PR: 904

will appear at EVP leyer.

and include bn.h in those C files that need bignum functionality.

PR: #748
Submitted by: Kirill Kochetkov <kochet@ixbt.com>

PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte

Submitted by: Kirill Kochetkov <kochet@ixbt.com>

PR: #748

linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.

In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.

Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).

However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.

Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller

- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary

PR: 358

Submitted by: Nils Larsch

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller

PR: 287

exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)

Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>

Submitted by: Nils Larsch

EC_GROUP_new_by_nid() should be enough.  This avoids a lot of
redundancy.

Submitted by: Nils Larsch

Submitted by: Nils Larsch

Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>

Add some WTLS curves.
New function EC_GROUP_check() (this will probably
be implemented differently soon).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller

Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.

Fix dsaparam usage output.

Submitted by: Nils Larsch

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.

Submitted by Stephen Sprunk <stephen@sprunk.org> as part of his AES
integration patch.