Only use streaming when appropriate for detached data in smime utility.

PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller

options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.

For S/MIME multipart/signed type the signature is calculated on the fly.

For other detached data forms the stream isn't used after the single pass to
calculate signatures.

For non-detached the data is stored in a memory BIO.

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

existing structure and using alternative digest for signing.

Add support for policy checking in verify utility.

This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.

the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)

PR: 287

functionality in the programs that had that before.
Part fo PR 164

Make S/MIME output conform with the mail and MIME standards.
PR: 151

PR: 151

Notified by Ken Hirsch <kenhirsch@myself.com>.
PR: 23

Add apps_startup and bio_err init code to smime.c

Fix new -aes command argument handling

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.

everywhere.

string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.

inherited from X509_STORE.

Add CRL checking options to other applications.

Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.

missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.