maximum send fragment size. Allocate I/O buffers accordingly.

during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.

PR: 851

An advisory will be posted to the web.  Expect a release within the hour.

des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:

Notified by Bernd Matthes <bernd.matthes@gemplus.com>

Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().

Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.

Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.

reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.

missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.

behaviour that SSL_read may result in SSL_ERROR_WANT_READ.

The return value of handshake_func is signed, not unsigned.

signed/unsigned stuff in s3_pkt.c)

Submitted by:
Reviewed by:
PR:

Submitted by: Peter 'Luna' Runestig" <peter+openssl-users@runestig.com>

the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.

ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.