an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.

knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.

and don't unnecessarily fail on input size 0.

Submitted by: K S Sreeram <sreeram@tachyontech.net>

(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)

changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.

appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700

ty to allocate anything at all.  This will allow eNULL to still work.

PR: 751
Notified by: Lutz Jaenicke

PR: 751
Notified by: meder@mcs.anl.gov
Reviewed by: Lutz Jaenicke, Richard Levitte

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

PR: 287

I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343

Zero cipher_data in EVP_CIPHER_CTX_cleanup

Add cleanup calls to evp_test.c

Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().

Ensure EVP_CipherInit() uses the correct encode/decode parameter if
enc == -1

[Reported by Markus Friedl <markus@openbsd.org>]

Fix typo in dh_lib.c (use of DSAerr instead of DHerr).

Make ciphers and digests obtain an ENGINE functional reference
if impl is explicitly supplied.

to digests to retain compatibility.

not implemented. (Bug reported by Martin Szotkowski)

This also changes the non-"_ex" versions to defer directly to
EVP_CipherInit_ex() rather than EVP_CipherInit() to avoid an unecessary
level of indirection.

See crypto/engine/README for details.

- it also removes openbsd_hw.c from the build (that functionality is
  going to be available in the openbsd ENGINE in a upcoming commit)

- evp_test has had the extra initialisation added so it will use (if
  possible) any ENGINEs supporting the algorithms required.

problems with leaks and uninitialised structures.

for encrypt?).

Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to
regain that later.

Add -nopad option to enc command.

Update docs.

More EVP cipher revision.

Change EVP_SealInit() and EVP_OpenInit() to
handle cipher parameters.

Make it possible to set RC2 and RC5 params.

Make RC2 ASN1 code use the effective key bits
and not the key length.

TODO: document how new API works.

Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.

Remove duplicated code in EVP.