+     but report on the latest error recorded rather than the first one
+     still in the error queue.
+     [Ben Laurie, Bodo Moeller]
+        
+  *) default_algorithms option in ENGINE config module. This allows things
+     like:
+     default_algorithms = ALL
+     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+     [Steve Henson]
+
+  *) Prelminary ENGINE config module.
+     [Steve Henson]
+
+  *) New experimental application configuration code.
+     [Steve Henson]
+
+  *) Change the AES code to follow the same name structure as all other
+     symmetric ciphers, and behave the same way.  Move everything to
+     the directory crypto/aes, thereby obsoleting crypto/rijndael.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+     [Ben Laurie and Theo de Raadt]
+
+  *) Add option to output public keys in req command.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+     (up to about 10% better than before for P-192 and P-224).
+     [Bodo Moeller]
+
+  *) New functions/macros
+
+          SSL_CTX_set_msg_callback(ctx, cb)
+          SSL_CTX_set_msg_callback_arg(ctx, arg)
+          SSL_set_msg_callback(ssl, cb)
+          SSL_set_msg_callback_arg(ssl, arg)
+
+     to request calling a callback function
+
+          void cb(int write_p, int version, int content_type,
+                  const void *buf, size_t len, SSL *ssl, void *arg)
+
+     whenever a protocol message has been completely received
+     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
+     protocol version  according to which the SSL library interprets
+     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
+     the content type as defined in the SSL 3.0/TLS 1.0 protocol
+     specification (change_cipher_spec(20), alert(21), handshake(22)).
+     'buf' and 'len' point to the actual message, 'ssl' to the
+     SSL object, and 'arg' is the application-defined value set by
+     SSL[_CTX]_set_msg_callback_arg().
+
+     'openssl s_client' and 'openssl s_server' have new '-msg' options
+     to enable a callback that displays all protocol messages.
+     [Bodo Moeller]
+
+  *) Change the shared library support so shared libraries are built as
+     soon as the corresponding static library is finished, and thereby get
+     openssl and the test programs linked against the shared library.
+     This still only happens when the keyword "shard" has been given to
+     the configuration scripts.
+
+     NOTE: shared library support is still an experimental thing, and
+     backward binary compatibility is still not guaranteed.
+     ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
+
+  *) Add support for Subject Information Access extension.
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+     additional bytes when new memory had to be allocated, not just
+     when reusing an existing buffer.
+     [Bodo Moeller]
+
+  *) New command line and configuration option 'utf8' for the req command.
+     This allows field values to be specified as UTF8 strings.
+     [Steve Henson]
+
+  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+     runs for the former and machine-readable output for the latter.
+     [Ben Laurie]
+
+  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion
+     of the e-mail address in the DN (i.e., it will go into a certificate
+     extension only).  The new configuration file option 'email_in_dn = no'
+     has the same effect.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Change all functions with names starting with des_ to be starting
+     with DES_ instead.  Add wrappers that are compatible with libdes,
+     but are named _ossl_old_des_*.  Finally, add macros that map the
+     des_* symbols to the corresponding _ossl_old_des_* if libdes
+     compatibility is desired.  If OpenSSL 0.9.6c compatibility is
+     desired, the des_* symbols will be mapped to DES_*, with one
+     exception.
+
+     Since we provide two compatibility mappings, the user needs to
+     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+     compatibility is desired.  The default (i.e., when that macro
+     isn't defined) is OpenSSL 0.9.6c compatibility.
+
+     There are also macros that enable and disable the support of old
+     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those
+     are defined, the default will apply: to support the old des routines.
+
+     In either case, one must include openssl/des.h to get the correct
+     definitions.  Do not try to just include openssl/des_old.h, that
+     won't work.
+
+     NOTE: This is a major break of an old API into a new one.  Software
+     authors are encouraged to switch to the DES_ style functions.  Some
+     time in the future, des_old.h and the libdes compatibility functions
+     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+     default), and then completely removed.
+     [Richard Levitte]
+
+  *) Test for certificates which contain unsupported critical extensions.
+     If such a certificate is found during a verify operation it is 
+     rejected by default: this behaviour can be overridden by either
+     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+     X509_supported_extension() has also been added which returns 1 if a
+     particular extension is supported.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+     compatibility with existing code. In particular the 'ctx' parameter does
+     not have to be to be initialized before the call to EVP_DigestInit() and
+     it is tidied up after a call to EVP_DigestFinal(). New function
+     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+     EVP_MD_CTX_copy() changed to not require the destination to be
+     initialized valid and new function EVP_MD_CTX_copy_ex() added which
+     requires the destination to be valid.
+
+     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+     [Steve Henson]
+
+  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+     so that complete 'Handshake' protocol structures are kept in memory
+     instead of overwriting 'msg_type' and 'length' with 'body' data.
+     [Bodo Moeller]
+
+  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+     [Massimo Santin via Richard Levitte]
+
+  *) Major restructuring to the underlying ENGINE code. This includes
+     reduction of linker bloat, separation of pure "ENGINE" manipulation
+     (initialisation, etc) from functionality dealing with implementations
+     of specific crypto iterfaces. This change also introduces integrated
+     support for symmetric ciphers and digest implementations - so ENGINEs
+     can now accelerate these by providing EVP_CIPHER and EVP_MD
+     implementations of their own. This is detailed in crypto/engine/README
+     as it couldn't be adequately described here. However, there are a few
+     API changes worth noting - some RSA, DSA, DH, and RAND functions that
+     were changed in the original introduction of ENGINE code have now
+     reverted back - the hooking from this code to ENGINE is now a good
+     deal more passive and at run-time, operations deal directly with
+     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+     dereferencing through an ENGINE pointer any more. Also, the ENGINE
+     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+     they were not being used by the framework as there is no concept of a
+     BIGNUM_METHOD and they could not be generalised to the new
+     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+     ENGINE_cpy() has been removed as it cannot be consistently defined in
+     the new code.
+     [Geoff Thorpe]
+
+  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+     [Steve Henson]
+
+  *) Change mkdef.pl to sort symbols that get the same entry number,
+     and make sure the automatically generated functions ERR_load_*
+     become part of libeay.num as well.
+     [Richard Levitte]
+
+  *) New function SSL_renegotiate_pending().  This returns true once
+     renegotiation has been requested (either SSL_renegotiate() call
+     or HelloRequest/ClientHello receveived from the peer) and becomes
+     false once a handshake has been completed.
+     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+     sends a HelloRequest, but does not ensure that a handshake takes
+     place.  SSL_renegotiate_pending() is useful for checking if the
+     client has followed the request.)
+     [Bodo Moeller]
+
+  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+     By default, clients may request session resumption even during
+     renegotiation (if session ID contexts permit); with this option,
+     session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+     [Bodo Moeller]
+
+  *) Add some demos for certificate and certificate request creation.
+     [Steve Henson]
+
+  *) Make maximum certificate chain size accepted from the peer application
+     settable (SSL*_get/set_max_cert_list()), as proposed by
+     "Douglas E. Engert" <deengert@anl.gov>.
+     [Lutz Jaenicke]
+
+  *) Add support for shared libraries for Unixware-7
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+     be done prior to destruction. Use this to unload error strings from
+     ENGINEs that load their own error strings. NB: This adds two new API
+     functions to "get" and "set" this destroy handler in an ENGINE.
+     [Geoff Thorpe]
+
+  *) Alter all existing ENGINE implementations (except "openssl" and
+     "openbsd") to dynamically instantiate their own error strings. This
+     makes them more flexible to be built both as statically-linked ENGINEs
+     and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+     Also, add stub code to each that makes building them as self-contained
+     shared-libraries easier (see README.ENGINE).
+     [Geoff Thorpe]
+
+  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+     implementations into applications that are completely implemented in
+     self-contained shared-libraries. The "dynamic" ENGINE exposes control
+     commands that can be used to configure what shared-library to load and
+     to control aspects of the way it is handled. Also, made an update to
+     the README.ENGINE file that brings its information up-to-date and
+     provides some information and instructions on the "dynamic" ENGINE
+     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+     [Geoff Thorpe]
+
+  *) Make it possible to unload ranges of ERR strings with a new
+     "ERR_unload_strings" function.
+     [Geoff Thorpe]
+
+  *) Add a copy() function to EVP_MD.
+     [Ben Laurie]
+
+  *) Make EVP_MD routines take a context pointer instead of just the
+     md_data void pointer.
+     [Ben Laurie]
+
+  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+     that the digest can only process a single chunk of data
+     (typically because it is provided by a piece of
+     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+     is only going to provide a single chunk of data, and hence the
+     framework needn't accumulate the data for oneshot drivers.
+     [Ben Laurie]
+
+  *) As with "ERR", make it possible to replace the underlying "ex_data"
+     functions. This change also alters the storage and management of global
+     ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+     index counters. The API functions that use this state have been changed
+     to take a "class_index" rather than pointers to the class's local STACK
+     and counter, and there is now an API function to dynamically create new
+     classes. This centralisation allows us to (a) plug a lot of the
+     thread-safety problems that existed, and (b) makes it possible to clean
+     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+     such data would previously have always leaked in application code and
+     workarounds were in place to make the memory debugging turn a blind eye
+     to it. Application code that doesn't use this new function will still
+     leak as before, but their memory debugging output will announce it now
+     rather than letting it slide.
+
+     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+     has a return value to indicate success or failure.
+     [Geoff Thorpe]
+
+  *) Make it possible to replace the underlying "ERR" functions such that the
+     global state (2 LHASH tables and 2 locks) is only used by the "default"
+     implementation. This change also adds two functions to "get" and "set"
+     the implementation prior to it being automatically set the first time
+     any other ERR function takes place. Ie. an application can call "get",
+     pass the return value to a module it has just loaded, and that module
+     can call its own "set" function using that value. This means the
+     module's "ERR" operations will use (and modify) the error state in the
+     application and not in its own statically linked copy of OpenSSL code.
+     [Geoff Thorpe]
+
+  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+     the operation, and provides a more encapsulated way for external code
+     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+     to use these functions rather than manually incrementing the counts.
+
+     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+     [Geoff Thorpe]
+
+  *) Add EVP test program.
+     [Ben Laurie]
+
+  *) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
+  *) Rationalise EVP so it can be extended: don't include a union of
+     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+     (similar to those existing for EVP_CIPHER_CTX).
+     Usage example:
+
+         EVP_MD_CTX md;
+
+         EVP_MD_CTX_init(&md);             /* new function call */
+         EVP_DigestInit(&md, EVP_sha1());
+         EVP_DigestUpdate(&md, in, len);
+         EVP_DigestFinal(&md, out, NULL);
+         EVP_MD_CTX_cleanup(&md);          /* new function call */
+
+     [Ben Laurie]
+
+  *) Make DES key schedule conform to the usual scheme, as well as
+     correcting its structure. This means that calls to DES functions
+     now have to pass a pointer to a des_key_schedule instead of a
+     plain des_key_schedule (which was actually always a pointer
+     anyway): E.g.,
+
+         des_key_schedule ks;
+
+        des_set_key_checked(..., &ks);
+        des_ncbc_encrypt(..., &ks, ...);
+
+     (Note that a later change renames 'des_...' into 'DES_...'.)
+     [Ben Laurie]
+
+  *) Initial reduction of linker bloat: the use of some functions, such as
+     PEM causes large amounts of unused functions to be linked in due to
+     poor organisation. For example pem_all.c contains every PEM function
+     which has a knock on effect of linking in large amounts of (unused)
+     ASN1 code. Grouping together similar functions and splitting unrelated
+     functions prevents this.
+     [Steve Henson]
+
+  *) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
+  *) Add initial OCSP responder support to ocsp application. The
+     revocation information is handled using the text based index
+     use by the ca application. The responder can either handle
+     requests generated internally, supplied in files (for example
+     via a CGI script) or using an internal minimal server.
+     [Steve Henson]
+
+  *) Add configuration choices to get zlib compression for TLS.
+     [Richard Levitte]
+
+  *) Changes to Kerberos SSL for RFC 2712 compliance:
+     1.  Implemented real KerberosWrapper, instead of just using
+         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
+     2.  Implemented optional authenticator field of KerberosWrapper.
+
+     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+     and authenticator structs; see crypto/krb5/.
+
+     Generalized Kerberos calls to support multiple Kerberos libraries.
+     [Vern Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>
+      via Richard Levitte]
+
+  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+     already does with RSA. testdsa.h now has 'priv_key/pub_key'
+     values for each of the key sizes rather than having just
+     parameters (and 'speed' generating keys each time).
+     [Geoff Thorpe]
+
+  *) Speed up EVP routines.
+     Before:
+encrypt
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
+des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
+des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
+decrypt
+des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
+des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
+des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
+     After:
+encrypt
+des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
+decrypt
+des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
+     [Ben Laurie]
+
+  *) Added the OS2-EMX target.
+     ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
+
+  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
+  *) Enhance the general user interface with mechanisms for inner control
+     and with possibilities to have yes/no kind of prompts.
+     [Richard Levitte]
+
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
+  *) Add the possibility to control engines through control names but with
+     arbitrary arguments instead of just a string.
+     Change the key loaders to take a UI_METHOD instead of a callback
+     function pointer.  NOTE: this breaks binary compatibility with earlier
+     versions of OpenSSL [engine].
+     Adapt the nCipher code for these new conditions and add a card insertion
+     callback.
+     [Richard Levitte]
+
+  *) Enhance the general user interface with mechanisms to better support
+     dialog box interfaces, application-defined prompts, the possibility
+     to use defaults (for example default passwords from somewhere else)
+     and interrupts/cancellations.
+     [Richard Levitte]
+
+  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+     [Steve Henson]
+
+  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+     tidy up some unnecessarily weird code in 'sk_new()').
+     [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
+
+  *) Change the key loading routines for ENGINEs to use the same kind
+     callback (pem_password_cb) as all other routines that need this
+     kind of callback.
+     [Richard Levitte]
+
+  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+     256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+     than this minimum value is recommended.
+     [Lutz Jaenicke]
+
+  *) New random seeder for OpenVMS, using the system process statistics
+     that are easily reachable.
+     [Richard Levitte]
+
+  *) Windows apparently can't transparently handle global
+     variables defined in DLLs. Initialisations such as:
+
+        const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+     wont compile. This is used by the any applications that need to
+     declare their own ASN1 modules. This was fixed by adding the option
+     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+     needed for static libraries under Win32.
+     [Steve Henson]
+
+  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
+  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+     structure. These are inherited by X509_STORE_CTX when it is 
+     initialised. This allows various defaults to be set in the
+     X509_STORE structure (such as flags for CRL checking and custom
+     purpose or trust settings) for functions which only use X509_STORE_CTX
+     internally such as S/MIME.
+
+     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+     trust settings if they are not set in X509_STORE. This allows X509_STORE
+     purposes and trust (in S/MIME for example) to override any set by default.
+
+     Add command line options for CRL checking to smime, s_client and s_server
+     applications.
+     [Steve Henson]
+
+  *) Initial CRL based revocation checking. If the CRL checking flag(s)
+     are set then the CRL is looked up in the X509_STORE structure and
+     its validity and signature checked, then if the certificate is found
+     in the CRL the verify fails with a revoked error.
+
+     Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+     Command line options added to 'verify' application to support this.
+
+     This needs some additional work, such as being able to handle multiple
+     CRLs with different times, extension based lookup (rather than just
+     by subject name) and ultimately more complete V2 CRL extension
+     handling.
+     [Steve Henson]
+
+  *) Add a general user interface API (crypto/ui/).  This is designed
+     to replace things like des_read_password and friends (backward
+     compatibility functions using this new API are provided).
+     The purpose is to remove prompting functions from the DES code
+     section as well as provide for prompting through dialog boxes in
+     a window system and the like.
+     [Richard Levitte]
+
+  *) Add "ex_data" support to ENGINE so implementations can add state at a
+     per-structure level rather than having to store it globally.
+     [Geoff]
+
+  *) Make it possible for ENGINE structures to be copied when retrieved by
+     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+     This causes the "original" ENGINE structure to act like a template,
+     analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+     operational state can be localised to each ENGINE structure, despite the
+     fact they all share the same "methods". New ENGINE structures returned in
+     this case have no functional references and the return value is the single
+     structural reference. This matches the single structural reference returned
+     by ENGINE_by_id() normally, when it is incremented on the pre-existing
+     ENGINE structure.
+     [Geoff]
+
+  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+     needs to match any other type at all we need to manually clear the
+     tag cache.
+     [Steve Henson]
+
+  *) Changes to the "openssl engine" utility to include;
+     - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+       about an ENGINE's available control commands.
+     - executing control commands from command line arguments using the
+       '-pre' and '-post' switches. '-post' is only used if '-t' is
+       specified and the ENGINE is successfully initialised. The syntax for
+       the individual commands are colon-separated, for example;
+        openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+     [Geoff]
+
+  *) New dynamic control command support for ENGINEs. ENGINEs can now
+     declare their own commands (numbers), names (strings), descriptions,
+     and input types for run-time discovery by calling applications. A
+     subset of these commands are implicitly classed as "executable"
+     depending on their input type, and only these can be invoked through
+     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+     can be based on user input, config files, etc). The distinction is
+     that "executable" commands cannot return anything other than a boolean
+     result and can only support numeric or string input, whereas some
+     discoverable commands may only be for direct use through
+     ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+     pointers, or other custom uses. The "executable" commands are to
+     support parameterisations of ENGINE behaviour that can be
+     unambiguously defined by ENGINEs and used consistently across any
+     OpenSSL-based application. Commands have been added to all the
+     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+     control over shared-library paths without source code alterations.
+     [Geoff]
+
+  *) Changed all ENGINE implementations to dynamically allocate their
+     ENGINEs rather than declaring them statically. Apart from this being
+     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+     this also allows the implementations to compile without using the
+     internal engine_int.h header.
+     [Geoff]
+
+  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+     'const' value. Any code that should be able to modify a RAND_METHOD
+     should already have non-const pointers to it (ie. they should only
+     modify their own ones).
+     [Geoff]
+
+  *) Made a variety of little tweaks to the ENGINE code.
+     - "atalla" and "ubsec" string definitions were moved from header files
+       to C code. "nuron" string definitions were placed in variables
+       rather than hard-coded - allowing parameterisation of these values
+       later on via ctrl() commands.
+     - Removed unused "#if 0"'d code.
+     - Fixed engine list iteration code so it uses ENGINE_free() to release
+       structural references.
+     - Constified the RAND_METHOD element of ENGINE structures.
+     - Constified various get/set functions as appropriate and added
+       missing functions (including a catch-all ENGINE_cpy that duplicates
+       all ENGINE values onto a new ENGINE except reference counts/state).
+     - Removed NULL parameter checks in get/set functions. Setting a method
+       or function to NULL is a way of cancelling out a previously set
+       value.  Passing a NULL ENGINE parameter is just plain stupid anyway
+       and doesn't justify the extra error symbols and code.
+     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+       flags from engine_int.h to engine.h.
+     - Changed prototypes for ENGINE handler functions (init(), finish(),
+       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+     [Geoff]
+
+  *) Implement binary inversion algorithm for BN_mod_inverse in addition
+     to the algorithm using long division.  The binary algorithm can be
+     used only if the modulus is odd.  On 32-bit systems, it is faster
+     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+     roughly 5-15% for 256-bit moduli), so we use it only for moduli
+     up to 450 bits.  In 64-bit environments, the binary algorithm
+     appears to be advantageous for much longer moduli; here we use it
+     for moduli up to 2048 bits.
+     [Bodo Moeller]
+
+  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+     could not support the combine flag in choice fields.
+     [Steve Henson]
+
+  *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+     extensions from a certificate request to the certificate.
+     [Steve Henson]
+
+  *) Allow multiple 'certopt' and 'nameopt' options to be separated
+     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+     file: this allows the display of the certificate about to be
+     signed to be customised, to allow certain fields to be included
+     or excluded and extension details. The old system didn't display
+     multicharacter strings properly, omitted fields not in the policy
+     and couldn't display additional details such as extensions.
+     [Steve Henson]
+
+  *) Function EC_POINTs_mul for multiple scalar multiplication
+     of an arbitrary number of elliptic curve points
+          \sum scalars[i]*points[i],
+     optionally including the generator defined for the EC_GROUP:
+          scalar*generator +  \sum scalars[i]*points[i].
+
+     EC_POINT_mul is a simple wrapper function for the typical case
+     that the point list has just one item (besides the optional
+     generator).
+     [Bodo Moeller]
+
+  *) First EC_METHODs for curves over GF(p):
+
+     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+     operations and provides various method functions that can also
+     operate with faster implementations of modular arithmetic.     
+
+     EC_GFp_mont_method() reuses most functions that are part of
+     EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+     [Bodo Moeller; point addition and point doubling
+     implementation directly derived from source code provided by
+     Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
+
+  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+     crypto/ec/ec_lib.c):
+
+     Curves are EC_GROUP objects (with an optional group generator)
+     based on EC_METHODs that are built into the library.
+
+     Points are EC_POINT objects based on EC_GROUP objects.
+
+     Most of the framework would be able to handle curves over arbitrary
+     finite fields, but as there are no obvious types for fields other
+     than GF(p), some functions are limited to that for now.
+     [Bodo Moeller]
+
+  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
+     that the file contains a complete HTTP response.
+     [Richard Levitte]
+
+  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+     change the def and num file printf format specifier from "%-40sXXX"
+     to "%-39s XXX". The latter will always guarantee a space after the
+     field while the former will cause them to run together if the field
+     is 40 of more characters long.
+     [Steve Henson]
+
+  *) Constify the cipher and digest 'method' functions and structures
+     and modify related functions to take constant EVP_MD and EVP_CIPHER
+     pointers.
+     [Steve Henson]
+
+  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
+     [Bodo Moeller]
+
+  *) Modify EVP_Digest*() routines so they now return values. Although the
+     internal software routines can never fail additional hardware versions
+     might.
+     [Steve Henson]
+
+  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+     ASN1 error codes
+          ERR_R_NESTED_ASN1_ERROR
+          ...
+          ERR_R_MISSING_ASN1_EOS
+     were 4 .. 9, conflicting with
+          ERR_LIB_RSA (= ERR_R_RSA_LIB)
+          ...
+          ERR_LIB_PEM (= ERR_R_PEM_LIB).
+     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+     Add new error code 'ERR_R_INTERNAL_ERROR'.
+     [Bodo Moeller]
+
+  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+     suffices.
+     [Bodo Moeller]
+
+  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This
+     sets the subject name for a new request or supersedes the
+     subject name in a given request. Formats that can be parsed are
+          'CN=Some Name, OU=myOU, C=IT'
+     and
+          'CN=Some Name/OU=myOU/C=IT'.
+
+     Add options '-batch' and '-verbose' to 'openssl req'.
+     [Massimiliano Pala <madwolf@hackmasters.net>]
+
+  *) Introduce the possibility to access global variables through
+     functions on platform were that's the best way to handle exporting
+     global variables in shared libraries.  To enable this functionality,
+     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+     is normally done by Configure or something similar).
+
+     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+     in the source file (foo.c) like this:
+
+       OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+       OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+       OPENSSL_DECLARE_GLOBAL(int,foo);
+       #define foo OPENSSL_GLOBAL_REF(foo)
+       OPENSSL_DECLARE_GLOBAL(double,bar);
+       #define bar OPENSSL_GLOBAL_REF(bar)
+
+     The #defines are very important, and therefore so is including the
+     header file everywhere where the defined globals are used.
+
+     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+     of ASN.1 items, but that structure is a bit different.
+
+     The largest change is in util/mkdef.pl which has been enhanced with
+     better and easier to understand logic to choose which symbols should
+     go into the Windows .def files as well as a number of fixes and code
+     cleanup (among others, algorithm keywords are now sorted
+     lexicographically to avoid constant rewrites).
+     [Richard Levitte]
+
+  *) In BN_div() keep a copy of the sign of 'num' before writing the
+     result to 'rm' because if rm==num the value will be overwritten
+     and produce the wrong result if 'num' is negative: this caused
+     problems with BN_mod() and BN_nnmod().
+     [Steve Henson]
+
+  *) Function OCSP_request_verify(). This checks the signature on an
+     OCSP request and verifies the signer certificate. The signer
+     certificate is just checked for a generic purpose and OCSP request
+     trust settings.
+     [Steve Henson]
+
+  *) Add OCSP_check_validity() function to check the validity of OCSP
+     responses. OCSP responses are prepared in real time and may only
+     be a few seconds old. Simply checking that the current time lies
+     between thisUpdate and nextUpdate max reject otherwise valid responses
+     caused by either OCSP responder or client clock inaccuracy. Instead
+     we allow thisUpdate and nextUpdate to fall within a certain period of
+     the current time. The age of the response can also optionally be
+     checked. Two new options -validity_period and -status_age added to
+     ocsp utility.
+     [Steve Henson]
+
+  *) If signature or public key algorithm is unrecognized print out its
+     OID rather that just UNKNOWN.
+     [Steve Henson]
+
+  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+     ID to be generated from the issuer certificate alone which can then be
+     passed to OCSP_id_issuer_cmp().
+     [Steve Henson]
+
+  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+     ASN1 modules to export functions returning ASN1_ITEM pointers
+     instead of the ASN1_ITEM structures themselves. This adds several
+     new macros which allow the underlying ASN1 function/structure to
+     be accessed transparently. As a result code should not use ASN1_ITEM
+     references directly (such as &X509_it) but instead use the relevant
+     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+     use of the new ASN1 code on platforms where exporting structures
+     is problematical (for example in shared libraries) but exporting
+     functions returning pointers to structures is not.
+     [Steve Henson]
+
+  *) Add support for overriding the generation of SSL/TLS session IDs.
+     These callbacks can be registered either in an SSL_CTX or per SSL.
+     The purpose of this is to allow applications to control, if they wish,
+     the arbitrary values chosen for use as session IDs, particularly as it
+     can be useful for session caching in multiple-server environments. A
+     command-line switch for testing this (and any client code that wishes
+     to use such a feature) has been added to "s_server".
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+     of the form '#if defined(...) || defined(...) || ...' and
+     '#if !defined(...) && !defined(...) && ...'.  This also avoids
+     the growing number of special cases it was previously handling.
+     [Richard Levitte]
+
+  *) Make all configuration macros available for application by making
+     sure they are available in opensslconf.h, by giving them names starting
+     with "OPENSSL_" to avoid conflicts with other packages and by making
+     sure e_os2.h will cover all platform-specific cases together with
+     opensslconf.h.
+     Additionally, it is now possible to define configuration/platform-
+     specific names (called "system identities").  In the C code, these
+     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
+     macro with the name beginning with "OPENSSL_SYS_", which is determined
+     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+     what is available.
+     [Richard Levitte]
+
+  *) New option -set_serial to 'req' and 'x509' this allows the serial
+     number to use to be specified on the command line. Previously self
+     signed certificates were hard coded with serial number 0 and the 
+     CA options of 'x509' had to use a serial number in a file which was
+     auto incremented.
+     [Steve Henson]
+
+  *) New options to 'ca' utility to support V2 CRL entry extensions.
+     Currently CRL reason, invalidity date and hold instruction are
+     supported. Add new CRL extensions to V3 code and some new objects.
+     [Steve Henson]
+
+  *) New function EVP_CIPHER_CTX_set_padding() this is used to
+     disable standard block padding (aka PKCS#5 padding) in the EVP
+     API, which was previously mandatory. This means that the data is
+     not padded in any way and so the total length much be a multiple
+     of the block size, otherwise an error occurs.
+     [Steve Henson]
+
+  *) Initial (incomplete) OCSP SSL support.
+     [Steve Henson]
+
+  *) New function OCSP_parse_url(). This splits up a URL into its host,
+     port and path components: primarily to parse OCSP URLs. New -url
+     option to ocsp utility.
+     [Steve Henson]
+
+  *) New nonce behavior. The return value of OCSP_check_nonce() now 
+     reflects the various checks performed. Applications can decide
+     whether to tolerate certain situations such as an absent nonce
+     in a response when one was present in a request: the ocsp application
+     just prints out a warning. New function OCSP_add1_basic_nonce()
+     this is to allow responders to include a nonce in a response even if
+     the request is nonce-less.
+     [Steve Henson]
+
+  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+     skipped when using openssl x509 multiple times on a single input file,
+     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+     [Bodo Moeller]
+
+  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+     set string type: to handle setting ASN1_TIME structures. Fix ca
+     utility to correctly initialize revocation date of CRLs.
+     [Steve Henson]
+
+  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+     the clients preferred ciphersuites and rather use its own preferences.
+     Should help to work around M$ SGC (Server Gated Cryptography) bug in
+     Internet Explorer by ensuring unchanged hash method during stepup.
+     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+     [Lutz Jaenicke]
+
+  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+     to aes and add a new 'exist' option to print out symbols that don't
+     appear to exist.
+     [Steve Henson]
+
+  *) Additional options to ocsp utility to allow flags to be set and
+     additional certificates supplied.
+     [Steve Henson]
+
+  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+     OCSP client a number of certificate to only verify the response
+     signature against.
+     [Richard Levitte]
+
+  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+     handle the new API. Currently only ECB, CBC modes supported. Add new
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in RFC3268, "Advanced
+     Encryption Standard (AES) Ciphersuites for Transport Layer
+     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
+     not enabled by default and were not part of the "ALL" ciphersuite
+     alias because they were not yet official; they could be
+     explicitly requested by specifying the "AESdraft" ciphersuite
+     group alias.  In the final release of OpenSSL 0.9.7, the group
+     alias is called "AES" and is part of "ALL".)
+     [Ben Laurie, Steve  Henson, Bodo Moeller]
+
+  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+     request to response.
+     [Steve Henson]
+
+  *) Functions for OCSP responders. OCSP_request_onereq_count(),
+     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+     extract information from a certificate request. OCSP_response_create()
+     creates a response and optionally adds a basic response structure.
+     OCSP_basic_add1_status() adds a complete single response to a basic
+     response and returns the OCSP_SINGLERESP structure just added (to allow
+     extensions to be included for example). OCSP_basic_add1_cert() adds a
+     certificate to a basic response and OCSP_basic_sign() signs a basic
+     response with various flags. New helper functions ASN1_TIME_check()
+     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+     (converts ASN1_TIME to GeneralizedTime).
+     [Steve Henson]
+
+  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+     structure from a certificate. X509_pubkey_digest() digests the public_key
+     contents: this is used in various key identifiers. 
+     [Steve Henson]
+
+  *) Make sk_sort() tolerate a NULL argument.
+     [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+     passed by the function are trusted implicitly. If any of them signed the
+     response then it is assumed to be valid and is not verified.
+     [Steve Henson]
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+                               <support@securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
+  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+     effectively meant GeneralizedTime would never be used. Now it
+     is initialised to -1 but X509_time_adj() now has to check the value
+     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+     [Steve Henson, reported by Kenneth R. Robinette
+                               <support@securenetterm.com>]
+
+  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+     result in a zero length in the ASN1_INTEGER structure which was
+     not consistent with the structure when d2i_ASN1_INTEGER() was used
+     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+     where it did not print out a minus for negative ASN1_INTEGER.
+     [Steve Henson]
+
+  *) Add summary printout to ocsp utility. The various functions which
+     convert status values to strings have been renamed to:
+     OCSP_response_status_str(), OCSP_cert_status_str() and
+     OCSP_crl_reason_str() and are no longer static. New options
+     to verify nonce values and to disable verification. OCSP response
+     printout format cleaned up.
+     [Steve Henson]
+
+  *) Add additional OCSP certificate checks. These are those specified
+     in RFC2560. This consists of two separate checks: the CA of the
+     certificate being checked must either be the OCSP signer certificate
+     or the issuer of the OCSP signer certificate. In the latter case the
+     OCSP signer certificate must contain the OCSP signing extended key
+     usage. This check is performed by attempting to match the OCSP
+     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+     in the OCSP_CERTID structures of the response.
+     [Steve Henson]
+
+  *) Initial OCSP certificate verification added to OCSP_basic_verify()
+     and related routines. This uses the standard OpenSSL certificate
+     verify routines to perform initial checks (just CA validity) and
+     to obtain the certificate chain. Then additional checks will be
+     performed on the chain. Currently the root CA is checked to see
+     if it is explicitly trusted for OCSP signing. This is used to set
+     a root CA as a global signing root: that is any certificate that
+     chains to that CA is an acceptable OCSP signing certificate.
+     [Steve Henson]
+
+  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+     extensions from a separate configuration file.
+     As when reading extensions from the main configuration file,
+     the '-extensions ...' option may be used for specifying the
+     section to use.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP utility. Allows OCSP requests to be generated or
+     read. The request can be sent to a responder and the output
+     parsed, outputed or printed in text form. Not complete yet:
+     still needs to check the OCSP response validity.
+     [Steve Henson]
+
+  *) New subcommands for 'openssl ca':
+     'openssl ca -status <serial>' prints the status of the cert with
+     the given serial number (according to the index file).
+     'openssl ca -updatedb' updates the expiry status of certificates
+     in the index file.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New '-newreq-nodes' command option to CA.pl.  This is like
+     '-newreq', but calls 'openssl req' with the '-nodes' option
+     so that the resulting key is not encrypted.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) New configuration for the GNU Hurd.
+     [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
+
+  *) Initial code to implement OCSP basic response verify. This
+     is currently incomplete. Currently just finds the signer's
+     certificate and verifies the signature on the response.
+     [Steve Henson]
+
+  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+     value of OPENSSLDIR.  This is available via the new '-d' option
+     to 'openssl version', and is also included in 'openssl version -a'.
+     [Bodo Moeller]
+
+  *) Allowing defining memory allocation callbacks that will be given
+     file name and line number information in additional arguments
+     (a const char* and an int).  The basic functionality remains, as
+     well as the original possibility to just replace malloc(),
+     realloc() and free() by functions that do not know about these
+     additional arguments.  To register and find out the current
+     settings for extended allocation functions, the following
+     functions are provided:
+
+       CRYPTO_set_mem_ex_functions
+       CRYPTO_set_locked_mem_ex_functions
+       CRYPTO_get_mem_ex_functions
+       CRYPTO_get_locked_mem_ex_functions
+
+     These work the same way as CRYPTO_set_mem_functions and friends.
+     CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+     extended allocation function is enabled.
+     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+     a conventional allocation function is enabled.
+     [Richard Levitte, Bodo Moeller]
+
+  *) Finish off removing the remaining LHASH function pointer casts.
+     There should no longer be any prototype-casting required when using
+     the LHASH abstraction, and any casts that remain are "bugs". See
+     the callback types and macros at the head of lhash.h for details
+     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+     [Geoff Thorpe]
+
+  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+     If /dev/[u]random devices are not available or do not return enough
+     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+     be queried.
+     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+     /etc/entropy will be queried once each in this sequence, quering stops
+     when enough entropy was collected without querying more sockets.
+     [Lutz Jaenicke]
+
+  *) Change the Unix RAND_poll() variant to be able to poll several
+     random devices, as specified by DEVRANDOM, until a sufficient amount
+     of data has been collected.   We spend at most 10 ms on each file
+     (select timeout) and read in non-blocking mode.  DEVRANDOM now
+     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+     (previously it was just the string "/dev/urandom"), so on typical
+     platforms the 10 ms delay will never occur.
+     Also separate out the Unix variant to its own file, rand_unix.c.
+     For VMS, there's a currently-empty rand_vms.c.
+     [Richard Levitte]
+
+  *) Move OCSP client related routines to ocsp_cl.c. These
+     provide utility functions which an application needing
+     to issue a request to an OCSP responder and analyse the
+     response will typically need: as opposed to those which an
+     OCSP responder itself would need which will be added later.
+
+     OCSP_request_sign() signs an OCSP request with an API similar
+     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+     response. OCSP_response_get1_basic() extracts basic response
+     from response. OCSP_resp_find_status(): finds and extracts status
+     information from an OCSP_CERTID structure (which will be created
+     when the request structure is built). These are built from lower
+     level functions which work on OCSP_SINGLERESP structures but
+     wont normally be used unless the application wishes to examine
+     extensions in the OCSP response for example.
+
+     Replace nonce routines with a pair of functions.
+     OCSP_request_add1_nonce() adds a nonce value and optionally
+     generates a random value. OCSP_check_nonce() checks the
+     validity of the nonce in an OCSP response.
+     [Steve Henson]
+
+  *) Change function OCSP_request_add() to OCSP_request_add0_id().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
+  *) Update OCSP API. Remove obsolete extensions argument from
+     various functions. Extensions are now handled using the new
+     OCSP extension code. New simple OCSP HTTP function which 
+     can be used to send requests and parse the response.
+     [Steve Henson]
+
+  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+     uses the special reorder version of SET OF to sort the attributes
+     and reorder them to match the encoded order. This resolves a long
+     standing problem: a verify on a PKCS7 structure just after signing
+     it used to fail because the attribute order did not match the
+     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+     it uses the received order. This is necessary to tolerate some broken
+     software that does not order SET OF. This is handled by encoding
+     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+     to produce the required SET OF.
+     [Steve Henson]
+
+  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+     files to get correct declarations of the ASN.1 item variables.
+     [Richard Levitte]
+
+  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+     ASN1_ITEM and no wrapper functions.
+     [Steve Henson]
+
+  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+     replace the old function pointer based I/O routines. Change most of
+     the *_d2i_bio() and *_d2i_fp() functions to use these.
+     [Steve Henson]
+
+  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+     lines, recognice more "algorithms" that can be deselected, and make
+     it complain about algorithm deselection that isn't recognised.
+     [Richard Levitte]
+
+  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+     to use new functions. Add NO_ASN1_OLD which can be set to remove
+     some old style ASN1 functions: this can be used to determine if old
+     code will still work when these eventually go away.
+     [Steve Henson]
+
+  *) New extension functions for OCSP structures, these follow the
+     same conventions as certificates and CRLs.
+     [Steve Henson]
+
+  *) New function X509V3_add1_i2d(). This automatically encodes and
+     adds an extension. Its behaviour can be customised with various
+     flags to append, replace or delete. Various wrappers added for
+     certifcates and CRLs.
+     [Steve Henson]
+
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
+  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+     entries for variables.
+     [Steve Henson]
+
+  *) Add functionality to apps/openssl.c for detecting locking
+     problems: As the program is single-threaded, all we have
+     to do is register a locking callback using an array for
+     storing which locks are currently held by the program.
+     [Bodo Moeller]
+
+  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+     SSL_get_ex_data_X509_STORE_idx(), which is used in
+     ssl_verify_cert_chain() and thus can be called at any time
+     during TLS/SSL handshakes so that thread-safety is essential.
+     Unfortunately, the ex_data design is not at all suited
+     for multi-threaded use, so it probably should be abolished.
+     [Bodo Moeller]
+
+  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+     [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions. Add OCSP extensions.
+     [Steve Henson]
+
+  *) New function X509_signature_print() to remove duplication in some
+     print routines.
+     [Steve Henson]
+
+  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+     set (this was treated exactly the same as SET OF previously). This
+     is used to reorder the STACK representing the structure to match the
+     encoding. This will be used to get round a problem where a PKCS7
+     structure which was signed could not be verified because the STACK
+     order did not reflect the encoded order.
+     [Steve Henson]
+
+  *) Reimplement the OCSP ASN1 module using the new code.
+     [Steve Henson]
+
+  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+     for its ASN1 operations. The old style function pointers still exist
+     for now but they will eventually go away.
+     [Steve Henson]
+
+  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
+     [Steve Henson]
+
+  *) Change BN_mod_exp_recp so that negative moduli are tolerated
+     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
+     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+     for negative moduli.
+     [Bodo Moeller]
+
+  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+     of not touching the result's sign bit.
+     [Bodo Moeller]
+
+  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+     set.
+     [Bodo Moeller]
+
+  *) Changed the LHASH code to use prototypes for callbacks, and created
+     macros to declare and implement thin (optionally static) functions
+     that provide type-safety and avoid function pointer casting for the
+     type-specific callbacks.
+     [Geoff Thorpe]
+
+  *) Added Kerberos Cipher Suites to be used with TLS, as written in
+     RFC 2712.
+     [Veers Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
+
+  *) Reformat the FAQ so the different questions and answers can be divided
+     in sections depending on the subject.
+     [Richard Levitte]
+
+  *) Have the zlib compression code load ZLIB.DLL dynamically under
+     Windows.
+     [Richard Levitte]
+
+  *) New function BN_mod_sqrt for computing square roots modulo a prime
+     (using the probabilistic Tonelli-Shanks algorithm unless
+     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
+     be handled deterministically).
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Make BN_mod_inverse faster by explicitly handling small quotients
+     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+     512 bits], about 30% for larger ones [1024 or 2048 bits].)
+     [Bodo Moeller]
+
+  *) New function BN_kronecker.
+     [Bodo Moeller]
+
+  *) Fix BN_gcd so that it works on negative inputs; the result is
+     positive unless both parameters are zero.
+     Previously something reasonably close to an infinite loop was
+     possible because numbers could be growing instead of shrinking
+     in the implementation of Euclid's algorithm.
+     [Bodo Moeller]
+
+  *) Fix BN_is_word() and BN_is_one() macros to take into account the
+     sign of the number in question.
+
+     Fix BN_is_word(a,w) to work correctly for w == 0.
+
+     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+     because its test if the absolute value of 'a' equals 'w'.
+     Note that BN_abs_is_word does *not* handle w == 0 reliably;
+     it exists mostly for use in the implementations of BN_is_zero(),
+     BN_is_one(), and BN_is_word().
+     [Bodo Moeller]
+
+  *) New function BN_swap.
+     [Bodo Moeller]
+
+  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+     the exponentiation functions are more likely to produce reasonable
+     results on negative inputs.
+     [Bodo Moeller]
+
+  *) Change BN_mod_mul so that the result is always non-negative.
+     Previously, it could be negative if one of the factors was negative;
+     I don't think anyone really wanted that behaviour.
+     [Bodo Moeller]
+
+  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+     and add new functions:
+
+          BN_nnmod
+          BN_mod_sqr
+          BN_mod_add
+          BN_mod_add_quick
+          BN_mod_sub
+          BN_mod_sub_quick
+          BN_mod_lshift1
+          BN_mod_lshift1_quick
+          BN_mod_lshift
+          BN_mod_lshift_quick
+
+     These functions always generate non-negative results.
+
+     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
+     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
+
+     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
+     be reduced modulo  m.
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+#if 0
+     The following entry accidentily appeared in the CHANGES file
+     distributed with OpenSSL 0.9.7.  The modifications described in
+     it do *not* apply to OpenSSL 0.9.7.
+
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+#endif
+
+  *) In 'openssl passwd', verify passwords read from the terminal
+     unless the '-salt' option is used (which usually means that
+     verification would just waste user's time since the resulting
+     hash is going to be compared with some given password hash)
+     or the new '-noverify' option is used.
+
+     This is an incompatible change, but it does not affect
+     non-interactive use of 'openssl passwd' (passwords on the command
+     line, '-stdin' option, '-in ...' option) and thus should not
+     cause any problems.
+     [Bodo Moeller]
+
+  *) Remove all references to RSAref, since there's no more need for it.
+     [Richard Levitte]
+
+  *) Make DSO load along a path given through an environment variable
+     (SHLIB_PATH) with shl_load().
+     [Richard Levitte]
+
+  *) Constify the ENGINE code as a result of BIGNUM constification.
+     Also constify the RSA code and most things related to it.  In a
+     few places, most notable in the depth of the ASN.1 code, ugly
+     casts back to non-const were required (to be solved at a later
+     time)
+     [Richard Levitte]
+
+  *) Make it so the openssl application has all engines loaded by default.
+     [Richard Levitte]
+
+  *) Constify the BIGNUM routines a little more.
+     [Richard Levitte]
+
+  *) Add the following functions:
+
+       ENGINE_load_cswift()
+       ENGINE_load_chil()
+       ENGINE_load_atalla()
+       ENGINE_load_nuron()
+       ENGINE_load_builtin_engines()
+
+     That way, an application can itself choose if external engines that
+     are built-in in OpenSSL shall ever be used or not.  The benefit is
+     that applications won't have to be linked with libdl or other dso
+     libraries unless it's really needed.
+
+     Changed 'openssl engine' to load all engines on demand.
+     Changed the engine header files to avoid the duplication of some
+     declarations (they differed!).
+     [Richard Levitte]
+
+  *) 'openssl engine' can now list capabilities.
+     [Richard Levitte]
+
+  *) Better error reporting in 'openssl engine'.
+     [Richard Levitte]
+
+  *) Never call load_dh_param(NULL) in s_server.
+     [Bodo Moeller]
+
+  *) Add engine application.  It can currently list engines by name and
+     identity, and test if they are actually available.
+     [Richard Levitte]
+
+  *) Improve RPM specification file by forcing symbolic linking and making
+     sure the installed documentation is also owned by root.root.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) Give the OpenSSL applications more possibilities to make use of
+     keys (public as well as private) handled by engines.
+     [Richard Levitte]
+
+  *) Add OCSP code that comes from CertCo.
+     [Richard Levitte]
+
+  *) Add VMS support for the Rijndael code.
+     [Richard Levitte]
+
+  *) Added untested support for Nuron crypto accelerator.
+     [Ben Laurie]
+
+  *) Add support for external cryptographic devices.  This code was
+     previously distributed separately as the "engine" branch.
+     [Geoff Thorpe, Richard Levitte]
+
+  *) Rework the filename-translation in the DSO code. It is now possible to
+     have far greater control over how a "name" is turned into a filename
+     depending on the operating environment and any oddities about the
+     different shared library filenames on each system.
+     [Geoff Thorpe]
+
+  *) Support threads on FreeBSD-elf in Configure.
+     [Richard Levitte]
+
+  *) Fix for SHA1 assembly problem with MASM: it produces
+     warnings about corrupt line number information when assembling
+     with debugging information. This is caused by the overlapping
+     of two sections.
+     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
+
+  *) NCONF changes.
+     NCONF_get_number() has no error checking at all.  As a replacement,
+     NCONF_get_number_e() is defined (_e for "error checking") and is
+     promoted strongly.  The old NCONF_get_number is kept around for
+     binary backward compatibility.
+     Make it possible for methods to load from something other than a BIO,
+     by providing a function pointer that is given a name instead of a BIO.
+     For example, this could be used to load configuration data from an
+     LDAP server.
+     [Richard Levitte]
+
+  *) Fix for non blocking accept BIOs. Added new I/O special reason
+     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+     with non blocking I/O was not possible because no retry code was
+     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+     this case.
+     [Steve Henson]
+
+  *) Added the beginnings of Rijndael support.
+     [Ben Laurie]
+
+  *) Fix for bug in DirectoryString mask setting. Add support for
+     X509_NAME_print_ex() in 'req' and X509_print_ex() function
+     to allow certificate printing to more controllable, additional
+     'certopt' option to 'x509' to allow new printing options to be
+     set.
+     [Steve Henson]
+
+  *) Clean old EAY MD5 hack from e_os.h.
+     [Richard Levitte]
+
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+     [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
+
+  *) Fix additional bug revealed by the NISCC test suite:
+
+     Stop bug triggering large recursion when presented with
+     certain ASN.1 tags (CVE-2003-0851)
+     [Steve Henson]
+
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+     
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+ Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from it's contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+     [Lutz Jaenicke]
+
+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l@yahoo.com>]
+
+  *) Undo an undocumented change introduced in 0.9.6e which caused
+     repeated calls to OpenSSL_add_all_ciphers() and 
+     OpenSSL_add_all_digests() to be ignored, even after calling
+     EVP_cleanup().
+     [Richard Levitte]
+
+  *) Change the default configuration reader to deal with last line not
+     being properly terminated.
+     [Richard Levitte]
+
+  *) Change X509_NAME_cmp() so it applies the special rules on handling
+     DN values that are of type PrintableString, as well as RDNs of type
+     emailAddress where the value has the type ia5String.
+     [stefank@valicert.com via Richard Levitte]
+
+  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+     the bitwise-OR of the two for use by the majority of applications
+     wanting this behaviour, and update the docs. The documented
+     behaviour and actual behaviour were inconsistent and had been
+     changing anyway, so this is more a bug-fix than a behavioural
+     change.
+     [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
+  *) Fix initialization code race conditions in
+        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
+        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
+        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
+        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
+        ssl2_get_cipher_by_char(),
+        ssl3_get_cipher_by_char().
+     [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+
+  *) [In 0.9.6g-engine release:]
+     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+     [Lynn Gazis <lgazis@rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+       Alon Kantor <alonk@checkpoint.com> (and others),
+       Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+
+ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]
+
+  *) Fix EVP_dsa_sha macro.
+     [Nils Larsch]
+
+  *) New option
+          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+     that was added in OpenSSL 0.9.6d.
+
+     As the countermeasure turned out to be incompatible with some
+     broken SSL implementations, the new option is part of SSL_OP_ALL.
+     SSL_OP_ALL is usually employed when compatibility with weird SSL
+     implementations is desired (e.g. '-bugs' option to 's_client' and
+     's_server'), so the new option is automatically set in many
+     applications.
+     [Bodo Moeller]
+
+  *) Changes in security patch:
+
+     Changes marked "(CHATS)" were sponsored by the Defense Advanced
+     Research Projects Agency (DARPA) and Air Force Research Laboratory,
+     Air Force Materiel Command, USAF, under agreement number
+     F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CVE-2002-0659)
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CVE-2002-0655)
+     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
+
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
+
+  *) Check various X509_...() return values in apps/req.c.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+     an end-of-file condition would erronously be flagged, when the CRLF
+     was just at the end of a processed block. The bug was discovered when
+     processing data through a buffering memory BIO handing the data to a
+     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+     <ptsekov@syntrex.com> and Nedelcho Stanev.
+     [Lutz Jaenicke]
+
+  *) Implement a countermeasure against a vulnerability recently found
+     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+     before application data chunks to avoid the use of known IVs
+     with data potentially chosen by the attacker.
+     [Bodo Moeller]
+
+  *) Fix length checks in ssl3_get_client_hello().
+     [Bodo Moeller]
+
+  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+     to prevent ssl3_read_internal() from incorrectly assuming that
+     ssl3_read_bytes() found application data while handshake
+     processing was enabled when in fact s->s3->in_read_app_data was
+     merely automatically cleared during the initial handshake.
+     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee