Changes between 0.9.3a and 0.9.4
+ *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+ up the length of negative integers. This has now been simplified to just
+ store the length when it is first determined and use it later, rather
+ than trying to keep track of where data is copied and updating it to
+ point to the end.
+ [Steve Henson, reported by Brien Wheeler
+ <bwheeler@authentica-security.com>]
+
+ *) Add a new function PKCS7_signatureVerify. This allows the verification
+ of a PKCS#7 signature but with the signing certificate passed to the
+ function itself. This contrasts with PKCS7_dataVerify which assumes the
+ certificate is present in the PKCS#7 structure. This isn't always the
+ case: certificates can be omitted from a PKCS#7 structure and be
+ distributed by "out of band" means (such as a certificate database).
+ [Steve Henson]
+
+ *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+ function prototypes in pem.h, also change util/mkdef.pl to add the
+ necessary function names.
+ [Steve Henson]
+
+ *) mk1mf.pl (used by Windows builds) did not properly read the
+ options set by Configure in the top level Makefile; typo fixed,
+ now "no-idea" etc. works as intended.
+ [Bodo Moeller]
+
*) New functions CONF_load_bio() and CONF_load_fp() to allow a config
file to be loaded from a BIO or FILE pointer. The BIO version will
for example allow memory BIOs to contain config info.