process when some symbols are missing.  Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.

This was needed for the work I'm doing with shared libraries under
VMS.

centralise those hacks in crypto/symhacks.h and use it everywhere it's
needed.

handle an externally provided "static" buffer as well a a dynamic
buffer.  The "static" buffer is filled first, but if overflowed, the
dynamic buffer is used instead, being allocated somewhere i the heap.

This combines the benefits of putting the output in a preallocated
buffer (on the stack, for example) and in a buffer that grows
somewhere in the heap.

Hmmm I didn't realise BIO_pop() did that:
isn't source wonderful?

(the middle string describes the architecture).

return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.

http://www.rsasecurity.com/news/pr/000906-1.html (September 6, 2000):
"RSA Security Releases RSA Encryption Algorithm into Public Domain"

add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish
keywords from function names, and finally remove parens around return
values (why be stingy with whitespace but fill the source code
with an abundance of parentheses that are not needed to structure
expressions for readability?).

usually get a space between keyword and opening paranthesis
so that they don't look like function calls, where no space is
used.

configuration only worked with no-asm.

Add support for settable verify time in X509_verify_cert().

Document rsautl utility.

The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(

Add new option to PKCS7_sign to exclude S/MIME capabilities.

If some other thread deletes the BIO that one thread needs for
BIO_write, then there's a lot of trouble anyway; there's
nothing special about calling the callback.

symbols for debugging are defined.

Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.

Returning -1 for an attempt to read from an empty buffer is empty is
not an error that should be signalled via the error queue, it's a
'retry read' condition and is signalled as such.