library dependencies.

deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.

version some time soon.

to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.

Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.

CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.

and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller

Submitted by: David Hartman <david_hartman@symantec.com>

first everywhere in crypto and skip stdio.h and string.h [because it
includes them].

at runtime.

Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

Unfortunately, this means that the dynamic ENGINE version just went up, and
isn't backward compatible.
PR: 678

Submitted by: Douglas Stebila <douglas.stebila@sun.com>

getting the bottommost one.  I hope I understood correctly how this
should be done.  It seems to work when running evp_test in an
environment where it can't find openssl.cnf.

    ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).

Noticed by Thomas Klausner <wiz@danbala.ifoer.tuwien.ac.at>.

In err.c, flags int_error_hash_set and int_thread_hash_set
appear superfluous since we can just as well initialize
int_error_hash and int_thread_hash to NULL.

Change some of the err.c formatting to conform with the rest of
OpenSSL.

always load its strings because they might have been unloaded
since the 'init' flag was deleted.

But build_SYS_str_reasons() can use an 'init' flag.