WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.

runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.

let's be clear about that

pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.

for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.

Cosmetic changes to IDP printout.

dynamic loading is consistent with respect to engine ids.

timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller

attribute in EVP_PKEY structure.

with the SSL_OP_NO_SSLv2 option.

EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name

    EC_GROUP_get_nid -> EC_GROUP_get_curve_name
    EC_GROUP_set_nid -> EC_GROUP_set_curve_name

The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.

- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c

  and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"

at runtime.

a security threat on unexpecting applications.  Document and test.