for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.

    	./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159

- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7

	EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name

1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.

("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)

move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)

client random values.

remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.

tree. This further reduces header interdependencies, and makes some
associated cleanups.

functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.

Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

PR: 680

one, as required by SSL/TLS specs.

Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller

PR: 659

old OpenSSL releases, but not in new releases)

- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary

I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343

I've covered all the memset()s I felt safe modifying, but may have missed some.

Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>

CertificateVerify for 4096 bit RSA signatures

Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291

PR: 262

Submitted by: Nils Larsch

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)

Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Reviewed by:
PR: 169

Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.

des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:

Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().